[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. 2020/05/18 16:48:05 fuzzer started 2020/05/18 16:48:05 dialing manager at 10.128.0.26:40963 2020/05/18 16:48:05 syscalls: 3005 2020/05/18 16:48:05 code coverage: enabled 2020/05/18 16:48:05 comparison tracing: enabled 2020/05/18 16:48:05 extra coverage: enabled 2020/05/18 16:48:05 setuid sandbox: enabled 2020/05/18 16:48:05 namespace sandbox: enabled 2020/05/18 16:48:05 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/18 16:48:05 fault injection: enabled 2020/05/18 16:48:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/18 16:48:05 net packet injection: enabled 2020/05/18 16:48:05 net device setup: enabled 2020/05/18 16:48:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/18 16:48:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/18 16:48:05 USB emulation: /dev/raw-gadget does not exist 16:49:55 executing program 0: syzkaller login: [ 171.135560][ T7108] IPVS: ftp: loaded support on port[0] = 21 16:49:55 executing program 1: [ 171.278898][ T7108] chnl_net:caif_netlink_parms(): no params data found [ 171.417790][ T7108] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.435030][ T7108] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.443697][ T7108] device bridge_slave_0 entered promiscuous mode [ 171.465306][ T7108] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.472479][ T7108] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.481922][ T7237] IPVS: ftp: loaded support on port[0] = 21 [ 171.489055][ T7108] device bridge_slave_1 entered promiscuous mode [ 171.552419][ T7108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.578659][ T7108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 16:49:56 executing program 2: [ 171.654811][ T7108] team0: Port device team_slave_0 added [ 171.664796][ T7108] team0: Port device team_slave_1 added [ 171.788834][ T7108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.804567][ T7108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.854246][ T7108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 171.878310][ T7108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 171.903901][ T7108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.935230][ T7108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.954236][ T7237] chnl_net:caif_netlink_parms(): no params data found [ 171.969864][ T7359] IPVS: ftp: loaded support on port[0] = 21 16:49:56 executing program 3: [ 172.077753][ T7108] device hsr_slave_0 entered promiscuous mode [ 172.124500][ T7108] device hsr_slave_1 entered promiscuous mode [ 172.286191][ T7391] IPVS: ftp: loaded support on port[0] = 21 16:49:56 executing program 4: [ 172.403263][ T7237] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.442619][ T7237] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.452956][ T7237] device bridge_slave_0 entered promiscuous mode [ 172.536674][ T7237] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.543777][ T7237] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.563947][ T7237] device bridge_slave_1 entered promiscuous mode [ 172.732823][ T7237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.761014][ T7237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.774148][ T7359] chnl_net:caif_netlink_parms(): no params data found [ 172.795899][ T7561] IPVS: ftp: loaded support on port[0] = 21 16:49:57 executing program 5: [ 172.878360][ T7237] team0: Port device team_slave_0 added [ 172.893480][ T7108] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 172.972341][ T7237] team0: Port device team_slave_1 added [ 172.997344][ T7108] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 173.047908][ T7108] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 173.108248][ T7108] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 173.175527][ T7237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.182495][ T7237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.209057][ T7237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.221578][ T7391] chnl_net:caif_netlink_parms(): no params data found [ 173.248796][ T7237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.256219][ T7237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.283451][ T7237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.326658][ T7681] IPVS: ftp: loaded support on port[0] = 21 [ 173.360830][ T7359] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.368403][ T7359] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.378197][ T7359] device bridge_slave_0 entered promiscuous mode [ 173.398673][ T7359] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.406378][ T7359] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.416607][ T7359] device bridge_slave_1 entered promiscuous mode [ 173.498216][ T7237] device hsr_slave_0 entered promiscuous mode [ 173.554493][ T7237] device hsr_slave_1 entered promiscuous mode [ 173.614199][ T7237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 173.622002][ T7237] Cannot create hsr debugfs directory [ 173.685949][ T7359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.703770][ T7359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.770380][ T7359] team0: Port device team_slave_0 added [ 173.780714][ T7391] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.791183][ T7391] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.799966][ T7391] device bridge_slave_0 entered promiscuous mode [ 173.822241][ T7391] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.829516][ T7391] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.850558][ T7391] device bridge_slave_1 entered promiscuous mode [ 173.864291][ T7359] team0: Port device team_slave_1 added [ 173.948755][ T7561] chnl_net:caif_netlink_parms(): no params data found [ 173.985803][ T7391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.999117][ T7359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.006704][ T7359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.034203][ T7359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.048453][ T7359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.055559][ T7359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.082712][ T7359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.119417][ T7391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.221680][ T7391] team0: Port device team_slave_0 added [ 174.288405][ T7359] device hsr_slave_0 entered promiscuous mode [ 174.334270][ T7359] device hsr_slave_1 entered promiscuous mode [ 174.374016][ T7359] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 174.381620][ T7359] Cannot create hsr debugfs directory [ 174.410154][ T7391] team0: Port device team_slave_1 added [ 174.462770][ T7391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.472554][ T7391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.500877][ T7391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.521670][ T7681] chnl_net:caif_netlink_parms(): no params data found [ 174.550206][ T7391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.558106][ T7391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.586005][ T7391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.631917][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.639368][ T7561] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.648655][ T7561] device bridge_slave_0 entered promiscuous mode [ 174.697625][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.705522][ T7561] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.713286][ T7561] device bridge_slave_1 entered promiscuous mode [ 174.799904][ T7391] device hsr_slave_0 entered promiscuous mode [ 174.844755][ T7391] device hsr_slave_1 entered promiscuous mode [ 174.893947][ T7391] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 174.901957][ T7391] Cannot create hsr debugfs directory [ 174.932964][ T7237] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 174.976141][ T7237] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 175.021473][ T7237] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 175.069736][ T7237] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 175.148688][ T7561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.163226][ T7561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.257171][ T7108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.268780][ T7681] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.276015][ T7681] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.286479][ T7681] device bridge_slave_0 entered promiscuous mode [ 175.296471][ T7681] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.303537][ T7681] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.312070][ T7681] device bridge_slave_1 entered promiscuous mode [ 175.322486][ T7561] team0: Port device team_slave_0 added [ 175.338537][ T7561] team0: Port device team_slave_1 added [ 175.405473][ T7681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.430313][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.438860][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.475869][ T7108] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.488947][ T7681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.518263][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.527356][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.554055][ T7561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.572532][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.580285][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.606880][ T7561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.629324][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.640638][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.649896][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.657277][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.665714][ T7359] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 175.708208][ T7359] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 175.801521][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.813156][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.823579][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.837875][ T2979] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.845076][ T2979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.856596][ T7359] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 175.921426][ T7359] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 175.989141][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.003220][ T7681] team0: Port device team_slave_0 added [ 176.014183][ T7681] team0: Port device team_slave_1 added [ 176.108157][ T7561] device hsr_slave_0 entered promiscuous mode [ 176.164768][ T7561] device hsr_slave_1 entered promiscuous mode [ 176.204071][ T7561] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.211637][ T7561] Cannot create hsr debugfs directory [ 176.227887][ T7681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.236870][ T7681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.265209][ T7681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.280478][ T7681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.288421][ T7681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.317103][ T7681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.343193][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.353153][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.364298][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.373607][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.448726][ T7681] device hsr_slave_0 entered promiscuous mode [ 176.504399][ T7681] device hsr_slave_1 entered promiscuous mode [ 176.544064][ T7681] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.551742][ T7681] Cannot create hsr debugfs directory [ 176.611826][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.626788][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.669887][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.688763][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.718595][ T7237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.734564][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.743702][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.763423][ T7391] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 176.810405][ T7391] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 176.856829][ T7108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.893681][ T7391] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 176.927013][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.935740][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.982372][ T7391] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 177.040441][ T7237] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.059781][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 177.069216][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 177.095969][ T7108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.121614][ T7359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.132387][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.145219][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.153868][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.160953][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.176330][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.195925][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.205931][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.215788][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.222844][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.231252][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.274951][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.282854][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.302191][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.328084][ T7359] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.350924][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.363172][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.372771][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.382377][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.400337][ T7237] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 177.412490][ T7237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.445256][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.453377][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.463347][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.473011][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.482818][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.492474][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.504528][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.513071][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.520224][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.528183][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 177.537788][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 177.547557][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.556002][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.591437][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.600769][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.609827][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.617012][ T2954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.628071][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.676360][ T7108] device veth0_vlan entered promiscuous mode [ 177.687281][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 177.702303][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 177.710549][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.720373][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 177.729223][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 177.738562][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.747606][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.758547][ T7681] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 177.832542][ T7108] device veth1_vlan entered promiscuous mode [ 177.843746][ T7237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.868971][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 177.877144][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 177.891391][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.899715][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.909912][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.918848][ T7681] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 177.956882][ T7681] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 178.027102][ T7681] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 178.118949][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.128906][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.150438][ T7561] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 178.199226][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.212319][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.233076][ T7359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.249122][ T7561] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 178.336398][ T7108] device veth0_macvtap entered promiscuous mode [ 178.348686][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 178.358342][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 178.367656][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 178.377155][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 178.386942][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 178.409090][ T7561] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 178.437301][ T7561] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 178.499800][ T7108] device veth1_macvtap entered promiscuous mode [ 178.512036][ T7391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.535300][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 178.543768][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 178.556502][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 178.592354][ T7391] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.610189][ T7359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.618453][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 178.627564][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 178.636880][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.645422][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.668605][ T7237] device veth0_vlan entered promiscuous mode [ 178.681000][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.698740][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.712279][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 178.722594][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 178.730899][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 178.740489][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 178.749613][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 178.759016][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 178.767891][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.776795][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.785414][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.792464][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.831103][ T7237] device veth1_vlan entered promiscuous mode [ 178.858270][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.870724][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.879891][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.892670][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.899799][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.912000][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.924873][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.059937][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 179.069184][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 179.081734][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.090953][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.100117][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.109367][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.118725][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.128396][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.141485][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.218651][ T7391] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.233524][ T7391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.251680][ T7359] device veth0_vlan entered promiscuous mode 16:50:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/xfrm_stat\x00') sendfile(r2, r3, 0x0, 0x4000000000dc) [ 179.282452][ T7681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.292344][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.302992][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.312512][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 179.322184][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 179.365129][ T7359] device veth1_vlan entered promiscuous mode [ 179.407893][ T7681] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.421031][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 179.432309][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 179.451155][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 179.471613][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 179.494888][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 179.525017][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.532992][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:50:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_uring_setup(0xae5, &(0x7f0000000100)={0x0, 0x0, 0x6}) [ 179.567270][ T7237] device veth0_macvtap entered promiscuous mode [ 179.585373][ T7237] device veth1_macvtap entered promiscuous mode [ 179.633179][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 179.644953][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 179.653211][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.662988][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.671009][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.680869][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.690245][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.697433][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.706142][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.717129][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.754582][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.761688][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.796594][ T7391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.826254][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 179.855254][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.863203][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.889648][ T7237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 179.912408][ T7237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.925272][ T7237] batman_adv: batadv0: Interface activated: batadv_slave_0 16:50:04 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) [ 179.960980][ T7561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.979201][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 179.988791][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.999068][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 180.011232][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 180.020807][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:50:04 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000180)="455098547c2cefb0bcb53b81a5b8679651fe97792a6db9006e543d7c43d6f619626ac859dbf41ca8ccbdca217273e9153cd6f764f2d5940784e567491db4be5079b7ab", &(0x7f0000000200)=""/234, 0x4}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 180.064666][ T7237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 180.090114][ T7237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.132548][ T7237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 180.165597][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 180.175157][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 180.189844][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.215924][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.230104][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.252610][ T8382] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 180.256869][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.262764][ T8382] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 180.284075][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 180.292859][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 180.293717][ T8382] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 180.319747][ T8382] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 180.332139][ T7359] device veth0_macvtap entered promiscuous mode [ 180.340000][ T8382] EXT4-fs (loop0): mount failed [ 180.374241][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 180.382311][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.422368][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.439945][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.450382][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.460091][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.478376][ T7561] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.499116][ T8392] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 180.538057][ T7359] device veth1_macvtap entered promiscuous mode [ 180.547128][ T8392] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 180.558168][ T8392] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 180.573615][ T8392] EXT4-fs: failed to create workqueue [ 180.579474][ T7391] device veth0_vlan entered promiscuous mode 16:50:05 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000180)="455098547c2cefb0bcb53b81a5b8679651fe97792a6db9006e543d7c43d6f619626ac859dbf41ca8ccbdca217273e9153cd6f764f2d5940784e567491db4be5079b7ab", &(0x7f0000000200)=""/234, 0x4}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 180.580207][ T8392] EXT4-fs (loop0): mount failed [ 180.645312][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 180.653429][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.671781][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.690548][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 180.699116][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 180.783443][ T7681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.809979][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 180.822108][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 180.844511][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.856852][ T8398] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 180.863696][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.873225][ T8398] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 180.889920][ T2979] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.892871][ T8398] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 180.897074][ T2979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.922823][ T8398] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 180.936077][ T8398] EXT4-fs (loop0): mount failed 16:50:05 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000180)="455098547c2cefb0bcb53b81a5b8679651fe97792a6db9006e543d7c43d6f619626ac859dbf41ca8ccbdca217273e9153cd6f764f2d5940784e567491db4be5079b7ab", &(0x7f0000000200)=""/234, 0x4}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 181.011970][ T7391] device veth1_vlan entered promiscuous mode [ 181.059770][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 181.070089][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.122450][ T8410] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 181.157681][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.174619][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.183265][ T2966] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.190437][ T2966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.193402][ T8410] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 16:50:05 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x8010) [ 181.288124][ T7681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.330231][ T7359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 181.342515][ T8410] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 181.368355][ T7359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.398355][ T8410] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 181.411995][ T7359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 181.443107][ T8410] EXT4-fs (loop0): mount failed [ 181.459736][ T7359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.472816][ T7359] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 181.488897][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 181.498654][ C0] hrtimer: interrupt took 34178 ns [ 181.518834][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 181.555989][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.568855][ T8425] IPVS: ftp: loaded support on port[0] = 21 16:50:06 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000180)="455098547c2cefb0bcb53b81a5b8679651fe97792a6db9006e543d7c43d6f619626ac859dbf41ca8ccbdca217273e9153cd6f764f2d5940784e567491db4be5079b7ab", &(0x7f0000000200)=""/234, 0x4}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 181.597267][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.616882][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 181.630285][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 181.694677][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.703684][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.722547][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.733639][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.743686][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.763114][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.773647][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.827246][ T7359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.846137][ T7359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.862574][ T7359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.874187][ T7359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.885283][ T8434] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 181.886715][ T7359] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 181.909033][ T8434] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 181.944466][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 181.953720][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 181.959165][ T8434] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 181.966312][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.982751][ T2954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.001820][ T7391] device veth0_macvtap entered promiscuous mode [ 182.032599][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.053616][ T8434] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 182.065506][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 182.079327][ T8434] EXT4-fs (loop0): mount failed [ 182.088602][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 182.157641][ T7391] device veth1_macvtap entered promiscuous mode [ 182.197012][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 182.227853][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 182.265415][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 182.266493][ T8419] IPVS: ftp: loaded support on port[0] = 21 [ 182.292778][ T21] tipc: TX() has been purged, node left! [ 182.383125][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.397344][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.407622][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.419494][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.429602][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.440499][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.465339][ T7391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.472903][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 182.481565][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 182.489364][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 182.499293][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 182.553148][ T7561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.633456][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 182.662011][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.684814][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 182.697174][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.713901][ T7391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 16:50:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000000)={0xb, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) open(0x0, 0x14103e, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x11, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x0, 0x0) close(0xffffffffffffffff) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x5, 0x4, 0x8000, 0x35, 0x0, 0xffffffffffffffff, 0x0, [0x31, 0x59, 0x2e, 0x400100], 0x0, 0xffffffffffffffff, 0x1}, 0x40) [ 182.735262][ T7391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.749792][ T7391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.774119][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 182.790917][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 182.813499][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 182.844757][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 182.858546][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 182.866819][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 182.946312][ T7681] device veth0_vlan entered promiscuous mode [ 183.041889][ T7681] device veth1_vlan entered promiscuous mode [ 183.146867][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 183.167455][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 183.221591][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 183.414958][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 183.435315][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 183.466851][ T7561] device veth0_vlan entered promiscuous mode [ 183.490576][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 183.524953][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 183.539889][ T7681] device veth0_macvtap entered promiscuous mode 16:50:08 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x6) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/netlink\x00') sendfile(r2, r3, &(0x7f0000000180)=0x7, 0x6fe7) [ 183.576073][ T7561] device veth1_vlan entered promiscuous mode [ 183.591671][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 183.602124][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 183.644073][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 183.669005][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 183.708921][ T7681] device veth1_macvtap entered promiscuous mode [ 183.772090][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.783865][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.800817][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.823072][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.836871][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.849019][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.866720][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.885395][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.909179][ T7681] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.934594][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 183.943623][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 183.998125][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 184.032160][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 184.100069][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 184.114671][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 184.146481][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.169444][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.204312][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.228948][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.247186][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.272066][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.324032][ T7681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.335952][ T7681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.348236][ T7681] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.361060][ T7561] device veth0_macvtap entered promiscuous mode [ 184.379442][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 184.405747][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 184.415791][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 184.445342][ T7561] device veth1_macvtap entered promiscuous mode [ 184.580926][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.610357][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.628306][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.643222][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.662164][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.673195][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.697080][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.712753][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.725534][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.742444][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.757613][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.819960][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 184.836457][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 184.861361][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.880559][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.893578][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.911547][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.928482][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.947263][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.961849][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.977874][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.007061][ T7561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 185.018954][ T7561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.031490][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.191028][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 185.211561][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 16:50:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x2a0}, 0x1, 0x0, 0x0, 0x2c896}, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') creat(&(0x7f0000000240)='./file0\x00', 0x1fb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1102c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffd}, 0x0, 0x80800, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) open(0x0, 0x3fd, 0x0) 16:50:10 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:10 executing program 2: futex(0x0, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000c, 0x0, 0x0, 0x0, 0x0) 16:50:10 executing program 3: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x89a2, &(0x7f0000000040)="a082bb11b43a") 16:50:10 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000007440)=[{{&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000100)='^~', 0x2}], 0x1}}, {{&(0x7f0000000340), 0x10, 0x0}}], 0x2, 0x0) 16:50:10 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:10 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x25a45000, 0x0, 0x0, 0x0, 0x0) 16:50:10 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0) fcntl$setpipe(r1, 0x407, 0x100000) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$eventfd(r1, &(0x7f0000000240), 0xffffff14) [ 185.881258][ T8501] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 185.918470][ T8501] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 185.993739][ T8501] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 186.057886][ T8525] IPVS: ftp: loaded support on port[0] = 21 [ 186.100729][ T8501] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 186.128779][ T8501] EXT4-fs (loop0): mount failed [ 186.606556][ T8531] IPVS: ftp: loaded support on port[0] = 21 16:50:12 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:12 executing program 2: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x89a3, &(0x7f0000000040)) 16:50:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8935, &(0x7f00000000c0)={'ip6erspan0\x00'}) 16:50:12 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:12 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000080)=0xd9e, 0x4) writev(r0, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9623b", 0x8b}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af865", 0x3e}], 0x2) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0xfffffef1) 16:50:12 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:12 executing program 2: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:13 executing program 4: socket(0x200000000000011, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@empty=[0x7], @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @multicast1}}}}}}, 0x0) [ 188.654344][ T8603] IPVS: ftp: loaded support on port[0] = 21 [ 188.728008][ T8599] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 188.752312][ T8612] IPVS: ftp: loaded support on port[0] = 21 [ 188.765675][ T8611] IPVS: ftp: loaded support on port[0] = 21 [ 188.781314][ T8599] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 188.845350][ T8599] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock 16:50:13 executing program 4: socket(0x200000000000011, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@empty=[0x7], @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @multicast1}}}}}}, 0x0) [ 188.917115][ T8599] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 188.923839][ T8599] EXT4-fs (loop0): mount failed 16:50:13 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:13 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00febf2c0000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02008b5e5a076d83923dd29c034055b67dafc6c8dc3d5d78c07f34e4d5b318e2ec0efd49897a74a0091ff110c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d78e0c9c95ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f61f1328d6704902cbe7bc04b82d2789cb132b8667c21476619f28c9961b63e1a9cf6c2a660a17e3c184b751c51160fbcbb010000000000000032e6ea09c346dfebd31a08b32808b80200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f303767d2e24f29e5dad9796edb697a6ea0182babc18cae2ed4b4390af9a9ceafd07ed00b0000002cab0200d029a119ca3c9727808700146000000000000000000000000000000045b43a94a11b0876ec890000000000000000009b17522fe73ad545344769f082f9e308f3ed77283535d6b60ba475a5e57f2f6acddaa4dfb5a73237c536092fd4e86f7a4e36ba16e102fc9c6d5e9be80000000000000000000000000000000000000000000067ba4e08aa9a7115d2e2ae9626a3fc1ba693d514d5fc0154264c01000000276b19f2d4de383bd6d42590a0ca8e2fc10b4ac4f986efab379d53968e5e38a4d20ad1b6b2afa2662ecf96ea1976036787df88022dfcd24a3425e460cf4b67be02ee948402edfb2e368d9c594f2b018ee54b320d7a0d57de3ee95dec334145a86969d574b19f50f5997359d463818706d7002af29761c0cbd92f5b50df3195326fa7c9dba9d810a728faa460837a5a50787ed47d26ee1af8e70f2936d62d73e719e2596ee301ae310fab66f30069962c8424e2c328c25c7aead281c409fc3ffcad1d92d89cdf4057b2437279ac332bd4931be08f327f73097da6bacfd8a222c1d35e33414544b0f575773a30dac73f5a0028aa09b756d1f78392867b089fe82a078dd71a354450ab605dcac8244cba2d43b66e7a85481c06210592bec39bf540d3e7230fc767367b2c651540935741dcba94d6969db71fc18930f118fe9e74eba01f478a44f0fc39d4a2adfb"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0xfffffffffffffe7f, &(0x7f0000000500)="b9ff0300600d698cb89e14f008001fffffff00004000632977fbac14140fe934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108038da1924425181aa5", 0x0, 0x100, 0x60000000, 0x0, 0xfffffffffffffe09}, 0x28) 16:50:13 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:14 executing program 1: futex(0x0, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x40000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) 16:50:14 executing program 5: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r1 = creat(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, 0x0) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7}, 0x7) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) r2 = creat(0x0, 0x6857b21ff1155d90) fcntl$lock(r2, 0x6, &(0x7f0000000040)={0x1}) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 16:50:14 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$sock_netdev_private(r3, 0x8949, &(0x7f0000000040)) [ 189.585611][ T21] tipc: TX() has been purged, node left! [ 189.608730][ T21] tipc: TX() has been purged, node left! 16:50:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8981, 0x0) [ 189.693434][ T8698] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 16:50:14 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x0, 0xd0e0000, 0x0, 0x100, 0x170, 0x1d8, 0x1d8, 0x170, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @loopback, 0x0, 0x0, 'veth0_macvtap\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x2}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) [ 189.784039][ T8698] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 189.804005][ T8698] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 189.831494][ T8698] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 189.844838][ T8698] EXT4-fs (loop0): mount failed [ 193.400954][ T0] NOHZ: local_softirq_pending 08 16:50:19 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:19 executing program 2: r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) openat(r0, &(0x7f0000000840)='./file0\x00', 0x4863, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) execveat(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 16:50:19 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x24, 0x1a, 0x0, 0x1, [@AF_INET={0x20, 0x2, 0x0, 0x1, {0x1c, 0x1, 0x0, 0x1, [{0x8, 0x1f}, {0x8, 0xa}, {0x8}]}}]}]}, 0x44}}, 0x0) 16:50:19 executing program 4: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x8948, &(0x7f0000000040)="a082bb11b43a") 16:50:19 executing program 5: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) sendto$inet6(r2, 0x0, 0x2, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x42) getsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7, 0x21, 0x2}, 0x7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 16:50:19 executing program 4: syz_mount_image$vfat(&(0x7f0000000180)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffffffc, 0x1, &(0x7f0000000140)=[{&(0x7f00000001c0)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000380)=ANY=[], 0x801) truncate(&(0x7f00000000c0)='./bus\x00', 0x6) [ 194.887919][ T26] audit: type=1800 audit(1589820619.385:2): pid=8771 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=15815 res=0 16:50:19 executing program 1: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x8949, &(0x7f0000000040)) 16:50:19 executing program 2: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x8992, &(0x7f0000000040)) [ 195.045162][ T8774] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 16:50:19 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x1c0, 0x98, 0x0, 0xd0e0000, 0x98, 0x100, 0x128, 0x1d8, 0x1d8, 0x128, 0x1d8, 0x3, 0x0, {[{{@ip={@loopback, @loopback, 0x0, 0x0, 'veth0_macvtap\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x3f}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x220) [ 195.122870][ T8783] IPVS: ftp: loaded support on port[0] = 21 [ 195.131694][ T8774] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 195.238982][ T8774] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 195.301789][ T8805] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables 16:50:19 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x40000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = gettid() tkill(r2, 0x1000000000016) [ 195.380574][ T8774] EXT4-fs error (device loop0): ext4_fill_super:4569: inode #2: comm syz-executor.0: iget: root inode unallocated 16:50:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8941, 0x0) [ 195.518597][ T8774] EXT4-fs (loop0): get root inode failed [ 195.588843][ T8774] EXT4-fs (loop0): mount failed [ 197.304104][ T21] tipc: TX() has been purged, node left! [ 197.464054][ T21] tipc: TX() has been purged, node left! 16:50:25 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x9, 0x8, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x3}, 0x40) 16:50:25 executing program 3: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b}) unshare(0x20000400) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10800, 0xb1d, 0x0, 0x0, 0x0, 0x8, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5453, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0xb31, 0x0) io_setup(0x5, &(0x7f0000000200)=0x0) io_pgetevents(r1, 0x0, 0x2, &(0x7f0000000400)=[{}, {}], &(0x7f0000000240)={0x0, 0x1c9c380}, 0x0) unshare(0x40000000) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000140)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000001780)=ANY=[@ANYBLOB="fef931da", @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf2513000000d800be005ae8dc242acfcead2497c0c3096be4dcadeabf3b5281471524e435639438d77057d86392ac5c2cb092513687f8ebff9b5b5605f3b6892d7339bb820cd4df4ec3f49ffc3948f32d37a2cb0da6ebed5294a6a1a3b5025c67886ffea691a3146d46eb2bcac4bfe3554b5c57e7ea9eb4f46d20cf79fd465e8b5241f9bf946b3b08202989e6dda8038e4cda37c8f74db9e290fcc30a3b91bbd3813d38aaf3b8a5eeaa3ac1fca7f6e85e56489da6594329ad6fba462072b0d1682c711314a22ea47577"], 0x3}, 0x1, 0x0, 0x0, 0x20000880}, 0x8010) 16:50:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0x54}, {&(0x7f0000000100)="6653070000053c27bc3376003639405cb4aed12f0000001500ae4762e4dbb9a6baa7cf21e8936da825d86800278dcff47d010000805acf4f0600460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d050e69db470e710e6c17033730d65093cc3196a2e2a8c631f0b2b374b149f8dfde1ee573d40caf8274410f13726fd7c3", 0xa4}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xa7f8e2f744f1519d, &(0x7f0000000100)={0x0}}, 0x0) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 16:50:25 executing program 2: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) sendto$inet6(r2, 0x0, 0x2, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x42) getsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7, 0x21, 0x2}, 0x7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 16:50:25 executing program 5: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) sendto$inet6(r2, 0x0, 0x2, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x42) getsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7, 0x21, 0x2}, 0x7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) 16:50:25 executing program 0: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:25 executing program 4: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) sendto$inet6(r2, 0x0, 0x2, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x42) getsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7, 0x21, 0x2}, 0x7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 200.896939][ T8888] ptrace attach of "/root/syz-executor.1"[8882] was attempted by "/root/syz-executor.1"[8888] 16:50:25 executing program 1: r0 = perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) sendto$inet6(r2, 0x0, 0x2, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x42) getsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f00000002c0), 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)) write$P9_RXATTRCREATE(r1, &(0x7f0000000140)={0x7, 0x21, 0x2}, 0x7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x4) write$P9_RREADLINK(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="2e0d9a6d80f0f4b2a338e18064900000c5020a000092bc04a55e021cf33c776f78f1e66b6ce694bfa68feb8466344a429eecfc75f6d270f4fcef4806b3fcc933d49e65b3a0b307aa5524b87e05c88e29ad04927b56e38d883823baabfb625c11bf528302ed8336c73c08899d3cfcfc2309d91ea806191792507c6da64c3a4be7e0becafc7ff02f1c8b17ae8e45c499afbcf346cec9979fb6f8784ade111d6387730eba7a3773cb5d57ea6fb14f94f685fba69a6cc7c732cde6b002e67a966713c5ce008991bf917c050096760b887123fb5c66701dd735c5d88734f60cbdbbb59544c9e0fd0df9b198f24ca94982107c1354379710b9b7d87463ee45562c03aea280d56cd1cc76ca6d2f9ad007df9f4c5e2a8ac073f7da048bc89a75923d28bcfdb1b912f01cffbcd764ab8b8f4dc7550183ee29bb1ad149e1ee07f5d0fe64362f2571d9e5f30852be5bdc35b7cf315cddb1d224c24cdb9ff1c99127deb80550362b209b90268c7dfa029501c51e917883700e26859681a484d8aa40a419cd990f518e18c20000003506e17296fd06e8080c9df8c304cce7f45a562024ea3d7f1faa8b21655ad94c5768d9a48ff4f6f9208244ffcbd3ac557da787fbfc60962bb7f1f8ef395be44bee940fc9e188a7f02bf568e4028a722688b47d67a754813c8c7e41554aa91d3c6b11be719c54d04d69002e79d829ebf88bdc19d3766243fcfb5d624ac144a7a5797c7e8e47319bca739a3b4bc4"], 0xc) sendfile(r4, r4, &(0x7f0000000240), 0x7fff) [ 201.036778][ T8881] EXT4-fs (loop0): bad geometry: block count 1080 exceeds size of device (1 blocks) [ 201.112625][ T8889] IPVS: ftp: loaded support on port[0] = 21 16:50:25 executing program 2: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)) write$P9_RREADLINK(r1, &(0x7f0000000840)=ANY=[@ANYBLOB], 0xc) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) 16:50:25 executing program 0: bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) setresuid(0x0, r1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) io_uring_setup(0x35c, &(0x7f0000000200)={0x0, 0x0, 0x3}) 16:50:26 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$sock_netdev_private(r3, 0x8927, &(0x7f0000000040)) 16:50:26 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010b00000000000000000035000000000000000000000000ff00000000030006000000000002000004000000bb0000000000000000030005000000000002"], 0x80}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x400000000000117, 0x0) 16:50:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x8970, &(0x7f0000000040)="a082bb11b43a") [ 201.891573][ T8926] EXT4-fs (loop0): bad geometry: block count 1080 exceeds size of device (1 blocks) 16:50:26 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$sock_netdev_private(r3, 0x8913, &(0x7f0000000040)) 16:50:26 executing program 0: bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 16:50:26 executing program 4: r0 = io_uring_setup(0xf1, &(0x7f0000000580)={0x0, 0x0, 0x7}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xb, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) close(r0) 16:50:26 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b00)={0x14, 0x16, 0x101, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0) 16:50:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='umask=0']) 16:50:26 executing program 5: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000340)=@sg0='/dev/sg0\x00', &(0x7f0000000380)='./bus\x00', &(0x7f0000000540)='cgroup2\x00', 0x0, 0x0) 16:50:26 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$sock_netdev_private(r3, 0x8992, &(0x7f0000000040)) 16:50:26 executing program 2: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_netdev_private(r1, 0x8970, &(0x7f0000000040)="a082bb11b43a") [ 202.588175][ T8987] FAT-fs (loop1): bogus number of reserved sectors [ 202.610952][ T8980] EXT4-fs (loop0): bad geometry: block count 1080 exceeds size of device (1 blocks) 16:50:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f00000000c0)={'ip6erspan0\x00'}) 16:50:27 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$sock_netdev_private(r3, 0x891d, &(0x7f0000000040)) [ 202.709504][ T8987] FAT-fs (loop1): Can't find a valid FAT filesystem 16:50:27 executing program 5: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400019, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000080)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@metacopy_on='metacopy=on'}]}) 16:50:27 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) rt_sigqueueinfo(r1, 0x200000000012, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffff9}) 16:50:27 executing program 2: r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) exit(0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) [ 206.125292][ T21] tipc: TX() has been purged, node left! [ 350.176356][ T1168] INFO: task kworker/u4:1:21 blocked for more than 143 seconds. [ 350.184175][ T1168] Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 350.220858][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 350.226196][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 350.236278][ C0] rcu: 0-....: (10561 ticks this GP) idle=3f6/1/0x4000000000000002 softirq=12501/12503 fqs=5201 [ 350.246222][ T1168] kworker/u4:1 D24240 21 2 0x80004000 [ 350.247073][ C0] (t=10500 jiffies g=15573 q=555) [ 350.253541][ T1168] Workqueue: netns cleanup_net [ 350.258468][ C0] NMI backtrace for cpu 0 [ 350.258540][ C0] CPU: 0 PID: 8966 Comm: syz-executor.4 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 350.258553][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.276222][ T1168] Call Trace: [ 350.285199][ C0] Call Trace: [ 350.301760][ C0] [ 350.304688][ C0] dump_stack+0x188/0x20d [ 350.309032][ C0] nmi_cpu_backtrace.cold+0x70/0xb1 [ 350.314271][ C0] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 350.316313][ T1168] ? __schedule+0x937/0x1ff0 [ 350.319905][ C0] nmi_trigger_cpumask_backtrace+0x231/0x27e [ 350.324477][ T1168] ? __sched_text_start+0x8/0x8 [ 350.330456][ C0] rcu_dump_cpu_stacks+0x19b/0x1e5 [ 350.330499][ C0] rcu_sched_clock_irq.cold+0x55d/0xd00 [ 350.330524][ C0] ? trace_hardirqs_off+0x50/0x220 [ 350.351071][ C0] update_process_times+0x25/0x60 [ 350.356131][ C0] tick_sched_handle+0x9b/0x180 [ 350.356238][ T1168] ? mark_held_locks+0xe0/0xe0 [ 350.360968][ C0] tick_sched_timer+0x4e/0x140 [ 350.365715][ T1168] ? mark_held_locks+0xe0/0xe0 [ 350.370490][ C0] __hrtimer_run_queues+0x5ca/0xed0 [ 350.370504][ C0] ? tick_sched_do_timer+0x1a0/0x1a0 [ 350.370552][ C0] ? do_raw_spin_lock+0x129/0x2e0 [ 350.391406][ C0] ? hrtimer_init+0x320/0x320 [ 350.396067][ C0] ? ktime_get_update_offsets_now+0x2d6/0x450 [ 350.396229][ T1168] schedule+0xd0/0x2a0 [ 350.402120][ C0] hrtimer_interrupt+0x312/0x770 [ 350.406181][ T1168] schedule_timeout+0x55b/0x850 [ 350.415918][ C0] smp_apic_timer_interrupt+0x15b/0x600 [ 350.421448][ C0] apic_timer_interrupt+0xf/0x20 [ 350.421461][ T1168] ? mark_lock+0x12b/0xf10 [ 350.421478][ T1168] ? find_held_lock+0x2d/0x110 [ 350.426376][ C0] [ 350.426443][ C0] RIP: 0010:io_ring_ctx_wait_and_kill+0x98/0x5a0 [ 350.426460][ C0] Code: 01 00 00 4d 89 f4 48 b8 00 00 00 00 00 fc ff df 4c 89 ed 49 c1 ec 03 48 c1 ed 03 49 01 c4 48 01 c5 eb 1c e8 ba 65 9d ff f3 90 <41> 80 3c 24 00 0f 85 53 04 00 00 48 83 bb 10 01 00 00 00 74 21 e8 [ 350.446230][ T1168] ? usleep_range+0x160/0x160 [ 350.464666][ C0] RSP: 0018:ffffc90006967df0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 350.464681][ C0] RAX: 0000000000040000 RBX: ffff88808f56d000 RCX: ffffc90011077000 [ 350.464688][ C0] RDX: 0000000000040000 RSI: ffffffff81d5ced6 RDI: ffff88808f56d300 [ 350.464694][ C0] RBP: ffffed1011eada2c R08: 0000000000000001 R09: ffffed1011eada61 [ 350.464701][ C0] R10: ffff88808f56d307 R11: ffffed1011eada60 R12: ffffed1011eada22 [ 350.464708][ C0] R13: ffff88808f56d160 R14: ffff88808f56d110 R15: ffffffff81d5d3e0 [ 350.464726][ C0] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 350.464747][ C0] ? io_ring_ctx_wait_and_kill+0x96/0x5a0 [ 350.464767][ C0] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 350.464783][ C0] io_uring_release+0x3e/0x50 [ 350.496237][ T1168] ? wait_for_completion+0x162/0x270 [ 350.501835][ C0] __fput+0x33e/0x880 [ 350.526224][ T1168] ? print_usage_bug+0x240/0x240 [ 350.529265][ C0] task_work_run+0xf4/0x1b0 [ 350.534988][ T1168] ? print_usage_bug+0x240/0x240 [ 350.539689][ C0] exit_to_usermode_loop+0x2fa/0x360 [ 350.539706][ C0] do_syscall_64+0x6b1/0x7d0 [ 350.539726][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 350.556232][ T1168] ? lock_downgrade+0x840/0x840 [ 350.558347][ C0] RIP: 0033:0x45ca29 [ 350.563268][ T1168] ? mark_held_locks+0x9f/0xe0 [ 350.568537][ C0] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 350.568544][ C0] RSP: 002b:00007f468655dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 350.568554][ C0] RAX: 0000000000000000 RBX: 00000000004dac40 RCX: 000000000045ca29 [ 350.568561][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 350.568568][ C0] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 350.568575][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 350.568583][ C0] R13: 0000000000000078 R14: 00000000005255f2 R15: 00007f468655e6d4 [ 350.822594][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 350.840852][ T1168] wait_for_completion+0x16a/0x270 [ 350.846047][ T1168] ? rcu_preempt_deferred_qs_irqrestore+0x672/0xb60 [ 350.881218][ T1168] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 350.888594][ T1168] ? __rcu_read_unlock+0x26c/0x700 [ 350.893771][ T1168] __flush_work+0x4fd/0xa80 [ 350.920919][ T1168] ? queue_delayed_work_on+0x210/0x210 [ 350.941506][ T1168] ? mark_lock+0x12b/0xf10 [ 350.945946][ T1168] ? flush_workqueue_prep_pwqs+0x4e0/0x4e0 [ 350.980906][ T1168] ? mark_held_locks+0x9f/0xe0 [ 350.985784][ T1168] ? rcu_read_lock_any_held+0xcd/0xf0 [ 350.992162][ T1168] ? queue_work_on+0xe6/0x200 [ 351.002289][ T1168] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 351.020968][ T1168] rollback_registered_many+0x562/0xe70 [ 351.041007][ T1168] ? netif_set_real_num_tx_queues+0x700/0x700 [ 351.061097][ T1168] ? ip6gre_exit_batch_net+0x1e8/0x700 [ 351.067980][ T1168] ? lock_downgrade+0x840/0x840 [ 351.072839][ T1168] unregister_netdevice_many.part.0+0x16/0x1e0 [ 351.101260][ T1168] unregister_netdevice_many+0x36/0x50 [ 351.121834][ T1168] ip6gre_exit_batch_net+0x4e8/0x700 [ 351.146122][ T1168] ? ip6gre_tunnel_link+0xf0/0xf0 [ 351.151919][ T1168] ? rcu_read_lock_held_common+0x130/0x130 [ 351.180830][ T1168] ? ip6gre_tunnel_link+0xf0/0xf0 [ 351.185877][ T1168] ops_exit_list.isra.0+0x103/0x150 [ 351.201610][ T1168] cleanup_net+0x511/0xa50 [ 351.206062][ T1168] ? unregister_pernet_device+0x70/0x70 [ 351.227213][ T1168] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 351.233344][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 351.260792][ T1168] process_one_work+0x965/0x16a0 [ 351.265757][ T1168] ? lock_release+0x800/0x800 [ 351.301143][ T1168] ? pwq_dec_nr_in_flight+0x310/0x310 [ 351.307315][ T1168] ? rwlock_bug.part.0+0x90/0x90 [ 351.312257][ T1168] worker_thread+0x96/0xe20 [ 351.341749][ T1168] ? process_one_work+0x16a0/0x16a0 [ 351.347687][ T1168] kthread+0x388/0x470 [ 351.351757][ T1168] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 351.380840][ T1168] ret_from_fork+0x24/0x30 [ 351.385413][ T1168] INFO: task syz-executor.4:8965 can't die for more than 144 seconds. [ 351.420776][ T1168] syz-executor.4 R running task 27808 8965 7561 0x00004006 [ 351.430169][ T1168] Call Trace: [ 351.433475][ T1168] ? __schedule+0x937/0x1ff0 [ 351.462588][ T1168] ? __sched_text_start+0x8/0x8 [ 351.480991][ T1168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 351.487886][ T1168] ? lockdep_hardirqs_on+0x463/0x620 [ 351.493193][ T1168] preempt_schedule_irq+0xb0/0x150 [ 351.516161][ T1168] retint_kernel+0x1b/0x2b [ 351.520600][ T1168] RIP: 0010:io_ring_ctx_wait_and_kill+0xad/0x5a0 [ 351.550797][ T1168] Code: 01 00 00 4d 89 f4 48 b8 00 00 00 00 00 fc ff df 4c 89 ed 49 c1 ec 03 48 c1 ed 03 49 01 c4 48 01 c5 eb 1c e8 ba 65 9d ff f3 90 <41> 80 3c 24 00 0f 85 53 04 00 00 48 83 bb 10 01 00 00 00 74 21 e8 [ 351.606203][ T1168] RSP: 0018:ffffc90006947df0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 351.614642][ T1168] RAX: ffff8880517bc580 RBX: ffff888095e18000 RCX: 1ffff92000d28fab [ 351.648555][ T1168] RDX: 0000000000000000 RSI: ffffffff81d5ced6 RDI: ffff888095e18300 [ 351.668526][ T1168] RBP: ffffed1012bc302c R08: 0000000000000001 R09: ffffed1012bc3061 [ 351.703500][ T1168] R10: ffff888095e18307 R11: ffffed1012bc3060 R12: ffffed1012bc3022 [ 351.728741][ T1168] R13: ffff888095e18160 R14: ffff888095e18110 R15: ffffffff81d5d3e0 [ 351.748737][ T1168] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 351.754570][ T1168] ? io_ring_ctx_wait_and_kill+0x96/0x5a0 [ 351.781361][ T1168] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 351.798477][ T1168] io_uring_release+0x3e/0x50 [ 351.803174][ T1168] __fput+0x33e/0x880 [ 351.828482][ T1168] task_work_run+0xf4/0x1b0 [ 351.833116][ T1168] exit_to_usermode_loop+0x2fa/0x360 [ 351.860113][ T1168] do_syscall_64+0x6b1/0x7d0 [ 351.864726][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 351.888487][ T1168] RIP: 0033:0x416621 [ 351.892486][ T1168] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 351.948643][ T1168] RSP: 002b:00007fff034784c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 351.968449][ T1168] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416621 [ 351.998472][ T1168] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 352.018524][ T1168] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.038520][ T1168] R10: 00000000007907a0 R11: 0000000000000293 R12: 00000000007907b0 [ 352.058479][ T1168] R13: 0000000000000001 R14: ffffffffffffffff R15: 000000000078bfac [ 352.088473][ T1168] INFO: task syz-executor.4:8966 can't die for more than 145 seconds. [ 352.109098][ T1168] syz-executor.4 R running task 28760 8966 7561 0x80004004 [ 352.128476][ T1168] Call Trace: [ 352.131787][ T1168] ? lockdep_hardirqs_on+0x463/0x620 [ 352.158497][ T1168] ? _raw_spin_unlock_irq+0x55/0x80 [ 352.163711][ T1168] ? __schedule+0x15ae/0x1ff0 [ 352.188494][ T1168] ? __sched_text_start+0x8/0x8 [ 352.193364][ T1168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 352.218573][ T1168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 352.224143][ T1168] ? lockdep_hardirqs_on+0x463/0x620 [ 352.249367][ T1168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 352.254847][ T1168] ? preempt_schedule_irq+0xee/0x150 [ 352.278516][ T1168] ? smp_apic_timer_interrupt+0x1b6/0x600 [ 352.284274][ T1168] ? retint_kernel+0x2b/0x2b [ 352.308461][ T1168] ? io_ring_ctx_wait_and_kill+0xb2/0x5a0 [ 352.314337][ T1168] ? __sanitizer_cov_trace_pc+0x46/0x60 [ 352.338498][ T1168] ? io_ring_ctx_wait_and_kill+0x98/0x5a0 [ 352.344238][ T1168] ? io_ring_ctx_wait_and_kill+0xb2/0x5a0 [ 352.369075][ T1168] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 352.374912][ T1168] ? io_uring_release+0x3e/0x50 [ 352.398644][ T1168] ? __fput+0x33e/0x880 [ 352.402819][ T1168] ? task_work_run+0xf4/0x1b0 [ 352.428451][ T1168] ? exit_to_usermode_loop+0x2fa/0x360 [ 352.433936][ T1168] ? do_syscall_64+0x6b1/0x7d0 [ 352.458617][ T1168] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 352.464824][ T1168] INFO: task syz-executor.0:8980 can't die for more than 145 seconds. [ 352.500208][ T1168] syz-executor.0 D27840 8980 7108 0x00004004 [ 352.519252][ T1168] Call Trace: [ 352.522567][ T1168] ? __schedule+0x937/0x1ff0 [ 352.539249][ T1168] ? __sched_text_start+0x8/0x8 [ 352.544117][ T1168] ? mark_held_locks+0xe0/0xe0 [ 352.567672][ T1168] schedule+0xd0/0x2a0 [ 352.571787][ T1168] schedule_timeout+0x55b/0x850 [ 352.588725][ T1168] ? mark_lock+0x12b/0xf10 [ 352.593160][ T1168] ? find_held_lock+0x2d/0x110 [ 352.615026][ T1168] ? usleep_range+0x160/0x160 [ 352.639236][ T1168] ? wait_for_completion+0x162/0x270 [ 352.644549][ T1168] ? print_usage_bug+0x240/0x240 [ 352.667702][ T1168] ? lock_downgrade+0x840/0x840 [ 352.672592][ T1168] ? mark_held_locks+0x9f/0xe0 [ 352.687675][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 352.692979][ T1168] wait_for_completion+0x16a/0x270 [ 352.719207][ T1168] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 352.745132][ T1168] ? mark_held_locks+0x9f/0xe0 [ 352.759872][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 352.765092][ T1168] __flush_work+0x4fd/0xa80 [ 352.786146][ T1168] ? queue_delayed_work_on+0x210/0x210 [ 352.791638][ T1168] ? mark_lock+0x12b/0xf10 [ 352.825211][ T1168] ? flush_workqueue_prep_pwqs+0x4e0/0x4e0 [ 352.840902][ T1168] ? mark_held_locks+0x9f/0xe0 [ 352.845676][ T1168] ? smp_call_function_many_cond+0x180/0x980 [ 352.880773][ T1168] ? queue_work_on+0xe6/0x200 [ 352.885476][ T1168] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 352.893206][ T1168] lru_add_drain_all+0x3ee/0x5b0 [ 352.921688][ T1168] ? on_each_cpu_cond_mask+0x40/0x290 [ 352.927886][ T1168] invalidate_bdev+0x96/0xd0 [ 352.932548][ T1168] __loop_clr_fd+0x38a/0xd80 [ 352.960717][ T1168] lo_ioctl+0x2b4/0x1410 [ 352.964979][ T1168] ? loop_set_fd+0x13f0/0x13f0 [ 353.000792][ T1168] blkdev_ioctl+0x25b/0x660 [ 353.005314][ T1168] ? blkdev_common_ioctl+0x1770/0x1770 [ 353.011985][ T1168] ? do_dup2+0x520/0x520 [ 353.022274][ T1168] ? quarantine_put+0x119/0x1c0 [ 353.040887][ T1168] block_ioctl+0xf9/0x140 [ 353.045228][ T1168] ? blkdev_fallocate+0x3f0/0x3f0 [ 353.080691][ T1168] ksys_ioctl+0x11a/0x180 [ 353.085417][ T1168] __x64_sys_ioctl+0x6f/0xb0 [ 353.091103][ T1168] ? lockdep_hardirqs_on+0x463/0x620 [ 353.120712][ T1168] do_syscall_64+0xf6/0x7d0 [ 353.125246][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 353.132198][ T1168] RIP: 0033:0x45c8f7 [ 353.146759][ T1168] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 353.210675][ T1168] RSP: 002b:00007f53135cba68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 353.223536][ T1168] RAX: ffffffffffffffda RBX: 00000000005088c0 RCX: 000000000045c8f7 [ 353.250238][ T1168] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 [ 353.269321][ T1168] RBP: 000000000078bf00 R08: 00007f53135cbb40 R09: 00007f53135cbae0 [ 353.297634][ T1168] R10: 0000000000004801 R11: 0000000000000246 R12: 00000000ffffffff [ 353.305623][ T1168] R13: 0000000000000bea R14: 00000000004ce2a4 R15: 00007f53135cc6d4 [ 353.339897][ T1168] INFO: task syz-executor.0:8980 blocked for more than 146 seconds. [ 353.360878][ T1168] Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 353.382514][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 353.407471][ T1168] syz-executor.0 D27840 8980 7108 0x00004004 [ 353.413903][ T1168] Call Trace: [ 353.440044][ T1168] ? __schedule+0x937/0x1ff0 [ 353.444671][ T1168] ? __sched_text_start+0x8/0x8 [ 353.460024][ T1168] ? mark_held_locks+0xe0/0xe0 [ 353.464825][ T1168] schedule+0xd0/0x2a0 [ 353.486859][ T1168] schedule_timeout+0x55b/0x850 [ 353.491752][ T1168] ? mark_lock+0x12b/0xf10 [ 353.519890][ T1168] ? find_held_lock+0x2d/0x110 [ 353.524683][ T1168] ? usleep_range+0x160/0x160 [ 353.551797][ T1168] ? wait_for_completion+0x162/0x270 [ 353.557982][ T1168] ? print_usage_bug+0x240/0x240 [ 353.562925][ T1168] ? lock_downgrade+0x840/0x840 [ 353.586062][ T1168] ? mark_held_locks+0x9f/0xe0 [ 353.590856][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 353.606119][ T1168] wait_for_completion+0x16a/0x270 [ 353.611274][ T1168] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 353.640708][ T1168] ? mark_held_locks+0x9f/0xe0 [ 353.645519][ T1168] ? _raw_spin_unlock_irq+0x1f/0x80 [ 353.666092][ T1168] __flush_work+0x4fd/0xa80 [ 353.670639][ T1168] ? queue_delayed_work_on+0x210/0x210 [ 353.700879][ T1168] ? mark_lock+0x12b/0xf10 [ 353.705316][ T1168] ? flush_workqueue_prep_pwqs+0x4e0/0x4e0 [ 353.726085][ T1168] ? mark_held_locks+0x9f/0xe0 [ 353.730867][ T1168] ? smp_call_function_many_cond+0x180/0x980 [ 353.760686][ T1168] ? queue_work_on+0xe6/0x200 [ 353.765389][ T1168] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 353.801630][ T1168] lru_add_drain_all+0x3ee/0x5b0 [ 353.808603][ T1168] ? on_each_cpu_cond_mask+0x40/0x290 [ 353.813985][ T1168] invalidate_bdev+0x96/0xd0 [ 353.840646][ T1168] __loop_clr_fd+0x38a/0xd80 [ 353.845259][ T1168] lo_ioctl+0x2b4/0x1410 [ 353.863627][ T1168] ? loop_set_fd+0x13f0/0x13f0 [ 353.880726][ T1168] blkdev_ioctl+0x25b/0x660 [ 353.885245][ T1168] ? blkdev_common_ioctl+0x1770/0x1770 [ 353.906977][ T1168] ? do_dup2+0x520/0x520 [ 353.911243][ T1168] ? quarantine_put+0x119/0x1c0 [ 353.943090][ T1168] block_ioctl+0xf9/0x140 [ 353.948163][ T1168] ? blkdev_fallocate+0x3f0/0x3f0 [ 353.953187][ T1168] ksys_ioctl+0x11a/0x180 [ 353.980648][ T1168] __x64_sys_ioctl+0x6f/0xb0 [ 353.985259][ T1168] ? lockdep_hardirqs_on+0x463/0x620 [ 354.000683][ T1168] do_syscall_64+0xf6/0x7d0 [ 354.005210][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 354.040613][ T1168] RIP: 0033:0x45c8f7 [ 354.044527][ T1168] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 354.096085][ T1168] RSP: 002b:00007f53135cba68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 354.104687][ T1168] RAX: ffffffffffffffda RBX: 00000000005088c0 RCX: 000000000045c8f7 [ 354.139297][ T1168] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 [ 354.159225][ T1168] RBP: 000000000078bf00 R08: 00007f53135cbb40 R09: 00007f53135cbae0 [ 354.187568][ T1168] R10: 0000000000004801 R11: 0000000000000246 R12: 00000000ffffffff [ 354.195904][ T1168] R13: 0000000000000bea R14: 00000000004ce2a4 R15: 00007f53135cc6d4 [ 354.229851][ T1168] INFO: task syz-executor.1:8983 can't die for more than 147 seconds. [ 354.249881][ T1168] syz-executor.1 D28056 8983 7237 0x00000004 [ 354.276105][ T1168] Call Trace: [ 354.279423][ T1168] ? __schedule+0x937/0x1ff0 [ 354.284016][ T1168] ? __sched_text_start+0x8/0x8 [ 354.341232][ T1168] schedule+0xd0/0x2a0 [ 354.345333][ T1168] schedule_preempt_disabled+0xf/0x20 [ 354.352719][ T1168] __mutex_lock+0x7ab/0x13c0 [ 354.366042][ T1168] ? blkdev_put+0x30/0x520 [ 354.370470][ T1168] ? mutex_trylock+0x2c0/0x2c0 [ 354.375217][ T1168] ? lock_downgrade+0x840/0x840 [ 354.406775][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 354.411835][ T1168] ? rwlock_bug.part.0+0x90/0x90 [ 354.439893][ T1168] ? locks_check_ctx_file_list+0x1d/0x110 [ 354.445632][ T1168] ? do_raw_spin_unlock+0x171/0x260 [ 354.467414][ T1168] ? _raw_spin_unlock+0x24/0x40 [ 354.472281][ T1168] ? blkdev_put+0x520/0x520 [ 354.499857][ T1168] ? blkdev_put+0x30/0x520 [ 354.504292][ T1168] blkdev_put+0x30/0x520 [ 354.519899][ T1168] ? blkdev_put+0x520/0x520 [ 354.524415][ T1168] blkdev_close+0x8c/0xb0 [ 354.539922][ T1168] __fput+0x33e/0x880 [ 354.543924][ T1168] task_work_run+0xf4/0x1b0 [ 354.567761][ T1168] exit_to_usermode_loop+0x2fa/0x360 [ 354.573060][ T1168] do_syscall_64+0x6b1/0x7d0 [ 354.600562][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 354.608027][ T1168] RIP: 0033:0x416621 [ 354.611924][ T1168] Code: Bad RIP value. [ 354.640062][ T1168] RSP: 002b:00007ffcb5ce5bd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 354.661571][ T1168] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416621 [ 354.680900][ T1168] RDX: 0000000000000000 RSI: 0000000000001dae RDI: 0000000000000004 [ 354.706760][ T1168] RBP: 0000000000000001 R08: 000000009c417dae R09: 000000009c417db2 [ 354.715705][ T1168] R10: 00007ffcb5ce5cc0 R11: 0000000000000293 R12: 000000000078c900 [ 354.749838][ T1168] R13: 000000000078c900 R14: ffffffffffffffff R15: 000000000078bf0c [ 354.776855][ T1168] INFO: task syz-executor.1:8983 blocked for more than 147 seconds. [ 354.784851][ T1168] Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 354.823421][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.848247][ T1168] syz-executor.1 D28056 8983 7237 0x00000004 [ 354.854592][ T1168] Call Trace: [ 354.878343][ T1168] ? __schedule+0x937/0x1ff0 [ 354.882970][ T1168] ? __sched_text_start+0x8/0x8 [ 354.901017][ T1168] schedule+0xd0/0x2a0 [ 354.905104][ T1168] schedule_preempt_disabled+0xf/0x20 [ 354.928263][ T1168] __mutex_lock+0x7ab/0x13c0 [ 354.932873][ T1168] ? blkdev_put+0x30/0x520 [ 354.958338][ T1168] ? mutex_trylock+0x2c0/0x2c0 [ 354.963122][ T1168] ? lock_downgrade+0x840/0x840 [ 354.980139][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 354.985184][ T1168] ? rwlock_bug.part.0+0x90/0x90 [ 355.019270][ T1168] ? locks_check_ctx_file_list+0x1d/0x110 [ 355.025121][ T1168] ? do_raw_spin_unlock+0x171/0x260 [ 355.048261][ T1168] ? _raw_spin_unlock+0x24/0x40 [ 355.053149][ T1168] ? blkdev_put+0x520/0x520 [ 355.068340][ T1168] ? blkdev_put+0x30/0x520 [ 355.072775][ T1168] blkdev_put+0x30/0x520 [ 355.098351][ T1168] ? blkdev_put+0x520/0x520 [ 355.102867][ T1168] blkdev_close+0x8c/0xb0 [ 355.118950][ T1168] __fput+0x33e/0x880 [ 355.122945][ T1168] task_work_run+0xf4/0x1b0 [ 355.148268][ T1168] exit_to_usermode_loop+0x2fa/0x360 [ 355.153572][ T1168] do_syscall_64+0x6b1/0x7d0 [ 355.178321][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 355.184233][ T1168] RIP: 0033:0x416621 [ 355.198442][ T1168] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 355.260593][ T1168] RSP: 002b:00007ffcb5ce5bd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 355.280740][ T1168] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416621 [ 355.304586][ T1168] RDX: 0000000000000000 RSI: 0000000000001dae RDI: 0000000000000004 [ 355.340554][ T1168] RBP: 0000000000000001 R08: 000000009c417dae R09: 000000009c417db2 [ 355.350219][ T1168] R10: 00007ffcb5ce5cc0 R11: 0000000000000293 R12: 000000000078c900 [ 355.381228][ T1168] R13: 000000000078c900 R14: ffffffffffffffff R15: 000000000078bf0c [ 355.389963][ T1168] INFO: task syz-executor.1:8987 can't die for more than 148 seconds. [ 355.420607][ T1168] syz-executor.1 D27840 8987 7237 0x00004004 [ 355.440714][ T1168] Call Trace: [ 355.444054][ T1168] ? __schedule+0x937/0x1ff0 [ 355.462055][ T1168] ? __sched_text_start+0x8/0x8 [ 355.480711][ T1168] schedule+0xd0/0x2a0 [ 355.484815][ T1168] schedule_preempt_disabled+0xf/0x20 [ 355.500743][ T1168] __mutex_lock+0x7ab/0x13c0 [ 355.505382][ T1168] ? lo_release+0x1a/0x1f0 [ 355.540609][ T1168] ? __blkdev_put+0xb5/0x690 [ 355.545361][ T1168] ? mutex_trylock+0x2c0/0x2c0 [ 355.551790][ T1168] ? find_held_lock+0x2d/0x110 [ 355.566958][ T1168] ? blkdev_put+0x85/0x520 [ 355.571737][ T1168] ? lock_downgrade+0x840/0x840 [ 355.600781][ T1168] ? lo_release+0x1a/0x1f0 [ 355.605334][ T1168] lo_release+0x1a/0x1f0 [ 355.614888][ T1168] ? __loop_clr_fd+0xd80/0xd80 [ 355.641383][ T1168] __blkdev_put+0x509/0x690 [ 355.646716][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 355.651769][ T1168] ? freeze_bdev+0x1f0/0x1f0 [ 355.681553][ T1168] ? blkdev_put+0x85/0x520 [ 355.686745][ T1168] deactivate_locked_super+0x8c/0xf0 [ 355.692039][ T1168] mount_bdev+0x37c/0x3c0 [ 355.720604][ T1168] ? msdos_mount+0x40/0x40 [ 355.725161][ T1168] ? setup+0xd0/0xd0 [ 355.760565][ T1168] legacy_get_tree+0x105/0x220 [ 355.765445][ T1168] ? ns_capable_common+0xe2/0x100 [ 355.772861][ T1168] vfs_get_tree+0x89/0x2f0 [ 355.782684][ T1168] do_mount+0x1306/0x1b30 [ 355.800567][ T1168] ? copy_mount_string+0x40/0x40 [ 355.805626][ T1168] ? _copy_from_user+0x13c/0x1a0 [ 355.826190][ T1168] __x64_sys_mount+0x18f/0x230 [ 355.830980][ T1168] do_syscall_64+0xf6/0x7d0 [ 355.835862][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 355.871620][ T1168] RIP: 0033:0x45f47a [ 355.875525][ T1168] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 355.944633][ T1168] RSP: 002b:00007f1f096aaa68 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 355.980473][ T1168] RAX: ffffffffffffffda RBX: 0000000000508ac0 RCX: 000000000045f47a [ 355.989296][ T1168] RDX: 00007f1f096aaae0 RSI: 00000000200003c0 RDI: 00007f1f096aab00 [ 356.006910][ T1168] RBP: 000000000078bf00 R08: 00007f1f096aab40 R09: 00007f1f096aaae0 [ 356.014900][ T1168] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff [ 356.055929][ T1168] R13: 0000000000000bf2 R14: 00000000004ce351 R15: 00007f1f096ab6d4 [ 356.063950][ T1168] INFO: task syz-executor.1:8987 blocked for more than 149 seconds. [ 356.098290][ T1168] Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 356.105319][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 356.140535][ T1168] syz-executor.1 D27840 8987 7237 0x00004004 [ 356.161159][ T1168] Call Trace: [ 356.164476][ T1168] ? __schedule+0x937/0x1ff0 [ 356.182166][ T1168] ? __sched_text_start+0x8/0x8 [ 356.200528][ T1168] schedule+0xd0/0x2a0 [ 356.205134][ T1168] schedule_preempt_disabled+0xf/0x20 [ 356.245935][ T1168] __mutex_lock+0x7ab/0x13c0 [ 356.250572][ T1168] ? lo_release+0x1a/0x1f0 [ 356.254990][ T1168] ? __blkdev_put+0xb5/0x690 [ 356.286569][ T1168] ? mutex_trylock+0x2c0/0x2c0 [ 356.291364][ T1168] ? find_held_lock+0x2d/0x110 [ 356.320485][ T1168] ? blkdev_put+0x85/0x520 [ 356.324944][ T1168] ? lock_downgrade+0x840/0x840 [ 356.330973][ T1168] ? lo_release+0x1a/0x1f0 [ 356.335392][ T1168] lo_release+0x1a/0x1f0 [ 356.368965][ T1168] ? __loop_clr_fd+0xd80/0xd80 [ 356.373751][ T1168] __blkdev_put+0x509/0x690 [ 356.389045][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 356.394089][ T1168] ? freeze_bdev+0x1f0/0x1f0 [ 356.418075][ T1168] ? blkdev_put+0x85/0x520 [ 356.422513][ T1168] deactivate_locked_super+0x8c/0xf0 [ 356.448976][ T1168] mount_bdev+0x37c/0x3c0 [ 356.453336][ T1168] ? msdos_mount+0x40/0x40 [ 356.477438][ T1168] ? setup+0xd0/0xd0 [ 356.481378][ T1168] legacy_get_tree+0x105/0x220 [ 356.497927][ T1168] ? ns_capable_common+0xe2/0x100 [ 356.503242][ T1168] vfs_get_tree+0x89/0x2f0 [ 356.529007][ T1168] do_mount+0x1306/0x1b30 [ 356.533540][ T1168] ? copy_mount_string+0x40/0x40 [ 356.549621][ T1168] ? _copy_from_user+0x13c/0x1a0 [ 356.554579][ T1168] __x64_sys_mount+0x18f/0x230 [ 356.578535][ T1168] do_syscall_64+0xf6/0x7d0 [ 356.583058][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 356.608947][ T1168] RIP: 0033:0x45f47a [ 356.612862][ T1168] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 356.667438][ T1168] RSP: 002b:00007f1f096aaa68 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 356.698957][ T1168] RAX: ffffffffffffffda RBX: 0000000000508ac0 RCX: 000000000045f47a [ 356.718972][ T1168] RDX: 00007f1f096aaae0 RSI: 00000000200003c0 RDI: 00007f1f096aab00 [ 356.747480][ T1168] RBP: 000000000078bf00 R08: 00007f1f096aab40 R09: 00007f1f096aaae0 [ 356.755559][ T1168] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff [ 356.790777][ T1168] R13: 0000000000000bf2 R14: 00000000004ce351 R15: 00007f1f096ab6d4 [ 356.810469][ T1168] INFO: task systemd-udevd:9024 blocked for more than 149 seconds. [ 356.836672][ T1168] Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 356.843713][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 356.878168][ T1168] systemd-udevd D28128 9024 4187 0x00004100 [ 356.884523][ T1168] Call Trace: [ 356.915917][ T1168] ? __schedule+0x937/0x1ff0 [ 356.920534][ T1168] ? __sched_text_start+0x8/0x8 [ 356.925383][ T1168] schedule+0xd0/0x2a0 [ 356.950428][ T1168] schedule_preempt_disabled+0xf/0x20 [ 356.956726][ T1168] __mutex_lock+0x7ab/0x13c0 [ 356.961435][ T1168] ? __blkdev_get+0x179/0x1530 [ 356.990617][ T1168] ? mutex_trylock+0x2c0/0x2c0 [ 356.995408][ T1168] ? up_read+0x1a8/0x750 [ 357.015989][ T1168] ? kobj_lookup+0x36d/0x460 [ 357.020696][ T1168] ? __blkdev_get+0x179/0x1530 [ 357.025445][ T1168] __blkdev_get+0x179/0x1530 [ 357.058315][ T1168] ? find_held_lock+0x2d/0x110 [ 357.063130][ T1168] ? fsnotify_parent+0xbf/0x2d0 [ 357.089690][ T1168] ? __blkdev_put+0x690/0x690 [ 357.094387][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 357.117651][ T1168] ? rwlock_bug.part.0+0x90/0x90 [ 357.122617][ T1168] blkdev_get+0x41/0x2b0 [ 357.149724][ T1168] ? _raw_spin_unlock+0x24/0x40 [ 357.154602][ T1168] blkdev_open+0x21d/0x2b0 [ 357.169808][ T1168] do_dentry_open+0x4b6/0x12a0 [ 357.174606][ T1168] ? bd_acquire+0x2c0/0x2c0 [ 357.196693][ T1168] ? chown_common+0x550/0x550 [ 357.202260][ T1168] ? inode_permission+0xab/0x500 [ 357.230749][ T1168] path_openat+0x1e70/0x27f0 [ 357.235384][ T1168] ? path_lookupat.isra.0+0x530/0x530 [ 357.269644][ T1168] ? lock_acquire+0x1f2/0x8f0 [ 357.274363][ T1168] do_filp_open+0x192/0x260 [ 357.289723][ T1168] ? may_open_dev+0xf0/0xf0 [ 357.294250][ T1168] ? do_raw_spin_lock+0x129/0x2e0 [ 357.316756][ T1168] ? _raw_spin_unlock+0x24/0x40 [ 357.321712][ T1168] ? __alloc_fd+0x46d/0x600 [ 357.349697][ T1168] do_sys_openat2+0x585/0x7d0 [ 357.354417][ T1168] ? file_open_root+0x400/0x400 [ 357.370047][ T1168] ? __secure_computing+0x104/0x360 [ 357.375264][ T1168] ? syscall_trace_enter+0x41d/0xd10 [ 357.410447][ T1168] do_sys_open+0xc3/0x140 [ 357.414800][ T1168] ? filp_open+0x70/0x70 [ 357.430636][ T1168] ? trace_hardirqs_off_caller+0x55/0x230 [ 357.451493][ T1168] do_syscall_64+0xf6/0x7d0 [ 357.456797][ T1168] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 357.462687][ T1168] RIP: 0033:0x7f310f387840 [ 357.490417][ T1168] Code: Bad RIP value. [ 357.494713][ T1168] RSP: 002b:00007fffb6393318 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 357.530404][ T1168] RAX: ffffffffffffffda RBX: 00005640199a58d0 RCX: 00007f310f387840 [ 357.550481][ T1168] RDX: 0000564018f50fe3 RSI: 00000000000a0800 RDI: 000056401999f010 [ 357.570403][ T1168] RBP: 00007fffb6393490 R08: 0000564018f50670 R09: 0000000000000010 [ 357.590521][ T1168] R10: 0000564018f50d0c R11: 0000000000000246 R12: 00007fffb63933e0 [ 357.614711][ T1168] R13: 00005640199ae2c0 R14: 0000000000000003 R15: 000000000000000e [ 357.635859][ T1168] [ 357.635859][ T1168] Showing all locks held in the system: [ 357.643619][ T1168] 5 locks held by kworker/u4:1/21: [ 357.675875][ T1168] #0: ffff88821b03d938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 [ 357.710415][ T1168] #1: ffffc90000dd7dc0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 [ 357.731034][ T1168] #2: ffffffff8a596670 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xa50 [ 357.755827][ T1168] #3: ffffffff8a5a2568 (rtnl_mutex){+.+.}-{3:3}, at: ip6gre_exit_batch_net+0x88/0x700 [ 357.765489][ T1168] #4: ffffffff89979f90 (cpu_hotplug_lock){++++}-{0:0}, at: rollback_registered_many+0x45b/0xe70 [ 357.805843][ T1168] 1 lock held by khungtaskd/1168: [ 357.810875][ T1168] #0: ffffffff899befc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 357.846641][ T1168] 3 locks held by kworker/1:29/2966: [ 357.851935][ T1168] #0: ffff88821530d138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 [ 357.895827][ T1168] #1: ffffc90001217dc0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 [ 357.930406][ T1168] #2: ffffffff8a5a2568 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 357.955855][ T1168] 2 locks held by systemd-udevd/4187: [ 357.961250][ T1168] #0: ffff88808a9d4280 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_get+0x179/0x1530 [ 357.998171][ T1168] #1: ffffffff8a08d7a8 (loop_ctl_mutex){+.+.}-{3:3}, at: lo_open+0x19/0xd0 [ 358.029650][ T1168] 1 lock held by in:imklog/6790: [ 358.034596][ T1168] #0: ffff888099669db0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 358.069722][ T1168] 1 lock held by syz-executor.2/8968: [ 358.075121][ T1168] #0: ffffffff8a5a2568 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x180 [ 358.111424][ T1168] 2 locks held by syz-executor.0/8980: [ 358.131038][ T1168] #0: ffffffff8a08d7a8 (loop_ctl_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x86/0xd80 [ 358.150463][ T1168] #1: ffffffff89a3f3e8 (lock#7){+.+.}-{3:3}, at: lru_add_drain_all+0x59/0x5b0 [ 358.175857][ T1168] 1 lock held by syz-executor.1/8983: [ 358.181243][ T1168] #0: ffff88808aa44900 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_put+0x30/0x520 [ 358.217504][ T1168] 2 locks held by syz-executor.1/8987: [ 358.222987][ T1168] #0: ffff88808aa44900 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_put+0xb5/0x690 [ 358.258735][ T1168] #1: ffffffff8a08d7a8 (loop_ctl_mutex){+.+.}-{3:3}, at: lo_release+0x1a/0x1f0 [ 358.278132][ T1168] 1 lock held by systemd-udevd/9024: [ 358.283423][ T1168] #0: ffff88808aa44900 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_get+0x179/0x1530 [ 358.318887][ T1168] [ 358.321241][ T1168] ============================================= [ 358.321241][ T1168] [ 358.347353][ T1168] NMI backtrace for cpu 1 [ 358.351705][ T1168] CPU: 1 PID: 1168 Comm: khungtaskd Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 358.361134][ T1168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.371164][ T1168] Call Trace: [ 358.374440][ T1168] dump_stack+0x188/0x20d [ 358.378776][ T1168] nmi_cpu_backtrace.cold+0x70/0xb1 [ 358.383972][ T1168] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 358.389672][ T1168] nmi_trigger_cpumask_backtrace+0x231/0x27e [ 358.395635][ T1168] watchdog+0xde3/0x14e0 [ 358.399862][ T1168] ? reset_hung_task_detector+0x30/0x30 [ 358.405415][ T1168] kthread+0x388/0x470 [ 358.409464][ T1168] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 358.415166][ T1168] ret_from_fork+0x24/0x30 [ 358.419868][ T1168] Sending NMI from CPU 1 to CPUs 0: [ 358.425490][ C0] NMI backtrace for cpu 0 [ 358.425498][ C0] CPU: 0 PID: 8966 Comm: syz-executor.4 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 358.425504][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.425508][ C0] RIP: 0010:io_ring_ctx_wait_and_kill+0x98/0x5a0 [ 358.425518][ C0] Code: 01 00 00 4d 89 f4 48 b8 00 00 00 00 00 fc ff df 4c 89 ed 49 c1 ec 03 48 c1 ed 03 49 01 c4 48 01 c5 eb 1c e8 ba 65 9d ff f3 90 <41> 80 3c 24 00 0f 85 53 04 00 00 48 83 bb 10 01 00 00 00 74 21 e8 [ 358.425522][ C0] RSP: 0018:ffffc90006967df0 EFLAGS: 00000246 [ 358.425529][ C0] RAX: 0000000000040000 RBX: ffff88808f56d000 RCX: ffffc90011077000 [ 358.425534][ C0] RDX: 0000000000040000 RSI: ffffffff81d5ced6 RDI: ffff88808f56d300 [ 358.425539][ C0] RBP: ffffed1011eada2c R08: 0000000000000001 R09: ffffed1011eada61 [ 358.425544][ C0] R10: ffff88808f56d307 R11: ffffed1011eada60 R12: ffffed1011eada22 [ 358.425549][ C0] R13: ffff88808f56d160 R14: ffff88808f56d110 R15: ffffffff81d5d3e0 [ 358.425554][ C0] FS: 00007f468655e700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 358.425558][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 358.425563][ C0] CR2: 0000001b2e321000 CR3: 000000009a8f7000 CR4: 00000000001406f0 [ 358.425568][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 358.425572][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 358.425575][ C0] Call Trace: [ 358.425579][ C0] ? io_ring_ctx_wait_and_kill+0x5a0/0x5a0 [ 358.425582][ C0] io_uring_release+0x3e/0x50 [ 358.425585][ C0] __fput+0x33e/0x880 [ 358.425588][ C0] task_work_run+0xf4/0x1b0 [ 358.425591][ C0] exit_to_usermode_loop+0x2fa/0x360 [ 358.425594][ C0] do_syscall_64+0x6b1/0x7d0 [ 358.425598][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 358.425601][ C0] RIP: 0033:0x45ca29 [ 358.425612][ C0] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 358.425615][ C0] RSP: 002b:00007f468655dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 358.425623][ C0] RAX: 0000000000000000 RBX: 00000000004dac40 RCX: 000000000045ca29 [ 358.425628][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 358.425633][ C0] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 358.425638][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 358.425642][ C0] R13: 0000000000000078 R14: 00000000005255f2 R15: 00007f468655e6d4 [ 358.535745][ T1168] Kernel panic - not syncing: hung_task: blocked tasks [ 358.677340][ T1168] CPU: 1 PID: 1168 Comm: khungtaskd Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 358.686771][ T1168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.696805][ T1168] Call Trace: [ 358.700087][ T1168] dump_stack+0x188/0x20d [ 358.705339][ T1168] panic+0x2e3/0x75c [ 358.709223][ T1168] ? add_taint.cold+0x16/0x16 [ 358.713905][ T1168] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 358.719541][ T1168] ? preempt_schedule_thunk+0x16/0x18 [ 358.724893][ T1168] ? watchdog+0xde3/0x14e0 [ 358.729293][ T1168] ? nmi_trigger_cpumask_backtrace+0x214/0x27e [ 358.741439][ T1168] watchdog+0xdf4/0x14e0 [ 358.745667][ T1168] ? reset_hung_task_detector+0x30/0x30 [ 358.751194][ T1168] kthread+0x388/0x470 [ 358.755244][ T1168] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 358.760965][ T1168] ret_from_fork+0x24/0x30 [ 358.766293][ T1168] Kernel Offset: disabled [ 358.770622][ T1168] Rebooting in 86400 seconds..