[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. 2021/02/23 17:26:32 fuzzer started 2021/02/23 17:26:32 dialing manager at 10.128.0.163:35359 2021/02/23 17:26:32 syscalls: 3541 2021/02/23 17:26:32 code coverage: enabled 2021/02/23 17:26:32 comparison tracing: enabled 2021/02/23 17:26:32 extra coverage: enabled 2021/02/23 17:26:32 setuid sandbox: enabled 2021/02/23 17:26:32 namespace sandbox: enabled 2021/02/23 17:26:32 Android sandbox: /sys/fs/selinux/policy does not exist 2021/02/23 17:26:32 fault injection: enabled 2021/02/23 17:26:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/02/23 17:26:32 net packet injection: enabled 2021/02/23 17:26:32 net device setup: enabled 2021/02/23 17:26:32 concurrency sanitizer: enabled 2021/02/23 17:26:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/02/23 17:26:32 USB emulation: enabled 2021/02/23 17:26:32 hci packet injection: enabled 2021/02/23 17:26:32 wifi device emulation: enabled 2021/02/23 17:26:32 802.15.4 emulation: enabled 2021/02/23 17:26:33 suppressing KCSAN reports in functions: 'ext4_mb_good_group' 'find_get_pages_range_tag' 'ext4_free_inode' 'generic_write_end' 'alloc_pid' 'do_signal_stop' 'jbd2_journal_dirty_metadata' 'complete_signal' 'xas_clear_mark' 'isolate_migratepages_block' 'jbd2_journal_commit_transaction' '__xa_clear_mark' 'n_tty_receive_buf_common' '__send_signal' 'do_sys_poll' 'blk_mq_dispatch_rq_list' '__mark_inode_dirty' 'pcpu_alloc' 'ext4_free_inodes_count' 'blk_mq_rq_ctx_init' 'ext4_writepages' 'wbt_done' 'futex_wait_queue_me' 2021/02/23 17:26:33 fetching corpus: 0, signal 0/2000 (executing program) 2021/02/23 17:26:34 fetching corpus: 50, signal 17093/20771 (executing program) 2021/02/23 17:26:34 fetching corpus: 100, signal 27784/33007 (executing program) 2021/02/23 17:26:34 fetching corpus: 150, signal 37721/44305 (executing program) 2021/02/23 17:26:34 fetching corpus: 200, signal 44640/52573 (executing program) 2021/02/23 17:26:34 fetching corpus: 250, signal 51795/60881 (executing program) 2021/02/23 17:26:34 fetching corpus: 300, signal 57153/67384 (executing program) 2021/02/23 17:26:34 fetching corpus: 350, signal 65135/76209 (executing program) 2021/02/23 17:26:34 fetching corpus: 400, signal 68015/80213 (executing program) 2021/02/23 17:26:34 fetching corpus: 450, signal 71387/84618 (executing program) 2021/02/23 17:26:34 fetching corpus: 500, signal 74324/88592 (executing program) 2021/02/23 17:26:34 fetching corpus: 550, signal 78332/93445 (executing program) 2021/02/23 17:26:34 fetching corpus: 600, signal 80952/96940 (executing program) 2021/02/23 17:26:34 fetching corpus: 650, signal 85003/101681 (executing program) 2021/02/23 17:26:34 fetching corpus: 700, signal 88527/105917 (executing program) 2021/02/23 17:26:34 fetching corpus: 750, signal 90223/108518 (executing program) 2021/02/23 17:26:35 fetching corpus: 800, signal 94426/113150 (executing program) 2021/02/23 17:26:35 fetching corpus: 850, signal 96862/116260 (executing program) 2021/02/23 17:26:35 fetching corpus: 900, signal 99031/119095 (executing program) 2021/02/23 17:26:35 fetching corpus: 950, signal 101604/122265 (executing program) 2021/02/23 17:26:35 fetching corpus: 1000, signal 103275/124637 (executing program) 2021/02/23 17:26:35 fetching corpus: 1050, signal 105455/127397 (executing program) 2021/02/23 17:26:35 fetching corpus: 1100, signal 107466/129908 (executing program) 2021/02/23 17:26:35 fetching corpus: 1150, signal 109458/132382 (executing program) 2021/02/23 17:26:35 fetching corpus: 1200, signal 111382/134772 (executing program) 2021/02/23 17:26:35 fetching corpus: 1250, signal 113425/137208 (executing program) 2021/02/23 17:26:35 fetching corpus: 1300, signal 115093/139372 (executing program) 2021/02/23 17:26:35 fetching corpus: 1350, signal 116961/141645 (executing program) 2021/02/23 17:26:35 fetching corpus: 1400, signal 118533/143683 (executing program) 2021/02/23 17:26:35 fetching corpus: 1450, signal 120700/146112 (executing program) 2021/02/23 17:26:35 fetching corpus: 1500, signal 122279/148151 (executing program) 2021/02/23 17:26:35 fetching corpus: 1550, signal 123751/150003 (executing program) 2021/02/23 17:26:35 fetching corpus: 1600, signal 125340/151914 (executing program) 2021/02/23 17:26:36 fetching corpus: 1650, signal 126396/153444 (executing program) 2021/02/23 17:26:36 fetching corpus: 1700, signal 128351/155533 (executing program) 2021/02/23 17:26:36 fetching corpus: 1750, signal 129678/157197 (executing program) 2021/02/23 17:26:36 fetching corpus: 1800, signal 130706/158630 (executing program) 2021/02/23 17:26:36 fetching corpus: 1850, signal 131841/160097 (executing program) 2021/02/23 17:26:36 fetching corpus: 1900, signal 133016/161573 (executing program) 2021/02/23 17:26:36 fetching corpus: 1950, signal 134142/163000 (executing program) 2021/02/23 17:26:36 fetching corpus: 2000, signal 135266/164392 (executing program) 2021/02/23 17:26:36 fetching corpus: 2050, signal 136661/165968 (executing program) 2021/02/23 17:26:36 fetching corpus: 2100, signal 138613/167794 (executing program) 2021/02/23 17:26:36 fetching corpus: 2150, signal 140309/169423 (executing program) 2021/02/23 17:26:36 fetching corpus: 2200, signal 142752/171438 (executing program) 2021/02/23 17:26:36 fetching corpus: 2250, signal 143851/172743 (executing program) 2021/02/23 17:26:36 fetching corpus: 2300, signal 144988/174002 (executing program) 2021/02/23 17:26:36 fetching corpus: 2350, signal 145745/175016 (executing program) 2021/02/23 17:26:36 fetching corpus: 2400, signal 146596/176088 (executing program) 2021/02/23 17:26:37 fetching corpus: 2450, signal 147861/177380 (executing program) 2021/02/23 17:26:37 fetching corpus: 2500, signal 148852/178460 (executing program) 2021/02/23 17:26:37 fetching corpus: 2550, signal 149642/179409 (executing program) 2021/02/23 17:26:37 fetching corpus: 2600, signal 150913/180618 (executing program) 2021/02/23 17:26:37 fetching corpus: 2650, signal 152311/181797 (executing program) 2021/02/23 17:26:37 fetching corpus: 2700, signal 153301/182859 (executing program) 2021/02/23 17:26:37 fetching corpus: 2750, signal 154473/183977 (executing program) 2021/02/23 17:26:37 fetching corpus: 2800, signal 155364/184904 (executing program) 2021/02/23 17:26:37 fetching corpus: 2850, signal 156579/185950 (executing program) 2021/02/23 17:26:37 fetching corpus: 2900, signal 157521/186879 (executing program) 2021/02/23 17:26:37 fetching corpus: 2950, signal 158483/187795 (executing program) 2021/02/23 17:26:37 fetching corpus: 3000, signal 159525/188701 (executing program) 2021/02/23 17:26:37 fetching corpus: 3050, signal 160852/189698 (executing program) 2021/02/23 17:26:37 fetching corpus: 3100, signal 161712/190508 (executing program) 2021/02/23 17:26:37 fetching corpus: 3150, signal 162380/191202 (executing program) 2021/02/23 17:26:38 fetching corpus: 3200, signal 163519/192060 (executing program) 2021/02/23 17:26:38 fetching corpus: 3250, signal 164622/192886 (executing program) 2021/02/23 17:26:38 fetching corpus: 3300, signal 165436/193641 (executing program) 2021/02/23 17:26:38 fetching corpus: 3350, signal 166282/194319 (executing program) 2021/02/23 17:26:38 fetching corpus: 3400, signal 167081/195010 (executing program) 2021/02/23 17:26:38 fetching corpus: 3450, signal 168068/195747 (executing program) 2021/02/23 17:26:38 fetching corpus: 3500, signal 168903/196435 (executing program) 2021/02/23 17:26:38 fetching corpus: 3550, signal 169739/197055 (executing program) 2021/02/23 17:26:38 fetching corpus: 3600, signal 170654/197690 (executing program) 2021/02/23 17:26:38 fetching corpus: 3650, signal 171252/198232 (executing program) 2021/02/23 17:26:38 fetching corpus: 3700, signal 171904/198780 (executing program) 2021/02/23 17:26:38 fetching corpus: 3750, signal 173077/199440 (executing program) 2021/02/23 17:26:38 fetching corpus: 3800, signal 174022/200036 (executing program) 2021/02/23 17:26:38 fetching corpus: 3850, signal 174821/200559 (executing program) 2021/02/23 17:26:38 fetching corpus: 3900, signal 176451/201293 (executing program) 2021/02/23 17:26:38 fetching corpus: 3950, signal 177060/201751 (executing program) 2021/02/23 17:26:38 fetching corpus: 4000, signal 178033/202261 (executing program) 2021/02/23 17:26:38 fetching corpus: 4050, signal 178454/202646 (executing program) 2021/02/23 17:26:39 fetching corpus: 4100, signal 179514/203148 (executing program) 2021/02/23 17:26:39 fetching corpus: 4150, signal 180079/203542 (executing program) 2021/02/23 17:26:39 fetching corpus: 4200, signal 180845/203934 (executing program) 2021/02/23 17:26:39 fetching corpus: 4250, signal 181722/204340 (executing program) 2021/02/23 17:26:40 fetching corpus: 4300, signal 182561/204744 (executing program) 2021/02/23 17:26:40 fetching corpus: 4350, signal 183193/205107 (executing program) 2021/02/23 17:26:40 fetching corpus: 4400, signal 184022/205477 (executing program) 2021/02/23 17:26:40 fetching corpus: 4450, signal 184955/205848 (executing program) 2021/02/23 17:26:40 fetching corpus: 4500, signal 185644/206207 (executing program) 2021/02/23 17:26:40 fetching corpus: 4549, signal 186556/206532 (executing program) 2021/02/23 17:26:40 fetching corpus: 4599, signal 187171/206818 (executing program) 2021/02/23 17:26:40 fetching corpus: 4649, signal 187717/207077 (executing program) 2021/02/23 17:26:40 fetching corpus: 4699, signal 188288/207335 (executing program) 2021/02/23 17:26:40 fetching corpus: 4749, signal 188993/207603 (executing program) 2021/02/23 17:26:41 fetching corpus: 4799, signal 189607/207803 (executing program) 2021/02/23 17:26:41 fetching corpus: 4849, signal 190319/208003 (executing program) 2021/02/23 17:26:41 fetching corpus: 4899, signal 191071/208221 (executing program) 2021/02/23 17:26:41 fetching corpus: 4949, signal 191458/208431 (executing program) 2021/02/23 17:26:41 fetching corpus: 4999, signal 192225/208626 (executing program) 2021/02/23 17:26:41 fetching corpus: 5049, signal 192985/208795 (executing program) 2021/02/23 17:26:41 fetching corpus: 5099, signal 193817/208852 (executing program) 2021/02/23 17:26:41 fetching corpus: 5149, signal 194607/208852 (executing program) 2021/02/23 17:26:41 fetching corpus: 5199, signal 195599/208854 (executing program) 2021/02/23 17:26:41 fetching corpus: 5249, signal 196302/208858 (executing program) 2021/02/23 17:26:41 fetching corpus: 5299, signal 197029/208858 (executing program) 2021/02/23 17:26:42 fetching corpus: 5349, signal 197884/208863 (executing program) 2021/02/23 17:26:42 fetching corpus: 5399, signal 198502/208895 (executing program) 2021/02/23 17:26:42 fetching corpus: 5449, signal 199053/208901 (executing program) 2021/02/23 17:26:42 fetching corpus: 5499, signal 199747/208901 (executing program) 2021/02/23 17:26:42 fetching corpus: 5549, signal 200379/208914 (executing program) 2021/02/23 17:26:42 fetching corpus: 5599, signal 201197/208927 (executing program) 2021/02/23 17:26:42 fetching corpus: 5649, signal 201886/208934 (executing program) 2021/02/23 17:26:42 fetching corpus: 5699, signal 202546/208940 (executing program) 2021/02/23 17:26:42 fetching corpus: 5749, signal 203511/208957 (executing program) 2021/02/23 17:26:42 fetching corpus: 5799, signal 204028/208976 (executing program) 2021/02/23 17:26:42 fetching corpus: 5849, signal 204590/208982 (executing program) 2021/02/23 17:26:42 fetching corpus: 5899, signal 205140/208999 (executing program) 2021/02/23 17:26:42 fetching corpus: 5943, signal 206007/209001 (executing program) 2021/02/23 17:26:42 fetching corpus: 5943, signal 206007/209001 (executing program) 2021/02/23 17:26:44 starting 6 fuzzer processes 17:26:44 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$getown(r1, 0x9) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xd0, r0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xff}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x98}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x36}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20044004}, 0x4048011) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x4000000000010045) 17:26:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000100)={0x14, 0x49, 0x0, {0x0, 0x0, 0x5}}, 0x14) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000380)={0x7b}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000800)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x80000001, 0x20000000004cb, 0x800]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00') perf_event_open(&(0x7f0000000000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:26:44 executing program 2: set_mempolicy(0x8001, &(0x7f0000000300)=0x60f, 0xcd) syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x1, 0x2) 17:26:45 executing program 3: r0 = syz_mount_image$vfat(&(0x7f00000002c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736617e43c00088020000200000004f8000020004000000000000000000001", 0x25}, {0x0, 0x0, 0x200000000011000}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, 0x0) fcntl$setstatus(r1, 0x4, 0x6900) socket$packet(0x11, 0x0, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x80000001, [], 0x54, "e26ebbb4eae01c"}) ftruncate(r1, 0x800) lseek(r1, 0x1200, 0x0) syz_mount_image$iso9660(&(0x7f0000000840)='iso9660\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x511000, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000280)={0x3, &(0x7f0000000440)=[{0x2, 0x2b, &(0x7f0000000240)="c652a43e7a0ae74ddea16d63639691c1e2aa2cdb7fcb2f6759dbed878d48a4cd0e57db13c1ebab22dc4e33", 0x1}, {0x81, 0xa4, &(0x7f0000000300)="d0633b4c3f276d3f3218deb894a2e69df14220c62fbcbe47726d358c5e0b7991b4333ac30d361614402daa77c70b1b4043c532e85d5d1f82094267b8eb21269f408dd5e90ca76116bb85cdd3dfe038d5d25c49fe2de251916453344db4e30f40dfabaf759d0ab1698a9cf261a4633868e9189b962afe75528d3f0becf4ab02c30823014da12c03d3cd1a25c537dfc048c994fa8b233334b9f880d1836d7017e3a8623861", 0x1}, {0x10001, 0x51, &(0x7f00000003c0)="88ba6cba7fbdcd9e15575f263aeadca6fbb230986e5154d5a5e7924c47a95c503231d89bea3d3397f635f91207fc2760fd5b689ca0e406c77b25e6af56dd489d99bebf1c62ff78ef76dfedb146cfed550c", 0x0, 0x1}]}) mkdirat(r2, 0x0, 0x106) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) fstat(0xffffffffffffffff, 0x0) 17:26:45 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x40], [], [0xff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) syzkaller login: [ 41.924701][ T8363] IPVS: ftp: loaded support on port[0] = 21 [ 42.001819][ T8363] chnl_net:caif_netlink_parms(): no params data found [ 42.028243][ T8363] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.035516][ T8363] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.043007][ T8363] device bridge_slave_0 entered promiscuous mode [ 42.050688][ T8363] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.057989][ T8363] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.065469][ T8363] device bridge_slave_1 entered promiscuous mode [ 42.080128][ T8363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.091106][ T8363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.117455][ T8363] team0: Port device team_slave_0 added [ 42.124190][ T8363] team0: Port device team_slave_1 added [ 42.127577][ T8365] IPVS: ftp: loaded support on port[0] = 21 [ 42.137406][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.144349][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.170670][ T8363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.183533][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.190819][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.217147][ T8363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.259336][ T8363] device hsr_slave_0 entered promiscuous mode [ 42.274454][ T8363] device hsr_slave_1 entered promiscuous mode [ 42.289198][ T8367] IPVS: ftp: loaded support on port[0] = 21 [ 42.364521][ T8365] chnl_net:caif_netlink_parms(): no params data found [ 42.373099][ T8363] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 42.384276][ T8363] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 42.397822][ T8363] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 42.420379][ T8363] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 42.440301][ T8369] IPVS: ftp: loaded support on port[0] = 21 [ 42.477679][ T8363] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.484729][ T8363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.492039][ T8363] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.499107][ T8363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.518340][ T8367] chnl_net:caif_netlink_parms(): no params data found [ 42.531601][ T8365] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.538931][ T8365] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.547785][ T8365] device bridge_slave_0 entered promiscuous mode [ 42.588960][ T8365] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.599366][ T8371] IPVS: ftp: loaded support on port[0] = 21 [ 42.605900][ T8365] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.613302][ T8365] device bridge_slave_1 entered promiscuous mode [ 42.644595][ T8365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.666640][ T8367] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.673701][ T8367] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.681190][ T8367] device bridge_slave_0 entered promiscuous mode [ 42.688749][ T8367] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.695861][ T8367] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.703290][ T8367] device bridge_slave_1 entered promiscuous mode [ 42.714541][ T8365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.749851][ T8367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.776105][ T8365] team0: Port device team_slave_0 added [ 42.783366][ T8365] team0: Port device team_slave_1 added [ 42.791745][ T8367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.806786][ T8373] IPVS: ftp: loaded support on port[0] = 21 [ 42.843814][ T8367] team0: Port device team_slave_0 added [ 42.880694][ T8363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.888857][ T8367] team0: Port device team_slave_1 added [ 42.901186][ T8365] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.908453][ T8365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.934749][ T8365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.948339][ T8365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.955610][ T8365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.982703][ T8365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.002512][ T8365] device hsr_slave_0 entered promiscuous mode [ 43.009208][ T8365] device hsr_slave_1 entered promiscuous mode [ 43.016001][ T8365] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.023761][ T8365] Cannot create hsr debugfs directory [ 43.029572][ T8369] chnl_net:caif_netlink_parms(): no params data found [ 43.046782][ T8367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.053731][ T8367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.079677][ T8367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.091544][ T3776] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.099482][ T3776] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.107985][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.121797][ T8371] chnl_net:caif_netlink_parms(): no params data found [ 43.137086][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.144643][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.154795][ T8367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.162015][ T8367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.188590][ T8367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.209035][ T8363] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.267887][ T8373] chnl_net:caif_netlink_parms(): no params data found [ 43.279238][ T8367] device hsr_slave_0 entered promiscuous mode [ 43.286363][ T8367] device hsr_slave_1 entered promiscuous mode [ 43.292839][ T8367] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.300818][ T8367] Cannot create hsr debugfs directory [ 43.311570][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.320049][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.328419][ T8734] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.335468][ T8734] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.343305][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.351861][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.360152][ T8734] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.367200][ T8734] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.386157][ T8371] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.393197][ T8371] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.401186][ T8371] device bridge_slave_0 entered promiscuous mode [ 43.409801][ T8371] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.418016][ T8371] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.426203][ T8371] device bridge_slave_1 entered promiscuous mode [ 43.436320][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.448853][ T8365] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 43.459817][ T8365] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 43.482073][ T8365] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 43.500510][ T8369] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.508245][ T8369] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.517467][ T8369] device bridge_slave_0 entered promiscuous mode [ 43.527253][ T8369] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.534308][ T8369] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.542937][ T8369] device bridge_slave_1 entered promiscuous mode [ 43.553810][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.569989][ T8365] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 43.583646][ T8371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.612456][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.622074][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.645328][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.656223][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.664550][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.677282][ T8369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.688508][ T8371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.700575][ T8373] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.708234][ T8373] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.716178][ T8373] device bridge_slave_0 entered promiscuous mode [ 43.723509][ T8373] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.733452][ T8373] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.740922][ T8373] device bridge_slave_1 entered promiscuous mode [ 43.755581][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.763752][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.771988][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.780230][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.789591][ T8369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.809057][ T8363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.820993][ T8371] team0: Port device team_slave_0 added [ 43.829797][ T8373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.843172][ T8373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.856504][ T8371] team0: Port device team_slave_1 added [ 43.863027][ T8369] team0: Port device team_slave_0 added [ 43.878385][ T8367] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 43.888460][ T8367] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 43.897235][ T8369] team0: Port device team_slave_1 added [ 43.906610][ T8371] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.913562][ T8371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.940817][ T8371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.953678][ T8373] team0: Port device team_slave_0 added [ 43.960909][ T8365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.970537][ T8367] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 43.977682][ T3776] Bluetooth: hci0: command 0x0409 tx timeout [ 43.989254][ T8367] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 43.998293][ T8371] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.005616][ T8371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.031825][ T8371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.043725][ T8373] team0: Port device team_slave_1 added [ 44.053256][ T8365] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.070120][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.078901][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.086618][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.094202][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.110772][ T8363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.120457][ T8369] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.127428][ T8369] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.153474][ T9380] Bluetooth: hci1: command 0x0409 tx timeout [ 44.156047][ T8369] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.176885][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.183889][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.210340][ T8373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.227600][ T8369] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.234831][ T8369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.260735][ T8369] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.278233][ T8371] device hsr_slave_0 entered promiscuous mode [ 44.284604][ T8371] device hsr_slave_1 entered promiscuous mode [ 44.291654][ T8371] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.294976][ T9380] Bluetooth: hci2: command 0x0409 tx timeout [ 44.299544][ T8371] Cannot create hsr debugfs directory [ 44.316543][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.323675][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.350970][ T8373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.362502][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.372589][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.381073][ T3776] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.388122][ T3776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.402840][ T8369] device hsr_slave_0 entered promiscuous mode [ 44.409419][ T8369] device hsr_slave_1 entered promiscuous mode [ 44.416043][ T8369] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.425605][ T8369] Cannot create hsr debugfs directory [ 44.450446][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.454961][ T4828] Bluetooth: hci3: command 0x0409 tx timeout [ 44.464429][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.474198][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.483593][ T8734] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.490793][ T8734] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.499839][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.508514][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.540073][ T8373] device hsr_slave_0 entered promiscuous mode [ 44.546611][ T8373] device hsr_slave_1 entered promiscuous mode [ 44.553167][ T8373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.560818][ T8373] Cannot create hsr debugfs directory [ 44.581868][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.590549][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.599602][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.608286][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.618716][ T9442] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.626825][ T9442] Bluetooth: hci4: command 0x0409 tx timeout [ 44.629475][ T8363] device veth0_vlan entered promiscuous mode [ 44.667265][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.677890][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.686572][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.694828][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.703752][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.712212][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.720733][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.728444][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.741771][ T8363] device veth1_vlan entered promiscuous mode [ 44.755110][ T8371] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 44.767155][ T8365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.778049][ T8365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.785411][ T8734] Bluetooth: hci5: command 0x0409 tx timeout [ 44.797179][ T8369] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 44.805475][ T8371] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 44.816880][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.828919][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.837113][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.847071][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.861132][ T8367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.868482][ T8369] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 44.879371][ T8371] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 44.889702][ T8371] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 44.904968][ T8369] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 44.914993][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.922380][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.934450][ T8363] device veth0_macvtap entered promiscuous mode [ 44.941596][ T8369] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 44.952920][ T8365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.962168][ T8367] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.970146][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.978737][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.987219][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.994778][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.002779][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.013287][ T8363] device veth1_macvtap entered promiscuous mode [ 45.032396][ T8373] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 45.055088][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.062908][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.072824][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.081225][ T9634] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.088269][ T9634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.097338][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.105793][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.113944][ T9634] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.121084][ T9634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.129033][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.137628][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.146488][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.154759][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.166047][ T8373] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 45.188072][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.198219][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.207356][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.215533][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.223243][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.233121][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.242678][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.252631][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.261425][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.270163][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.278783][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.287675][ T9380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.296567][ T8373] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 45.309111][ T8373] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 45.322252][ T8363] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.336908][ T8363] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.346121][ T8363] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.355155][ T8363] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.377348][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.385540][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.393534][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.402565][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.416728][ T8365] device veth0_vlan entered promiscuous mode [ 45.428362][ T8367] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 45.439946][ T8367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.451124][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.459361][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.467022][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.475342][ T9649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.500520][ T8365] device veth1_vlan entered promiscuous mode [ 45.522515][ T8369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.548337][ T8371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.575987][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.583817][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.591729][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.599744][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.609044][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.617890][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.627359][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.636553][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.644170][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.652972][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.661630][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.669377][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.677390][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.685119][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.692609][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.700190][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.713654][ T8365] device veth0_macvtap entered promiscuous mode [ 45.723298][ T8371] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.732225][ T8369] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.748602][ T8367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.772064][ T8365] device veth1_macvtap entered promiscuous mode [ 45.786720][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.796012][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.803865][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.815220][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.823877][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.841256][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.856151][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.863519][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.874568][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.885201][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.887732][ C0] hrtimer: interrupt took 47811 ns [ 45.895454][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.907357][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.917859][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.940367][ T8373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.963604][ T8365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 45.977937][ T8365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.990647][ T8365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.004052][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.014441][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.026343][ T9694] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.033537][ T9694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.044138][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.053304][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.065200][ T9694] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.072352][ T9694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.083224][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.093690][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.105355][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.114109][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.126087][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.135748][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.147982][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.171540][ T8369] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.185867][ T9698] Bluetooth: hci0: command 0x041b tx timeout [ 46.192389][ T8369] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.212616][ T8373] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.219822][ T9634] Bluetooth: hci1: command 0x041b tx timeout [ 46.225190][ T8365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 46.239483][ T8365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.251054][ T8365] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.265075][ T8365] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.273835][ T8365] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.282730][ T8365] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.292830][ T8365] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.311123][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 17:26:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$getown(r1, 0x9) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xd0, r0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xff}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x98}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x36}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20044004}, 0x4048011) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x4000000000010045) [ 46.320287][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.328824][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.339446][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.350393][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.360596][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.371491][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.374951][ T9634] Bluetooth: hci2: command 0x041b tx timeout [ 46.381032][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.393977][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.403397][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.411557][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.423108][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.432219][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.441752][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.451362][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.460540][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.469770][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.478846][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.487171][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.495721][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.503605][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.524875][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.535494][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.542849][ T8829] Bluetooth: hci3: command 0x041b tx timeout [ 46.543866][ T8367] device veth0_vlan entered promiscuous mode [ 46.590322][ T8367] device veth1_vlan entered promiscuous mode [ 46.599881][ T8369] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.611472][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.621299][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.631880][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.640690][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.650840][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.659463][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.669670][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.678568][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.688929][ T3776] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.696070][ T3776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.702237][ T9649] Bluetooth: hci4: command 0x041b tx timeout [ 46.706466][ T8371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.718496][ T3776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.786092][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.808154][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.817068][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.825860][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.834074][ T4828] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.841128][ T4828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.849871][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.859291][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.868648][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.877759][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.892831][ T4828] Bluetooth: hci5: command 0x041b tx timeout [ 46.908239][ T2977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.923614][ T8373] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 17:26:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$getown(r1, 0x9) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xd0, r0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xff}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x98}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x36}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20044004}, 0x4048011) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x4000000000010045) [ 46.947379][ T2977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.949389][ T8373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.971908][ T8369] device veth0_vlan entered promiscuous mode [ 46.979884][ T8367] device veth0_macvtap entered promiscuous mode [ 46.999850][ T8371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.009153][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.019986][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.029329][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.038565][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.047756][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.057695][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.067150][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.082292][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.100970][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.119360][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.129251][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.139103][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.148540][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 47.158370][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.180905][ T8369] device veth1_vlan entered promiscuous mode [ 47.193744][ T8367] device veth1_macvtap entered promiscuous mode [ 47.203888][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.219129][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.228328][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.237533][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.246619][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.257605][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.266427][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.274087][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 47.283620][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.292783][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.302143][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.319468][ T8373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.342468][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 47.410083][ T8367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 47.422443][ T8367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.434019][ T8367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 47.445271][ T8367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:26:51 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$getown(r1, 0x9) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xd0, r0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xff}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x98}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x36}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20044004}, 0x4048011) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x4000000000010045) [ 47.445475][ T9738] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 47.464684][ T8367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.504303][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.517278][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.531288][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.545689][ T8829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.557354][ T8367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 47.587133][ T8367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:26:51 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x0, 0x0, 0x32) [ 47.600936][ T8367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 47.631861][ T8367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.645035][ T8367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.658599][ T8369] device veth0_macvtap entered promiscuous mode 17:26:51 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x0, 0x0, 0x32) [ 47.679212][ T9698] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.693760][ T9698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.705098][ T9698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.720248][ T9698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 47.745838][ T9698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 17:26:51 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x0, 0x0, 0x32) [ 47.788151][ T8367] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.801335][ T8367] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.815200][ T8367] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.828595][ T8367] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.864023][ T8369] device veth1_macvtap entered promiscuous mode [ 47.914373][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.922926][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 17:26:51 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r0, 0x10c, 0x0, 0x0, 0x32) [ 47.970135][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.987873][ T8371] device veth0_vlan entered promiscuous mode [ 48.025264][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.037510][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.047814][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.058753][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.070018][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.080543][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.089878][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.099645][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 17:26:51 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00', r1) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000020000000800010028"], 0x1c}}, 0x0) [ 48.123262][ T8373] device veth0_vlan entered promiscuous mode [ 48.154790][ T8371] device veth1_vlan entered promiscuous mode [ 48.165030][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.189298][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.200669][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.211973][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.214577][ T5] Bluetooth: hci0: command 0x040f tx timeout [ 48.222884][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.241396][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.253307][ T9771] nbd: couldn't find device at index 40 [ 48.253966][ T8369] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.277438][ T8373] device veth1_vlan entered promiscuous mode [ 48.300512][ T8829] Bluetooth: hci1: command 0x040f tx timeout [ 48.307493][ T8371] device veth0_macvtap entered promiscuous mode [ 48.324463][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 48.332913][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 48.342423][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 48.354169][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.375268][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.385940][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.398049][ T9634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.411971][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.425550][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.437399][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.448675][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.459713][ T5] Bluetooth: hci2: command 0x040f tx timeout [ 48.460602][ T8369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.479496][ T8369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.492210][ T8369] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.506976][ T8371] device veth1_macvtap entered promiscuous mode [ 48.515290][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 48.523841][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 48.533757][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.543467][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.553720][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.566604][ T8369] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.576827][ T8369] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.587114][ T8369] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.597674][ T8369] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.622273][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.634460][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.634475][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.653590][ T9380] Bluetooth: hci3: command 0x040f tx timeout [ 48.663624][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.674282][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.686512][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.697828][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.708894][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.719721][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 48.732358][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.744571][ T8371] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.753818][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 48.763056][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.773011][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.774560][ T9442] Bluetooth: hci4: command 0x040f tx timeout [ 48.790437][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.801364][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.807981][ T8373] device veth0_macvtap entered promiscuous mode [ 48.818473][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.829851][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.841081][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.853002][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.863998][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.875042][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.885924][ T8371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 48.896881][ T8371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.908755][ T8371] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.920767][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 48.930798][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.940877][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.952096][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.963085][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.974168][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 48.984674][ T8373] device veth1_macvtap entered promiscuous mode [ 48.992571][ T8371] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.002405][ T8371] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.012344][ T8371] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.014487][ T4828] Bluetooth: hci5: command 0x040f tx timeout [ 49.029824][ T8371] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.090391][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 49.102391][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.113906][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 17:26:52 executing program 2: set_mempolicy(0x8001, &(0x7f0000000300)=0x60f, 0xcd) syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x1, 0x2) [ 49.129779][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.144408][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 49.164468][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.176082][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 49.188825][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.201815][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 49.215077][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.227315][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.240649][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.254534][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.262944][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.276269][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.277834][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.300238][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 49.323749][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.336790][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 49.349298][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.361093][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 49.372768][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.383361][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 49.394615][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.406029][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 49.420508][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.433609][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.441827][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.450099][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.459701][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.481834][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.491459][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.491745][ T8373] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.511061][ T8373] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.520076][ T2039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.526191][ T8373] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.531214][ T2039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.549486][ T8373] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.566685][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.575473][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.613710][ T2039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.632530][ T2039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.648472][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.651401][ T9843] loop3: detected capacity change from 264192 to 0 [ 49.658361][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.678976][ T8734] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.692679][ T9843] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 49.693800][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.702362][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.719505][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.744307][ T35] audit: type=1804 audit(1614101213.514:2): pid=9843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir676580248/syzkaller.fd8jpX/0/file0/bus" dev="loop3" ino=3 res=1 errno=0 [ 49.774848][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.849498][ T9870] input: syz0 as /devices/virtual/input/input5 17:26:54 executing program 3: r0 = syz_mount_image$vfat(&(0x7f00000002c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736617e43c00088020000200000004f8000020004000000000000000000001", 0x25}, {0x0, 0x0, 0x200000000011000}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, 0x0) fcntl$setstatus(r1, 0x4, 0x6900) socket$packet(0x11, 0x0, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x80000001, [], 0x54, "e26ebbb4eae01c"}) ftruncate(r1, 0x800) lseek(r1, 0x1200, 0x0) syz_mount_image$iso9660(&(0x7f0000000840)='iso9660\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x511000, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000280)={0x3, &(0x7f0000000440)=[{0x2, 0x2b, &(0x7f0000000240)="c652a43e7a0ae74ddea16d63639691c1e2aa2cdb7fcb2f6759dbed878d48a4cd0e57db13c1ebab22dc4e33", 0x1}, {0x81, 0xa4, &(0x7f0000000300)="d0633b4c3f276d3f3218deb894a2e69df14220c62fbcbe47726d358c5e0b7991b4333ac30d361614402daa77c70b1b4043c532e85d5d1f82094267b8eb21269f408dd5e90ca76116bb85cdd3dfe038d5d25c49fe2de251916453344db4e30f40dfabaf759d0ab1698a9cf261a4633868e9189b962afe75528d3f0becf4ab02c30823014da12c03d3cd1a25c537dfc048c994fa8b233334b9f880d1836d7017e3a8623861", 0x1}, {0x10001, 0x51, &(0x7f00000003c0)="88ba6cba7fbdcd9e15575f263aeadca6fbb230986e5154d5a5e7924c47a95c503231d89bea3d3397f635f91207fc2760fd5b689ca0e406c77b25e6af56dd489d99bebf1c62ff78ef76dfedb146cfed550c", 0x0, 0x1}]}) mkdirat(r2, 0x0, 0x106) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) fstat(0xffffffffffffffff, 0x0) 17:26:54 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000001840)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r3}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f0000000040), 0x20000058, &(0x7f0000000080)={&(0x7f00000000c0)='4', 0x6fffff9}}, 0xee) close(r0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 17:26:54 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00', r1) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000020000000800010028"], 0x1c}}, 0x0) 17:26:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x40], [], [0xff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 17:26:54 executing program 2: set_mempolicy(0x8001, &(0x7f0000000300)=0x60f, 0xcd) syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x1, 0x2) 17:26:54 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) [ 50.177197][ T35] audit: type=1804 audit(1614101213.954:3): pid=9843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir676580248/syzkaller.fd8jpX/0/file0/bus" dev="loop3" ino=3 res=1 errno=0 17:26:54 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00', r1) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000020000000800010028"], 0x1c}}, 0x0) [ 50.237798][ T38] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 50.244664][ T9894] nbd: couldn't find device at index 40 17:26:54 executing program 2: set_mempolicy(0x8001, &(0x7f0000000300)=0x60f, 0xcd) syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x1, 0x2) [ 50.285053][ T9896] input: syz0 as /devices/virtual/input/input7 [ 50.294672][ T9442] Bluetooth: hci0: command 0x0419 tx timeout 17:26:54 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) [ 50.338187][ T9903] nbd: couldn't find device at index 40 [ 50.346852][ T9912] loop3: detected capacity change from 264192 to 0 [ 50.356739][ T9912] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 50.374323][ T9442] Bluetooth: hci1: command 0x0419 tx timeout 17:26:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x40], [], [0xff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 17:26:54 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00', r1) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000020000000800010028"], 0x1c}}, 0x0) [ 50.377871][ T35] audit: type=1804 audit(1614101214.154:4): pid=9912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir676580248/syzkaller.fd8jpX/1/file0/bus" dev="loop3" ino=4 res=1 errno=0 17:26:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x40], [], [0xff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 50.453049][ T9923] input: syz0 as /devices/virtual/input/input8 [ 50.480861][ T9935] nbd: couldn't find device at index 40 [ 50.535685][ T3611] Bluetooth: hci2: command 0x0419 tx timeout [ 50.545277][ T9938] input: syz0 as /devices/virtual/input/input9 [ 50.694266][ T4828] Bluetooth: hci3: command 0x0419 tx timeout [ 50.854493][ T3611] Bluetooth: hci4: command 0x0419 tx timeout 17:26:54 executing program 3: r0 = syz_mount_image$vfat(&(0x7f00000002c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736617e43c00088020000200000004f8000020004000000000000000000001", 0x25}, {0x0, 0x0, 0x200000000011000}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, 0x0) fcntl$setstatus(r1, 0x4, 0x6900) socket$packet(0x11, 0x0, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x80000001, [], 0x54, "e26ebbb4eae01c"}) ftruncate(r1, 0x800) lseek(r1, 0x1200, 0x0) syz_mount_image$iso9660(&(0x7f0000000840)='iso9660\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x511000, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000280)={0x3, &(0x7f0000000440)=[{0x2, 0x2b, &(0x7f0000000240)="c652a43e7a0ae74ddea16d63639691c1e2aa2cdb7fcb2f6759dbed878d48a4cd0e57db13c1ebab22dc4e33", 0x1}, {0x81, 0xa4, &(0x7f0000000300)="d0633b4c3f276d3f3218deb894a2e69df14220c62fbcbe47726d358c5e0b7991b4333ac30d361614402daa77c70b1b4043c532e85d5d1f82094267b8eb21269f408dd5e90ca76116bb85cdd3dfe038d5d25c49fe2de251916453344db4e30f40dfabaf759d0ab1698a9cf261a4633868e9189b962afe75528d3f0becf4ab02c30823014da12c03d3cd1a25c537dfc048c994fa8b233334b9f880d1836d7017e3a8623861", 0x1}, {0x10001, 0x51, &(0x7f00000003c0)="88ba6cba7fbdcd9e15575f263aeadca6fbb230986e5154d5a5e7924c47a95c503231d89bea3d3397f635f91207fc2760fd5b689ca0e406c77b25e6af56dd489d99bebf1c62ff78ef76dfedb146cfed550c", 0x0, 0x1}]}) mkdirat(r2, 0x0, 0x106) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) fstat(0xffffffffffffffff, 0x0) [ 50.948306][ T8] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 51.032115][ T9962] loop3: detected capacity change from 264192 to 0 [ 51.041567][ T9962] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 51.094398][ T3611] Bluetooth: hci5: command 0x0419 tx timeout [ 51.111639][ T35] audit: type=1804 audit(1614101214.884:5): pid=9962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir676580248/syzkaller.fd8jpX/2/file0/bus" dev="loop3" ino=5 res=1 errno=0 [ 51.518233][ T8] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 51.565311][ C1] vxcan0: j1939_tp_rxtimer: 0x00000000d97ec33b: rx timeout, send abort [ 52.074270][ C1] vxcan0: j1939_tp_rxtimer: 0x00000000d97ec33b: abort rx timeout. Force session deactivation 17:26:56 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000001840)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r3}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f0000000040), 0x20000058, &(0x7f0000000080)={&(0x7f00000000c0)='4', 0x6fffff9}}, 0xee) close(r0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 17:26:56 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 3: r0 = syz_mount_image$vfat(&(0x7f00000002c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736617e43c00088020000200000004f8000020004000000000000000000001", 0x25}, {0x0, 0x0, 0x200000000011000}], 0x0, &(0x7f0000000240)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, 0x0) fcntl$setstatus(r1, 0x4, 0x6900) socket$packet(0x11, 0x0, 0x300) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x80000001, [], 0x54, "e26ebbb4eae01c"}) ftruncate(r1, 0x800) lseek(r1, 0x1200, 0x0) syz_mount_image$iso9660(&(0x7f0000000840)='iso9660\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x511000, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000280)={0x3, &(0x7f0000000440)=[{0x2, 0x2b, &(0x7f0000000240)="c652a43e7a0ae74ddea16d63639691c1e2aa2cdb7fcb2f6759dbed878d48a4cd0e57db13c1ebab22dc4e33", 0x1}, {0x81, 0xa4, &(0x7f0000000300)="d0633b4c3f276d3f3218deb894a2e69df14220c62fbcbe47726d358c5e0b7991b4333ac30d361614402daa77c70b1b4043c532e85d5d1f82094267b8eb21269f408dd5e90ca76116bb85cdd3dfe038d5d25c49fe2de251916453344db4e30f40dfabaf759d0ab1698a9cf261a4633868e9189b962afe75528d3f0becf4ab02c30823014da12c03d3cd1a25c537dfc048c994fa8b233334b9f880d1836d7017e3a8623861", 0x1}, {0x10001, 0x51, &(0x7f00000003c0)="88ba6cba7fbdcd9e15575f263aeadca6fbb230986e5154d5a5e7924c47a95c503231d89bea3d3397f635f91207fc2760fd5b689ca0e406c77b25e6af56dd489d99bebf1c62ff78ef76dfedb146cfed550c", 0x0, 0x1}]}) mkdirat(r2, 0x0, 0x106) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) fstat(0xffffffffffffffff, 0x0) [ 52.648125][ T9988] loop3: detected capacity change from 264192 to 0 [ 52.657203][ T9988] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 52.682706][ T35] audit: type=1804 audit(1614101216.454:6): pid=9988 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir676580248/syzkaller.fd8jpX/3/file0/bus" dev="loop3" ino=6 res=1 errno=0 17:26:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:56 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) [ 53.111518][ T2977] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 17:26:56 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x2, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000011010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e00000013", 0x5, 0x800}], 0x0, &(0x7f0000013800)) 17:26:57 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x0, @multicast1}], 0x10) 17:26:57 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) [ 53.264064][T10052] loop2: detected capacity change from 131456 to 0 [ 53.280552][T10052] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 53.305240][T10052] EXT4-fs (loop2): group descriptors corrupted! [ 53.376791][T10052] loop2: detected capacity change from 131456 to 0 [ 53.396645][T10052] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 53.409532][T10052] EXT4-fs (loop2): group descriptors corrupted! [ 53.897521][ C1] vxcan0: j1939_tp_rxtimer: 0x000000002816427a: rx timeout, send abort [ 54.406073][ C1] vxcan0: j1939_tp_rxtimer: 0x000000002816427a: abort rx timeout. Force session deactivation 17:26:58 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000001840)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r3}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f0000000040), 0x20000058, &(0x7f0000000080)={&(0x7f00000000c0)='4', 0x6fffff9}}, 0xee) close(r0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 17:26:58 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x27c6) getdents(r2, 0x0, 0x0) umount2(&(0x7f0000002000)='./file0\x00', 0x1) 17:26:58 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x0, @multicast1}], 0x10) 17:26:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:26:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:26:58 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x2, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000011010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e00000013", 0x5, 0x800}], 0x0, &(0x7f0000013800)) 17:26:58 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x0, @multicast1}], 0x10) 17:26:58 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x0, @multicast1}], 0x10) [ 54.969900][T10084] loop2: detected capacity change from 131456 to 0 [ 54.982066][T10084] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 54.994885][T10084] EXT4-fs (loop2): group descriptors corrupted! 17:26:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:26:58 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x2, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000011010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e00000013", 0x5, 0x800}], 0x0, &(0x7f0000013800)) 17:26:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:26:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}}, 0x0) [ 55.159297][T10112] loop2: detected capacity change from 131456 to 0 [ 55.169941][T10112] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 55.193693][T10112] EXT4-fs (loop2): group descriptors corrupted! [ 56.230541][ C0] vxcan0: j1939_tp_rxtimer: 0x0000000032a6c77d: rx timeout, send abort [ 56.739264][ C0] vxcan0: j1939_tp_rxtimer: 0x0000000032a6c77d: abort rx timeout. Force session deactivation 17:27:01 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000001840)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r3}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f0000000040), 0x20000058, &(0x7f0000000080)={&(0x7f00000000c0)='4', 0x6fffff9}}, 0xee) close(r0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 17:27:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}}, 0x0) 17:27:01 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:27:01 executing program 5: r0 = syz_io_uring_setup(0x6d4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d5000/0x3000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 17:27:01 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x2, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000011010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e00000013", 0x5, 0x800}], 0x0, &(0x7f0000013800)) 17:27:01 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xfd, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xa) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000080)) mount(&(0x7f0000000140)=ANY=[@ANYBLOB='/nev/nullb0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000001200)='devpts\x00', 0x800, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) 17:27:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}}, 0x0) [ 57.311006][T10138] loop2: detected capacity change from 131456 to 0 [ 57.325328][T10138] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! 17:27:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x4}]}, 0x24}}, 0x0) 17:27:01 executing program 5: r0 = syz_io_uring_setup(0x6d4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d5000/0x3000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 57.356770][T10138] EXT4-fs (loop2): group descriptors corrupted! 17:27:01 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400009) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xda00) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000005c0)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x400400, 0x43408) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r4, 0x0, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_ro(r3, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x44000) write$cgroup_subtree(r5, 0x0, 0x0) 17:27:01 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x4) [ 58.571356][ C1] vxcan0: j1939_tp_rxtimer: 0x0000000012d9051d: rx timeout, send abort [ 59.082549][ C1] vxcan0: j1939_tp_rxtimer: 0x0000000012d9051d: abort rx timeout. Force session deactivation 17:27:03 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x4) 17:27:03 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xec, 0x2e, 0x1, 0x8, 0x1d19, 0x1104, 0x5ef7, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf, 0xa5, 0x3c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x18, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:03 executing program 5: r0 = syz_io_uring_setup(0x6d4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d5000/0x3000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 17:27:03 executing program 3: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x4) 17:27:03 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 3: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 5: r0 = syz_io_uring_setup(0x6d4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d5000/0x3000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 17:27:03 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x4) 17:27:03 executing program 3: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3e, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x103f17, 0x986}, 0x0, 0x0, 0xffffffffffffffff, 0x5) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x80800) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x10041, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb20e, 0x7}, 0x802, 0x0, 0x7, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKROSET(0xffffffffffffffff, 0x125d, &(0x7f0000000080)) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x10, 0x8003, 0x8020001) r1 = open(&(0x7f0000000140)='./bus\x00', 0x141142, 0x50) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x10d) write$P9_RREMOVE(r2, &(0x7f0000000280), 0x1033b) fdatasync(r2) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000200)={0x0, r2, 0x8028}) creat(&(0x7f0000000040)='./bus\x00', 0x98) creat(&(0x7f0000000300)='./file0\x00', 0x0) [ 59.923451][ T3611] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.958664][ T35] audit: type=1800 audit(1614101223.735:7): pid=10239 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=14194 res=0 errno=0 [ 60.050425][ T35] audit: type=1800 audit(1614101223.825:8): pid=10243 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=14194 res=0 errno=0 [ 60.085733][T10239] syz-executor.5 (10239) used greatest stack depth: 9736 bytes left [ 60.183371][ T3611] usb 5-1: Using ep0 maxpacket: 8 [ 60.303402][ T3611] usb 5-1: New USB device found, idVendor=1d19, idProduct=1104, bcdDevice=5e.f7 [ 60.313064][ T3611] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.322459][ T3611] usb 5-1: config 0 descriptor?? [ 60.583451][ T3611] usb 5-1: dvb_usb_v2: found a 'MSI DIGIVOX Micro HD' in warm state [ 61.943316][ T3611] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 61.951659][ T3611] usb 5-1: USB disconnect, device number 2 [ 62.663346][ T8734] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 62.923262][ T8734] usb 5-1: Using ep0 maxpacket: 8 [ 63.053396][ T8734] usb 5-1: New USB device found, idVendor=1d19, idProduct=1104, bcdDevice=5e.f7 [ 63.062440][ T8734] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.071893][ T8734] usb 5-1: config 0 descriptor?? 17:27:06 executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xec, 0x2e, 0x1, 0x8, 0x1d19, 0x1104, 0x5ef7, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf, 0xa5, 0x3c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x18, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0002000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x2}]}}]}, 0x44}}, 0x0) 17:27:06 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0xffffffffffffff9b) r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) dup2(r0, r1) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) 17:27:06 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:06 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000002c0)={0x53, 0x0, 0x4, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="69332cb8", 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:06 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x9, 0x1, 0x50}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x287b361ae6c523fa, 0x10, &(0x7f0000000000), 0x128}, 0x48) [ 63.213226][ T8734] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71 [ 63.226645][ T8734] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 17:27:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x407, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14}}, 0x74}}, 0x0) 17:27:07 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:07 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000002c0)={0x53, 0x0, 0x4, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="69332cb8", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 63.256316][T10286] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.272420][ T8734] usb 5-1: USB disconnect, device number 3 17:27:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x407, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14}}, 0x74}}, 0x0) [ 63.322085][T10294] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:27:07 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:07 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000002c0)={0x53, 0x0, 0x4, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="69332cb8", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 63.643196][ T8734] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 63.883173][ T8734] usb 5-1: Using ep0 maxpacket: 8 [ 64.003197][ T8734] usb 5-1: New USB device found, idVendor=1d19, idProduct=1104, bcdDevice=5e.f7 [ 64.012374][ T8734] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.021988][ T8734] usb 5-1: config 0 descriptor?? [ 64.303222][ T8734] usb 5-1: dvb_usb_v2: found a 'MSI DIGIVOX Micro HD' in warm state [ 64.773388][ T3231] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.780009][ T3231] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.663157][ T8734] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 65.671618][ T8734] usb 5-1: USB disconnect, device number 4 17:27:09 executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xec, 0x2e, 0x1, 0x8, 0x1d19, 0x1104, 0x5ef7, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf, 0xa5, 0x3c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x18, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0002000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x2}]}}]}, 0x44}}, 0x0) 17:27:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x407, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14}}, 0x74}}, 0x0) 17:27:09 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:09 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000002c0)={0x53, 0x0, 0x4, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="69332cb8", 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:09 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:09 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 66.138557][T10339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:27:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x407, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14}}, 0x74}}, 0x0) 17:27:09 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000100)={{0x1b, 0x5b, 0x34, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106d, 0x40}, [{}]}, 0x78) 17:27:10 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0002000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x2}]}}]}, 0x44}}, 0x0) 17:27:10 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 66.300432][T10359] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 66.483081][ T19] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 66.753108][ T19] usb 5-1: Using ep0 maxpacket: 8 [ 66.883141][ T19] usb 5-1: New USB device found, idVendor=1d19, idProduct=1104, bcdDevice=5e.f7 [ 66.892841][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.901973][ T19] usb 5-1: config 0 descriptor?? [ 67.183133][ T19] usb 5-1: dvb_usb_v2: found a 'MSI DIGIVOX Micro HD' in warm state [ 68.533095][ T19] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 68.541840][ T19] usb 5-1: USB disconnect, device number 5 17:27:12 executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xec, 0x2e, 0x1, 0x8, 0x1d19, 0x1104, 0x5ef7, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf, 0xa5, 0x3c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x18, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0}) 17:27:12 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000100)={{0x1b, 0x5b, 0x34, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106d, 0x40}, [{}]}, 0x78) 17:27:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001d40)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x157c}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0) 17:27:12 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:12 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x22, 0xcc, 0x3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 17:27:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0002000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x2}]}}]}, 0x44}}, 0x0) 17:27:12 executing program 2: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000b0009000000030000000c00000009000000010000000100000c000000000040000000000000180000001f0000000200000002000000020000000100000018", 0x45, 0x400}, {0x0, 0x0, 0x200000}], 0x0, &(0x7f0000000180)) 17:27:12 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0)=0x8000000002, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00', 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6}]}, 0x1c}}, 0x0) 17:27:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001d40)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x157c}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0) 17:27:12 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000100)={{0x1b, 0x5b, 0x34, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106d, 0x40}, [{}]}, 0x78) [ 69.031489][T10394] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 17:27:12 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000440)='NLBL_CIPSOv4\x00', r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xf000}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x38}}, 0x0) [ 69.096588][T10399] loop2: detected capacity change from 8192 to 0 [ 69.115080][T10399] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (201326593, 24) 17:27:12 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000100)={{0x1b, 0x5b, 0x34, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106d, 0x40}, [{}]}, 0x78) [ 69.143022][T10399] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 69.151455][T10399] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 69.159972][T10399] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 69.333004][ T9380] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 69.573006][ T9380] usb 5-1: Using ep0 maxpacket: 8 [ 69.693201][ T9380] usb 5-1: New USB device found, idVendor=1d19, idProduct=1104, bcdDevice=5e.f7 [ 69.702300][ T9380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.712798][ T9380] usb 5-1: config 0 descriptor?? [ 69.973052][ T9380] usb 5-1: dvb_usb_v2: found a 'MSI DIGIVOX Micro HD' in warm state [ 71.332992][ T9380] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 71.341160][ T9380] usb 5-1: USB disconnect, device number 6 17:27:15 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="0201a6ffffff01000001ff07000000ffffffa5000800000000000000004000ff1500a600000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) 17:27:15 executing program 4: r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000005c0)='.\x00', 0x60000f6) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r1, &(0x7f0000000600)=ANY=[], 0x74) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x14000010) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r1, &(0x7f0000000200), 0xa198) 17:27:15 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0)=0x8000000002, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00', 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6}]}, 0x1c}}, 0x0) 17:27:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001d40)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x157c}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0) 17:27:15 executing program 2: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000b0009000000030000000c00000009000000010000000100000c000000000040000000000000180000001f0000000200000002000000020000000100000018", 0x45, 0x400}, {0x0, 0x0, 0x200000}], 0x0, &(0x7f0000000180)) 17:27:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000440)='NLBL_CIPSOv4\x00', r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xf000}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x38}}, 0x0) 17:27:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001d40)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x157c}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0) [ 71.820220][T10447] loop3: detected capacity change from 1 to 0 [ 71.850239][T10453] loop2: detected capacity change from 8192 to 0 17:27:15 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0)=0x8000000002, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00', 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6}]}, 0x1c}}, 0x0) 17:27:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000440)='NLBL_CIPSOv4\x00', r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xf000}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x38}}, 0x0) [ 71.873136][T10447] loop3: p1 p2 p3 p4 [ 71.877490][T10447] loop3: partition table partially beyond EOD, truncated [ 71.884269][T10453] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (201326593, 24) [ 71.904644][T10447] loop3: p1 start 16777217 is beyond EOD, truncated [ 71.911282][T10447] loop3: p2 size 1073741824 extends beyond EOD, truncated 17:27:15 executing program 1: clone(0xf38055be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) exit(0x0) [ 71.919851][T10447] loop3: p3 size 1912633224 extends beyond EOD, truncated [ 71.930015][T10453] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 71.939963][T10447] loop3: p4 size 32768 extends beyond EOD, truncated 17:27:15 executing program 4: r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000005c0)='.\x00', 0x60000f6) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r1, &(0x7f0000000600)=ANY=[], 0x74) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x14000010) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r1, &(0x7f0000000200), 0xa198) 17:27:15 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="0201a6ffffff01000001ff07000000ffffffa5000800000000000000004000ff1500a600000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) [ 71.986754][T10453] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0) 17:27:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000440)='NLBL_CIPSOv4\x00', r1) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xf000}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x38}}, 0x0) [ 72.031422][T10453] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 72.047237][T10472] IPVS: ftp: loaded support on port[0] = 21 17:27:15 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0)=0x8000000002, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00', 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6}]}, 0x1c}}, 0x0) 17:27:15 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/seq\x00', 0x0) read$FUSE(r0, 0x0, 0x0) 17:27:15 executing program 2: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000b0009000000030000000c00000009000000010000000100000c000000000040000000000000180000001f0000000200000002000000020000000100000018", 0x45, 0x400}, {0x0, 0x0, 0x200000}], 0x0, &(0x7f0000000180)) [ 72.080674][T10482] loop3: detected capacity change from 1 to 0 [ 72.123259][T10482] loop3: p1 p2 p3 p4 [ 72.127277][T10482] loop3: partition table partially beyond EOD, truncated [ 72.141374][T10482] loop3: p1 start 16777217 is beyond EOD, truncated [ 72.148591][T10482] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 72.156599][T10482] loop3: p3 size 1912633224 extends beyond EOD, truncated [ 72.164976][T10482] loop3: p4 size 32768 extends beyond EOD, truncated 17:27:16 executing program 5: bpf$MAP_CREATE(0x5, &(0x7f0000000000)={0xd, 0x2, 0x401000, 0x0, 0x8200c2, 0x0, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x1}, 0x40) [ 72.214163][T10518] loop2: detected capacity change from 8192 to 0 17:27:16 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/seq\x00', 0x0) read$FUSE(r0, 0x0, 0x0) 17:27:16 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="0201a6ffffff01000001ff07000000ffffffa5000800000000000000004000ff1500a600000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) [ 72.258764][T10518] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (201326593, 24) 17:27:16 executing program 5: bpf$MAP_CREATE(0x5, &(0x7f0000000000)={0xd, 0x2, 0x401000, 0x0, 0x8200c2, 0x0, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x1}, 0x40) 17:27:16 executing program 4: r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000005c0)='.\x00', 0x60000f6) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r1, &(0x7f0000000600)=ANY=[], 0x74) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x14000010) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r1, &(0x7f0000000200), 0xa198) [ 72.321573][T10518] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 72.376385][T10536] loop3: detected capacity change from 1 to 0 [ 72.377734][T10518] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 72.404428][T10536] loop3: p1 p2 p3 p4 [ 72.408452][T10536] loop3: partition table partially beyond EOD, truncated [ 72.421250][T10536] loop3: p1 start 16777217 is beyond EOD, truncated [ 72.425189][T10518] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 72.439392][T10536] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 72.465245][T10536] loop3: p3 size 1912633224 extends beyond EOD, truncated [ 72.477769][T10536] loop3: p4 size 32768 extends beyond EOD, truncated [ 72.837141][T10472] IPVS: ftp: loaded support on port[0] = 21 17:27:16 executing program 1: clone(0xf38055be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) exit(0x0) 17:27:16 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/seq\x00', 0x0) read$FUSE(r0, 0x0, 0x0) 17:27:16 executing program 5: bpf$MAP_CREATE(0x5, &(0x7f0000000000)={0xd, 0x2, 0x401000, 0x0, 0x8200c2, 0x0, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x1}, 0x40) 17:27:16 executing program 2: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000b0009000000030000000c00000009000000010000000100000c000000000040000000000000180000001f0000000200000002000000020000000100000018", 0x45, 0x400}, {0x0, 0x0, 0x200000}], 0x0, &(0x7f0000000180)) 17:27:16 executing program 4: r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000005c0)='.\x00', 0x60000f6) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r1, &(0x7f0000000600)=ANY=[], 0x74) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x14000010) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r1, &(0x7f0000000200), 0xa198) 17:27:16 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="0201a6ffffff01000001ff07000000ffffffa5000800000000000000004000ff1500a600000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) 17:27:16 executing program 5: bpf$MAP_CREATE(0x5, &(0x7f0000000000)={0xd, 0x2, 0x401000, 0x0, 0x8200c2, 0x0, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xffffffffffffffff, 0x1}, 0x40) [ 73.033258][T10593] loop3: detected capacity change from 1 to 0 17:27:16 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/seq\x00', 0x0) read$FUSE(r0, 0x0, 0x0) [ 73.092615][T10600] loop2: detected capacity change from 8192 to 0 [ 73.113626][T10593] loop3: p1 p2 p3 p4 [ 73.119980][T10593] loop3: partition table partially beyond EOD, truncated [ 73.120683][T10605] IPVS: ftp: loaded support on port[0] = 21 [ 73.134291][T10600] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (201326593, 24) 17:27:16 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/seq\x00', 0x0) read$FUSE(r0, 0x0, 0x0) [ 73.144290][T10593] loop3: p1 start 16777217 is beyond EOD, truncated [ 73.151105][T10593] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 73.158859][T10600] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 73.167506][T10600] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 73.175364][T10593] loop3: p3 size 1912633224 extends beyond EOD, truncated [ 73.182749][T10600] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock 17:27:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) sched_setattr(r4, &(0x7f0000000140)={0x38, 0x3, 0x20, 0x9f08, 0x6, 0xfffffffffffffffa, 0x7fff, 0x7fff, 0x2, 0xae9a}, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x4000000000010046) [ 73.199309][T10593] loop3: p4 size 32768 extends beyond EOD, truncated [ 73.301847][ T8369] ================================================================== [ 73.309943][ T8369] BUG: KCSAN: data-race in ext4_mark_iloc_dirty / ext4_orphan_del [ 73.317851][ T8369] [ 73.320155][ T8369] write to 0xffff88810d77997c of 4 bytes by task 8373 on cpu 0: [ 73.327767][ T8369] ext4_orphan_del+0x2fc/0x4a0 [ 73.332556][ T8369] ext4_evict_inode+0xb90/0xef0 [ 73.337383][ T8369] evict+0x1aa/0x410 [ 73.341266][ T8369] iput+0x3fd/0x520 [ 73.345048][ T8369] do_unlinkat+0x2c9/0x4d0 [ 73.349438][ T8369] __x64_sys_unlink+0x2c/0x30 [ 73.354611][ T8369] do_syscall_64+0x39/0x80 [ 73.359026][ T8369] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.364906][ T8369] [ 73.367215][ T8369] read to 0xffff88810d77997c of 4 bytes by task 8369 on cpu 1: [ 73.374830][ T8369] ext4_mark_iloc_dirty+0x37e/0x16f0 [ 73.380097][ T8369] __ext4_mark_inode_dirty+0x4db/0x5e0 [ 73.385529][ T8369] ext4_evict_inode+0x9a4/0xef0 [ 73.390356][ T8369] evict+0x1aa/0x410 [ 73.396310][ T8369] iput+0x3fd/0x520 [ 73.400098][ T8369] do_unlinkat+0x2c9/0x4d0 [ 73.404508][ T8369] __x64_sys_unlink+0x2c/0x30 [ 73.409171][ T8369] do_syscall_64+0x39/0x80 [ 73.413667][ T8369] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.419619][ T8369] [ 73.421919][ T8369] Reported by Kernel Concurrency Sanitizer on: [ 73.428097][ T8369] CPU: 1 PID: 8369 Comm: syz-executor.3 Not tainted 5.11.0-syzkaller #0 [ 73.436606][ T8369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.446643][ T8369] ================================================================== [ 73.454679][ T8369] Kernel panic - not syncing: panic_on_warn set ... [ 73.461239][ T8369] CPU: 1 PID: 8369 Comm: syz-executor.3 Not tainted 5.11.0-syzkaller #0 [ 73.469542][ T8369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.479753][ T8369] Call Trace: [ 73.483029][ T8369] dump_stack+0x137/0x19d [ 73.487353][ T8369] panic+0x1e7/0x5fa [ 73.491223][ T8369] ? vprintk_emit+0x2fa/0x3e0 [ 73.495890][ T8369] kcsan_report+0x67b/0x680 [ 73.500385][ T8369] ? kcsan_setup_watchpoint+0x40b/0x470 [ 73.505928][ T8369] ? ext4_mark_iloc_dirty+0x37e/0x16f0 [ 73.511363][ T8369] ? __ext4_mark_inode_dirty+0x4db/0x5e0 [ 73.516980][ T8369] ? ext4_evict_inode+0x9a4/0xef0 [ 73.521996][ T8369] ? evict+0x1aa/0x410 [ 73.526048][ T8369] ? iput+0x3fd/0x520 [ 73.530010][ T8369] ? do_unlinkat+0x2c9/0x4d0 [ 73.534597][ T8369] ? __x64_sys_unlink+0x2c/0x30 [ 73.539432][ T8369] ? do_syscall_64+0x39/0x80 [ 73.544005][ T8369] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.550066][ T8369] ? __find_get_block+0x4de/0x640 [ 73.555065][ T8369] ? __getblk_gfp+0x3a/0x1f0 [ 73.559630][ T8369] kcsan_setup_watchpoint+0x40b/0x470 [ 73.565020][ T8369] ext4_mark_iloc_dirty+0x37e/0x16f0 [ 73.570292][ T8369] ? ext4_reserve_inode_write+0x17a/0x1f0 [ 73.576000][ T8369] __ext4_mark_inode_dirty+0x4db/0x5e0 [ 73.581438][ T8369] ? jbd2__journal_start+0x28f/0x3f0 [ 73.586720][ T8369] ext4_evict_inode+0x9a4/0xef0 [ 73.591557][ T8369] ? ext4_inode_is_fast_symlink+0x200/0x200 [ 73.597558][ T8369] evict+0x1aa/0x410 [ 73.601541][ T8369] iput+0x3fd/0x520 [ 73.605335][ T8369] do_unlinkat+0x2c9/0x4d0 [ 73.609738][ T8369] __x64_sys_unlink+0x2c/0x30 [ 73.614389][ T8369] do_syscall_64+0x39/0x80 [ 73.618791][ T8369] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.624676][ T8369] RIP: 0033:0x465837 [ 73.628551][ T8369] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 73.648223][ T8369] RSP: 002b:00007ffe35506928 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 73.656616][ T8369] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000465837 [ 73.664659][ T8369] RDX: 00007ffe35506960 RSI: 00007ffe35506960 RDI: 00007ffe355069f0 [ 73.672628][ T8369] RBP: 00007ffe355069f0 R08: 0000000000000001 R09: 00007ffe355067c0 [ 73.680676][ T8369] R10: 00000000018ff88b R11: 0000000000000206 R12: 00000000004bbe42 [ 73.688626][ T8369] R13: 00007ffe35507ac0 R14: 00000000018ff810 R15: 00007ffe35507b00 [ 73.697430][ T8369] Kernel Offset: disabled [ 73.701749][ T8369] Rebooting in 86400 seconds..