last executing test programs: 2m52.851764445s ago: executing program 0 (id=345): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 2m52.720895036s ago: executing program 0 (id=349): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r0) socket$rds(0x15, 0x5, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000004) 2m52.575606648s ago: executing program 0 (id=350): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a300000000005000100070000000800094000000001140008801000"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) 2m52.35357846s ago: executing program 0 (id=353): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x210000, &(0x7f0000000140)={[{@nodelalloc}, {@dioread_lock}, {@jqfmt_vfsv1}, {@abort}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x7}}, {@bh}, {@auto_da_alloc}]}, 0x1, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x3, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x40) 2m51.42580832s ago: executing program 4 (id=362): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000000200)={[{@nodelalloc}, {@noblock_validity}, {@noauto_da_alloc}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@inlinecrypt}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}, {@noquota}]}, 0xfc, 0x5a0, &(0x7f0000000380)="$eJzs3d9rU1ccAPDvTX+o1a0VRLY9DMGHOZypbffDwWDucWwyYXvai4Y2FmlqpEnFdsL0Yb7sZchgjAljf8De9yj7B/ZXCJsgQ8r2MAYZN97U2KaNjbHJzOcDV8/pvbfnfO/N9/Tc3IQbwMA6kv6Ti3g5Ir5JIsab1g1HtvJItl1cm117cG02iVrt0z+TSCIirTe2T7L/92eVlyLi168ijuc2t1tZWV0olErFpaw+WV28PFlZWT1xcbEwX5wvXpqemTn11sz0u++83bVYXz/79/ef3Pnw1NdH1777+d7BW0mcjgPZuuY4nsL15sqRwr9ZaSROb9hwqguN9ZOk1x2gI0NZno9EOgaMx1CW9cDz78uIqAEDKnmU/58PrfS0K8CuaswD0uvfxtLbGcnuuv/BwwugeuyjzfEPZ+957K1fG42tJY9dGaXXuxNdaD9t45c/bt9Kl9j+fYh9beoAO3L9RkScHB7ePP4n2fjXuZP1N4+3t7GNQfv7A710J53/vNFq/pdbn/9Ei/nP/ha524n2+Z+714VmtpTO/95rOf9dH7omhrLaC/U530hy4WKpeDIiXoyIY1Fre+vj1Nrd2lbrmud/6ZK235gLZv24N7zn8X3mCtVCRIx2GPJj7t+IeGW4VfzJ+vlPAxzbEGV6PM4+YRuHi7df3Wpd+/ifrdpPEa+1PP+PAk62vz85WX89TDZeFZv9dfPwb1u13+v40/M/tn38E0nz/drKztv4ce8/xa3WbRv/Smz5+h9NPquXG0lwtVCtLk1FjCYfb/759KN9G/XG9mn8x45uP/4lLca/9OLrfFrY0z7+m4dunu8o/iZP0ExH0vjndnT+d164+9EXP3Qef3r+36yXjmU/yca/1rID9aQdfNrjBwAAAAAAAP0kFxEHIsnl18u5XD7/8PMdh2IsVypXqscvlJcvzUX9u7ITMZJr3Okeb/o8xFT2edhGfXpDfSYiDkbEt0P76vX8bLk01+vgAQAAAAAAAAAAAAAAAAAAoE/s3+L7/6nfh3rdO+CZqz/Y4Fk9YQDoa20f+d+NJz0Bfalt/gPPLfkPg0v+w+CS/zC45D8MLvkPg2tD/ud61Q9g9/n7DwAAAAAAAAAAAAAAAAAAAAAAAAAAAF119syZdKmtPbg2m9bnrqwsL5SvnJgrVhbyi8uz+dny0uX8fLk8XyrmZ8uL7X5fqVy+PDUdy1cnq8VKdbKysnpusbx8qXru4mJhvniuOLIrUQEAAAAAAAAAAAAAAAAAAMD/S2VldaFQKhWXdrEwFj1o9CkK70dfdKOpsDe6HOBDHe0+3POjsRuF2nhEH3Sjo8KN7PTubK8eDkoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMF/AQAA//+oTyrI") r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x42, 0x18) fallocate(r0, 0x0, 0x0, 0x8ffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) 2m51.38402022s ago: executing program 0 (id=364): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000e40), 0x1, 0x0) syz_usb_connect(0x4, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 2m50.49749319s ago: executing program 4 (id=369): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x20f, &(0x7f0000000600)="$eJzslU9rE0EYxn+zmWQbDVLw5tVge9E2KYhnL/auH8CQrrWY+Kcb0YSC0UsvCuKXKPglVBD07kFE8KIHBT1UPFVqZGbe2e4mwaZVc9rn8j7zzPtvZ3Zmrsa34hDY3d5oMouFosJ7pdDAnHLaTsnZ72IHgs/ajWuiPxX7SWzc7b156HjvWqPVitbj7p9JiIJ9fLJkVDr/7NHxyeOHyOsHWUUxSZTSh6n1d6RTcIs8OvU4o4TjfCSW4cy1iwdp44Vkmfq3G1Iead6THxVIK1/+YfWiWc0iY32UHJfDl1B+MSGZ+lkZ3aZh8u6JqzzWpyDhZbLLsi8xJ3e6ezqemLvIkuBA4TGyH/GF+wHfFBR5u73RNOpld4v9kouMFfBHwkaZwUu56Yx2QkMfVIGBTWryaPGdAxY67ZsLcbd3eq3dWI1Wo+v1+tLZxVdH5YgO7sFaK1pUtg0XHhiiSWDOaTk1b/60DzIfHSMDlWoN8117cpLSX87zJ1MuZQhSsakckuB5Uj8U7Xbc5hKnmAHu9M10XRaoismmuWI+bRlFQQY1nW6IHQJm7MSZ5o3WyiYK5cO20EmO2keKdrDrtyVAm0LR0rm+b3FTbFXsstitvXoW/u3yb5K2Gb7KaL4PJe42Op11+3g5ZrRSksFq9dmkciBV/Wvoi1VDJsSRSR1z5MiRI0eOHDn+E34HAAD//wFSRlk=") mount$bind(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) 2m49.652270789s ago: executing program 4 (id=375): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x4, "317b6a4c46c6776c043a6ddc6a620d5d3aa678477018e55995737f40e8185e93"}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f00000002c0)=0x3) 2m47.762370919s ago: executing program 4 (id=380): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000080)={[{@quota}, {@delalloc}, {@acl}, {@journal_dev={'journal_dev', 0x3d, 0x11}}, {@usrjquota}, {@bsdgroups}]}, 0x1, 0x50a, &(0x7f0000001f40)="$eJzs3M9vVNUeAPDvnXZoC49HH49HQh/vvQLP2JjYQkFh4QYTExeaGHEhy6YdSGUAQ7sQ0siQGFyTuDcujTtN3OrSuPIPwIULE0NClA1gYjLmztw7nc6PzrTW1rafTzJwzp17z7nfuefMnHtP7w1g1xpP/0ki/hYR9yPiQD27coXx+n9PHi3NPn20NBuVavXCz0ltvcdpPpNvty/LTBQiCh8kLQXWLdy8dWWmXC7diEotP7V49d2phZu3np+/OnO5dLl0bfrcuTOnT519cfqFFWVHxHDPoDrUl8b1eOz960ePvHrx3uuzg62FNcfRVb7VL5Weq0b+2XbxTHN5O8D+pnTSHtftTd0Z+jacNcNi2v+XyscvbvUOAZumWq1Wh7q/Xam2utO2BNi2ktjqPQC2Rv5Dn57/5q/6kuJmDD+23MPz9ROgx4+WqrdjcPZJI/7BKGTrFFvOb1OrjJnWZDwi3q78+nH6itWuQ/ywQRUCALve1+ezYWASLeO/QhxuWu/v2RzKaET8IyIORsQ/I+JQRPwrYsW6KyQR1VXqP9S6oFH/F9ksQuHBemPrRzr+eymb28pfWb35KqMDWW5/RD5gLp3MPpOJKA5dmi+XTnUpf0+P+pvHf+krrT8fC2b78WCwZbA5N7M4s75o2z28EzE22Bp/MpgeuHwaJ4mIIxExtoZyR5vS8899erSRaTmt6B1/TbXDlN6GzJ9VP4l4tn78K9GIf2TFJGLSPD9ZaJufnBqOcunkVNoKTnbcyW+/u/tGt/p7xv/lj62bvHL2qwt/PPBMevz3NrX/yOdvl+MfTSKSxnztQkR1YG113P3+w1q54yfa31tv+9+TvFVL5/3rvZnFxRunIvYkr7Uvn17eNs/n66fxT5zo3P8PZtukn8S/IyJtxP+JiP9GDOT7fiwijkdEh9Aavnn5/+90e6/P9v+nSeOf6/j9l2TtoHb8l+fr+0zk5adLBq4cu/90rPPEfRb/gdWP/5laaiJb0vn7L1nxFdHvnm7ARwgAAAB/eYWo/e1/YbKRLhQmJ+vXgA7F3kL5+sLi/yLi2lz9HoHRKBYuzZdL+QW50Sgm+fXP0ab8dEv+dHbd+KOBkVp+cvZ6eW6rg4ddbl+tzydt/T/10xqv8wLb0A66Dw1Yo179//C9TdoRYNP5/Yfdq6n/d3uyRcVfysDO5Pcfdq9O/f92fLbqvQu+M2D7q+rLsKut3v97P28T2L4G481Gunbbc8e7bYGdqPvvvzMD2MF63yQ/tOZ7/5cT1aHObw1HhycGDK+rip6JkQ51bUkiHVltYIHFiOhv5ZH1VJEPAbs/4aGwtgKHov2tgVhtq6TzcxwiotJ1q/RT6bk/lw/32/hLN5Kn9Qdl9ggwfybKRjebz5f7abHPw90l8Vu/zc/5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKP8HgAA//87jdA6") epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000740)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x183b41, 0x51) write$FUSE_CREATE_OPEN(r0, &(0x7f000000f000)={0xa0, 0xffffffffffffffda, 0x0, {{0x0, 0x1, 0x100000000, 0x4, 0x7, 0x1, {0x5, 0x8, 0xe, 0x6, 0x388ec985, 0x2, 0x43, 0x8, 0x0, 0x8000, 0x1, 0x0, 0x0, 0x7, 0x9}}, {0x0, 0x1}}}, 0xa0) 2m45.83890719s ago: executing program 4 (id=387): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0xa, [{0xb}]}]}}, &(0x7f0000000f40)=""/4089, 0x2e, 0xff9, 0x8}, 0x28) 2m45.76682253s ago: executing program 0 (id=390): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x52142, 0x0) lsetxattr$security_ima(&(0x7f000001f540)='./file1\x00', &(0x7f000001f580), &(0x7f000001f5c0)=@md5={0x1, "8f95f60e3302b96f3495e55dabc4164f"}, 0x11, 0x0) 2m45.514956993s ago: executing program 32 (id=390): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x52142, 0x0) lsetxattr$security_ima(&(0x7f000001f540)='./file1\x00', &(0x7f000001f580), &(0x7f000001f5c0)=@md5={0x1, "8f95f60e3302b96f3495e55dabc4164f"}, 0x11, 0x0) 2m43.509387925s ago: executing program 4 (id=406): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000050000000060a010400000000000000000100000808000b40000000000900010073797a300000000028000480240001800b0001006f626a726566000014000280080003"], 0xc4}}, 0x4008800) 2m43.270542037s ago: executing program 33 (id=406): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000050000000060a010400000000000000000100000808000b40000000000900010073797a300000000028000480240001800b0001006f626a726566000014000280080003"], 0xc4}}, 0x4008800) 2m15.491460705s ago: executing program 6 (id=522): syz_emit_vhci(&(0x7f0000002580)=@HCI_EVENT_PKT={0x4, @hci_ev_pkt_type_change={{0x1d, 0x5}, {0x0, 0x0, 0xcd28}}}, 0x8) 2m15.373381527s ago: executing program 6 (id=523): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000001c0)=0x1) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7) sendmsg$nl_route(r0, 0x0, 0x4040000) 2m14.349141098s ago: executing program 6 (id=525): unshare(0x62040200) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newlink={0x38, 0x10, 0x439, 0x0, 0x60000, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @broadcast}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x8000000) 2m13.546316036s ago: executing program 6 (id=536): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000080)={[{@quota}, {@delalloc}, {@acl}, {@journal_dev={'journal_dev', 0x3d, 0x11}}, {@usrjquota}, {@bsdgroups}]}, 0x1, 0x50a, &(0x7f0000001f40)="$eJzs3M9vVNUeAPDvnXZoC49HH49HQh/vvQLP2JjYQkFh4QYTExeaGHEhy6YdSGUAQ7sQ0siQGFyTuDcujTtN3OrSuPIPwIULE0NClA1gYjLmztw7nc6PzrTW1rafTzJwzp17z7nfuefMnHtP7w1g1xpP/0ki/hYR9yPiQD27coXx+n9PHi3NPn20NBuVavXCz0ltvcdpPpNvty/LTBQiCh8kLQXWLdy8dWWmXC7diEotP7V49d2phZu3np+/OnO5dLl0bfrcuTOnT519cfqFFWVHxHDPoDrUl8b1eOz960ePvHrx3uuzg62FNcfRVb7VL5Weq0b+2XbxTHN5O8D+pnTSHtftTd0Z+jacNcNi2v+XyscvbvUOAZumWq1Wh7q/Xam2utO2BNi2ktjqPQC2Rv5Dn57/5q/6kuJmDD+23MPz9ROgx4+WqrdjcPZJI/7BKGTrFFvOb1OrjJnWZDwi3q78+nH6itWuQ/ywQRUCALve1+ezYWASLeO/QhxuWu/v2RzKaET8IyIORsQ/I+JQRPwrYsW6KyQR1VXqP9S6oFH/F9ksQuHBemPrRzr+eymb28pfWb35KqMDWW5/RD5gLp3MPpOJKA5dmi+XTnUpf0+P+pvHf+krrT8fC2b78WCwZbA5N7M4s75o2z28EzE22Bp/MpgeuHwaJ4mIIxExtoZyR5vS8899erSRaTmt6B1/TbXDlN6GzJ9VP4l4tn78K9GIf2TFJGLSPD9ZaJufnBqOcunkVNoKTnbcyW+/u/tGt/p7xv/lj62bvHL2qwt/PPBMevz3NrX/yOdvl+MfTSKSxnztQkR1YG113P3+w1q54yfa31tv+9+TvFVL5/3rvZnFxRunIvYkr7Uvn17eNs/n66fxT5zo3P8PZtukn8S/IyJtxP+JiP9GDOT7fiwijkdEh9Aavnn5/+90e6/P9v+nSeOf6/j9l2TtoHb8l+fr+0zk5adLBq4cu/90rPPEfRb/gdWP/5laaiJb0vn7L1nxFdHvnm7ARwgAAAB/eYWo/e1/YbKRLhQmJ+vXgA7F3kL5+sLi/yLi2lz9HoHRKBYuzZdL+QW50Sgm+fXP0ab8dEv+dHbd+KOBkVp+cvZ6eW6rg4ddbl+tzydt/T/10xqv8wLb0A66Dw1Yo179//C9TdoRYNP5/Yfdq6n/d3uyRcVfysDO5Pcfdq9O/f92fLbqvQu+M2D7q+rLsKut3v97P28T2L4G481Gunbbc8e7bYGdqPvvvzMD2MF63yQ/tOZ7/5cT1aHObw1HhycGDK+rip6JkQ51bUkiHVltYIHFiOhv5ZH1VJEPAbs/4aGwtgKHov2tgVhtq6TzcxwiotJ1q/RT6bk/lw/32/hLN5Kn9Qdl9ggwfybKRjebz5f7abHPw90l8Vu/zc/5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKP8HgAA//87jdA6") epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000740)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x183b41, 0x51) write$FUSE_CREATE_OPEN(r0, &(0x7f000000f000)={0xa0, 0xffffffffffffffda, 0x0, {{0x0, 0x1, 0x100000000, 0x4, 0x7, 0x1, {0x5, 0x8, 0xe, 0x6, 0x388ec985, 0x2, 0x43, 0x8, 0x0, 0x8000, 0x1, 0x0, 0x0, 0x7, 0x9}}, {0x0, 0x1}}}, 0xa0) 2m12.619474086s ago: executing program 6 (id=540): ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa2bb1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) 2m11.097517253s ago: executing program 6 (id=544): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x3, 0x2, 0x40}, {0x9}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000280)=@xdp={0x2c, 0x7, r8, 0x2c}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)="7cb17231cc0ee9da6f", 0x9}], 0x1}, 0x4) 2m10.461573899s ago: executing program 34 (id=544): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x3, 0x2, 0x40}, {0x9}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000280)=@xdp={0x2c, 0x7, r8, 0x2c}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)="7cb17231cc0ee9da6f", 0x9}], 0x1}, 0x4) 1m17.181227311s ago: executing program 7 (id=696): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xe808, 0x40000009, 0xfffffffd, 0x83, "00000000000000000000ffff00"}) r1 = syz_open_pts(r0, 0x40080) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000100)={0x3, 0x8, 0x2, 0x9, 0x9, "02861b6d81890c69a521ea37b3bbc8cd771365"}) 1m17.181122141s ago: executing program 7 (id=697): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001280), r1) sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000010}, 0x20048010) 1m16.570812968s ago: executing program 7 (id=698): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x85}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000004180)='/proc/mdstat\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000006200)={0x2020}, 0x2020) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x141000, 0x0) sched_getattr(r2, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x40078, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) 1m15.205853372s ago: executing program 7 (id=701): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x3, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==") socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000440)=0x91) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) mlockall(0x2) shmget$private(0x0, 0x1000, 0x0, &(0x7f00008f0000/0x1000)=nil) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_LOCK(0x0, 0xb) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x700c) mremap(&(0x7f0000ff1000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) 1m12.58881067s ago: executing program 7 (id=705): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xfc) fchdir(0xffffffffffffffff) 1m3.829454855s ago: executing program 7 (id=724): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x290, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x8000001}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) 48.180246512s ago: executing program 35 (id=724): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x290, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x8000001}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) 20.097623203s ago: executing program 5 (id=829): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) statx(0xffffffffffffff9c, 0x0, 0x100, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x401, 0xfffffffc, 0x81, {0x0, 0x0, 0x0, 0x0, 0x1503}}, 0x20}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r4 = fsopen(&(0x7f0000000280)='ext4\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) 17.64039062s ago: executing program 2 (id=835): syz_open_dev$loop(&(0x7f0000000040), 0x1bd, 0x101000) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0xd, '\x00', 0x0, r0, 0x4, 0x5, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{}, &(0x7f00000007c0), 0x0}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f00000008c0)=@o_path={&(0x7f0000000880)='./file1\x00', 0x0, 0x0, r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(r3) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') 16.070359207s ago: executing program 2 (id=836): syz_open_dev$loop(&(0x7f0000000040), 0x1bd, 0x101000) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0xd, '\x00', 0x0, r0, 0x4, 0x5, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{}, &(0x7f00000007c0), 0x0}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f00000008c0)=@o_path={&(0x7f0000000880)='./file1\x00', 0x0, 0x0, r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(r3) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r4, r4) setpgid(0x0, r4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104) 15.670340701s ago: executing program 5 (id=838): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x3, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==") socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000440)=0x91) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) mlockall(0x2) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x700c) mremap(&(0x7f0000ff1000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) 13.229435097s ago: executing program 5 (id=845): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r4], 0x1c}}, 0x4008054) write$nci(r1, &(0x7f0000000140)=ANY=[@ANYRES16=r0, @ANYRES8=r2], 0x14) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) 12.431731066s ago: executing program 5 (id=847): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) statx(0xffffffffffffff9c, 0x0, 0x100, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x401, 0xfffffffc, 0x81, {0x0, 0x0, 0x0, 0x0, 0x1503}}, 0x20}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) r4 = fsopen(&(0x7f0000000280)='ext4\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) 11.608837455s ago: executing program 1 (id=849): capset(&(0x7f0000000240)={0x20080522}, &(0x7f0000000400)={0x0, 0x0, 0x2, 0x8000, 0x2}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x14, 0x24, 0x9, 0x2, 0x25dfdbff, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 11.360276867s ago: executing program 2 (id=851): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) r0 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001800010000000001fddbdf251d01020008000a00", @ANYRES32=r1, @ANYBLOB='\b\x00\t\x00', @ANYRES32=r2, @ANYBLOB="1500040003000000000300743405a8b9e859abc00100000008000e0013"], 0x44}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 11.14160341s ago: executing program 1 (id=852): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xfc) fchdir(0xffffffffffffffff) 10.988511441s ago: executing program 2 (id=853): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$packet(0x11, 0xa, 0x300) socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) accept(r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900", @ANYRES64=r1], 0x7) 9.869516333s ago: executing program 1 (id=855): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x3, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==") socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000440)=0x91) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) mlockall(0x2) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x700c) mremap(&(0x7f0000ff1000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) 9.865953214s ago: executing program 8 (id=856): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r6, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv', 0x2) shutdown(r6, 0x1) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r5) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000400000000000eb130000001800018014000200"], 0x2c}}, 0x0) ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000000c00)) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x32) 8.704086186s ago: executing program 8 (id=859): unshare(0x6a040000) socket$nl_audit(0x10, 0x3, 0x9) r0 = socket(0x10, 0x80002, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e", 0x24}], 0x1}, 0x4080) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd2a, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) 6.648291598s ago: executing program 8 (id=862): syz_open_dev$loop(&(0x7f0000000040), 0x1bd, 0x101000) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0xd, '\x00', 0x0, r0, 0x4, 0x5, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{}, &(0x7f00000007c0), 0x0}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f00000008c0)=@o_path={&(0x7f0000000880)='./file1\x00', 0x0, 0x0, r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(r3) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r4, r4) setpgid(0x0, r4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104) 6.647103178s ago: executing program 1 (id=863): r0 = syz_open_dev$usbfs(&(0x7f0000000400), 0x205, 0x2581) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x15, 0x0, 0x0, 0x8000}, 0xffffffffffffffbc, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 6.623767488s ago: executing program 2 (id=864): syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$evdev(0x0, 0x1, 0x1) ioctl$EVIOCSMASK(r4, 0x40104593, &(0x7f0000000140)={0x12, 0x8, &(0x7f00000000c0)="94d8f63489914533"}) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f00000000c0)=0x7) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1842, 0x267) fcntl$getflags(r6, 0x401) 5.461157901s ago: executing program 8 (id=865): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xfc) fchdir(0xffffffffffffffff) 4.749552778s ago: executing program 3 (id=866): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 4.65060735s ago: executing program 1 (id=867): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c3, 0x6, 0x801, 0x0, 0x8, 'syz1\x00'}) 4.63389322s ago: executing program 2 (id=868): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mounts\x00') r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)}}], 0x1, 0x20080058) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0) pread64(r0, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) 4.53998938s ago: executing program 3 (id=869): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0xb, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 4.209281454s ago: executing program 3 (id=870): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = socket$kcm(0x11, 0x3, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003180)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x70bd2b, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0xffffffff, 0xc54, 0x6, 0x2ce01893, 0x5}, 0x1, 0xef}, [{0xffff, 0x5, 0x7, 0x21da, 0x5}, {0xfff, 0x7fffffff, 0x1, 0x4dd, 0x1, 0x7fffffff}, {0x35, 0x8000, 0x800, 0x1, 0x9, 0x6}, {0x7, 0xffffff80, 0x2, 0xad, 0x8, 0x1}, {0x4, 0x101, 0x4, 0x9, 0x8, 0x8}, {0x3, 0xffff, 0x4cb, 0x8, 0x80000000, 0x1000}, {0x7, 0x96, 0x0, 0x9, 0x7}, {0x9, 0xfc5, 0x1, 0x9c95, 0x2f3, 0x3ff}, {0x7fff, 0x9, 0x2, 0x7, 0x1, 0xffffffff}, {0x730b, 0xffffc70c, 0x3, 0xc, 0x3, 0x53}, {0xbcef, 0x1, 0xfffffffa, 0x401, 0x6, 0xd}, {0x7, 0x7, 0x1, 0xc, 0xfffffffd, 0x10}, {0x8, 0x100, 0x2, 0xfffffffe, 0xe}, {0x0, 0x8, 0xb, 0x5, 0xfc, 0xd2}, {0x10, 0x10000, 0x10, 0x3, 0xfff, 0xfffff01d}, {0x2, 0x6998, 0x1, 0x2, 0xd, 0x4}, {0x7b60, 0x8, 0x0, 0xd0, 0x20000005, 0x6}, {0x5ff, 0x3, 0x5, 0x5, 0x9, 0x1000}, {0x8, 0xf374, 0x0, 0x4, 0x6}, {0x9, 0x40, 0x5, 0x4, 0xffff5bc5, 0x8001}, {0x729, 0x3, 0x80000001, 0x5, 0x29, 0x3ff}, {0x1164, 0x6, 0x8, 0x8, 0x0, 0x6}, {0x274216ec, 0xffff0bbd, 0x653, 0xfff, 0x51, 0x401}, {0x1, 0x9, 0x6, 0x49, 0x3, 0x9}, {0xe2, 0x9, 0x8, 0x4, 0xf, 0x93ee}, {0x3, 0x2, 0x7, 0x80000001, 0x2e, 0x80}, {0x0, 0x7f, 0x9, 0x6, 0xffffffff, 0x10001}, {0xfffffffc, 0x4, 0xfffffffd, 0x7f, 0x8, 0x7}, {0xffff0000, 0x10000, 0x1, 0x9, 0x5, 0xd87}, {0x4, 0x5, 0x5, 0x5, 0x3, 0x502b}, {0x7, 0x200, 0x3d, 0x100, 0xfb80, 0x8000}, {0x1, 0xdb52, 0xd, 0xfffffffd, 0x2, 0xfffffffc}, {0x8, 0x5, 0x9, 0xffffe628, 0x6, 0xff}, {0x5, 0x8, 0x10, 0x7fffffff, 0xfffffffd, 0x7fff}, {0xffffffff, 0x7, 0x81, 0xfff, 0x9, 0xc}, {0x200000, 0x9, 0x0, 0xb6b1, 0x0, 0xde1e}, {0x4, 0x227f, 0x4, 0x3, 0xfffffffe, 0xe1d}, {0x9, 0x1e1a, 0x0, 0xe3, 0x400, 0x2}, {0x2, 0x0, 0xfffff8f1, 0x80000000, 0x6e, 0x32a3}, {0x99, 0x8000, 0x80000001, 0x3, 0x9, 0x3}, {0x7c, 0x4000000, 0x400, 0x3, 0x1, 0x2}, {0x1, 0x3, 0x6, 0x3, 0x8, 0x7fffffff}, {0x4, 0x9fb, 0x72d, 0x45, 0x7fffffff, 0x2}, {0x4, 0x1ff, 0x481, 0xd2, 0x0, 0x401}, {0x8001, 0x2, 0x80000000, 0xfffffffc, 0x1, 0xb}, {0x8, 0x6, 0x400, 0x2, 0xad1, 0x80000000}, {0x7f, 0x0, 0x94, 0x0, 0x2, 0x7ff}, {0x4, 0x9, 0x5, 0xe6, 0x8000, 0xc719}, {0x1, 0x1, 0x5, 0x80000001, 0x492, 0x7f}, {0xfffffff8, 0x5, 0x4, 0x15a, 0xc, 0x10000}, {0x10, 0xffffffb0, 0x2, 0x40, 0x7ffe, 0x2}, {0x6, 0x9, 0xab4, 0xa3, 0x1, 0x9}, {0x6, 0x6, 0x5, 0x6, 0x6, 0xd46}, {0x9, 0x0, 0x1de1, 0x6, 0x8, 0x2}, {0x0, 0x9, 0x8, 0x1, 0x7, 0x3}, {0xfffff929, 0x5, 0x400, 0x5, 0x1, 0x101}, {0x0, 0x8, 0x7fffffff, 0x5, 0x0, 0x4}, {0x3, 0x7, 0x7, 0x1, 0x5, 0x6}, {0x40, 0x40, 0x8001, 0x9, 0xfffffff7, 0x9f28}, {0x5, 0x40, 0x7, 0x5, 0x4, 0x9}, {0x3, 0x2, 0x2, 0x9, 0x0, 0x3ff}, {0x6, 0x70244f44, 0x3, 0x91b, 0x6, 0x400}, {0x1, 0x95, 0x9, 0x1, 0x80, 0x6}, {0x1ff, 0x3, 0x1, 0x2f4c, 0x5, 0x9}, {0xc, 0xb, 0x7, 0x5, 0x9, 0x8}, {0x5, 0x7ff, 0x3, 0x80000001, 0x5, 0x6}, {0x341369b0, 0x0, 0x7, 0xfffffffd, 0x3, 0xffff}, {0xffff49eb, 0x9, 0x786, 0x797, 0x0, 0xfffffffa}, {0x8, 0xfffffffb, 0x8, 0x8, 0x4, 0x5}, {0x81, 0x86e6, 0x8001, 0xffffffff, 0x8220, 0xfffffff8}, {0xc, 0x10000, 0x8, 0x5, 0x6, 0x8}, {0xc82d, 0x8, 0x2, 0x2, 0x3, 0x7}, {0x5, 0x4, 0xe, 0x6, 0x68a3, 0x6}, {0x5, 0x10, 0x1, 0x6, 0x101, 0xffffac22}, {0xf, 0x5, 0x5, 0x6, 0x8001, 0x7000}, {0x1, 0x8, 0xc23, 0x0, 0x3, 0x8}, {0x6, 0x7ff, 0xd, 0x6, 0x1, 0x4}, {0x1, 0x2, 0xf78, 0xd2c, 0x3032, 0x2}, {0x1, 0x93, 0x0, 0x9, 0x9, 0x4}, {0xddf6, 0x0, 0x9, 0x5, 0x1, 0x90}, {0x7, 0x3, 0x8, 0x40, 0x2, 0x5}, {0x3c, 0x4, 0x8, 0x7, 0x7, 0x7}, {0x81, 0x5e25, 0x5, 0x8, 0x7, 0x6}, {0x4e4, 0xc, 0x7, 0x0, 0x9, 0xf}, {0x1, 0x2, 0x81, 0x1, 0xfffffffd, 0xfffffffa}, {0x5, 0x9, 0x10, 0x47a, 0x6, 0x8}, {0x0, 0x0, 0x6, 0x5, 0x8, 0x5}, {0x0, 0xfff, 0x2, 0x461, 0x40, 0x9}, {0x5, 0x10001, 0x1, 0xbd1, 0x7, 0x401}, {0x9, 0x6, 0xb, 0x1, 0x9, 0x4}, {0x8, 0xfff, 0x342, 0xfffffffc, 0xfffffe99, 0x8}, {0x8, 0xbe, 0x3, 0x10, 0x7, 0xb71}, {0x0, 0xcdeb, 0x0, 0x0, 0x4, 0x5}, {0x7, 0xe, 0xffffffff, 0x0, 0x3, 0x6}, {0x9587, 0x0, 0xc8, 0x4, 0xd1c, 0x80fd}, {0x8, 0x5, 0x1000, 0x3, 0x9, 0x800}, {0x2, 0x0, 0x100, 0x7f, 0x6, 0x8000}, {0x9, 0x7, 0x4, 0x7, 0x3, 0x4d}, {0x4e8, 0xfffffff8, 0x4, 0x68, 0x0, 0x9}, {0x3, 0x200, 0x2, 0x6, 0x1, 0x7}, {0x5, 0x5, 0x2, 0x0, 0x3ff, 0x6}, {0x9, 0x5, 0x1, 0xa3, 0x2, 0x1}, {0x6, 0xc, 0x40, 0x4, 0x6, 0x4}, {0xffffeae3, 0x7fffffff, 0x5, 0xb, 0x9, 0xffffff3a}, {0x17, 0xdf6b, 0x5, 0x8, 0x0, 0x9}, {0x3, 0x8, 0x2, 0x1, 0x8}, {0x434, 0x3, 0x3, 0x8, 0x8, 0x4}, {0x56, 0x7fa, 0x2, 0x0, 0x35, 0x4a93}, {0x4, 0x80000001, 0x0, 0x9, 0x3, 0x6}, {0x7fff, 0x9, 0x7, 0x5, 0x4, 0x7}, {0x9f9c, 0x3, 0x2, 0x400, 0x0, 0xafcc}, {0x9, 0x96a, 0x6, 0x2, 0xcc0, 0x8001}, {0x1, 0x0, 0x7fffffff, 0x40, 0x8, 0xfffffffa}, {0x8, 0x101, 0xfffffff9, 0x6, 0x6, 0x20}, {0x4, 0xcff7, 0x1, 0xcc45, 0x7ff, 0x4}, {0x7, 0xfffff7e9, 0x7f, 0x1000000, 0x4, 0x7}, {0x6, 0x1ff, 0x7, 0x401, 0x8, 0x7fff}, {0x10001, 0x3, 0x0, 0x8, 0x7, 0x7fff}, {0x0, 0x4, 0xfc, 0xa, 0x1, 0x9}, {0xd0b7, 0x10000, 0x682, 0x1, 0xfffffff9, 0x1}, {0x8, 0x9, 0x1, 0xd0b, 0x4, 0x7d}, {0x1, 0x0, 0x1b, 0x42d9, 0xfffffff8, 0x4}, {0xe705, 0x1, 0x2, 0x6, 0x7, 0x1}, {0xb, 0x2e, 0x5, 0x400, 0x7ca, 0x76f}, {0x7ff, 0x8, 0xf, 0x40, 0x7, 0x5}, {0x7, 0x3, 0x31, 0x7a0, 0x9e1, 0x71}, {0x5c6a, 0xc61, 0x0, 0x7, 0xff, 0x2dbc}, {0x2, 0x296f, 0x7, 0x3, 0x3e, 0x80000000}], [{0x1, 0x1}, {0x2, 0x3}, {0x1, 0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x3}, {0x1, 0x1}, {0x5}, {0x5}, {0x4}, {0x2, 0x1}, {0x2}, {0x1, 0x1}, {0x6}, {0x2}, {0x5}, {0x2}, {0x2}, {}, {0x1, 0x1}, {0x3}, {0x6, 0x1}, {0x2, 0x1}, {0x2}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x85163d5fe3ac104d}, {0x4, 0x1}, {}, {0x3}, {0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x2}, {0x2, 0x1}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x4}, {0x2}, {0x4}, {0x4}, {0x1, 0x1}, {0x2}, {0x1}, {0x2, 0x3}, {0x1, 0x1}, {0x2}, {}, {0x4}, {0x2, 0x1}, {0x1}, {0x1, 0x1}, {0x3, 0xaa2617e63e6b2c06}, {0x54b97b5be5f139cf}, {0x5}, {0x1}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x2}, {}, {0x3}, {0x2, 0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x3}, {}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x5}, {0x3}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x2}, {}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x4}, {0x1, 0x1}, {0x3, 0x2}, {}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0xe757a13a503b88de, 0x1}, {0x1, 0x1}, {0x1}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x3}, {0x4}, {0x4, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x1, 0x1}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r4, 0xc}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 4.201167024s ago: executing program 1 (id=871): socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x7, 0x6, 0x301, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000040) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) close_range(r5, 0xffffffffffffffff, 0x0) 3.830389018s ago: executing program 8 (id=872): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10) 3.733701589s ago: executing program 5 (id=873): prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capget(0x0, &(0x7f0000001100)={0x9, 0x3, 0xb61, 0x7, 0x3, 0xe2}) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x14, r4, 0x211}, 0x14}}, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@my=0x1}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000e40), 0x4000, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@access_uid}, {@version_9p2000}]}}) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) setuid(0xee00) 3.719618679s ago: executing program 3 (id=874): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x3, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==") socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000440)=0x91) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) mlockall(0x2) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x700c) mremap(&(0x7f0000ff1000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) 229.363407ms ago: executing program 8 (id=875): syz_open_dev$loop(&(0x7f0000000040), 0x1bd, 0x101000) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0xd, '\x00', 0x0, r0, 0x4, 0x5, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{}, &(0x7f00000007c0), 0x0}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f00000008c0)=@o_path={&(0x7f0000000880)='./file1\x00', 0x0, 0x0, r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(r3) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r4, r4) setpgid(0x0, r4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104) 229.122117ms ago: executing program 5 (id=876): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2) lseek(r0, 0x289e0cb5, 0x0) 228.928257ms ago: executing program 3 (id=877): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x2a, 0x107, 0xfffffffc, 0x25dfdbff, {0x3, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4000890}, 0xc000) 0s ago: executing program 3 (id=878): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000051c0)={0x1, 0x1000}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0x9, 0x4) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000004a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)=""/22, 0x16}], 0x1}, 0x10001}, {{0x0, 0x0, 0x0}}], 0x2, 0x20, 0x0) kernel console output (not intermixed with test programs): x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 111.435711][ T5018] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noquota,errors=remount-ro,grpquota,. Quota mode: writeback. [ 111.590274][ T5024] loop0: detected capacity change from 0 to 512 [ 111.625480][ T5028] loop1: detected capacity change from 0 to 128 [ 111.657297][ T5027] loop3: detected capacity change from 0 to 2048 [ 111.697146][ T5024] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 111.889983][ T5024] EXT4-fs (loop0): orphan cleanup on readonly fs [ 111.920819][ T5024] Quota error (device loop0): v2_read_file_info: Free block number too big (0 >= 0). [ 112.022570][ T5027] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 112.033594][ T5024] EXT4-fs warning (device loop0): ext4_enable_quotas:6488: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 112.069176][ T5027] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.149539][ T5024] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 112.294974][ T5024] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.224: bg 0: block 40: padding at end of block bitmap is not set [ 112.433782][ T5024] EXT4-fs (loop0): Remounting filesystem read-only [ 113.076309][ T5024] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 113.198555][ T5024] EXT4-fs (loop0): Remounting filesystem read-only [ 113.249844][ T5024] EXT4-fs (loop0): 1 truncate cleaned up [ 113.255547][ T5024] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x00000000000000ad,errors=remount-ro,journal_dev=0x0000000000000000,noinit_itable,. Quota mode: writeback. [ 113.412813][ T5062] loop4: detected capacity change from 0 to 512 [ 113.598558][ T5062] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 113.598661][ T5062] ext4 filesystem being mounted at /56/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.672570][ T5076] loop3: detected capacity change from 0 to 1024 [ 113.807609][ T5076] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 113.856943][ T5084] loop1: detected capacity change from 0 to 512 [ 113.863910][ T5078] loop2: detected capacity change from 0 to 1024 [ 113.906842][ T5076] EXT4-fs warning (device loop3): ext4_rmdir:3243: inode #11: comm syz.3.238: empty directory 'file1' has too many links (111) [ 113.927749][ T5078] EXT4-fs (loop2): Ignoring removed orlov option [ 113.936593][ T5078] EXT4-fs (loop2): Ignoring removed bh option [ 113.937452][ T5086] EXT4-fs (loop4): Ignoring removed bh option [ 113.966904][ T5086] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 113.985901][ T5078] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,orlov,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 114.062328][ T5084] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 114.089435][ T5086] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.240: corrupted in-inode xattr [ 114.107994][ T5086] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.240: couldn't read orphan inode 15 (err -117) [ 114.147768][ T5084] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.177715][ T5086] EXT4-fs (loop4): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 115.234286][ T5113] tmpfs: Bad value for 'mpol' [ 116.074774][ T5122] set_capacity_and_notify: 1 callbacks suppressed [ 116.074790][ T5122] loop1: detected capacity change from 0 to 1024 [ 116.202144][ T5122] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 116.221105][ T5122] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 116.300551][ T5122] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 116.362482][ T5122] System zones: 0-1, 3-36 [ 116.391964][ T5122] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 116.445210][ T5132] netlink: 76 bytes leftover after parsing attributes in process `syz.4.258'. [ 116.528422][ T5132] device syzkaller0 entered promiscuous mode [ 117.096172][ T5143] loop3: detected capacity change from 0 to 512 [ 117.153004][ T5142] loop4: detected capacity change from 0 to 1024 [ 117.205109][ T5143] EXT4-fs (loop3): Ignoring removed bh option [ 117.305453][ T5142] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 117.314043][ T5142] EXT4-fs (loop4): inline encryption not supported [ 117.314777][ T5143] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 117.364715][ T5143] EXT4-fs error (device loop3): ext4_iget_extra_inode:4573: inode #15: comm syz.3.261: corrupted in-inode xattr [ 117.435268][ T5142] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 2: comm syz.4.260: lblock 2 mapped to illegal pblock 2 (length 1) [ 117.444962][ T5143] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.261: couldn't read orphan inode 15 (err -117) [ 117.462223][ T5143] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 117.619077][ T5142] EXT4-fs (loop4): Remounting filesystem read-only [ 117.635910][ T5142] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 117.679891][ T5142] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 48: comm syz.4.260: lblock 0 mapped to illegal pblock 48 (length 1) [ 117.732778][ T5142] EXT4-fs (loop4): Remounting filesystem read-only [ 117.740502][ T5142] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 117.751208][ T5142] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.260: Failed to acquire dquot type 0 [ 117.882806][ T5142] EXT4-fs (loop4): Remounting filesystem read-only [ 117.909563][ T26] audit: type=1326 audit(1778139538.286:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.010088][ T5142] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 118.068359][ T26] audit: type=1326 audit(1778139538.366:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.106048][ T5142] EXT4-fs (loop4): Remounting filesystem read-only [ 118.129140][ T5142] EXT4-fs error (device loop4): ext4_evict_inode:284: inode #11: comm syz.4.260: mark_inode_dirty error [ 118.207311][ T5142] EXT4-fs (loop4): Remounting filesystem read-only [ 118.238793][ T26] audit: type=1326 audit(1778139538.366:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.268736][ T5142] EXT4-fs warning (device loop4): ext4_evict_inode:287: couldn't mark inode dirty (err -117) [ 118.292589][ T26] audit: type=1326 audit(1778139538.366:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.316913][ T26] audit: type=1326 audit(1778139538.386:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.340770][ C1] vkms_vblank_simulate: vblank timer overrun [ 118.348247][ T26] audit: type=1326 audit(1778139538.416:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.372197][ C1] vkms_vblank_simulate: vblank timer overrun [ 118.378715][ T26] audit: type=1326 audit(1778139538.416:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.383597][ T5142] EXT4-fs (loop4): 1 orphan inode deleted [ 118.402734][ T26] audit: type=1326 audit(1778139538.416:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5151 comm="syz.0.264" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc097342dd9 code=0x7ffc0000 [ 118.468811][ T5164] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'. [ 118.480878][ T5142] EXT4-fs (loop4): mounted filesystem without journal. Opts: abort,noblock_validity,auto_da_alloc,errors=remount-ro,mblk_io_submit,inlinecrypt,. Quota mode: none. [ 118.529394][ T4438] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 118.593842][ T4438] EXT4-fs (loop4): Remounting filesystem read-only [ 118.639646][ T5164] device bond0 entered promiscuous mode [ 118.647501][ T4438] EXT4-fs error (device loop4): ext4_release_dquot:6272: comm kworker/u4:10: Failed to release dquot type 0 [ 118.673039][ T5164] device bond_slave_0 entered promiscuous mode [ 118.691040][ T5142] EXT4-fs (loop4): shut down requested (1) [ 118.702822][ T5164] device bond_slave_1 entered promiscuous mode [ 118.713954][ T4438] EXT4-fs (loop4): Remounting filesystem read-only [ 118.722229][ T5164] device team0 entered promiscuous mode [ 118.727812][ T5164] device team_slave_0 entered promiscuous mode [ 118.736992][ T5164] device team_slave_1 entered promiscuous mode [ 118.777738][ T5164] device hsr1 entered promiscuous mode [ 118.795105][ T5164] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 118.825181][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 119.564253][ T5174] netlink: 76 bytes leftover after parsing attributes in process `syz.4.272'. [ 119.634574][ T5174] device syzkaller0 entered promiscuous mode [ 119.639421][ T5177] loop0: detected capacity change from 0 to 1024 [ 119.809240][ T5177] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 119.899448][ T5177] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 119.926156][ T5177] EXT4-fs (loop0): orphan cleanup on readonly fs [ 119.946969][ T5177] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.273: Inode bitmap for bg 0 marked uninitialized [ 119.977870][ T5189] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 120.401914][ T5177] EXT4-fs (loop0): Remounting filesystem read-only [ 120.598589][ T5177] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000080,errors=remount-ro,inode_readahead_blks=0x0000000000800000,lazytime,. Quota mode: writeback. [ 120.684646][ T5193] loop2: detected capacity change from 0 to 512 [ 120.701694][ T5197] loop3: detected capacity change from 0 to 512 [ 120.830768][ T5193] EXT4-fs (loop2): Ignoring removed bh option [ 120.845419][ T5193] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 121.041044][ T5197] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 121.049700][ T5197] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 121.126550][ T5205] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 16: comm syz.0.273: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 121.675191][ T5206] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 16: comm syz.0.273: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 121.826451][ T5197] EXT4-fs (loop3): orphan cleanup on readonly fs [ 121.833680][ T5193] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.278: corrupted in-inode xattr [ 121.869885][ T5197] EXT4-fs error (device loop3): ext4_orphan_get:1406: inode #13: comm syz.3.281: iget: bad i_size value: 12154761577498 [ 121.926149][ T5193] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.278: couldn't read orphan inode 15 (err -117) [ 121.980378][ T5197] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.281: couldn't read orphan inode 13 (err -117) [ 122.011359][ T5193] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 122.134368][ T5197] EXT4-fs (loop3): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 123.639804][ T5237] netlink: 76 bytes leftover after parsing attributes in process `syz.4.290'. [ 123.686559][ T5237] device syzkaller0 entered promiscuous mode [ 124.075702][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 124.075719][ T26] audit: type=1326 audit(1778139544.486:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.123249][ T5257] loop1: detected capacity change from 0 to 512 [ 124.182444][ T5257] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 124.210156][ T26] audit: type=1326 audit(1778139544.526:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.240235][ T26] audit: type=1326 audit(1778139544.526:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f2ad272022c code=0x7ffc0000 [ 124.266842][ T26] audit: type=1326 audit(1778139544.526:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f2ad272028e code=0x7ffc0000 [ 124.292359][ T26] audit: type=1326 audit(1778139544.526:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2ad2763a6b code=0x7ffc0000 [ 124.298652][ T5261] loop2: detected capacity change from 0 to 512 [ 124.316563][ T26] audit: type=1326 audit(1778139544.526:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.337846][ T5257] EXT4-fs (loop1): 1 orphan inode deleted [ 124.370487][ T5257] EXT4-fs (loop1): 1 truncate cleaned up [ 124.376202][ T5257] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback. [ 124.397980][ T26] audit: type=1326 audit(1778139544.526:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.422152][ T26] audit: type=1326 audit(1778139544.546:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.457844][ T5257] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 255: comm syz.1.301: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 124.485510][ T5261] EXT4-fs (loop2): Ignoring removed bh option [ 124.496166][ T5257] EXT4-fs (loop1): Remounting filesystem read-only [ 124.513943][ T26] audit: type=1326 audit(1778139544.546:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5253 comm="syz.4.299" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 124.548897][ T5261] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 124.622068][ T5261] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.302: corrupted in-inode xattr [ 124.662307][ T5261] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.302: couldn't read orphan inode 15 (err -117) [ 124.698284][ T5261] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 124.960948][ T5279] netlink: 76 bytes leftover after parsing attributes in process `syz.1.309'. [ 124.998575][ T5288] loop0: detected capacity change from 0 to 512 [ 125.111375][ T5279] device syzkaller0 entered promiscuous mode [ 126.295816][ C0] Unknown status report in ack skb [ 126.316481][ T5301] input: syz1 as /devices/virtual/input/input6 [ 126.548160][ T5288] EXT4-fs (loop0): 1 truncate cleaned up [ 126.592821][ T5288] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none. [ 127.537931][ T5317] loop3: detected capacity change from 0 to 1024 [ 128.633819][ T5327] loop1: detected capacity change from 0 to 512 [ 128.674168][ T5317] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 128.692895][ T5327] EXT4-fs (loop1): Ignoring removed bh option [ 128.730154][ T5333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.326'. [ 128.745104][ T5327] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 128.766345][ T5317] EXT4-fs warning (device loop3): ext4_rmdir:3243: inode #11: comm syz.3.322: empty directory 'file1' has too many links (111) [ 128.792687][ T5327] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.327: corrupted in-inode xattr [ 128.882321][ T5327] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.327: couldn't read orphan inode 15 (err -117) [ 128.926805][ T5327] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 129.029297][ T5342] loop2: detected capacity change from 0 to 512 [ 129.156155][ T5344] binder: 5343:5344 unknown command 1074553619 [ 129.166460][ T5342] EXT4-fs (loop2): Ignoring removed bh option [ 129.183158][ T5344] binder: 5343:5344 ioctl c0306201 2000000001c0 returned -22 [ 129.191526][ T5342] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 129.250409][ T5342] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.329: corrupted in-inode xattr [ 129.320546][ T5353] loop0: detected capacity change from 0 to 512 [ 129.329432][ T5342] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.329: couldn't read orphan inode 15 (err -117) [ 129.424076][ T5342] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 129.612166][ T5360] loop4: detected capacity change from 0 to 512 [ 129.635957][ T5353] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 129.702099][ T5353] ext4 filesystem being mounted at /62/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.915792][ T5360] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 130.010570][ T5360] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 130.188762][ T5360] EXT4-fs (loop4): orphan cleanup on readonly fs [ 130.249526][ T5360] EXT4-fs error (device loop4): ext4_orphan_get:1406: inode #13: comm syz.4.334: iget: bad i_size value: 12154761577498 [ 130.335747][ T5360] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.334: couldn't read orphan inode 13 (err -117) [ 130.415140][ T5360] EXT4-fs (loop4): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 130.524020][ T5360] EXT4-fs warning (device loop4): dx_probe:893: inode #2: comm syz.4.334: dx entry: limit 65535 != root limit 120 [ 130.551671][ T5360] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.334: Corrupt directory, running e2fsck is recommended [ 130.586127][ T5383] loop3: detected capacity change from 0 to 128 [ 130.678397][ T5386] netlink: 32 bytes leftover after parsing attributes in process `syz.1.344'. [ 130.729230][ T5390] loop2: detected capacity change from 0 to 512 [ 130.785252][ T26] audit: type=1326 audit(1778139551.196:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5391 comm="syz.1.348" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74315ccdd9 code=0x0 [ 130.802357][ T5390] EXT4-fs (loop2): Ignoring removed bh option [ 130.821334][ T5383] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.849351][ T5390] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 130.874415][ T5383] ext4 filesystem being mounted at /77/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.889266][ T5390] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.346: corrupted in-inode xattr [ 130.927188][ T5397] cgroup: Setting release_agent not allowed [ 130.953250][ T5390] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.346: couldn't read orphan inode 15 (err -117) [ 130.982623][ T5383] syz.3.342 (pid 5383) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 131.028167][ T5390] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 131.313983][ T5407] loop0: detected capacity change from 0 to 1024 [ 131.398437][ T5410] Set syz1 is full, maxelem 65536 reached [ 131.421135][ T5407] EXT4-fs (loop0): Ignoring removed bh option [ 131.488517][ T5407] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,jqfmt=vfsv1,abort,debug_want_extra_isize=0x0000000000000008,lazytime,errors=remount-ro,stripe=0x0000000000000007,bh,auto_da_alloc,. Quota mode: none. [ 131.812842][ T5421] netlink: 76 bytes leftover after parsing attributes in process `syz.2.355'. [ 131.872162][ T5424] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 131.889898][ T5407] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #12: block 7: comm syz.0.353: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 131.924717][ T26] audit: type=1326 audit(1778139552.336:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.4.359" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 131.972089][ T5407] EXT4-fs (loop0): Remounting filesystem read-only [ 131.984574][ T5430] loop1: detected capacity change from 0 to 512 [ 132.029032][ T26] audit: type=1326 audit(1778139552.376:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.4.359" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 132.047995][ T5432] loop3: detected capacity change from 0 to 512 [ 132.093776][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 132.135680][ T26] audit: type=1326 audit(1778139552.376:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.4.359" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 132.185688][ T5435] loop4: detected capacity change from 0 to 1024 [ 132.189330][ T5432] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 132.222215][ T26] audit: type=1326 audit(1778139552.376:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.4.359" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2763dd9 code=0x7ffc0000 [ 132.231096][ T5430] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 132.278323][ T26] audit: type=1326 audit(1778139552.546:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5433 comm="syz.2.363" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4018d9dd9 code=0x7ffc0000 [ 132.279010][ T5432] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 132.303238][ T26] audit: type=1326 audit(1778139552.546:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5433 comm="syz.2.363" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4018d9dd9 code=0x7ffc0000 [ 132.313268][ T5430] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.336124][ T26] audit: type=1326 audit(1778139552.546:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5433 comm="syz.2.363" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fa4018d9dd9 code=0x7ffc0000 [ 132.370884][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 132.379311][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 132.418953][ T26] audit: type=1326 audit(1778139552.546:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5433 comm="syz.2.363" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4018d9dd9 code=0x7ffc0000 [ 132.423871][ T5440] loop2: detected capacity change from 0 to 512 [ 132.449089][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 132.475752][ T4189] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 132.479976][ T5435] EXT4-fs (loop4): inline encryption not supported [ 132.528724][ T5432] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.361: Invalid block bitmap block 0 in block_group 0 [ 132.531966][ T26] audit: type=1326 audit(1778139552.546:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5433 comm="syz.2.363" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4018d9dd9 code=0x7ffc0000 [ 132.568211][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 132.575021][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 132.605884][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 132.639151][ T5435] EXT4-fs (loop4): Ignoring removed bh option [ 132.646146][ T5432] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 132.694362][ T5432] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.361: attempt to clear invalid blocks 983261 len 1 [ 132.717111][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 132.731524][ T5440] EXT4-fs (loop2): Ignoring removed bh option [ 132.758045][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 132.761075][ T5435] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,noauto_da_alloc,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,inlinecrypt,stripe=0x0000000000000005,bh,init_itable,noquota,,errors=continue. Quota mode: none. [ 132.789631][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.813809][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.819874][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 132.826906][ T5432] EXT4-fs error (device loop3): __ext4_get_inode_loc:4334: comm syz.3.361: Invalid inode table block 0 in block_group 0 [ 132.829124][ T5440] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 132.856654][ T4189] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 132.895973][ T5440] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.365: corrupted in-inode xattr [ 132.956016][ T5432] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 132.981354][ T5432] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 132.990354][ T5440] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.365: couldn't read orphan inode 15 (err -117) [ 133.002761][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 133.025927][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.029886][ T5432] EXT4-fs error (device loop3): __ext4_get_inode_loc:4334: comm syz.3.361: Invalid inode table block 0 in block_group 0 [ 133.040630][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 133.061782][ T5440] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 133.107660][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 133.129755][ T4189] EXT4-fs error (device loop0): ext4_read_inline_dir:1618: inode #12: block 7: comm syz-executor: path /67/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 133.257287][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 133.266776][ T5432] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 133.296478][ T4189] EXT4-fs error (device loop0): empty_inline_dir:1873: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 133.336427][ T5432] EXT4-fs error (device loop3): ext4_truncate:4286: inode #11: comm syz.3.361: mark_inode_dirty error [ 133.348534][ T5432] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 133.384744][ T5432] EXT4-fs error (device loop3): __ext4_get_inode_loc:4334: comm syz.3.361: Invalid inode table block 0 in block_group 0 [ 133.392165][ T5455] loop4: detected capacity change from 0 to 8 [ 133.409430][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 133.415987][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.442387][ T5432] EXT4-fs (loop3): 1 truncate cleaned up [ 133.462936][ T5432] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,resuid=0x0000000000000000,journal_dev=0x0000000000000002,noblock_validity,,errors=continue. Quota mode: none. [ 133.486518][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.606221][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.673587][ T5432] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.361: Invalid inode bitmap blk 0 in block_group 0 [ 133.705751][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.740470][ T5459] netlink: 76 bytes leftover after parsing attributes in process `syz.1.373'. [ 133.775961][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.921134][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 133.968607][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 134.072860][ T4189] EXT4-fs warning (device loop0): empty_inline_dir:1880: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 135.803815][ T5488] loop4: detected capacity change from 0 to 512 [ 135.861520][ T5483] loop2: detected capacity change from 0 to 4096 [ 135.948074][ T5494] binder: 5493:5494 ioctl 40046205 0 returned -22 [ 135.976909][ T5483] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 136.029925][ T5483] EXT4-fs (loop2): Test dummy encryption mode enabled [ 136.037209][ T5488] EXT4-fs error (device loop4): ext4_orphan_get:1406: inode #15: comm syz.4.380: iget: bad i_size value: 38620345925642 [ 136.051984][ T5488] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.380: couldn't read orphan inode 15 (err -117) [ 136.095663][ T5488] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,delalloc,acl,journal_dev=0x0000000000000011,usrjquota=,bsdgroups,,errors=continue. Quota mode: writeback. [ 136.244137][ T5483] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 136.365642][ T5502] 9pnet: Insufficient options for proto=fd [ 137.159983][ T5498] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 137.805015][ T5514] loop1: detected capacity change from 0 to 512 [ 137.909172][ T5514] EXT4-fs (loop1): Ignoring removed bh option [ 137.939117][ T5514] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 137.939864][ T5516] netlink: 76 bytes leftover after parsing attributes in process `syz.2.386'. [ 138.009729][ T5514] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.389: corrupted in-inode xattr [ 138.055637][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.064545][ T5521] loop3: detected capacity change from 0 to 4096 [ 138.101975][ T5521] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 138.124782][ T5514] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.389: couldn't read orphan inode 15 (err -117) [ 138.210839][ T5514] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 138.248855][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.337110][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.499424][ T5536] xt_CT: You must specify a L4 protocol and not use inversions on it [ 139.531241][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.576849][ T5538] netlink: 'syz.2.396': attribute type 4 has an invalid length. [ 139.630515][ T5542] netlink: 'syz.2.396': attribute type 4 has an invalid length. [ 139.724087][ T5544] netlink: 16 bytes leftover after parsing attributes in process `syz.3.397'. [ 139.811201][ T5550] loop1: detected capacity change from 0 to 256 [ 140.021592][ T5525] chnl_net:caif_netlink_parms(): no params data found [ 140.107492][ T5559] loop1: detected capacity change from 0 to 512 [ 140.149103][ T5559] EXT4-fs (loop1): Ignoring removed bh option [ 140.174556][ T155] tipc: Left network mode [ 140.233482][ T5559] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 140.329601][ T5569] loop2: detected capacity change from 0 to 512 [ 140.454150][ T5569] EXT4-fs (loop2): Ignoring removed bh option [ 140.460699][ T5559] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.404: corrupted in-inode xattr [ 140.484659][ T5525] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.507771][ T5569] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 140.567736][ T5559] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.404: couldn't read orphan inode 15 (err -117) [ 140.597198][ T5525] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.832728][ T5525] device bridge_slave_0 entered promiscuous mode [ 140.930751][ T5569] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.408: corrupted in-inode xattr [ 140.966105][ T5559] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 141.140095][ T5525] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.157993][ T5569] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.408: couldn't read orphan inode 15 (err -117) [ 141.209095][ T5525] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.225836][ T4234] Bluetooth: hci2: command 0x0409 tx timeout [ 141.320897][ T5525] device bridge_slave_1 entered promiscuous mode [ 141.347809][ T5583] loop3: detected capacity change from 0 to 128 [ 141.414799][ T5569] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 141.473681][ T5583] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 141.565669][ T5583] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 141.774450][ T5580] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 141.969449][ T5525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.997053][ T5525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.015670][ T5582] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 142.048399][ T5525] team0: Port device team_slave_0 added [ 142.060514][ T5525] team0: Port device team_slave_1 added [ 142.223815][ T5525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.231444][ T5525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.258463][ T5525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.314803][ T5599] netlink: 56 bytes leftover after parsing attributes in process `syz.3.412'. [ 142.341412][ T5525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.348432][ T5525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.386505][ T5525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.386747][ T5602] loop1: detected capacity change from 0 to 512 [ 142.495943][ T5602] EXT4-fs (loop1): orphan cleanup on readonly fs [ 142.533244][ T5610] loop2: detected capacity change from 0 to 256 [ 142.540524][ T5602] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #4: comm syz.1.414: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 142.543018][ T5525] device hsr_slave_0 entered promiscuous mode [ 142.566571][ T5602] EXT4-fs error (device loop1): ext4_quota_enable:6447: comm syz.1.414: Bad quota inode: 4, type: 1 [ 142.585848][ T5525] device hsr_slave_1 entered promiscuous mode [ 142.607628][ T5602] EXT4-fs warning (device loop1): ext4_enable_quotas:6488: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 142.623465][ T5525] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.632230][ T5602] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 142.638952][ T5602] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 142.649886][ T5525] Cannot create hsr debugfs directory [ 142.853008][ T5620] loop2: detected capacity change from 0 to 512 [ 142.924949][ T5620] EXT4-fs (loop2): Ignoring removed nobh option [ 142.992612][ T5623] netlink: 76 bytes leftover after parsing attributes in process `syz.1.420'. [ 143.003477][ T5620] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 143.036460][ T5620] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.419: invalid indirect mapped block 256 (level 1) [ 143.049613][ T5587] chnl_net:caif_netlink_parms(): no params data found [ 143.065683][ T5620] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.419: invalid indirect mapped block 2683928664 (level 1) [ 143.153596][ T5620] EXT4-fs (loop2): 1 truncate cleaned up [ 143.160287][ T5620] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,dioread_lock,nobh,nodioread_nolock,discard,usrjquota=.noacl,nodiscard,jqfmt=vfsv0,auto_da_alloc,,,errors=continue. Quota mode: writeback. [ 143.309232][ T1344] Bluetooth: hci2: command 0x041b tx timeout [ 143.731375][ T4999] Bluetooth: hci4: command 0x0409 tx timeout [ 144.139402][ T26] audit: type=1800 audit(1778139564.516:56): pid=5620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.419" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 144.288954][ T5525] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 144.556786][ T5587] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.616500][ T5587] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.659333][ T5587] device bridge_slave_0 entered promiscuous mode [ 144.772571][ T5654] netlink: 'syz.3.426': attribute type 1 has an invalid length. [ 145.016762][ T155] device hsr_slave_0 left promiscuous mode [ 145.062568][ T155] device hsr_slave_1 left promiscuous mode [ 145.912525][ T4200] Bluetooth: hci4: command 0x041b tx timeout [ 145.919358][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.926846][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.934464][ T4200] Bluetooth: hci2: command 0x040f tx timeout [ 145.955516][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.975081][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.987822][ T155] device bridge_slave_1 left promiscuous mode [ 146.005421][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.042481][ T155] device bridge_slave_0 left promiscuous mode [ 146.055444][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.080715][ T155] device veth1_macvtap left promiscuous mode [ 146.087138][ T155] device veth0_macvtap left promiscuous mode [ 146.216374][ T155] team0 (unregistering): Port device team_slave_1 removed [ 146.228772][ T155] team0 (unregistering): Port device team_slave_0 removed [ 146.242244][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.260966][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.322644][ T155] bond0 (unregistering): Released all slaves [ 146.383421][ T5525] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 146.393270][ T5587] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.401310][ T5587] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.409216][ T5587] device bridge_slave_1 entered promiscuous mode [ 146.435268][ T5587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.444917][ T5666] tipc: Started in network mode [ 146.450327][ T5666] tipc: Node identity f26616536cb7, cluster identity 4711 [ 146.458306][ T5666] tipc: Enabled bearer , priority 0 [ 146.537713][ T5525] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 146.558520][ T5525] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 146.631620][ T5587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.706139][ T5666] tipc: Disabling bearer [ 146.710944][ T5677] loop2: detected capacity change from 0 to 512 [ 146.889039][ T5677] EXT4-fs (loop2): Ignoring removed bh option [ 146.955525][ T5677] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 147.205424][ T5587] team0: Port device team_slave_0 added [ 147.403364][ T5677] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.432: corrupted in-inode xattr [ 147.423295][ T5587] team0: Port device team_slave_1 added [ 147.457007][ T5677] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.432: couldn't read orphan inode 15 (err -117) [ 147.485478][ T5677] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 147.544277][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.582174][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.740739][ T5587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.755359][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.762659][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.923872][ T5587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.959184][ T4200] Bluetooth: hci2: command 0x0419 tx timeout [ 147.969378][ T4200] Bluetooth: hci4: command 0x040f tx timeout [ 148.040964][ T5525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.157619][ T5525] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.238444][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.258622][ T5703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.437'. [ 148.270578][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.312274][ T5704] loop1: detected capacity change from 0 to 512 [ 148.350149][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.371620][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.390550][ T5580] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.397695][ T5580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.405421][ T5704] EXT4-fs (loop1): Ignoring removed bh option [ 148.427434][ T5704] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 148.556355][ T5704] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.438: corrupted in-inode xattr [ 148.580304][ T5525] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 148.601614][ T5525] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 148.612906][ T5704] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.438: couldn't read orphan inode 15 (err -117) [ 148.625150][ T5704] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 148.656845][ T5587] device hsr_slave_0 entered promiscuous mode [ 149.459609][ T5587] device hsr_slave_1 entered promiscuous mode [ 149.476209][ T5587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.498756][ T5722] loop2: detected capacity change from 0 to 1024 [ 149.505418][ T5587] Cannot create hsr debugfs directory [ 149.598367][ T5722] EXT4-fs (loop2): Ignoring removed nobh option [ 149.634984][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 149.642724][ T5722] EXT4-fs (loop2): Ignoring removed orlov option [ 149.669751][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.688751][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.724942][ T5734] loop1: detected capacity change from 0 to 512 [ 149.726476][ T5580] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.738378][ T5580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.753485][ T5722] EXT4-fs (loop2): mounted filesystem without journal. Opts: resgid=0x0000000000000000,bsddf,grpquota,nobh,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 149.759236][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 149.788476][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 149.803150][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 149.810561][ T5734] EXT4-fs (loop1): Ignoring removed bh option [ 149.812157][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.825841][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.835031][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.843817][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.852266][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.852603][ T5734] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 149.861178][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.877061][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.885420][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.895383][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.955439][ T5734] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.447: corrupted in-inode xattr [ 150.033032][ T5734] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.447: couldn't read orphan inode 15 (err -117) [ 150.039345][ T23] Bluetooth: hci4: command 0x0419 tx timeout [ 150.067261][ T5734] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 150.505053][ T5587] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 150.656554][ T5587] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 150.732276][ T5587] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 150.802766][ T5587] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 150.859855][ T5752] loop2: detected capacity change from 0 to 512 [ 150.940468][ T5752] EXT4-fs (loop2): Ignoring removed bh option [ 150.967012][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 150.977203][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 151.027824][ T5752] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 151.052364][ T5525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.090166][ T5752] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.449: corrupted in-inode xattr [ 151.091881][ T5756] netlink: 76 bytes leftover after parsing attributes in process `syz.1.450'. [ 151.149545][ T5752] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.449: couldn't read orphan inode 15 (err -117) [ 151.172679][ T5752] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 151.676118][ T5775] IPVS: Unknown mcast interface: pimreg0 [ 151.776814][ T5587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.892239][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.901791][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.406516][ T5587] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.855889][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.884641][ T5787] loop1: detected capacity change from 0 to 128 [ 152.906788][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.966425][ T4502] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.973595][ T4502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.988744][ T5787] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.013040][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.028332][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.035371][ T5787] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 153.038880][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.056484][ T4502] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.063610][ T4502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.072534][ T5789] netlink: 8 bytes leftover after parsing attributes in process `syz.2.454'. [ 153.101926][ T5789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.454'. [ 153.133193][ T5789] netlink: 'syz.2.454': attribute type 19 has an invalid length. [ 153.222923][ T5789] netlink: 'syz.2.454': attribute type 20 has an invalid length. [ 153.349572][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.359968][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.368772][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.383219][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.392993][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.402220][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 154.157754][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 154.170812][ T5805] loop2: detected capacity change from 0 to 512 [ 154.218466][ T5787] lo speed is unknown, defaulting to 1000 [ 154.232917][ T5587] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 154.252440][ T5587] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.283402][ T5805] EXT4-fs (loop2): Ignoring removed bh option [ 154.317148][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 154.336703][ T5805] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 154.342322][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.363423][ T5805] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.459: corrupted in-inode xattr [ 154.383935][ T5805] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.459: couldn't read orphan inode 15 (err -117) [ 154.391419][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.397991][ T5805] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 154.447904][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.488475][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 154.544146][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.565095][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.598873][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.628286][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 154.647159][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 154.656209][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.664123][ T5809] netlink: 76 bytes leftover after parsing attributes in process `syz.3.460'. [ 154.739438][ T5787] lo speed is unknown, defaulting to 1000 [ 154.747459][ T5787] lo speed is unknown, defaulting to 1000 [ 154.757706][ T5787] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 154.763531][ T5525] device veth0_vlan entered promiscuous mode [ 154.770159][ T5787] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 154.821684][ T5787] lo speed is unknown, defaulting to 1000 [ 154.829469][ T5787] lo speed is unknown, defaulting to 1000 [ 154.836222][ T5787] lo speed is unknown, defaulting to 1000 [ 154.837079][ T5525] device veth1_vlan entered promiscuous mode [ 154.874223][ T5787] lo speed is unknown, defaulting to 1000 [ 154.881468][ T5787] lo speed is unknown, defaulting to 1000 [ 154.889364][ T5787] lo speed is unknown, defaulting to 1000 [ 155.070074][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 155.078204][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 155.117185][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 155.128625][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 155.140624][ T5525] device veth0_macvtap entered promiscuous mode [ 155.170543][ T5825] netlink: 'syz.1.463': attribute type 1 has an invalid length. [ 155.236363][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 155.237526][ T5833] loop2: detected capacity change from 0 to 512 [ 155.246277][ T5525] device veth1_macvtap entered promiscuous mode [ 155.387540][ T5830] 8021q: adding VLAN 0 to HW filter on device bond2 [ 155.455595][ T5830] bond1: (slave bond2): making interface the new active one [ 155.469619][ T5833] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.476326][ T5830] bond1: (slave bond2): Enslaving as an active interface with an up link [ 155.564828][ T5825] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 155.626176][ T5587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.648001][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 155.665870][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 155.706117][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.789004][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.819874][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.885164][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.906495][ T5858] loop2: detected capacity change from 0 to 512 [ 155.909072][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.936358][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.977102][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.997976][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.023287][ T5525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.058318][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 156.092602][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 156.105393][ T5858] EXT4-fs (loop2): Ignoring removed bh option [ 156.134921][ T5866] loop1: detected capacity change from 0 to 512 [ 156.141455][ T5858] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 156.165297][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.195855][ T5866] EXT4-fs (loop1): Ignoring removed bh option [ 156.206490][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.206853][ T5858] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.468: corrupted in-inode xattr [ 156.263311][ T5858] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.468: couldn't read orphan inode 15 (err -117) [ 156.289233][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.317779][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.331929][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.350172][ T5858] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 156.388416][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.398568][ T5525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.439282][ T5525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.471039][ T5525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.489254][ T5525] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.498156][ T5525] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.525433][ T5525] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.557217][ T5525] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.607837][ T5866] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 156.618719][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 156.648664][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.756565][ T5866] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.470: corrupted in-inode xattr [ 156.781737][ T5866] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.470: couldn't read orphan inode 15 (err -117) [ 156.820290][ T5873] loop2: detected capacity change from 0 to 8 [ 156.867126][ T5866] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 156.939940][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 156.948870][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.109231][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 157.117584][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.178105][ T5587] device veth0_vlan entered promiscuous mode [ 157.205227][ T5587] device veth1_vlan entered promiscuous mode [ 157.305510][ T5587] device veth0_macvtap entered promiscuous mode [ 157.365627][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.378347][ T4438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.396313][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.424662][ T4438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.607926][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.253578][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.263711][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.273551][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.282699][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 158.343660][ T5878] device syzkaller0 entered promiscuous mode [ 158.437396][ T5587] device veth1_macvtap entered promiscuous mode [ 158.710326][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.759336][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.803397][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.845185][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.885894][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.913576][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.923630][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.934146][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.948075][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.974048][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.995731][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.109689][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 159.128222][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 159.162940][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.175964][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 159.209563][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.239612][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.276541][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.318361][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.343095][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.363888][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.393930][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.412194][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.422805][ T5587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.433438][ T5587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.444670][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.454881][ T4260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.465309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.484306][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 159.505923][ T5587] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.535625][ T5587] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.615706][ T5587] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.632643][ T4260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.690898][ T5587] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.775031][ T155] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.857877][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 160.059936][ T155] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.239200][ T4233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.250969][ T4233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.345695][ T155] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.419967][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 160.682159][ T155] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.748643][ T5942] fuse: Bad value for 'fd' [ 160.770236][ T5939] loop5: detected capacity change from 0 to 8192 [ 161.138076][ T4260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.164722][ T4260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.274462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 161.295926][ T5952] loop1: detected capacity change from 0 to 512 [ 161.393103][ T5952] EXT4-fs (loop1): Ignoring removed bh option [ 161.401117][ T5952] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 161.479666][ T5952] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.491: corrupted in-inode xattr [ 161.509723][ T5952] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.491: couldn't read orphan inode 15 (err -117) [ 161.625957][ T5952] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 162.123099][ T5990] netlink: 76 bytes leftover after parsing attributes in process `syz.2.497'. [ 162.143796][ T5993] loop1: detected capacity change from 0 to 256 [ 163.275470][ T6001] loop5: detected capacity change from 0 to 512 [ 163.292073][ T6002] fuse: Bad value for 'fd' [ 163.321553][ T6001] EXT4-fs (loop5): Ignoring removed nobh option [ 163.350332][ T6001] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 163.470490][ T6001] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.503: invalid indirect mapped block 256 (level 1) [ 163.516153][ T6001] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.503: invalid indirect mapped block 2683928664 (level 1) [ 163.578497][ T6001] EXT4-fs (loop5): 1 truncate cleaned up [ 163.602822][ T6001] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,dioread_lock,nobh,nodioread_nolock,discard,usrjquota=.noacl,nodiscard,jqfmt=vfsv0,auto_da_alloc,,,errors=continue. Quota mode: writeback. [ 165.060924][ T6035] loop2: detected capacity change from 0 to 512 [ 165.124074][ T26] audit: type=1800 audit(1778139585.536:57): pid=6001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.503" name="file0" dev="loop5" ino=13 res=0 errno=0 [ 165.411699][ T6035] EXT4-fs (loop2): Ignoring removed bh option [ 165.593006][ T155] device hsr_slave_0 left promiscuous mode [ 165.602983][ T6035] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 165.716814][ T6056] 9pnet: Insufficient options for proto=fd [ 165.747581][ T155] device hsr_slave_1 left promiscuous mode [ 166.099319][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.461423][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.515266][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.633419][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.706711][ T6035] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.510: corrupted in-inode xattr [ 166.778481][ T155] device bridge_slave_1 left promiscuous mode [ 166.841894][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.953126][ T6035] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.510: couldn't read orphan inode 15 (err -117) [ 167.178662][ T6035] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 167.205179][ T155] device bridge_slave_0 left promiscuous mode [ 167.212588][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.286328][ T155] device veth1_macvtap left promiscuous mode [ 167.311212][ T155] device veth0_macvtap left promiscuous mode [ 167.333372][ T155] device veth1_vlan left promiscuous mode [ 167.361081][ T155] device veth0_vlan left promiscuous mode [ 167.907645][ T155] team0 (unregistering): Port device team_slave_1 removed [ 167.927485][ T155] team0 (unregistering): Port device team_slave_0 removed [ 168.000088][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.071395][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.216027][ T155] bond0 (unregistering): Released all slaves [ 168.719200][ T6075] netlink: 76 bytes leftover after parsing attributes in process `syz.5.519'. [ 168.816542][ T6082] netlink: 25 bytes leftover after parsing attributes in process `syz.3.520'. [ 169.272450][ T6099] lo speed is unknown, defaulting to 1000 [ 169.374318][ T6104] netlink: 100 bytes leftover after parsing attributes in process `syz.2.524'. [ 169.502637][ T6111] loop1: detected capacity change from 0 to 256 [ 169.589066][ T6110] device syzkaller0 entered promiscuous mode [ 169.904671][ T6127] loop5: detected capacity change from 0 to 512 [ 170.020200][ T6127] EXT4-fs (loop5): Ignoring removed bh option [ 170.051513][ T6127] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 170.075024][ T6135] loop6: detected capacity change from 0 to 512 [ 170.075955][ T6136] loop1: detected capacity change from 0 to 512 [ 170.139215][ T6127] EXT4-fs error (device loop5): ext4_iget_extra_inode:4573: inode #15: comm syz.5.534: corrupted in-inode xattr [ 170.192468][ T6136] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 170.218004][ T6135] EXT4-fs error (device loop6): ext4_orphan_get:1406: inode #15: comm syz.6.536: iget: bad i_size value: 38620345925642 [ 170.263027][ T6127] EXT4-fs error (device loop5): ext4_orphan_get:1411: comm syz.5.534: couldn't read orphan inode 15 (err -117) [ 170.279224][ T6136] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 170.290862][ T6151] loop2: detected capacity change from 0 to 256 [ 170.301605][ T6152] netlink: 76 bytes leftover after parsing attributes in process `syz.3.538'. [ 170.321135][ T6135] EXT4-fs error (device loop6): ext4_orphan_get:1411: comm syz.6.536: couldn't read orphan inode 15 (err -117) [ 170.341287][ T6136] EXT4-fs (loop1): orphan cleanup on readonly fs [ 170.349842][ T6127] EXT4-fs (loop5): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 170.368559][ T6136] EXT4-fs error (device loop1): ext4_orphan_get:1406: inode #13: comm syz.1.535: iget: bad i_size value: 12154761577498 [ 170.409707][ T6135] EXT4-fs (loop6): mounted filesystem without journal. Opts: quota,delalloc,acl,journal_dev=0x0000000000000011,usrjquota=,bsdgroups,,errors=continue. Quota mode: writeback. [ 170.465809][ T6136] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.535: couldn't read orphan inode 13 (err -117) [ 170.536161][ T6135] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm syz.6.536: bg 0: block 5: invalid block bitmap [ 170.552974][ T6136] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 170.589214][ T6135] EXT4-fs (loop6): Delayed block allocation failed for inode 22 at logical offset 0 with max blocks 1 with error 28 [ 170.617195][ T6135] EXT4-fs (loop6): This should not happen!! Data will be lost [ 170.617195][ T6135] [ 170.661870][ T6135] EXT4-fs (loop6): Total free blocks count 0 [ 170.667923][ T6135] EXT4-fs (loop6): Free/Dirty block details [ 170.724749][ T6135] EXT4-fs (loop6): free_blocks=0 [ 170.739117][ T6135] EXT4-fs (loop6): dirty_blocks=1 [ 170.776837][ T6135] EXT4-fs (loop6): Block reservation details [ 170.784286][ T6135] EXT4-fs (loop6): i_reserved_data_blocks=1 [ 173.203732][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060a17000: rx timeout, send abort [ 173.322818][ T6194] netlink: 12 bytes leftover after parsing attributes in process `syz.3.547'. [ 173.459884][ T6198] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 173.704460][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060a16400: rx timeout, send abort [ 174.065056][ T6192] lo speed is unknown, defaulting to 1000 [ 174.132221][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060a17000: abort rx timeout. Force session deactivation [ 174.181412][ T6204] netlink: 76 bytes leftover after parsing attributes in process `syz.3.551'. [ 174.213525][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060a16400: abort rx timeout. Force session deactivation [ 174.362887][ T6211] loop2: detected capacity change from 0 to 512 [ 174.517097][ T6214] loop5: detected capacity change from 0 to 2048 [ 174.631953][ T6192] chnl_net:caif_netlink_parms(): no params data found [ 174.722642][ T6211] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.549: missing EA_INODE flag [ 174.803721][ T6228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.556'. [ 174.808269][ T6214] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 174.829331][ T6214] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.833210][ T6211] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.549: error while reading EA inode 12 err=-117 [ 174.862538][ T6228] device bond0 entered promiscuous mode [ 174.944351][ T6228] device bond_slave_0 entered promiscuous mode [ 174.976932][ T6228] device bond_slave_1 entered promiscuous mode [ 175.047973][ T6211] EXT4-fs (loop2): 1 orphan inode deleted [ 175.062703][ T6211] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,nogrpid,,errors=continue. Quota mode: writeback. [ 175.098408][ T6228] device team0 entered promiscuous mode [ 175.120073][ T6228] device team_slave_0 entered promiscuous mode [ 175.133070][ T6228] device team_slave_1 entered promiscuous mode [ 175.218918][ T6228] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 175.234802][ T6228] Cannot create hsr debugfs directory [ 175.287931][ T6228] device hsr1 entered promiscuous mode [ 175.320079][ T6228] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 175.344288][ T6246] loop5: detected capacity change from 0 to 512 [ 175.377783][ T6246] EXT4-fs (loop5): Ignoring removed bh option [ 175.392488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 175.400350][ T6246] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 175.432560][ T6246] EXT4-fs error (device loop5): ext4_iget_extra_inode:4573: inode #15: comm syz.5.557: corrupted in-inode xattr [ 175.470575][ T6246] EXT4-fs error (device loop5): ext4_orphan_get:1411: comm syz.5.557: couldn't read orphan inode 15 (err -117) [ 175.480988][ T21] Bluetooth: hci4: command 0x0409 tx timeout [ 175.500294][ T6192] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.556380][ T6192] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.568724][ T6192] device bridge_slave_0 entered promiscuous mode [ 175.569053][ T6246] EXT4-fs (loop5): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 175.581718][ T6192] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.631493][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.650011][ T6192] device bridge_slave_1 entered promiscuous mode [ 175.845234][ T6192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.735497][ T6192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.945929][ T6192] team0: Port device team_slave_0 added [ 177.000306][ T6192] team0: Port device team_slave_1 added [ 177.054735][ T6192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.079232][ T6192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.586835][ T4236] Bluetooth: hci4: command 0x041b tx timeout [ 177.605082][ T6192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.618265][ T6192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.625268][ T6192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.671741][ T6192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.849599][ C0] Unknown status report in ack skb [ 177.944649][ T6274] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 178.762830][ T6192] device hsr_slave_0 entered promiscuous mode [ 178.781889][ T6192] device hsr_slave_1 entered promiscuous mode [ 178.809717][ T6192] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 178.861505][ T6192] Cannot create hsr debugfs directory [ 179.639990][ T4235] Bluetooth: hci4: command 0x040f tx timeout [ 180.241972][ T6192] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 180.326629][ T6192] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 180.365726][ T6192] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 180.403005][ T6192] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 180.650268][ T155] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.758833][ T4235] Bluetooth: hci4: command 0x0419 tx timeout [ 181.770256][ T155] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.781829][ T6316] loop2: detected capacity change from 0 to 512 [ 181.810767][ T6318] loop1: detected capacity change from 0 to 2048 [ 181.834633][ T6316] EXT4-fs (loop2): Ignoring removed bh option [ 181.974778][ T6318] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 181.985545][ T6318] ext4 filesystem being mounted at /130/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 182.057665][ T6318] fs-verity: sha512 using implementation "sha512-avx2" [ 182.175284][ T6316] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 182.212917][ T6316] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.571: corrupted in-inode xattr [ 182.229331][ T6316] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.571: couldn't read orphan inode 15 (err -117) [ 182.303880][ T6316] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 182.315042][ T6336] autofs4:pid:6336:autofs_fill_super: called with bogus options [ 182.589624][ T155] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.811217][ T6192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.088327][ T155] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.537440][ T6192] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.567465][ T6352] loop1: detected capacity change from 0 to 512 [ 183.721291][ T6352] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 183.782332][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.799797][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.807853][ T6352] ext4 filesystem being mounted at /133/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.819678][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.049870][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.105023][ T4502] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.112187][ T4502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.200588][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.258892][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.295113][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.325001][ T4502] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.332162][ T4502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.340242][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.384469][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.397998][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.478294][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.522268][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.551998][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.714130][ T6192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 184.859007][ T6192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.925402][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.955299][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.005606][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.037289][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.080207][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.113495][ T6367] netlink: 76 bytes leftover after parsing attributes in process `syz.1.580'. [ 185.135373][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.964773][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.006462][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 186.017566][ T6391] autofs4:pid:6391:autofs_fill_super: called with bogus options [ 186.075428][ T6192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.235728][ T6399] loop5: detected capacity change from 0 to 4096 [ 186.376228][ T6399] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 186.409438][ T6399] EXT4-fs (loop5): Test dummy encryption mode enabled [ 186.496052][ T6399] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,discard,noblock_validity,discard,,errors=continue. Quota mode: writeback. [ 188.413194][ T6424] loop2: detected capacity change from 0 to 512 [ 188.531780][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.547423][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.629880][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 188.639943][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.703521][ T6424] EXT4-fs (loop2): Ignoring removed bh option [ 188.723039][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.731584][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 188.742626][ T6192] device veth0_vlan entered promiscuous mode [ 188.758303][ T6438] netlink: 76 bytes leftover after parsing attributes in process `syz.3.594'. [ 188.767595][ T6424] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 189.684608][ T6452] netlink: 76 bytes leftover after parsing attributes in process `syz.1.604'. [ 189.723381][ T6457] autofs4:pid:6457:autofs_fill_super: called with bogus options [ 189.747912][ T6192] device veth1_vlan entered promiscuous mode [ 189.759194][ T6424] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.592: corrupted in-inode xattr [ 189.780241][ T6424] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.592: couldn't read orphan inode 15 (err -117) [ 190.676024][ T6447] device syzkaller0 entered promiscuous mode [ 190.683994][ T6424] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 190.835141][ T6467] loop5: detected capacity change from 0 to 512 [ 191.081737][ T6192] device veth0_macvtap entered promiscuous mode [ 191.104426][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 191.130010][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 191.142794][ T6467] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 192.102029][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 192.171464][ T6467] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 192.187046][ T6192] device veth1_macvtap entered promiscuous mode [ 192.248307][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.339024][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.378933][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.397262][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.434490][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.469534][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.493766][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.518809][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.538247][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.556622][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.603841][ T6192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.624026][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.644230][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.681438][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.711301][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.723218][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.733758][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.743703][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.754233][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.768466][ T6192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.779109][ T6192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.795647][ T6192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.216154][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.222539][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.632511][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.674099][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.731153][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.749777][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.775121][ T6513] loop5: detected capacity change from 0 to 512 [ 194.849744][ T6192] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.858504][ T6192] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.882416][ T6192] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.899047][ T6192] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.930736][ T155] device hsr_slave_0 left promiscuous mode [ 194.939816][ T155] device hsr_slave_1 left promiscuous mode [ 194.981872][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.177829][ T6518] loop1: detected capacity change from 0 to 4096 [ 195.222077][ T6513] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 195.282577][ T6518] EXT4-fs (loop1): Ignoring removed bh option [ 195.400160][ T6518] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,bh,grpquota,stripe=0x0000000000000001,. Quota mode: writeback. [ 195.703998][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.732734][ T6513] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.387264][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.447329][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.603055][ T155] device bridge_slave_1 left promiscuous mode [ 197.688804][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.164454][ T155] device bridge_slave_0 left promiscuous mode [ 198.189214][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.252002][ T155] device veth1_macvtap left promiscuous mode [ 198.279218][ T155] device veth0_macvtap left promiscuous mode [ 198.285333][ T155] device veth1_vlan left promiscuous mode [ 198.348439][ T155] device veth0_vlan left promiscuous mode [ 198.765847][ T155] team0 (unregistering): Port device team_slave_1 removed [ 198.795734][ T155] team0 (unregistering): Port device team_slave_0 removed [ 198.822902][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.847501][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.019068][ T155] bond0 (unregistering): Released all slaves [ 199.311665][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 199.375429][ T6546] loop5: detected capacity change from 0 to 2048 [ 199.799852][ T4474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.913457][ T6546] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 200.163975][ T4474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.243912][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 200.318325][ T4474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.346522][ T4474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.388678][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 200.592739][ T6569] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 200.607991][ T6569] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 200.620347][ T6569] EXT4-fs (loop5): This should not happen!! Data will be lost [ 200.620347][ T6569] [ 200.630242][ T6569] EXT4-fs (loop5): Total free blocks count 0 [ 200.636374][ T6569] EXT4-fs (loop5): Free/Dirty block details [ 200.642415][ T6569] EXT4-fs (loop5): free_blocks=2415919504 [ 200.648259][ T6569] EXT4-fs (loop5): dirty_blocks=48 [ 200.654105][ T6569] EXT4-fs (loop5): Block reservation details [ 200.660356][ T6569] EXT4-fs (loop5): i_reserved_data_blocks=3 [ 201.312457][ T6575] loop1: detected capacity change from 0 to 512 [ 201.882889][ T6583] netlink: 8 bytes leftover after parsing attributes in process `syz.7.626'. [ 201.953459][ T6594] loop2: detected capacity change from 0 to 512 [ 201.957487][ T6575] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 202.031797][ T6575] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.069211][ T6594] EXT4-fs (loop2): Ignoring removed bh option [ 202.255250][ T6594] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 204.789442][ T6594] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.629: corrupted in-inode xattr [ 204.790470][ T6594] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.629: couldn't read orphan inode 15 (err -117) [ 204.791984][ T6594] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 204.930229][ T6626] overlayfs: failed to clone upperpath [ 204.993686][ T6628] loop7: detected capacity change from 0 to 512 [ 204.997151][ C0] vkms_vblank_simulate: vblank timer overrun [ 205.047857][ T6631] autofs4:pid:6631:autofs_fill_super: called with bogus options [ 205.109356][ T6628] EXT4-fs (loop7): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 205.172427][ T6628] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 205.432330][ T6628] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:476: comm syz.7.637: Invalid block bitmap block 0 in block_group 0 [ 206.255185][ T6628] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 206.295480][ T6628] EXT4-fs error (device loop7): ext4_clear_blocks:883: inode #11: comm syz.7.637: attempt to clear invalid blocks 983261 len 1 [ 206.381983][ T6649] loop2: detected capacity change from 0 to 8 [ 206.441748][ T6628] EXT4-fs error (device loop7): __ext4_get_inode_loc:4334: comm syz.7.637: Invalid inode table block 0 in block_group 0 [ 206.862090][ T6628] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 206.958704][ T6628] EXT4-fs error (device loop7) in ext4_orphan_del:303: Corrupt filesystem [ 207.118615][ T6649] unable to read inode lookup table [ 207.174893][ T6628] EXT4-fs error (device loop7): __ext4_get_inode_loc:4334: comm syz.7.637: Invalid inode table block 0 in block_group 0 [ 207.536408][ T6628] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 208.077953][ T6628] EXT4-fs error (device loop7): ext4_truncate:4286: inode #11: comm syz.7.637: mark_inode_dirty error [ 208.343735][ T6628] EXT4-fs error (device loop7) in ext4_process_orphan:345: Corrupt filesystem [ 208.583298][ T6628] EXT4-fs error (device loop7): __ext4_get_inode_loc:4334: comm syz.7.637: Invalid inode table block 0 in block_group 0 [ 208.768414][ T6628] EXT4-fs (loop7): 1 truncate cleaned up [ 208.840448][ T6628] EXT4-fs (loop7): mounted filesystem without journal. Opts: dioread_nolock,resuid=0x0000000000000000,journal_dev=0x0000000000000002,noblock_validity,,errors=continue. Quota mode: none. [ 211.815757][ T6702] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 213.297048][ T6725] loop5: detected capacity change from 0 to 512 [ 213.387336][ T6725] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: comm syz.5.662: inode #1: comm syz.5.662: iget: illegal inode # [ 213.666547][ T6725] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.662: error while reading EA inode 1 err=-117 [ 213.715429][ T6725] EXT4-fs (loop5): 1 orphan inode deleted [ 213.721668][ T6725] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 213.817983][ T6741] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 214.583871][ T6745] autofs4:pid:6745:autofs_fill_super: called with bogus options [ 215.955767][ T6767] loop1: detected capacity change from 0 to 512 [ 216.180685][ T6767] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 216.329169][ T6767] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.409652][ T6799] netlink: 12 bytes leftover after parsing attributes in process `syz.7.678'. [ 221.081689][ T6815] netlink: 468 bytes leftover after parsing attributes in process `syz.1.681'. [ 225.124953][ T6866] loop2: detected capacity change from 0 to 512 [ 225.922938][ T6866] EXT4-fs (loop2): Ignoring removed bh option [ 225.999714][ T6866] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 226.281282][ T6866] EXT4-fs error (device loop2): ext4_iget_extra_inode:4573: inode #15: comm syz.2.693: corrupted in-inode xattr [ 226.334224][ T6866] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.693: couldn't read orphan inode 15 (err -117) [ 226.593534][ T6866] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 227.032598][ T6894] loop1: detected capacity change from 0 to 512 [ 227.150551][ T6894] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 227.213487][ T6894] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.915894][ T6909] loop7: detected capacity change from 0 to 512 [ 229.174763][ T6909] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 229.502770][ T6909] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.249593][ T6947] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 238.210135][ T6996] loop1: detected capacity change from 0 to 512 [ 238.277524][ T7001] netlink: 76 bytes leftover after parsing attributes in process `syz.3.719'. [ 238.361579][ T7007] loop5: detected capacity change from 0 to 512 [ 238.406767][ T7007] EXT4-fs (loop5): Ignoring removed bh option [ 238.430120][ T7007] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 238.480882][ T6996] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 238.501174][ T7007] EXT4-fs error (device loop5): ext4_iget_extra_inode:4573: inode #15: comm syz.5.720: corrupted in-inode xattr [ 238.524064][ T6996] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.595403][ T7007] EXT4-fs error (device loop5): ext4_orphan_get:1411: comm syz.5.720: couldn't read orphan inode 15 (err -117) [ 238.681187][ T7007] EXT4-fs (loop5): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 242.229699][ T7057] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 245.239395][ T7082] netlink: 76 bytes leftover after parsing attributes in process `syz.2.732'. [ 245.969839][ T7075] loop1: detected capacity change from 0 to 512 [ 246.282012][ T7088] device syzkaller0 entered promiscuous mode [ 247.668289][ T7118] tipc: Started in network mode [ 247.697311][ T7118] tipc: Node identity ac141427, cluster identity 4711 [ 247.704305][ T7118] vxcan0: MTU too low for tipc bearer [ 248.529080][ T7118] tipc: Enabling of bearer rejected, failed to enable media [ 249.971447][ T7142] loop1: detected capacity change from 0 to 128 [ 250.012939][ T7142] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 250.059013][ T7142] overlayfs: missing 'lowerdir' [ 251.863885][ T7171] loop2: detected capacity change from 0 to 256 [ 255.639601][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.668019][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.995530][ T7230] device syzkaller0 entered promiscuous mode [ 256.463147][ T7235] lo speed is unknown, defaulting to 1000 [ 258.264463][ T7262] loop1: detected capacity change from 0 to 512 [ 258.278991][ T23] Bluetooth: hci5: command 0x0409 tx timeout [ 258.331963][ T7262] EXT4-fs (loop1): Ignoring removed bh option [ 258.375253][ T7235] chnl_net:caif_netlink_parms(): no params data found [ 258.406067][ T7262] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 258.620878][ T7235] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.628088][ T7235] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.641445][ T7235] device bridge_slave_0 entered promiscuous mode [ 258.910777][ T7262] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.768: corrupted in-inode xattr [ 258.937234][ T7235] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.083817][ T7235] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.204923][ T7262] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.768: couldn't read orphan inode 15 (err -117) [ 259.382526][ T7235] device bridge_slave_1 entered promiscuous mode [ 259.419443][ T7262] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none. [ 259.445267][ C1] vkms_vblank_simulate: vblank timer overrun [ 259.623219][ T7235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 259.683877][ T7235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.824082][ T7235] team0: Port device team_slave_0 added [ 259.857990][ T7235] team0: Port device team_slave_1 added [ 259.897901][ T7235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.928364][ T7235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.009584][ T7235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 260.055995][ T7235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 260.078102][ T7235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.156800][ T7235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.322025][ T7235] device hsr_slave_0 entered promiscuous mode [ 260.333976][ T7235] device hsr_slave_1 entered promiscuous mode [ 260.359133][ T6578] Bluetooth: hci5: command 0x041b tx timeout [ 260.369227][ T7235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.376853][ T7235] Cannot create hsr debugfs directory [ 260.583300][ T4260] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.724829][ T4260] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.746029][ T7296] loop5: detected capacity change from 0 to 8192 [ 260.838697][ T4260] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.024853][ T4260] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.127173][ T7307] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 261.384610][ T7307] FAT-fs (loop5): Filesystem has been set read-only [ 261.643127][ T7296] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 261.877875][ T7296] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 261.928272][ T7296] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 262.025362][ T7314] loop1: detected capacity change from 0 to 4096 [ 262.037732][ T7235] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 262.126336][ T7314] EXT4-fs (loop1): Test dummy encryption mode enabled [ 262.246312][ T5525] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 262.258242][ T7235] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 262.832951][ T1344] Bluetooth: hci2: command 0x0406 tx timeout [ 263.086686][ T7235] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 263.130658][ T7314] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 263.166011][ T7235] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 263.169829][ T6500] Bluetooth: hci5: command 0x040f tx timeout [ 264.619253][ T7235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.668297][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 264.687569][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 264.713721][ T7235] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.743920][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.776788][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.785353][ T4438] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.792465][ T4438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.823623][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.863927][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.886987][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.901421][ T4309] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.908571][ T4309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.107418][ T7354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.783'. [ 265.128359][ T7354] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 265.295963][ T4193] Bluetooth: hci5: command 0x0419 tx timeout [ 266.026157][ T7362] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 266.157801][ T4629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 266.182622][ T4629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 266.323304][ T7361] device syzkaller0 entered promiscuous mode [ 267.104169][ T7386] autofs4:pid:7386:autofs_fill_super: called with bogus options [ 268.829146][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 268.894200][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 268.924257][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 268.970585][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 269.001127][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 269.039456][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 269.048443][ T7395] loop1: detected capacity change from 0 to 4096 [ 269.063562][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 269.096299][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 269.105451][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 269.115093][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 269.150598][ T7400] loop2: detected capacity change from 0 to 512 [ 269.164970][ T7395] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 269.179499][ T7395] EXT4-fs (loop1): Test dummy encryption mode enabled [ 269.215175][ T7395] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,discard,noblock_validity,discard,,errors=continue. Quota mode: writeback. [ 269.467603][ T7415] loop5: detected capacity change from 0 to 512 [ 269.515631][ T7395] fscrypt (loop1): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 269.558342][ T7410] overlayfs: failed to resolve './bus': -2 [ 269.569736][ T7400] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 269.587317][ T7400] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 269.936264][ T7415] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 270.139066][ T7415] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.399589][ T7235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 271.922545][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 271.936297][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 273.734256][ T7483] netlink: 76 bytes leftover after parsing attributes in process `syz.1.807'. [ 274.793272][ T4260] device hsr_slave_0 left promiscuous mode [ 274.818996][ T4260] device hsr_slave_1 left promiscuous mode [ 274.825957][ T4260] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.849369][ T4260] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.859309][ T4260] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.866744][ T4260] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.914415][ T4260] device bridge_slave_1 left promiscuous mode [ 274.963328][ T4260] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.020328][ T4260] device bridge_slave_0 left promiscuous mode [ 275.029329][ T4260] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.070566][ T7511] loop5: detected capacity change from 0 to 512 [ 275.094255][ T4260] device veth1_macvtap left promiscuous mode [ 275.107005][ T7509] loop2: detected capacity change from 0 to 512 [ 275.132169][ T4260] device veth0_macvtap left promiscuous mode [ 275.290593][ T4260] device veth1_vlan left promiscuous mode [ 275.296442][ T4260] device veth0_vlan left promiscuous mode [ 275.361044][ T7511] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 275.393262][ T7511] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.525827][ T7509] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 275.756635][ T7509] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.750342][ T4260] team0 (unregistering): Port device team_slave_1 removed [ 277.774575][ T4260] team0 (unregistering): Port device team_slave_0 removed [ 277.785887][ T4260] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 278.105083][ T4260] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.193092][ T4260] bond0 (unregistering): Released all slaves [ 279.262151][ T7546] loop5: detected capacity change from 0 to 512 [ 279.367532][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 279.415442][ T7546] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 279.447449][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 279.449013][ T7546] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 279.510314][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 279.517913][ T7546] EXT4-fs (loop5): orphan cleanup on readonly fs [ 279.528206][ T7546] EXT4-fs error (device loop5): ext4_orphan_get:1406: inode #13: comm syz.5.816: iget: bad i_size value: 12154761577498 [ 279.549075][ T7546] EXT4-fs error (device loop5): ext4_orphan_get:1411: comm syz.5.816: couldn't read orphan inode 13 (err -117) [ 279.569361][ T7546] EXT4-fs (loop5): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 279.624599][ T7546] EXT4-fs warning (device loop5): dx_probe:893: inode #2: comm syz.5.816: dx entry: limit 65535 != root limit 120 [ 279.658570][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.760827][ T7546] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.816: Corrupt directory, running e2fsck is recommended [ 279.790829][ T7235] device veth0_vlan entered promiscuous mode [ 279.866824][ T7235] device veth1_vlan entered promiscuous mode [ 280.371661][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 280.389771][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 280.397664][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 280.407303][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 280.420177][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 280.667576][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 281.096159][ T7235] device veth0_macvtap entered promiscuous mode [ 281.203873][ T7235] device veth1_macvtap entered promiscuous mode [ 281.244550][ T7573] loop5: detected capacity change from 0 to 512 [ 281.272554][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.351771][ T7573] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 281.368997][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.416504][ T7573] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 281.429401][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.917509][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.109166][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.182114][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.391009][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.411598][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.437585][ T7235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.514631][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.597461][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.701580][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.808330][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.904130][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.017089][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.067504][ T7235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.098798][ T7235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.211006][ T7235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.218432][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 284.256750][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 284.320552][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 284.371484][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 284.445656][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 284.746783][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 285.694428][ T7235] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.711808][ T7235] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.728996][ T7235] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.737748][ T7235] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.643067][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.659027][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.745559][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 287.800981][ T4474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.808938][ T4474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.850113][ T7641] 9pnet: Insufficient options for proto=fd [ 287.861598][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 287.908819][ T7647] loop5: detected capacity change from 0 to 512 [ 289.349658][ T7647] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 289.361770][ T7647] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.601506][ T7669] netlink: 8 bytes leftover after parsing attributes in process `syz.3.841'. [ 290.123347][ T7677] loop8: detected capacity change from 0 to 512 [ 290.543336][ T7677] EXT4-fs (loop8): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 290.725475][ T7677] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.644667][ T7724] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input8 [ 293.671538][ T7734] loop1: detected capacity change from 0 to 512 [ 293.882722][ T7734] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 293.919333][ T7734] ext4 filesystem being mounted at /208/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.772213][ T7750] netlink: 76 bytes leftover after parsing attributes in process `syz.3.858'. [ 295.009405][ T7758] lo speed is unknown, defaulting to 1000 [ 297.207821][ T7782] autofs4:pid:7782:autofs_fill_super: called with bogus options [ 298.893306][ T7797] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input9 [ 299.430516][ T7813] netlink: 76 bytes leftover after parsing attributes in process `syz.3.870'. [ 300.149858][ T7833] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 303.394602][ T7843] ------------[ cut here ]------------ [ 303.456429][ T7843] WARNING: CPU: 0 PID: 7843 at include/linux/fs.h:532 hugetlb_split+0x237/0x2a0 [ 303.600992][ T7851] autofs4:pid:7851:autofs_fill_super: called with bogus options [ 303.735315][ T7843] Modules linked in: [ 303.943239][ T7843] CPU: 1 PID: 7843 Comm: syz.5.876 Not tainted syzkaller #0 [ 304.181238][ T7843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 304.241916][ T7843] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 304.311069][ T7843] Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 95 a8 bf ff 0f 0b e9 62 fe ff ff e8 89 a8 bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 c4 23 8a 8d 80 e1 07 80 c1 03 38 c1 [ 304.420328][ T7843] RSP: 0018:ffffc9000349f840 EFLAGS: 00010287 [ 304.436615][ T7843] RAX: ffffffff81b98c07 RBX: 0000200000400000 RCX: 0000000000080000 [ 304.457334][ T7843] RDX: ffffc900157f2000 RSI: 0000000000000098 RDI: 0000000000000099 [ 304.474150][ T7843] RBP: 0000000000000000 R08: ffff88802c20d4bf R09: 1ffff11005841a97 [ 304.488148][ T7843] R10: dffffc0000000000 R11: ffffed1005841a98 R12: ffff88805c1ce6d0 [ 304.499266][ T7843] R13: dffffc0000000000 R14: ffff88805c1ce630 R15: ffff8880776a4bc0 [ 304.514402][ T7843] FS: 00007f39a9ada6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 304.529950][ T7843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 304.537835][ T7843] CR2: 00007f2d05603eb8 CR3: 0000000072555000 CR4: 00000000003506e0 [ 304.554885][ T7843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 304.568411][ T7843] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 304.582411][ T7843] Call Trace: [ 304.588699][ T7843] [ 304.599376][ T7843] __vma_adjust+0x2b6/0x1c10 [ 304.605260][ T7843] ? rcu_lock_acquire+0x30/0x30 [ 304.617952][ T7843] ? memset+0x1e/0x40 [ 304.626792][ T7843] __split_vma+0x34b/0x410 [ 304.645035][ T7843] do_madvise+0x2090/0x2c90 [ 304.660941][ T7843] ? get_nr_vmemmap_pages_cb+0x40/0x40 [ 304.674341][ T7843] ? verify_lock_unused+0x140/0x140 [ 304.695256][ T7843] ? __lock_acquire+0x7d10/0x7d10 [ 304.704759][ T7843] ? do_futex+0xdb2/0x12b0 [ 304.711009][ T7843] ? up_write+0x1bb/0x420 [ 304.716689][ T7843] ? __context_tracking_exit+0x4c/0x80 [ 304.723512][ T7843] ? __lock_acquire+0x7d10/0x7d10 [ 304.733144][ T7843] ? lock_chain_count+0x20/0x20 [ 304.742710][ T7843] ? vtime_user_exit+0x2c8/0x3e0 [ 304.752612][ T7843] __x64_sys_madvise+0xa2/0xb0 [ 304.763088][ T7843] do_syscall_64+0x4c/0xa0 [ 304.773207][ T7843] ? clear_bhb_loop+0x30/0x80 [ 304.783621][ T7843] ? clear_bhb_loop+0x30/0x80 [ 304.795337][ T7843] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 304.809330][ T7843] RIP: 0033:0x7f39ab880dd9 [ 304.836233][ T7843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 304.884344][ T7843] RSP: 002b:00007f39a9ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 304.905300][ T7843] RAX: ffffffffffffffda RBX: 00007f39abaf9fa0 RCX: 00007f39ab880dd9 [ 304.927661][ T7843] RDX: 000000000000000e RSI: 0000000000800000 RDI: 0000200000000000 [ 304.960328][ T7843] RBP: 00007f39ab916d69 R08: 0000000000000000 R09: 0000000000000000 [ 304.968498][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.983845][ T7843] R13: 00007f39abafa038 R14: 00007f39abaf9fa0 R15: 00007ffc35fc1d48 [ 304.997814][ T7843] [ 305.009543][ T7843] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 305.016882][ T7843] CPU: 1 PID: 7843 Comm: syz.5.876 Not tainted syzkaller #0 [ 305.024199][ T7843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 305.034376][ T7843] Call Trace: [ 305.037666][ T7843] [ 305.040605][ T7843] dump_stack_lvl+0x188/0x250 [ 305.045296][ T7843] ? show_regs_print_info+0x20/0x20 [ 305.050512][ T7843] ? load_image+0x400/0x400 [ 305.055031][ T7843] panic+0x2e5/0x810 [ 305.058943][ T7843] ? bpf_jit_dump+0xd0/0xd0 [ 305.063469][ T7843] ? hugetlb_split+0x237/0x2a0 [ 305.068252][ T7843] __warn+0x248/0x2b0 [ 305.072245][ T7843] ? hugetlb_split+0x237/0x2a0 [ 305.077016][ T7843] report_bug+0x1b7/0x2e0 [ 305.081356][ T7843] handle_bug+0x3a/0x70 [ 305.085523][ T7843] exc_invalid_op+0x16/0x40 [ 305.090029][ T7843] asm_exc_invalid_op+0x16/0x20 [ 305.094886][ T7843] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 305.100264][ T7843] Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 95 a8 bf ff 0f 0b e9 62 fe ff ff e8 89 a8 bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 c4 23 8a 8d 80 e1 07 80 c1 03 38 c1 [ 305.120000][ T7843] RSP: 0018:ffffc9000349f840 EFLAGS: 00010287 [ 305.126091][ T7843] RAX: ffffffff81b98c07 RBX: 0000200000400000 RCX: 0000000000080000 [ 305.134072][ T7843] RDX: ffffc900157f2000 RSI: 0000000000000098 RDI: 0000000000000099 [ 305.142073][ T7843] RBP: 0000000000000000 R08: ffff88802c20d4bf R09: 1ffff11005841a97 [ 305.150057][ T7843] R10: dffffc0000000000 R11: ffffed1005841a98 R12: ffff88805c1ce6d0 [ 305.158041][ T7843] R13: dffffc0000000000 R14: ffff88805c1ce630 R15: ffff8880776a4bc0 [ 305.166022][ T7843] ? hugetlb_split+0x237/0x2a0 [ 305.170810][ T7843] __vma_adjust+0x2b6/0x1c10 [ 305.175413][ T7843] ? rcu_lock_acquire+0x30/0x30 [ 305.180291][ T7843] ? memset+0x1e/0x40 [ 305.184282][ T7843] __split_vma+0x34b/0x410 [ 305.188710][ T7843] do_madvise+0x2090/0x2c90 [ 305.193235][ T7843] ? get_nr_vmemmap_pages_cb+0x40/0x40 [ 305.198713][ T7843] ? verify_lock_unused+0x140/0x140 [ 305.204008][ T7843] ? __lock_acquire+0x7d10/0x7d10 [ 305.209041][ T7843] ? do_futex+0xdb2/0x12b0 [ 305.213480][ T7843] ? up_write+0x1bb/0x420 [ 305.217844][ T7843] ? __context_tracking_exit+0x4c/0x80 [ 305.223323][ T7843] ? __lock_acquire+0x7d10/0x7d10 [ 305.228501][ T7843] ? lock_chain_count+0x20/0x20 [ 305.233387][ T7843] ? vtime_user_exit+0x2c8/0x3e0 [ 305.238356][ T7843] __x64_sys_madvise+0xa2/0xb0 [ 305.243130][ T7843] do_syscall_64+0x4c/0xa0 [ 305.247567][ T7843] ? clear_bhb_loop+0x30/0x80 [ 305.252255][ T7843] ? clear_bhb_loop+0x30/0x80 [ 305.257031][ T7843] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 305.262938][ T7843] RIP: 0033:0x7f39ab880dd9 [ 305.267365][ T7843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 305.286978][ T7843] RSP: 002b:00007f39a9ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 305.295404][ T7843] RAX: ffffffffffffffda RBX: 00007f39abaf9fa0 RCX: 00007f39ab880dd9 [ 305.303382][ T7843] RDX: 000000000000000e RSI: 0000000000800000 RDI: 0000200000000000 [ 305.311368][ T7843] RBP: 00007f39ab916d69 R08: 0000000000000000 R09: 0000000000000000 [ 305.319346][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 305.327325][ T7843] R13: 00007f39abafa038 R14: 00007f39abaf9fa0 R15: 00007ffc35fc1d48 [ 305.335345][ T7843] [ 305.338706][ T7843] Kernel Offset: disabled [ 305.343310][ T7843] Rebooting in 86400 seconds..