last executing test programs: 8m12.881437456s ago: executing program 0 (id=55): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0xa, 0x0, 0x0, @private0}, 0x1c) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_rdma(0x10, 0x3, 0x14) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/fscaps', 0x202, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r4, &(0x7f0000000280), 0x9) 8m11.662657331s ago: executing program 0 (id=58): syz_usb_connect$rtl8150(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x48, [{{0x9, 0x2, 0x2d}}]}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x141005) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x2, r1, 0x2}) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@empty, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x5, 0x80000000, 0x0, 0x7fffffffffffffff}, {0x0, 0x0, 0xffffffffffffffff, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d5, 0x6c}, 0xa, @in=@private=0xa010102, 0x350c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000040)={r4, @in6={{0xa, 0x4e24, 0xfffffff7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x74}}}, &(0x7f0000000280)=0x84) 8m6.186322478s ago: executing program 0 (id=73): socket$pppl2tp(0x18, 0x1, 0x1) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}) socket$nl_generic(0x10, 0x3, 0x10) 8m4.894574987s ago: executing program 0 (id=78): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = syz_clone3(0x0, 0x0) tgkill(r0, r0, 0x21) 8m4.185614066s ago: executing program 0 (id=79): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f00004d4000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000890000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x11d5, 0xc000, 0x3, 0xc0}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r1], 0x50) io_uring_enter(r2, 0x2219, 0xcf74, 0x51, 0x0, 0x0) 7m57.690302815s ago: executing program 0 (id=97): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="440000000906010200120000000c0000000000000900020073797a310000000005000100070000001c0007800c00018008000140ff1600ff0c0002800800014059"], 0x44}, 0x1, 0x0, 0x0, 0x30008003}, 0x4000050) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) 7m42.651724122s ago: executing program 32 (id=97): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="440000000906010200120000000c0000000000000900020073797a310000000005000100070000001c0007800c00018008000140ff1600ff0c0002800800014059"], 0x44}, 0x1, 0x0, 0x0, 0x30008003}, 0x4000050) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) 3m27.177838507s ago: executing program 1 (id=967): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xdf) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x400) bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000380), 0xc) 3m26.922421424s ago: executing program 1 (id=969): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r2, 0x3, {0x1, 0xff, 0x4}}, 0x18) sendmmsg(r1, &(0x7f0000003dc0)=[{{&(0x7f0000000180)=@can, 0x80, &(0x7f0000001840)=[{&(0x7f0000000440)="4e358ed59ee7a636d3a35d9bb1a218701d8f6d70ee6d34b9565d84", 0x1b}], 0x1}}], 0x1, 0x48010) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) 3m26.706698239s ago: executing program 1 (id=971): syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/key-users\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x106f) r4 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r4, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r4, 0x40026f34, &(0x7f0000000040)=0x1) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, &(0x7f0000000000)) 3m25.67547862s ago: executing program 1 (id=975): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newtaction={0x64, 0x1d, 0x1, 0x70bd28, 0x0, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x2, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x7ff, 0x4, 0x41d0b9e5, 0x9}, 0x7c}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x0) 3m25.482401733s ago: executing program 1 (id=978): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x438, 0x240, 0x240, 0x0, 0x350, 0x370, 0x130, 0x4, 0x0, {[{{@arp={@private, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_to_batadv\x00', 'batadv0\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "bc2e329885ea3654891fbae8c6c66e07212432bde429bcda7deb48d85c6f5e269c2021c8f8dc09af0b3f2e10e8ac79cc67e264613c4be6838ee2daacf7926a6e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr, @broadcast}}}, {{@arp={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'veth0_to_bond\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x488) 3m25.293206237s ago: executing program 1 (id=981): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x102, 0x7fffffe, 0x118, 0x220, 0x110, 0x0, 0x330, 0x330, 0x330, 0x4, 0x0, {[{{@arp={@multicast1, @private=0xa010102, 0xffffff00, 0xffffffff, 0x9, 0xa, {@empty, {[0x0, 0x0, 0x7f, 0x0, 0xff]}}, {@mac, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, 0x7, 0x1, 0x273, 0x5, 0x7fff, 0x3, 'ip_vti0\x00', 'ip6erspan0\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xbc, 0xffffffffffffff0c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @loopback, @empty}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @private=0xa010101, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0xfffd, 0xfffe, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast1, @broadcast}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x263) 3m9.251620103s ago: executing program 33 (id=981): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x102, 0x7fffffe, 0x118, 0x220, 0x110, 0x0, 0x330, 0x330, 0x330, 0x4, 0x0, {[{{@arp={@multicast1, @private=0xa010102, 0xffffff00, 0xffffffff, 0x9, 0xa, {@empty, {[0x0, 0x0, 0x7f, 0x0, 0xff]}}, {@mac, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, 0x7, 0x1, 0x273, 0x5, 0x7fff, 0x3, 'ip_vti0\x00', 'ip6erspan0\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xbc, 0xffffffffffffff0c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @loopback, @empty}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @private=0xa010101, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0xfffd, 0xfffe, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast1, @broadcast}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x263) 10.522160715s ago: executing program 5 (id=1547): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r6, 0x400, 0x1) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000000)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, r2}) r8 = socket(0xa, 0x1, 0x0) ioctl(r8, 0x8916, &(0x7f0000000000)) ioctl(r8, 0x8936, &(0x7f0000000000)) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback, 0x2}, 0x1c) listen(r0, 0x5) 10.408998183s ago: executing program 4 (id=1549): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000440)="e097566f5bec6446d2b17515f7c0", 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x4600) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x34}, 0x8017, 0x3, 'wrr\x00', 0x10, 0x4, 0x77}, 0x2c) r5 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r6, 0x3000) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) close(0x3) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r7, 0x0, 0x0) syz_open_dev$usbmon(&(0x7f00000003c0), 0x20000fffffffa, 0xe0943) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) socket$alg(0x26, 0x5, 0x0) 9.371712906s ago: executing program 4 (id=1552): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800004, &(0x7f0000000640)={[{@debug}, {@delalloc}, {@grpjquota}, {@test_dummy_encryption}, {@i_version}, {@oldalloc}, {@data_err_abort}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) getpeername$tipc(r4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 8.042218458s ago: executing program 4 (id=1554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 7.602322219s ago: executing program 4 (id=1558): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file2\x00', 0x0, &(0x7f0000000540), 0x1, 0x7a1, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbJKmSfu+yQsvvG89BQQNlG5Mja2Ch4oHESwU9GwbNttQs8mW7KY0IWCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s+222U1322Q3ms8HJvs8M7N5nu8+M888szPsBLBnjaV/chGHIuK9JGIkm59ExEAt1R9xYmO922urhXRKYn391V+S2jq31lYL0fCe1IEs8/+I+PbtiMO5zeVWllfmpkul4mKWn6jOn5+oLK8cOTc/PVucLS4cm5yaOnr8mePHti/W335YOXj9/Zee/OLEH2/97+q73yVxIg5myxrj2C5jMZZ9JgPpR3iPF7e7sB5Lms4d7no96Ey6a/Zt7OVxKEair5ZqYaibNQMAdso6ALAHJZ2OAd40aACAv7f69wC31lYL9am330h0140XImL/Rvz165sbS/qza3b7a9dBh28l91wZSSJidBvKH4uIT756/bN0iqwdml9LA9hely5HxJnRsc39f7LpnoVOPbXVwvXB2svYfbP32vEHeunrdPzzbLPxX+7O+CeajH8Gm+y7D+PB+3/uWpbo24biNknHf8833Nt2uyH+zGhflvtXbcw3kJw9Vyqmfdu/I2I8BgbT/GRt1eYjt/Gbf95sVX7j+O/XD974NC0/fb27Ru5a/+C975mZrk4/atx1Ny5HPNbfLP7kTvsnLca/p9os4+Xn3vm41bI0/jTe+rQ5/p21fiXiiabtf7ctky3vT5yobQ4T9Y3iPul28+WPH7W8Ea6x/dMpLb9+LtANafsPbx3/aNJ4v2al8zK+vzLyTatlD46/+fa/L3mtlt6Xzbs4Xa0uTkbsS17ZPP/o3ffW8/X10/jHH2++/28U23z7T88Jz7QZf//1nz9/+Ph3Vhr/TEft33ni6u25ln13e+0/VUuNZ3Pa6f/areCjfHYAAAAAAAAAAAAAAAAAAAAAAAAA0K5cRByMJJe/k87l8vmNZ3j/N4ZzpXKlevhseWlhJmrPyh6NgVz9py5HGn4PdTL7Pfx6/uh9+acj4j8R8eHgUC2fL5RLM70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB1o8/z/102CvawcA7Jj9va4AANB1jv8AsPd0dvwf2rF6AADd4/wfAPaeto//Z3a2HgBA93R6/t+3Q/UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgH+vUyZPptP772mohzc9cWF6aK184MlOszOXnlwr5QnnxfH62XJ4tFfOF8nzLf3Rp46VULp+fioWlixPVYqU6UVleOT1fXlqonj43Pz1bPF0c6FpkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANC+yvLK3HSpVFyU2DIxtDuqsWsS/fHAdSIuxW6oqsRDJRp7iaHedVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9xfAQAA//9Tfytg") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendfile(r1, r1, 0x0, 0xe3aa6ea) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x3, 0x100000002, 0x1000000000000004, 0x3ff}) 7.601816919s ago: executing program 2 (id=1559): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/key-users\x00', 0x0, 0x0) r5 = syz_open_dev$dvb_demux(0x0, 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1) r6 = socket$rds(0x15, 0x5, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffe1a, 0xfa00, {0x0, 0x0, 0x2, 0x2}}, 0x20) 6.117773453s ago: executing program 6 (id=1562): r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$sock_buf(r0, 0x1, 0x12, &(0x7f00000000c0)=""/44, &(0x7f0000000140)=0x2c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f00000000c0)={0x0, 0x3}, 0x8) 5.866948491s ago: executing program 3 (id=1563): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="640100001900010000000000040000001d0100001500040001000080fe02000031171e44b2b50e8f040000001e01060000f8"], 0x164}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x8024) 5.806381994s ago: executing program 5 (id=1564): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800004, &(0x7f0000000640)={[{@debug}, {@delalloc}, {@grpjquota}, {@test_dummy_encryption}, {@i_version}, {@oldalloc}, {@data_err_abort}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) getpeername$tipc(r4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 5.398429643s ago: executing program 6 (id=1565): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0xfffffff8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xba3}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xa7ba) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 5.350712476s ago: executing program 3 (id=1566): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_freeze_timeout', 0x183281, 0x4) io_submit(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002000090002000000ffdbdf25020000000800080008"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 5.197571767s ago: executing program 2 (id=1567): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/key-users\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x106f) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0x0, 0xfffffe1a, 0xfa00, {0x0, 0x0, 0x2, 0x2}}, 0x20) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r8, 0x80184132, &(0x7f0000000000)) 5.138447471s ago: executing program 6 (id=1568): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file1\x00', 0x1008490, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x3, 0x4eb, &(0x7f0000001500)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x5a00, 0x0, 0x3) 5.064864636s ago: executing program 3 (id=1569): socket$igmp6(0xa, 0x3, 0x2) r0 = syz_io_uring_setup(0x13ad, &(0x7f0000000680)={0x0, 0x6409, 0x1000, 0x2, 0x1d3}, &(0x7f0000000240), 0x0, &(0x7f0000000000)) close(r0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) close(r2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f000000e0c0)=""/102400, 0x19000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) ioctl$XFS_IOC_FREE_EOFBLOCKS(0xffffffffffffffff, 0x8080583a, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) getpid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) ioctl$int_in(r1, 0x5452, &(0x7f000000fa00)=0x9) 5.01884478s ago: executing program 4 (id=1570): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x200010) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) getpid() mmap(&(0x7f0000060000/0x2000)=nil, 0x2000, 0x1, 0x80050, r1, 0x4733000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000001b80)=""/71) 3.458419648s ago: executing program 5 (id=1571): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getpid() openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0502, 0x109) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56", 0x2) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0", 0x25}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a", 0x2e}], 0x2}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000600)=""/82, 0x52}], 0x1}, 0x0) 3.425778851s ago: executing program 2 (id=1572): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r3, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0, 0xccd21cca, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x8, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='h'], 0x68}, 0x9}, 0x0) 3.14990554s ago: executing program 2 (id=1573): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) shutdown(r0, 0x1) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40010080) splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x3) 3.024018589s ago: executing program 2 (id=1574): syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x106f) r4 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r4, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r4, 0x40026f34, &(0x7f0000000040)=0x1) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, 0x0) 3.018862739s ago: executing program 3 (id=1575): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f00000001c0)={0x2f, 0x4, 0xd, 0x1d, 0x7, 0xac, 0x7, 0x2, 0x1}) 3.00134141s ago: executing program 6 (id=1576): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3, &(0x7f0000000000)={[{@user_xattr}, {@nobarrier}, {@norecovery}, {@errors_remount}, {@grpid}]}, 0x8, 0x638, &(0x7f0000000940)="$eJzs3ctrXFUYAPDvzkweTdSkRdS6sAGRFrRJk7ZSRLDdl1IfO1exSUtt2pQkoqkFU6gbQdwoCK5cWP8B11oQXLlw68KNKykUKVlYKXbk3nl0MsnkMZnJpMnvR2/mnntm7jk3zZdz5uScOwHsWkPpl1zE/oi4mkQM1OQVopw5VHre4r3r5xbvpceKxbf/TuL6J8lC7bmS8mN/+uVkxH8DkfyWi9iXX17u7Py1S+NTU5Mz5fTI3OWrI7Pz1w5fvDx+YfLC5JWxV8dOHD92/MTokeYvLp/9qzp98/0PBz478+533zxIRr//40wSJ+Nh+QnptdW/vKf5kjNDMRTFkvu1x9Pv64lNnnu7+Geg8nPySFJ/gG3rfPnnsSsino2ByNf8bw7Ep292tHJAWxWTqLRRwK6TNBX/va2vCLDFKv2A0nv70rZ2ryHX5l4JsBXunioNAJRivysiKvFfKI0NRm82NtC3mCwZ50kiYhMjc1VpGb/+fOZmukXdONySYcOvWlAYsMTCjWyUuxJqNe1/ksXmYPRmqb7F3JL4z9Vs6fG3mix/qC69vv4H0AoLNyLiuXL7372x+B+qif/3mixf/AMAAAAAAEDr3D4VEa+sNP8vV53/88sPxWL9/J/+0hK/TVv773+5O+WdpAXFATXunop4fcX5v9U5voP5curJbD5AV3L+4tTkkYh4KiIORVdPmh6tO2/tDOHDn+/7ulH5tfP/0i0tvzIXsHymO4W6hbgT43Pjm71uIOLujYjns/m/B8pHls7/Sdv/ZIX5v2l8X11nGfteunW2Ud7a8Q+0S/HbiIMrtv+PutvJ6vfnGMn6AyOVXsFyL3z8xY+Nyhf/0Dlp+99Xiv/uWDn+e5La+/XMbuz83RFxdL5QbJTfbP+/O3knHwvZ+SuLGOdmRiO6k9P5Srmpj8bn5mbGNlZn2Kkq8ZA9jpbi/9CLq4//Vfv/NXG4JyIW1lnmMw/7/2yUp/2Hzknjf2L1/v/g0vZ/4ztjtwZ/alB8cnZd7f+xrE0/VD5i/A9qLb8fx3oDtCPVBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHXC4inogkN1zdz+WGhyP6I+Lp6MtNTc/OvXx++oMrE2le9vn/ucon/Q6U0knl8/8HI6IrItL0WDldyT8aEXsj4sv8niw9fG56aqLTFw8AAAAAAAAAAAAAAAAAAADbRH+25r/YU7/+P/VXvtO1A9quUH4U77D7FJp+ZbGnpRUBtlzz8Q887tYf/11trQew9RrH//0HxcyWVgfYQvr/sHs1Gf/+XAA7gPYfdqt1jun1trseQCdo/wEAAAAAYEfZe+D270lELLy2J9tS3eU8k/1hZ8t1ugJAx5jDC7tXYbrTNQA6pZn3+H1tqAfQOUl1798VF/s3nv2ftKdCAAAAAAAAAAAAAMAyB/db/w+71err/83th51slfX/KwW/2wXADtL4oz+0/bDTeY8PJGv8IrD+HwAAAAAAAAAAAAC2gd5rl8anpiZnZucfv503mnhVT6crvzC+Hb51rd152J4zd0XE9rjAVu0kEVE5EoXGT67cgqODVe3w7yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDq/wAAAP//Zf4kkA==") 2.268614911s ago: executing program 5 (id=1577): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/key-users\x00', 0x0, 0x0) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, 0x0) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1) r6 = socket$rds(0x15, 0x5, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffe1a, 0xfa00, {0x0, 0x0, 0x2, 0x2}}, 0x20) 1.391245163s ago: executing program 2 (id=1578): r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x106f) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0x0, 0xfffffe1a, 0xfa00, {0x0, 0x0, 0x2, 0x2}}, 0x20) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r8, 0x80184132, &(0x7f0000000000)) 1.090333964s ago: executing program 5 (id=1579): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0xfffffff8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xba3}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xa7ba) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 1.090107124s ago: executing program 3 (id=1580): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet_udp(0x2, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0xa, 0x3, 0x3a) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000000)=r0, 0x4) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000580)=@in6={0xa, 0xce63, 0x0, @loopback={0xffffff7f00000000}}, 0x80, 0x0}, 0x0) 670.615473ms ago: executing program 4 (id=1581): creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcca) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800718, &(0x7f0000000540)={[{@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x60}}, {@nobh}, {@resgid}, {@resuid}, {@nombcache}, {@noblock_validity}, {@usrquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}]}, 0x22, 0x4a3, &(0x7f0000000980)="$eJzs281rXFUbAPDn3nz2M3n79v1orRotQlBMmrRqF24UBZGKgi7qMk6mJXTaSBPBfmCjiCtBCroWl6J/gbgRQdSV4Epw5UoKRbNp6ypyZ+5NMpNM2iSTTO38fjCZc+aemXueOffce+45kwA61lD2J4nYHRG/RsRALVtfYKj2dHP+cunW/OVSEgsLr/6RVMvdmL9cKooW79uVZ4bTiPT9JN9JvZkLF89MVCrl83l+dPZsX56cOF0+XT43fvz4saNjTz05/kRL4sziunHwnelDB154/epLpZNX3/jhy6y+u/Pty+NYp19Gm2wYygL/c6GqcdsjG9zZ3WrPsnTS3caKsC5dEZE1V0+1/w9EVyw13kA8/15bKwdsqeza1Nd889wCcA9Lot01ANqjuNDvnO8qZffAK++DB7Zy+NF215+p3QBlcd/MH7Ut3ZHmZXoa7m9baSgiTs799Wn2iM3NQwAA3JEPS5+c6I2IS7e+eDEbeyyN9tLu/1aff6v+3ZuPBAcj4l8RsS8i/h0R+yPiPxGRlf1fRPx/k/VZOf5Jr23yI9eUjf+ezte26sd/xegvBrvy3J5q/D3JqalK+Uj+nQxHT1+WH1tjH9889/NHzbYtH/9lj2z/xVgwr8e17oYJusmJ2YnqoLQFrr8bcbA7SVbGnyyuBCQRcSAiDq7vo/cWialHPz/UrNDt419DC9aZFj7LwpvL2n8uGuIvJLX1yTdHZy5cfHzqbOP65Gh/VMpHRoujYqUff/rglWb7r8Xfn+dWj3/H5sNs6nq59rys/ZdtXewDS+u1M63d/waP/7Q3ea26ztybv/b2xOzs+bGI3uRENV/3+vjSe4t8UT47/ocPr97/9+Xvydr/vojIDuL7I+KBiHgwr/tDEfFwRBxeI8bvn719/JFu4PhvgSz+yVXPf4vH/2BS1/7rT3Sd+e6rZvu/s/Y/Vk0N569Uz38Nkob8atXpjuhrrOBmvz8AAAD4J0irv4FP0pHFdJqOjNR+w78/dqaV6ZnZx05Nv3VusvZb+cHoSYuZroF8PrQyVSmPJXP5J9bmR8fzueJivvRoPm/8cdeOan6kNF2ZbHPs0Ol2Nen/md+72l07YIvVLy8VC8DjvW2pDLDNGtfR0/rslZfDyQDuVf5fGzrXbfp/ul31ALaf6z90rtX6/5WGvLUAuDe5/kPn0v+hQ6Xfrvry19teEaAdXP+hI23m//q3MNF/d1SjPYntbpRYV+EoEmnbv6hWJfrjrqjGxhOX8t7cyk9u84kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgRf4OAAD//+Nr2uw=") 286.980809ms ago: executing program 3 (id=1582): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x206) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/key-users\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x106f) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4}) ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1) r6 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0x0, 0xfffffe1a, 0xfa00, {0x0, 0x0, 0x2, 0x2}}, 0x20) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r8, 0x80184132, &(0x7f0000000000)) 83.746264ms ago: executing program 6 (id=1583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x9, 0x0, @void}, 0x10) 65.247915ms ago: executing program 5 (id=1584): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r3, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0, 0xccd21cca, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x8, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='h'], 0x68}, 0x9}, 0x0) 0s ago: executing program 6 (id=1585): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x10000000000002, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) write$cgroup_type(r1, &(0x7f00000000c0), 0x9) kernel console output (not intermixed with test programs): 1 - 0 [ 65.742828][ T4197] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.826830][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.839937][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.850642][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.863032][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.873360][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.887311][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.899482][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.910838][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.922313][ T4237] Bluetooth: hci2: command 0x040f tx timeout [ 65.922408][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.933312][ T4237] Bluetooth: hci0: command 0x040f tx timeout [ 65.939827][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.945202][ T4237] Bluetooth: hci1: command 0x040f tx timeout [ 65.962416][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.973154][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.984879][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.997537][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.004853][ T4237] Bluetooth: hci3: command 0x040f tx timeout [ 66.005080][ T4237] Bluetooth: hci4: command 0x040f tx timeout [ 66.049109][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.067335][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.078051][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.087762][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.097035][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.107032][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.139995][ T4185] device veth0_vlan entered promiscuous mode [ 66.156942][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.165845][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.174906][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.183036][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.193337][ T4189] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.202713][ T4189] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.212170][ T4189] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.222283][ T4189] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.241217][ T4254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.250024][ T4185] device veth1_vlan entered promiscuous mode [ 66.266185][ T4254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.313453][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.325424][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.352279][ T4254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.354382][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.373200][ T4254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.380699][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.421026][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.429388][ T4254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.430287][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.440968][ T4254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.453295][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.483547][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.503142][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.543248][ T4185] device veth0_macvtap entered promiscuous mode [ 66.574108][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.583833][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.593514][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.596708][ T4185] device veth1_macvtap entered promiscuous mode [ 66.615421][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.623677][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.625063][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.640410][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.649135][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.679688][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.689265][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.700215][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.722131][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.740466][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.751503][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.764236][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.775421][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.787817][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.800081][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.811822][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.825609][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.854395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.899665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.908806][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 66.954505][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 67.420622][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 67.635464][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.655849][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.680450][ T4272] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 67.680450][ T4272] program syz.3.4 not setting count and/or reply_len properly [ 67.691389][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.707322][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.718094][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.730451][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.743597][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.755513][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.766674][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.779036][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.793004][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.839992][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.857716][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.908961][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.977500][ T4185] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.004607][ T4185] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.010187][ T13] Bluetooth: hci1: command 0x0419 tx timeout [ 68.018900][ T4185] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.030461][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 68.030855][ T4185] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.058221][ T13] Bluetooth: hci2: command 0x0419 tx timeout [ 68.095084][ T13] Bluetooth: hci4: command 0x0419 tx timeout [ 68.104271][ T4289] device syzkaller0 entered promiscuous mode [ 68.175194][ T13] Bluetooth: hci3: command 0x0419 tx timeout [ 68.175948][ T4280] tipc: Started in network mode [ 68.194257][ T4280] tipc: Node identity 423cfa1da8ce, cluster identity 4711 [ 68.248891][ T4280] tipc: Enabled bearer , priority 0 [ 68.353400][ T4279] tipc: Resetting bearer [ 68.358837][ T4297] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 68.444110][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 68.446457][ T4279] tipc: Disabling bearer [ 68.491365][ T4302] fuse: Bad value for 'fd' [ 68.634606][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 68.648552][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!! [ 68.663865][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 68.679389][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 68.736657][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.804649][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 68.817252][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.874469][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 69.148815][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.203575][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.220929][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.239695][ T4311] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 69.239695][ T4311] program syz.3.14 not setting count and/or reply_len properly [ 69.262570][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.014161][ T4339] sd 0:0:1:0: device reset [ 71.023452][ T4342] genirq: Flags mismatch irq 31. 00000000 (comedi_parport) vs. 00000000 (virtio1-input.0) [ 72.034338][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.056107][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.560917][ T4370] fuse: Bad value for 'fd' [ 74.080917][ T4372] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 74.080917][ T4372] program syz.0.27 not setting count and/or reply_len properly [ 76.473331][ T4230] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.324556][ T4230] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 77.658043][ T4230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.669350][ T4230] usb 3-1: Product: syz [ 77.678442][ T4230] usb 3-1: Manufacturer: syz [ 77.683370][ T4230] usb 3-1: SerialNumber: syz [ 77.763600][ T4415] process 'syz.4.38' launched './file0' with NULL argv: empty string added [ 77.954307][ T4230] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 78.034086][ T4230] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 78.093894][ T4230] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 78.171798][ T4230] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 78.313593][ T4230] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 79.284683][ T4230] lan78xx: probe of 3-1:1.0 failed with error -71 [ 80.424013][ T4230] usb 3-1: USB disconnect, device number 2 [ 81.845650][ T1107] cfg80211: failed to load regulatory.db [ 82.183944][ T4431] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 82.570018][ T4431] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 82.582569][ T4431] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 82.654007][ T4431] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.814092][ T4431] usb 3-1: config 0 descriptor?? [ 82.910453][ T4431] pwc: Askey VC010 type 2 USB webcam detected. [ 83.488582][ T4431] pwc: recv_control_msg error -32 req 02 val 2b00 [ 83.672751][ T4431] pwc: recv_control_msg error -32 req 02 val 2700 [ 84.854001][ T4431] pwc: recv_control_msg error -32 req 02 val 2c00 [ 84.903953][ T4431] pwc: recv_control_msg error -32 req 04 val 1000 [ 84.984023][ T4431] pwc: recv_control_msg error -32 req 04 val 1300 [ 85.035240][ T4431] pwc: recv_control_msg error -32 req 04 val 1400 [ 85.834659][ T4431] pwc: recv_control_msg error -32 req 02 val 2000 [ 85.883954][ T4431] pwc: recv_control_msg error -32 req 02 val 2100 [ 85.924135][ T4431] pwc: recv_control_msg error -32 req 04 val 1500 [ 86.194841][ T4431] pwc: recv_control_msg error -71 req 02 val 2400 [ 86.280998][ T4431] pwc: recv_control_msg error -71 req 02 val 2600 [ 86.363177][ T4431] pwc: recv_control_msg error -71 req 02 val 2900 [ 86.463956][ T4231] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 86.504440][ T4431] pwc: recv_control_msg error -71 req 02 val 2800 [ 86.624453][ T4431] pwc: recv_control_msg error -71 req 04 val 1100 [ 86.764471][ T4231] usb 5-1: Using ep0 maxpacket: 8 [ 86.854856][ T4431] pwc: recv_control_msg error -71 req 04 val 1200 [ 86.892524][ T4431] pwc: Registered as video103. [ 86.919850][ T4431] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 86.975299][ T4231] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 87.011091][ T4431] usb 3-1: USB disconnect, device number 3 [ 87.053921][ T13] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 87.184347][ T4231] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 87.200548][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.222442][ T4231] usb 5-1: Product: syz [ 87.235305][ T4231] usb 5-1: Manufacturer: syz [ 87.243094][ T4231] usb 5-1: SerialNumber: syz [ 87.262972][ T4231] usb 5-1: config 0 descriptor?? [ 87.327038][ T4231] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 87.547576][ T4231] gspca_zc3xx: reg_w_i err -71 [ 88.461697][ T4231] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 89.395832][ T4231] gspca_zc3xx: probe of 5-1:0.0 failed with error -71 [ 89.419614][ T4231] usb 5-1: USB disconnect, device number 2 [ 91.664335][ T4541] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 4294967295 out of range (51000000..2150000000) [ 91.664564][ T13] usb 1-1: too many configurations: 72, using maximum allowed: 8 [ 92.563926][ T13] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 92.592206][ T13] usb 1-1: can't read configurations, error -71 [ 93.002696][ T4227] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 94.171051][ T4227] usb 3-1: Using ep0 maxpacket: 16 [ 95.054724][ T4227] usb 3-1: config 96 has an invalid interface number: 65 but max is 0 [ 95.068637][ T4227] usb 3-1: config 96 has no interface number 0 [ 95.077917][ T4227] usb 3-1: config 96 interface 65 has no altsetting 0 [ 95.161772][ T4580] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 95.161772][ T4580] program syz.1.81 not setting count and/or reply_len properly [ 95.624222][ T4227] usb 3-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=81.4e [ 95.641251][ T4227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.651906][ T4227] usb 3-1: Product: syz [ 95.662667][ T4227] usb 3-1: Manufacturer: syz [ 95.767710][ T4227] usb 3-1: SerialNumber: syz [ 96.443521][ T4588] ODEBUG: Out of memory. ODEBUG disabled [ 96.808131][ T4588] syz.3.83 (4588): drop_caches: 2 [ 96.913755][ C0] sched: RT throttling activated [ 96.999297][ T4227] usb 3-1: can't set config #96, error -71 [ 97.028315][ T4227] usb 3-1: USB disconnect, device number 4 [ 98.174116][ T4608] syz.3.89 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 98.191366][ T4608] ubi31: attaching mtd0 [ 98.198146][ T4608] ubi31: scanning is finished [ 98.203303][ T4608] ubi31: empty MTD device detected [ 98.318297][ T4608] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 104.123836][ T13] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 107.643965][ T13] usb 3-1: unable to get BOS descriptor or descriptor too short [ 107.785228][ T13] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 107.793463][ T13] usb 3-1: can't read configurations, error -71 [ 108.896760][ T4685] netlink: 'syz.3.111': attribute type 25 has an invalid length. [ 109.169185][ T4691] netlink: 112 bytes leftover after parsing attributes in process `syz.1.113'. [ 114.069579][ T4744] netlink: 60 bytes leftover after parsing attributes in process `syz.1.126'. [ 115.114106][ T4744] netlink: 60 bytes leftover after parsing attributes in process `syz.1.126'. [ 115.258881][ T4747] netlink: 60 bytes leftover after parsing attributes in process `syz.1.126'. [ 115.394341][ T4749] netlink: 60 bytes leftover after parsing attributes in process `syz.1.126'. [ 118.565358][ T4431] Bluetooth: hci5: command 0x0409 tx timeout [ 119.251176][ T4637] Set syz1 is full, maxelem 65536 reached [ 119.326281][ T4765] chnl_net:caif_netlink_parms(): no params data found [ 119.638414][ T4765] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.638553][ T4765] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.639184][ T4765] device bridge_slave_0 entered promiscuous mode [ 119.673280][ T4765] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.674827][ T4765] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.675882][ T4765] device bridge_slave_1 entered promiscuous mode [ 119.719317][ T4765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.721613][ T4765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.827655][ T4765] team0: Port device team_slave_0 added [ 119.840870][ T4765] team0: Port device team_slave_1 added [ 120.174531][ T1386] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.405270][ T1386] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.444361][ T4765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.952362][ T4765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.291342][ T4353] Bluetooth: hci5: command 0x041b tx timeout [ 121.306586][ T4765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.320470][ T4765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.328012][ T4765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.356304][ T4765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.575573][ T4765] device hsr_slave_0 entered promiscuous mode [ 121.643153][ T4765] device hsr_slave_1 entered promiscuous mode [ 121.752079][ T4765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.867817][ T4765] Cannot create hsr debugfs directory [ 121.884530][ T1386] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.696141][ T1386] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.325335][ T4849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.158'. [ 123.353917][ T1110] Bluetooth: hci5: command 0x040f tx timeout [ 124.930515][ T4765] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 125.120075][ T4765] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 126.319917][ T1110] Bluetooth: hci5: command 0x0419 tx timeout [ 126.415174][ T4884] netlink: 'syz.2.167': attribute type 4 has an invalid length. [ 126.427551][ T4884] netlink: 206236 bytes leftover after parsing attributes in process `syz.2.167'. [ 126.452862][ T4765] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 126.473256][ T4765] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 129.097550][ T4765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.376931][ T4765] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.462018][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 129.471505][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.877579][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.909245][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.958954][ T4304] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.966759][ T4304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.155746][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.350053][ T4955] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 131.350053][ T4955] program syz.4.184 not setting count and/or reply_len properly [ 131.546997][ T4957] fuse: Unknown parameter '0x0000000000000006' [ 132.158964][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 132.174255][ T4304] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.181651][ T4304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.502028][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 132.578920][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 132.595635][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 132.614797][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 132.627064][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 132.647041][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 132.710359][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 132.743431][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 132.760650][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 132.782591][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 132.801958][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 132.897937][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 132.970036][ T4765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 133.037822][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.045490][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.436271][ T4994] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 134.436271][ T4994] program syz.3.193 not setting count and/or reply_len properly [ 135.063058][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.124056][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 135.137307][ T4765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.555095][ T5008] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 135.555095][ T5008] program syz.3.195 not setting count and/or reply_len properly [ 135.738877][ T5010] fuse: Unknown parameter '0x0000000000000006' [ 136.626990][ T1386] device hsr_slave_0 left promiscuous mode [ 136.676657][ T1386] device hsr_slave_1 left promiscuous mode [ 136.807945][ T1386] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.944863][ T1386] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.087358][ T1386] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.112675][ T1386] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.271772][ T1386] device bridge_slave_1 left promiscuous mode [ 137.651267][ T5037] syz.2.201 (5037): drop_caches: 2 [ 137.865276][ T1386] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.041941][ T1386] device bridge_slave_0 left promiscuous mode [ 138.893046][ T1386] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.967943][ T5055] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 138.967943][ T5055] program syz.4.207 not setting count and/or reply_len properly [ 140.284925][ T5067] loop4: detected capacity change from 0 to 512 [ 140.328196][ T1386] device veth1_macvtap left promiscuous mode [ 140.390635][ T1386] device veth0_macvtap left promiscuous mode [ 140.407734][ T5069] loop2: detected capacity change from 0 to 8192 [ 140.458094][ T1386] device veth1_vlan left promiscuous mode [ 140.491208][ T5067] EXT4-fs (loop4): 1 truncate cleaned up [ 140.513997][ T5067] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none. [ 140.527803][ T1386] device veth0_vlan left promiscuous mode [ 140.604824][ T4313] loop2: p3 p4 < > [ 140.610177][ T4313] loop2: p3 size 83886080 extends beyond EOD, truncated [ 141.073967][ T5076] syz.3.214 (5076): drop_caches: 2 [ 141.290449][ T5069] loop2: p3 p4 < > [ 141.390726][ T5069] loop2: p3 size 83886080 extends beyond EOD, truncated [ 142.393144][ T1386] team0 (unregistering): Port device team_slave_1 removed [ 142.424109][ T1386] team0 (unregistering): Port device team_slave_0 removed [ 142.428679][ T4262] udevd[4262]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 142.443103][ T4313] udevd[4313]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 142.455071][ T1386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.527196][ T5094] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 142.527196][ T5094] program syz.1.219 not setting count and/or reply_len properly [ 142.757144][ T4313] udevd[4313]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 142.838954][ T1386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.855944][ T4262] udevd[4262]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 143.078686][ T4313] udevd[4313]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 143.093334][ T4262] udevd[4262]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 143.217622][ T1386] bond0 (unregistering): Released all slaves [ 146.208550][ T5129] overlayfs: failed to resolve './file0': -2 [ 146.681236][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 146.737049][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 146.993474][ T5146] syz.2.232 uses obsolete (PF_INET,SOCK_PACKET) [ 147.525156][ T5140] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.534002][ T5140] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.950229][ T5140] device bridge_slave_0 left promiscuous mode [ 147.962094][ T5140] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.037455][ T5140] device bridge_slave_1 left promiscuous mode [ 148.054023][ T5140] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.124833][ T5140] bond0: (slave bond_slave_0): Releasing backup interface [ 148.183542][ T5140] bond0: (slave bond_slave_1): Releasing backup interface [ 148.259068][ T5140] team0: Port device team_slave_0 removed [ 148.334430][ T5140] team0: Port device team_slave_1 removed [ 148.391394][ T5140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.593400][ T5140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.814626][ T5140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.018901][ T5140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.903098][ T5140] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.919048][ T5140] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.931143][ T5140] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.989657][ T5140] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.200335][ T5185] overlayfs: failed to resolve './file0': -2 [ 151.499441][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 151.563391][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 151.664772][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 151.675575][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 151.685246][ T4765] device veth0_vlan entered promiscuous mode [ 151.984037][ T4765] device veth1_vlan entered promiscuous mode [ 152.532856][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 152.551998][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.615489][ T4765] device veth0_macvtap entered promiscuous mode [ 152.676353][ T4765] device veth1_macvtap entered promiscuous mode [ 153.443672][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.535521][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.613872][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.669976][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.783865][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.875963][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.016645][ T4765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.123154][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 154.144907][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.593337][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.865623][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.893107][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.959479][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.001467][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.044865][ T4765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.098363][ T4765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.139190][ T4765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.162925][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.182316][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.216909][ T4765] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.244145][ T4765] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.253063][ T4765] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.314894][ T4765] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.343908][ T4254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.424496][ T4254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.464616][ T4276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.472983][ T4276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.502054][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 156.563069][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 157.653099][ T5269] loop4: detected capacity change from 0 to 512 [ 161.103402][ T5275] overlayfs: failed to resolve './file0': -2 [ 161.728222][ T5287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'. [ 161.874176][ T5292] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'. [ 164.007348][ T5338] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 166.594020][ T5374] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.652221][ T5374] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.675943][ T5374] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.698883][ T5374] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.750669][ T5371] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 170.851971][ T5427] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 170.851971][ T5427] program syz.4.296 not setting count and/or reply_len properly [ 173.359308][ T5433] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 173.359308][ T5433] program syz.2.297 not setting count and/or reply_len properly [ 174.766398][ T5488] loop4: detected capacity change from 0 to 1024 [ 174.790810][ T5488] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 174.843944][ T5488] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12687!=20869) [ 174.989561][ T5488] EXT4-fs (loop4): invalid journal inode [ 178.963141][ T5534] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 180.595063][ T5571] Zero length message leads to an empty skb [ 186.324046][ T13] Bluetooth: hci4: command 0x0406 tx timeout [ 186.336836][ T13] Bluetooth: hci1: command 0x0406 tx timeout [ 186.358743][ T13] Bluetooth: hci3: command 0x0406 tx timeout [ 188.355264][ T5669] fuse: Unknown parameter '0x0000000000000006' [ 194.478812][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.489846][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.708907][ T5767] fuse: Unknown parameter '0x0000000000000006' [ 202.880931][ T5800] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.380'. [ 204.298364][ T5820] netlink: 48 bytes leftover after parsing attributes in process `syz.2.384'. [ 205.133657][ T5839] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 206.411039][ T5852] ieee802154 phy0 wpan0: encryption failed: -22 [ 208.774023][ T5877] loop3: detected capacity change from 0 to 1024 [ 209.096378][ T5877] EXT4-fs (loop3): inline encryption not supported [ 209.113161][ T5877] EXT4-fs (loop3): Ignoring removed bh option [ 210.578134][ T5884] sctp: failed to load transform for md5: -2 [ 210.615278][ T5877] EXT4-fs (loop3): orphan cleanup on readonly fs [ 210.670282][ T5877] EXT4-fs error (device loop3): ext4_quota_enable:6442: comm syz.3.399: inode #2304: comm syz.3.399: iget: illegal inode # [ 210.794295][ T5877] EXT4-fs error (device loop3): ext4_quota_enable:6445: comm syz.3.399: Bad quota inode: 2304, type: 2 [ 210.914738][ T5877] EXT4-fs warning (device loop3): ext4_enable_quotas:6486: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 211.036592][ T5877] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 211.074699][ T5877] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,barrier,inlinecrypt,min_batch_time=0x0000000000000102,minixdf,bh,,errors=continue. Quota mode: writeback. [ 213.122105][ T5929] loop4: detected capacity change from 0 to 512 [ 213.251191][ T5932] netlink: 884 bytes leftover after parsing attributes in process `syz.2.412'. [ 213.495828][ T5929] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,grpquota,,errors=continue. Quota mode: writeback. [ 213.514569][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.285928][ T5916] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 214.296260][ T5929] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.546782][ T5946] EXT4-fs (loop4): shut down requested (0) [ 214.914211][ T5960] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 214.914211][ T5960] program syz.5.415 not setting count and/or reply_len properly [ 220.923657][ T6011] loop3: detected capacity change from 0 to 164 [ 221.865314][ T6011] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 221.910087][ T6011] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 222.186337][ T6030] netlink: 'syz.1.431': attribute type 72 has an invalid length. [ 224.156721][ T6059] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 225.950716][ T6078] loop1: detected capacity change from 0 to 512 [ 225.977792][ T6076] device syzkaller0 entered promiscuous mode [ 226.021261][ T6078] EXT4-fs (loop1): Ignoring removed bh option [ 226.064453][ T6078] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 226.181955][ T6078] EXT4-fs (loop1): 1 truncate cleaned up [ 226.203966][ T6078] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none. [ 226.334006][ T6078] EXT4-fs (loop1): shut down requested (2) [ 226.475736][ T6090] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.443'. [ 230.617005][ T6151] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.456'. [ 230.662360][ T6156] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 235.750436][ T6213] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.470'. [ 240.754122][ T4431] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 242.804125][ T6287] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 242.804125][ T6287] program syz.2.492 not setting count and/or reply_len properly [ 244.723172][ T21] Bluetooth: hci5: command 0x0406 tx timeout [ 245.503865][ T4431] usb 5-1: too many configurations: 72, using maximum allowed: 8 [ 245.843952][ T4431] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 245.863793][ T4431] usb 5-1: can't read configurations, error -71 [ 247.160044][ T6319] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 248.122535][ T6324] overlayfs: missing 'lowerdir' [ 248.466124][ T6330] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 248.466124][ T6330] program syz.2.504 not setting count and/or reply_len properly [ 252.114467][ T4229] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 255.916856][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.923718][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.685382][ T6375] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 256.685382][ T6375] program syz.1.516 not setting count and/or reply_len properly [ 257.153888][ T4229] usb 6-1: too many configurations: 72, using maximum allowed: 8 [ 257.640313][ T6376] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 257.669830][ T6379] overlayfs: missing 'lowerdir' [ 257.843917][ T4229] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 257.926747][ T4229] usb 6-1: can't read configurations, error -71 [ 261.533405][ T6424] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 261.533405][ T6424] program syz.5.528 not setting count and/or reply_len properly [ 262.132438][ T6430] 9pnet: p9_errstr2errno: server reported unknown error ½p [ 262.304498][ T6439] overlayfs: missing 'lowerdir' [ 264.787715][ T6471] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 264.787715][ T6471] program syz.5.541 not setting count and/or reply_len properly [ 267.230267][ T6494] overlayfs: missing 'workdir' [ 268.500097][ T6515] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 268.500097][ T6515] program syz.3.553 not setting count and/or reply_len properly [ 273.057988][ T6571] overlayfs: missing 'workdir' [ 278.285693][ T6602] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 278.596931][ T6614] overlayfs: missing 'workdir' [ 279.969380][ T6626] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 279.969380][ T6626] program syz.4.586 not setting count and/or reply_len properly [ 281.044588][ T6628] loop5: detected capacity change from 0 to 8192 [ 281.141691][ T6628] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 283.329085][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.596'. [ 284.186565][ T6664] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 285.324856][ T26] audit: type=1326 audit(1775694626.578:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.3.603" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x0 [ 285.576728][ T6680] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 285.583682][ T6680] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 285.649644][ T6680] vhci_hcd vhci_hcd.0: Device attached [ 285.853888][ T13] vhci_hcd: vhci_device speed not set [ 285.943809][ T13] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 286.000061][ T6682] vhci_hcd: connection reset by peer [ 286.031534][ T4724] vhci_hcd: stop threads [ 286.038939][ T4724] vhci_hcd: release socket [ 286.098447][ T4724] vhci_hcd: disconnect device [ 286.428050][ T7] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 289.963979][ T7] usb 4-1: too many configurations: 72, using maximum allowed: 8 [ 290.103780][ T7] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 290.304132][ T7] usb 4-1: can't read configurations, error -71 [ 291.184688][ T13] vhci_hcd: vhci_device speed not set [ 292.728574][ T4431] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 294.579793][ T6790] loop4: detected capacity change from 0 to 4096 [ 294.637353][ T6790] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 294.760959][ T6799] loop2: detected capacity change from 0 to 1024 [ 294.768973][ T6799] ======================================================= [ 294.768973][ T6799] WARNING: The mand mount option has been deprecated and [ 294.768973][ T6799] and is ignored by this kernel. Remove the mand [ 294.768973][ T6799] option from the mount to silence this warning. [ 294.768973][ T6799] ======================================================= [ 294.802321][ T26] audit: type=1800 audit(1775694636.048:3): pid=6790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.636" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 294.944165][ T6799] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 296.283838][ T4431] usb 2-1: too many configurations: 72, using maximum allowed: 8 [ 296.445884][ T4431] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 296.454097][ T4431] usb 2-1: can't read configurations, error -71 [ 300.523773][ T4431] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 302.373339][ T6880] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 303.703801][ T4431] usb 3-1: too many configurations: 72, using maximum allowed: 8 [ 303.803930][ T4431] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 303.817869][ T4431] usb 3-1: can't read configurations, error -71 [ 307.447741][ T6934] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 309.462980][ T4231] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 310.023427][ T6969] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 311.893857][ T4231] usb 2-1: too many configurations: 72, using maximum allowed: 8 [ 311.973950][ T4231] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 311.981999][ T4231] usb 2-1: can't read configurations, error -71 [ 313.933731][ T4431] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 316.221745][ T7026] loop1: detected capacity change from 0 to 512 [ 316.530514][ T7026] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 316.662086][ T7026] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 316.698255][ T26] audit: type=1326 audit(1775694657.968:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 316.811946][ T26] audit: type=1326 audit(1775694657.968:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 316.854739][ T26] audit: type=1326 audit(1775694657.968:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 316.941592][ T4431] usb 4-1: too many configurations: 72, using maximum allowed: 8 [ 317.013940][ T4431] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 317.046538][ T26] audit: type=1326 audit(1775694657.968:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.062210][ T4431] usb 4-1: can't read configurations, error -71 [ 317.127096][ T7042] loop1: detected capacity change from 0 to 4096 [ 317.195645][ T7042] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 317.200402][ T26] audit: type=1326 audit(1775694657.968:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.232957][ T26] audit: type=1326 audit(1775694657.968:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.256469][ T26] audit: type=1326 audit(1775694657.968:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.272796][ T7039] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 317.281655][ T26] audit: type=1326 audit(1775694657.968:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.321570][ T26] audit: type=1326 audit(1775694657.968:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.345476][ T26] audit: type=1326 audit(1775694657.968:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.1.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe65bcf0819 code=0x7ffc0000 [ 317.377333][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.388014][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.660848][ T7056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.713'. [ 318.809814][ T7073] netlink: 12 bytes leftover after parsing attributes in process `syz.4.718'. [ 319.405538][ T1107] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 321.669473][ T7133] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 321.669473][ T7133] program syz.1.732 not setting count and/or reply_len properly [ 322.363859][ T1107] usb 4-1: too many configurations: 72, using maximum allowed: 8 [ 322.423806][ T1107] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 322.432007][ T1107] usb 4-1: can't read configurations, error -71 [ 322.571371][ T7140] loop2: detected capacity change from 0 to 1024 [ 322.652295][ T7140] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 322.866338][ T7140] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 2: comm syz.2.733: lblock 2 mapped to illegal pblock 2 (length 1) [ 322.901648][ T7140] __quota_error: 6 callbacks suppressed [ 322.901665][ T7140] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 322.916539][ T7140] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 48: comm syz.2.733: lblock 0 mapped to illegal pblock 48 (length 1) [ 322.938593][ T7140] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 322.950522][ T7140] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.733: Failed to acquire dquot type 0 [ 322.970549][ T7140] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 322.991356][ T7140] EXT4-fs error (device loop2): ext4_evict_inode:282: inode #11: comm syz.2.733: mark_inode_dirty error [ 323.009345][ T7140] EXT4-fs warning (device loop2): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 323.031753][ T7140] EXT4-fs (loop2): 1 orphan inode deleted [ 323.038015][ T7140] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x00000000000008c9,nodiscard,stripe=0x0000000000000004,jqfmt=vfsold,,errors=continue. Quota mode: none. [ 323.106188][ T4354] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:12: lblock 1 mapped to illegal pblock 1 (length 1) [ 323.190676][ T4354] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 323.247801][ T4354] EXT4-fs error (device loop2): ext4_release_dquot:6270: comm kworker/u4:12: Failed to release dquot type 0 [ 323.387912][ T7140] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.733: Invalid inode table block 1 in block_group 0 [ 323.443182][ T7140] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 323.510860][ T7164] loop1: detected capacity change from 0 to 1024 [ 323.524170][ T7140] EXT4-fs error (device loop2): ext4_quota_off:6540: inode #3: comm syz.2.733: mark_inode_dirty error [ 323.642081][ T7164] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 323.700270][ T26] audit: type=1800 audit(1775694664.968:20): pid=7164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.740" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 325.081790][ T26] audit: type=1800 audit(1775694666.348:21): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.740" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 326.927408][ T7212] loop1: detected capacity change from 0 to 512 [ 327.058501][ T7212] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,usrquota,minixdf,nombcache,. Quota mode: writeback. [ 327.253951][ T7212] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 327.701733][ T7212] EXT4-fs error (device loop1): ext4_readdir:263: inode #12: block 32: comm syz.1.754: path /140/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 327.866072][ T7212] EXT4-fs (loop1): Remounting filesystem read-only [ 328.655542][ T7231] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 328.831875][ T7236] loop2: detected capacity change from 0 to 128 [ 328.947488][ T7236] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 329.112151][ T7236] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 329.712558][ T7248] vcan0: MTU too low for tipc bearer [ 330.565797][ T7248] tipc: Enabling of bearer rejected, failed to enable media [ 330.858803][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.766'. [ 330.943943][ T7263] netlink: 'syz.2.769': attribute type 2 has an invalid length. [ 330.960555][ T7264] netlink: 92 bytes leftover after parsing attributes in process `syz.2.769'. [ 332.533053][ T7287] loop3: detected capacity change from 0 to 128 [ 332.549119][ T7277] loop1: detected capacity change from 0 to 8192 [ 332.641182][ T7290] loop2: detected capacity change from 0 to 764 [ 332.652200][ T7277] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 332.678093][ T7277] FAT-fs (loop1): error, clusters badly computed (1 != 0) [ 332.687130][ T7277] FAT-fs (loop1): Filesystem has been set read-only [ 332.695210][ T7277] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 332.703316][ T7277] FAT-fs (loop1): error, clusters badly computed (3 != 2) [ 332.716197][ T7277] FAT-fs (loop1): error, clusters badly computed (4 != 3) [ 332.739174][ T7287] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 332.754266][ T7287] ext4 filesystem being mounted at /199/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 332.758397][ T7277] FAT-fs (loop1): error, clusters badly computed (5 != 4) [ 332.772698][ T7277] FAT-fs (loop1): error, clusters badly computed (6 != 5) [ 332.780079][ T7277] FAT-fs (loop1): error, clusters badly computed (7 != 6) [ 332.787827][ T7277] FAT-fs (loop1): error, clusters badly computed (8 != 7) [ 332.800707][ T7277] FAT-fs (loop1): error, clusters badly computed (9 != 8) [ 332.808583][ T7277] FAT-fs (loop1): error, clusters badly computed (10 != 9) [ 332.816313][ T7277] FAT-fs (loop1): error, clusters badly computed (11 != 10) [ 332.873447][ T7277] FAT-fs (loop1): error, clusters badly computed (12 != 11) [ 333.176936][ T7277] FAT-fs (loop1): error, clusters badly computed (13 != 12) [ 333.570256][ T7277] FAT-fs (loop1): error, clusters badly computed (14 != 13) [ 333.653002][ T7277] FAT-fs (loop1): error, clusters badly computed (15 != 14) [ 333.731517][ T7277] FAT-fs (loop1): error, clusters badly computed (16 != 15) [ 334.105087][ T7315] tipc: Can't bind to reserved service type 1 [ 335.090047][ T7332] loop1: detected capacity change from 0 to 256 [ 335.146766][ T7332] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 335.204674][ T7332] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 336.061394][ T7346] netlink: 24 bytes leftover after parsing attributes in process `syz.2.794'. [ 336.377154][ T7356] loop1: detected capacity change from 0 to 512 [ 336.466138][ T7356] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 336.580269][ T7356] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 336.750294][ T7356] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 336.775794][ T7367] loop3: detected capacity change from 0 to 1024 [ 336.826488][ T7356] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 336.877927][ T7367] EXT4-fs (loop3): Ignoring removed bh option [ 336.891485][ T7367] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 336.910378][ T7368] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fffff00) [ 337.000829][ T7367] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000006,dioread_nolock,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 337.038457][ T7373] loop5: detected capacity change from 0 to 1024 [ 337.089473][ T7373] EXT4-fs (loop5): Ignoring removed bh option [ 337.166317][ T7373] EXT4-fs (loop5): Ignoring removed oldalloc option [ 337.233806][ T7373] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 337.245937][ T7373] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 337.322998][ T4197] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 337.351088][ T7373] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e841c01c, mo2=0003] [ 337.407317][ T7373] System zones: 0-1, 3-36 [ 337.425224][ T7373] EXT4-fs (loop5): mounted filesystem without journal. Opts: bh,delalloc,oldalloc,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 338.734527][ T7402] loop5: detected capacity change from 0 to 2048 [ 338.842159][ T7402] EXT4-fs (loop5): mounted filesystem without journal. Opts: min_batch_time=0x000000000000000d,mb_optimize_scan=0x0000000000000001,barrier,,errors=continue. Quota mode: none. [ 338.909361][ T7402] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 339.154471][ T7411] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 339.154471][ T7411] program syz.1.816 not setting count and/or reply_len properly [ 339.765470][ T7415] 9pnet: Insufficient options for proto=fd [ 342.819744][ T7453] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 342.819744][ T7453] program syz.4.829 not setting count and/or reply_len properly [ 342.882981][ T7448] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 343.086597][ T7456] device syzkaller0 entered promiscuous mode [ 345.872602][ T7500] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 345.872602][ T7500] program syz.4.844 not setting count and/or reply_len properly [ 348.439164][ T7540] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 348.439164][ T7540] program syz.5.858 not setting count and/or reply_len properly [ 348.580565][ T7543] loop1: detected capacity change from 0 to 512 [ 348.811050][ T7543] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 349.435972][ T7543] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 349.659990][ T7558] device syzkaller1 entered promiscuous mode [ 349.837576][ T7565] loop2: detected capacity change from 0 to 256 [ 350.335298][ T7565] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 350.355567][ T7571] loop1: detected capacity change from 0 to 4096 [ 350.390002][ T26] audit: type=1800 audit(1775694691.658:22): pid=7565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.865" name="file1" dev="loop2" ino=1048610 res=0 errno=0 [ 350.460029][ T26] audit: type=1800 audit(1775694691.708:23): pid=7565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.865" name="file1" dev="loop2" ino=1048610 res=0 errno=0 [ 350.488000][ T7576] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 350.488000][ T7576] program syz.3.868 not setting count and/or reply_len properly [ 350.599105][ T7571] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 350.625739][ T7577] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779008) [ 350.820354][ T7580] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 350.820354][ T7580] program syz.4.869 not setting count and/or reply_len properly [ 350.897317][ T26] audit: type=1800 audit(1775694692.158:24): pid=7571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.867" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 350.918776][ T7577] FAT-fs (loop2): Filesystem has been set read-only [ 350.919002][ T7577] FAT-fs (loop2): error, corrupted file size (i_pos 196, 16779008) [ 353.724964][ T7597] loop4: detected capacity change from 0 to 512 [ 353.841319][ T7607] loop3: detected capacity change from 0 to 512 [ 353.953438][ T7607] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 354.060602][ T7607] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 354.270180][ T7614] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 354.270180][ T7614] program syz.4.882 not setting count and/or reply_len properly [ 354.372639][ T7607] EXT4-fs (loop3): 1 truncate cleaned up [ 354.424149][ T7607] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x000000000000000d,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,data_err=ignore,dioread_lock,. Quota mode: none. [ 358.154078][ T7665] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 358.154078][ T7665] program syz.1.895 not setting count and/or reply_len properly [ 358.245871][ T7662] loop5: detected capacity change from 0 to 1024 [ 358.258837][ T7666] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 358.389386][ T7662] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 359.237199][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.276943][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.420626][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.463504][ T7686] loop1: detected capacity change from 0 to 1024 [ 359.473278][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.498556][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.509540][ T7686] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 359.542742][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.562450][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.586331][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.597543][ T7686] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 359.645978][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.661559][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.673481][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.686301][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.706988][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.719101][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.730635][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.730813][ T7686] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 359.740387][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.763739][ T1110] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 359.794211][ T7686] syz.1.904 (7686) used greatest stack depth: 20696 bytes left [ 360.219206][ T1110] hid-generic 0000:0000:000E.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 360.840299][ T7699] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 360.840299][ T7699] program syz.4.909 not setting count and/or reply_len properly [ 360.942641][ T7715] loop4: detected capacity change from 0 to 512 [ 361.097003][ T7715] EXT4-fs (loop4): mounted filesystem without journal. Opts: resgid=0x0000000000000000,stripe=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 361.144495][ T7706] fido_id[7706]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 361.160482][ T7715] ext4 filesystem being mounted at /181/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 362.787839][ T7742] loop4: detected capacity change from 0 to 256 [ 362.853412][ T7746] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 362.853412][ T7746] program syz.3.920 not setting count and/or reply_len properly [ 363.261986][ T7752] loop3: detected capacity change from 0 to 512 [ 363.331285][ T7757] netlink: 12 bytes leftover after parsing attributes in process `syz.1.925'. [ 363.516238][ T7752] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 363.567242][ T7752] ext4 filesystem being mounted at /228/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 363.957207][ T7771] loop4: detected capacity change from 0 to 1024 [ 364.000708][ T7771] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 364.007511][ T7774] loop3: detected capacity change from 0 to 512 [ 364.503865][ T7774] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 364.520082][ T7771] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 364.578408][ T7774] ext4 filesystem being mounted at /229/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 364.676236][ T7789] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 364.676236][ T7789] program syz.1.933 not setting count and/or reply_len properly [ 364.898758][ T7795] loop5: detected capacity change from 0 to 128 [ 365.430309][ T7804] capability: warning: `syz.5.938' uses 32-bit capabilities (legacy support in use) [ 365.541492][ T7802] netlink: 8 bytes leftover after parsing attributes in process `syz.5.938'. [ 365.593965][ T7802] netlink: 48 bytes leftover after parsing attributes in process `syz.5.938'. [ 365.951965][ T7814] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 365.972562][ T7814] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 366.786829][ T7832] loop2: detected capacity change from 0 to 2048 [ 366.821434][ T7830] loop1: detected capacity change from 0 to 4096 [ 366.881046][ T7832] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 366.900028][ T7836] loop4: detected capacity change from 0 to 128 [ 366.902057][ T7832] EXT4-fs (loop2): shut down requested (0) [ 366.944763][ T7836] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 366.968095][ T7836] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 366.976621][ T7830] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 367.195725][ T26] audit: type=1800 audit(1775694708.468:25): pid=7838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.949" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 367.221804][ T7840] loop5: detected capacity change from 0 to 128 [ 367.384303][ T4254] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 368.854537][ T7865] device syzkaller0 entered promiscuous mode [ 369.012263][ T7871] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 369.012263][ T7871] program syz.4.959 not setting count and/or reply_len properly [ 369.103126][ T7869] loop2: detected capacity change from 0 to 4096 [ 369.218226][ T7869] EXT4-fs (loop2): Test dummy encryption mode enabled [ 369.287113][ T7869] EXT4-fs (loop2): Ignoring removed oldalloc option [ 369.369803][ T7869] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 369.398129][ T7869] System zones: 0-5 [ 369.448552][ T7869] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 370.564477][ T7885] loop3: detected capacity change from 0 to 512 [ 370.771900][ T7885] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,grpquota,. Quota mode: writeback. [ 370.811492][ T7885] ext4 filesystem being mounted at /235/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 370.905022][ T7894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.969'. [ 372.325031][ T7923] netlink: 40 bytes leftover after parsing attributes in process `syz.5.976'. [ 372.340022][ T7919] loop3: detected capacity change from 0 to 1024 [ 372.377292][ T7919] EXT4-fs (loop3): Ignoring removed bh option [ 372.385584][ T7919] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 372.451184][ T7919] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000006,dioread_nolock,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 374.118071][ T7957] loop5: detected capacity change from 0 to 128 [ 374.194093][ T7957] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 374.267816][ T7957] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 374.556392][ T7964] netlink: 52 bytes leftover after parsing attributes in process `syz.5.992'. [ 374.605978][ T7964] netlink: 52 bytes leftover after parsing attributes in process `syz.5.992'. [ 374.901710][ T7969] device syzkaller0 entered promiscuous mode [ 375.335805][ T7964] syz.5.992 (7964) used greatest stack depth: 20664 bytes left [ 376.600335][ T8007] autofs4:pid:8007:autofs_fill_super: called with bogus options [ 377.927867][ T8024] loop2: detected capacity change from 0 to 128 [ 378.760634][ T8043] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1021'. [ 378.796893][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.803985][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.802038][ T8075] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1032'. [ 383.629476][ T8103] loop5: detected capacity change from 0 to 128 [ 385.787980][ T26] audit: type=1326 audit(1775694727.058:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 385.908455][ T26] audit: type=1326 audit(1775694727.098:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.030398][ T26] audit: type=1326 audit(1775694727.098:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.318886][ T26] audit: type=1326 audit(1775694727.098:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.346025][ T26] audit: type=1326 audit(1775694727.098:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.387496][ T26] audit: type=1326 audit(1775694727.098:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.417357][ T26] audit: type=1326 audit(1775694727.118:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.450847][ T26] audit: type=1326 audit(1775694727.118:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8116 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f7508688819 code=0x7ffc0000 [ 386.898770][ T4229] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 386.991253][ T8137] loop3: detected capacity change from 0 to 512 [ 387.071109][ T8137] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 387.093241][ T8137] ext4 filesystem being mounted at /254/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 391.393774][ T4229] usb 6-1: too many configurations: 72, using maximum allowed: 8 [ 391.883713][ T4229] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 391.892071][ T4229] usb 6-1: can't read configurations, error -71 [ 392.934152][ T8175] capability: warning: `syz.5.1062' uses deprecated v2 capabilities in a way that may be insecure [ 393.075097][ T8183] loop3: detected capacity change from 0 to 128 [ 394.312938][ T8180] chnl_net:caif_netlink_parms(): no params data found [ 394.366804][ T8189] loop5: detected capacity change from 0 to 512 [ 394.977172][ T8180] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.978561][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #3: comm syz.5.1066: corrupted inode contents [ 394.985359][ T8180] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.007600][ T8180] device bridge_slave_0 entered promiscuous mode [ 395.019464][ T8180] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.026910][ T8180] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.034561][ T21] Bluetooth: hci2: command 0x0409 tx timeout [ 395.038216][ T8189] EXT4-fs error (device loop5): ext4_dirty_inode:6058: inode #3: comm syz.5.1066: mark_inode_dirty error [ 395.042082][ T8180] device bridge_slave_1 entered promiscuous mode [ 395.082916][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #3: comm syz.5.1066: corrupted inode contents [ 395.101951][ T8180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.111700][ T8189] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.1066: mark_inode_dirty error [ 395.115717][ T8180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.159012][ T8189] Quota error (device loop5): write_blk: dquota write failed [ 395.170059][ T8180] team0: Port device team_slave_0 added [ 395.178549][ T8189] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 395.190011][ T8189] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.1066: Failed to acquire dquot type 0 [ 395.250184][ T8208] loop4: detected capacity change from 0 to 512 [ 395.269945][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #16: comm syz.5.1066: corrupted inode contents [ 395.298431][ T8180] team0: Port device team_slave_1 added [ 395.307036][ T8206] loop3: detected capacity change from 0 to 512 [ 395.324111][ T8189] EXT4-fs error (device loop5): ext4_dirty_inode:6058: inode #16: comm syz.5.1066: mark_inode_dirty error [ 395.343161][ T8210] loop2: detected capacity change from 0 to 512 [ 395.347111][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #16: comm syz.5.1066: corrupted inode contents [ 395.375085][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.375782][ T8206] EXT4-fs (loop3): Ignoring removed bh option [ 395.382951][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.417047][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.426742][ T8206] EXT4-fs (loop3): inline encryption not supported [ 395.433526][ T8206] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 395.443424][ T8189] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #16: comm syz.5.1066: mark_inode_dirty error [ 395.455234][ T8180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.477319][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.488739][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.517191][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.524619][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #16: comm syz.5.1066: corrupted inode contents [ 395.543159][ T8189] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 395.571140][ T8210] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 395.591741][ T8206] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 395.604132][ T8180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.635761][ T8189] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #16: comm syz.5.1066: corrupted inode contents [ 395.675970][ T8189] EXT4-fs error (device loop5): ext4_truncate:4279: inode #16: comm syz.5.1066: mark_inode_dirty error [ 395.688181][ T8206] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1070: bg 0: block 248: padding at end of block bitmap is not set [ 395.704250][ T8189] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 395.710336][ T8206] Quota error (device loop3): write_blk: dquota write failed [ 395.763782][ T8206] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 395.802311][ T8206] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.1070: Failed to acquire dquot type 1 [ 395.831138][ T8180] device hsr_slave_0 entered promiscuous mode [ 395.844377][ T8189] EXT4-fs (loop5): 1 truncate cleaned up [ 395.852127][ T8206] EXT4-fs (loop3): 1 truncate cleaned up [ 395.863517][ T8189] EXT4-fs (loop5): mounted filesystem without journal. Opts: resuid=0x0000000000000000,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 395.874198][ T8206] EXT4-fs (loop3): mounted filesystem without journal. Opts: bh,inlinecrypt,nombcache,,errors=continue. Quota mode: writeback. [ 395.888870][ T8189] ext4 filesystem being mounted at /155/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 395.895476][ T8180] device hsr_slave_1 entered promiscuous mode [ 395.912867][ T8180] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 395.921332][ T8180] Cannot create hsr debugfs directory [ 396.904500][ T4354] Quota error (device loop3): remove_tree: Getting block too big (0 >= 6) [ 396.914690][ T4354] EXT4-fs error (device loop3): ext4_release_dquot:6270: comm kworker/u4:12: Failed to release dquot type 1 [ 397.087483][ T8220] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 397.137015][ T4231] Bluetooth: hci2: command 0x041b tx timeout [ 397.139525][ T8231] loop3: detected capacity change from 0 to 1024 [ 397.203806][ T8231] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 397.318245][ T8180] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 397.360760][ T8231] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,norecovery,resgid=0x0000000000000000,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,grpid,auto_da_alloc=0x0000000001000343,grpid,barrier=0x0000000000000007,nombcache,. Quota mode: none. [ 397.409446][ T8242] loop5: detected capacity change from 0 to 512 [ 397.429895][ T8180] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 397.468670][ T8180] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 397.484514][ T8180] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 397.573259][ T8231] tmpfs: Bad value for 'mpol' [ 397.687373][ T8242] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 397.742435][ T8180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.754029][ T8242] ext4 filesystem being mounted at /158/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 397.874392][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 397.892785][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 398.040961][ T8180] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.629306][ T1107] Bluetooth: hci2: command 0x040f tx timeout [ 399.644870][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 399.829896][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 399.992421][ T4274] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.000415][ T4274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.040980][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 400.427101][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 400.438596][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 400.449151][ T4274] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.456555][ T4274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.465366][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 400.598927][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 401.336579][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 401.389358][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 401.398719][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 401.408098][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 401.433000][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 401.479943][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 401.514833][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 401.531268][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 401.562547][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 401.626368][ T8180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 401.781694][ T8296] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 401.796574][ T21] Bluetooth: hci2: command 0x0419 tx timeout [ 402.549011][ T5147] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 403.235169][ T8327] loop4: detected capacity change from 0 to 512 [ 403.277760][ T1386] device hsr_slave_0 left promiscuous mode [ 403.306957][ T1386] device hsr_slave_1 left promiscuous mode [ 403.355851][ T8327] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 403.403471][ T8327] ext4 filesystem being mounted at /234/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 403.414633][ T5147] usb 3-1: device descriptor read/64, error -71 [ 403.866757][ T5147] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 404.384777][ T5147] usb 3-1: device descriptor read/64, error -71 [ 404.544442][ T5147] usb usb3-port1: attempt power cycle [ 404.953821][ T5147] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 405.103826][ T5147] usb 3-1: device descriptor read/8, error -71 [ 405.186186][ T1386] bond0 (unregistering): Released all slaves [ 406.034029][ T8180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 406.041545][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 406.109064][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 406.294730][ T8367] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 407.887398][ T8388] loop4: detected capacity change from 0 to 128 [ 410.599252][ T8427] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 410.833730][ T8405] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.841243][ T8405] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.199209][ T8465] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 414.655403][ T8479] loop5: detected capacity change from 0 to 1024 [ 414.788558][ T8479] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 414.867446][ T8405] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.877208][ T8405] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.887390][ T8405] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.907173][ T8405] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.024054][ T8486] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 415.359368][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 415.382005][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 415.505345][ T8180] device veth0_vlan entered promiscuous mode [ 415.540676][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1143'. [ 415.564066][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 415.581692][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 415.667988][ T8501] loop5: detected capacity change from 0 to 4096 [ 415.734589][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 415.766525][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 417.285299][ T8501] EXT4-fs (loop5): Test dummy encryption mode enabled [ 417.308623][ T8501] EXT4-fs (loop5): Ignoring removed oldalloc option [ 417.322620][ T8180] device veth1_vlan entered promiscuous mode [ 417.453634][ T8501] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 417.509539][ T8501] System zones: 0-5 [ 417.517301][ T8501] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 417.541635][ T8180] device veth0_macvtap entered promiscuous mode [ 417.552435][ T8180] device veth1_macvtap entered promiscuous mode [ 417.792749][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 417.817329][ T8517] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 418.106222][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 418.152454][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 418.206723][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 418.438696][ T8532] loop4: detected capacity change from 0 to 512 [ 418.490208][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.533124][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.583683][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.625771][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.656879][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.688436][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.742407][ T8532] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nodiscard,grpjquota=,,errors=continue. Quota mode: none. [ 418.769940][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 418.844443][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 418.870646][ T8547] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 418.995899][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 419.110813][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.201881][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.263328][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.324676][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.359433][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.371902][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.391008][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 419.402298][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 419.417038][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 419.432001][ T8180] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.448154][ T8180] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.495259][ T8180] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.509688][ T8180] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.641970][ T8567] loop4: detected capacity change from 0 to 512 [ 421.540961][ T4276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.550233][ T4470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.566024][ T8567] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 421.606418][ T4276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.619833][ T4470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.638431][ T8567] ext4 filesystem being mounted at /248/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 421.654250][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 421.772370][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 422.627176][ T8581] loop2: detected capacity change from 0 to 4096 [ 422.786951][ T8581] EXT4-fs (loop2): Test dummy encryption mode enabled [ 422.923964][ T8581] EXT4-fs (loop2): Ignoring removed oldalloc option [ 423.741811][ T8581] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 423.779123][ T8581] System zones: 0-5 [ 423.813769][ T8600] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1166'. [ 423.944171][ T8600] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1166'. [ 424.023476][ T8581] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 425.193706][ T4231] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 426.576048][ T8641] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 427.035360][ T8647] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 427.035360][ T8647] program syz.3.1178 not setting count and/or reply_len properly [ 428.065985][ T8656] loop6: detected capacity change from 0 to 512 [ 428.954059][ T8656] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 429.177786][ T8656] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 430.743787][ T4231] usb 3-1: too many configurations: 72, using maximum allowed: 8 [ 430.813780][ T4231] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 430.821809][ T4231] usb 3-1: can't read configurations, error -71 [ 430.871474][ T8679] loop2: detected capacity change from 0 to 4096 [ 431.037144][ T8679] EXT4-fs (loop2): Test dummy encryption mode enabled [ 431.124333][ T8679] EXT4-fs (loop2): Ignoring removed oldalloc option [ 431.159118][ T8679] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 431.200376][ T8679] System zones: 0-5 [ 431.270140][ T8679] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 434.166495][ T8706] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 435.263702][ T5147] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 436.901908][ T8763] loop3: detected capacity change from 0 to 8192 [ 437.318829][ T26] audit: type=1800 audit(1775694778.588:34): pid=8763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1201" name="file2" dev="loop3" ino=1048620 res=0 errno=0 [ 438.853736][ T5147] usb 5-1: too many configurations: 72, using maximum allowed: 8 [ 439.133844][ T5147] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 439.141861][ T5147] usb 5-1: can't read configurations, error -71 [ 439.898541][ T8791] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 440.334229][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.350570][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.978671][ T8806] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 440.978671][ T8806] program syz.3.1202 not setting count and/or reply_len properly [ 441.656018][ T8816] loop2: detected capacity change from 0 to 512 [ 441.872368][ T8816] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 441.938410][ T8816] ext4 filesystem being mounted at /245/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 442.219272][ T8832] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 442.219272][ T8832] program syz.4.1204 not setting count and/or reply_len properly [ 444.697878][ T4353] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 448.483700][ T4353] usb 7-1: too many configurations: 72, using maximum allowed: 8 [ 448.843696][ T4353] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 448.854229][ T4353] usb 7-1: can't read configurations, error -71 [ 449.252190][ T8890] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 450.035644][ T8891] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 450.354745][ T8896] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 451.373026][ T8902] loop5: detected capacity change from 0 to 1024 [ 451.531435][ T8902] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 451.659936][ T8902] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 451.881112][ T8902] EXT4-fs (loop5): orphan cleanup on readonly fs [ 451.906894][ T8902] EXT4-fs error (device loop5): ext4_free_blocks:6232: comm syz.5.1222: Freeing blocks not in datazone - block = 0, count = 4096 [ 451.960288][ T8920] loop3: detected capacity change from 0 to 512 [ 451.997029][ T8902] EXT4-fs (loop5): 1 orphan inode deleted [ 452.014654][ T8902] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsv0,journal_dev=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 452.061806][ T8920] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 452.099463][ T8902] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 16: comm syz.5.1222: path /194/file1: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 452.138102][ T8920] ext4 filesystem being mounted at /300/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 452.150120][ T8902] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 17: comm syz.5.1222: path /194/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 453.130025][ T8931] loop6: detected capacity change from 0 to 512 [ 453.231854][ T8938] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 453.231854][ T8938] program syz.4.1225 not setting count and/or reply_len properly [ 453.267757][ T4274] tipc: Subscription rejected, illegal request [ 453.343936][ T8931] EXT4-fs (loop6): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,grpquota,,errors=continue. Quota mode: writeback. [ 453.493116][ T8931] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 453.620545][ T8952] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 454.251028][ T4914] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 456.746972][ T4914] usb 3-1: too many configurations: 72, using maximum allowed: 8 [ 456.954650][ T4914] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 456.962906][ T4914] usb 3-1: can't read configurations, error -71 [ 457.654865][ T9012] loop2: detected capacity change from 0 to 512 [ 457.747769][ T9012] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 457.819706][ T9012] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 459.428906][ T9038] loop2: detected capacity change from 0 to 1024 [ 459.502798][ T9038] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x0000000000000007,journal_ioprio=0x0000000000000006,init_itable,nogrpid,jqfmt=vfsv0,jqfmt=vfsv0,noinit_itable,mb_optimize_scan=0x0000000000000000,usrquota,user_xattr,,errors=continue. Quota mode: writeback. [ 459.681953][ T9038] ext4 filesystem being mounted at /251/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 459.737968][ T9038] device syzkaller0 entered promiscuous mode [ 459.853877][ T9052] loop3: detected capacity change from 0 to 512 [ 459.934795][ T9054] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 460.038290][ T9052] EXT4-fs (loop3): Ignoring removed nobh option [ 460.703201][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #3: comm syz.3.1244: corrupted inode contents [ 460.743896][ T9052] EXT4-fs error (device loop3): ext4_dirty_inode:6058: inode #3: comm syz.3.1244: mark_inode_dirty error [ 460.759477][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #3: comm syz.3.1244: corrupted inode contents [ 460.819670][ T9052] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.1244: mark_inode_dirty error [ 460.886472][ T9052] Quota error (device loop3): write_blk: dquota write failed [ 460.923919][ T9052] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 460.973673][ T4227] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 460.997050][ T9052] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.1244: Failed to acquire dquot type 0 [ 461.041548][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #16: comm syz.3.1244: corrupted inode contents [ 461.075818][ T9052] EXT4-fs error (device loop3): ext4_dirty_inode:6058: inode #16: comm syz.3.1244: mark_inode_dirty error [ 461.092141][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #16: comm syz.3.1244: corrupted inode contents [ 461.106570][ T9052] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #16: comm syz.3.1244: mark_inode_dirty error [ 461.130636][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #16: comm syz.3.1244: corrupted inode contents [ 461.160298][ T9052] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 461.183482][ T9052] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #16: comm syz.3.1244: corrupted inode contents [ 461.218240][ T9052] EXT4-fs error (device loop3): ext4_truncate:4279: inode #16: comm syz.3.1244: mark_inode_dirty error [ 461.248595][ T9052] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 461.262473][ T9052] EXT4-fs (loop3): 1 truncate cleaned up [ 461.270785][ T9052] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,nobh,,errors=continue. Quota mode: writeback. [ 461.291049][ T9052] ext4 filesystem being mounted at /305/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 463.863846][ T4227] usb 6-1: too many configurations: 72, using maximum allowed: 8 [ 463.943716][ T4227] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 463.951728][ T4227] usb 6-1: can't read configurations, error -71 [ 465.464321][ T9130] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 467.753719][ T5147] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 469.070293][ T9176] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 471.008333][ T9180] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 471.008333][ T9180] program syz.5.1268 not setting count and/or reply_len properly [ 471.493847][ T5147] usb 3-1: too many configurations: 72, using maximum allowed: 8 [ 471.993865][ T5147] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 472.017331][ T5147] usb 3-1: can't read configurations, error -71 [ 473.042299][ T26] audit: type=1326 audit(1775694814.308:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9195 comm="syz.6.1273" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f424fea4819 code=0x0 [ 475.352610][ T9239] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 475.352610][ T9239] program syz.2.1280 not setting count and/or reply_len properly [ 476.584122][ T5147] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 479.873726][ T5147] usb 4-1: too many configurations: 72, using maximum allowed: 8 [ 480.013678][ T5147] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 480.021698][ T5147] usb 4-1: can't read configurations, error -71 [ 480.036592][ T9281] loop2: detected capacity change from 0 to 1024 [ 480.212676][ T9281] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 480.263735][ T9281] ext4 filesystem being mounted at /261/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 480.346865][ T9289] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 480.346865][ T9289] program syz.3.1293 not setting count and/or reply_len properly [ 480.950834][ T9281] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #15: block 3: comm syz.2.1292: lblock 3 mapped to illegal pblock 3 (length 3) [ 481.050536][ T9281] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 481.084850][ T9281] EXT4-fs (loop2): This should not happen!! Data will be lost [ 481.084850][ T9281] [ 481.170693][ T9294] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #15: block 3: comm syz.2.1292: lblock 3 mapped to illegal pblock 3 (length 1) [ 481.330735][ T9294] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #15: block 3: comm syz.2.1292: lblock 3 mapped to illegal pblock 3 (length 1) [ 481.371948][ T9300] ieee802154 phy0 wpan0: encryption failed: -22 [ 481.489541][ T4354] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #15: block 8: comm kworker/u4:12: lblock 8 mapped to illegal pblock 8 (length 8) [ 481.540189][ T4354] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 481.590515][ T4354] EXT4-fs (loop2): This should not happen!! Data will be lost [ 481.590515][ T4354] [ 483.477308][ T9320] loop4: detected capacity change from 0 to 512 [ 483.560769][ T9320] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 483.572536][ T9320] EXT4-fs (loop4): orphan cleanup on readonly fs [ 483.584879][ T9320] EXT4-fs warning (device loop4): ext4_enable_quotas:6486: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 483.602664][ T9320] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 483.611649][ T9320] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #13: comm syz.4.1301: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 483.632246][ T9320] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1301: couldn't read orphan inode 13 (err -117) [ 483.666956][ T9320] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noblock_validity,min_batch_time=0x000000000000082f,grpquota,debug,journal_dev=0x0000000000000001,grpid,inode_readahead_blks=0x0000000000002000,,errors=continue. Quota mode: writeback. [ 483.709215][ T9320] EXT4-fs error (device loop4): ext4_lookup:1862: inode #2: comm syz.4.1301: deleted inode referenced: 12 [ 483.788340][ T9177] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 484.957276][ T9343] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1308'. [ 486.455989][ T9352] loop5: detected capacity change from 0 to 164 [ 486.556227][ T9352] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 487.733038][ T9352] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 487.744320][ T9177] usb 7-1: too many configurations: 72, using maximum allowed: 8 [ 487.789904][ T9352] rock: directory entry would overflow storage [ 487.809863][ T9352] rock: sig=0x4f50, size=4, remaining=3 [ 487.823709][ T9177] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 487.842771][ T9177] usb 7-1: can't read configurations, error -71 [ 487.883748][ T9352] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 490.383705][ T23] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 491.231058][ T9401] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1325'. [ 492.941609][ T9403] loop3: detected capacity change from 0 to 512 [ 493.789403][ T9403] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 493.815664][ T9403] EXT4-fs error (device loop3): ext4_iget_extra_inode:4566: inode #15: comm syz.3.1327: corrupted in-inode xattr [ 493.850481][ T9403] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1327: couldn't read orphan inode 15 (err -117) [ 494.522005][ T9403] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,jqfmt=vfsv0,min_batch_time=0x00000000000003ff,noload,grpjquota=.,noblock_validity,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000008000,errors=continue,,errors=continue. Quota mode: writeback. [ 494.774034][ T23] usb 5-1: too many configurations: 72, using maximum allowed: 8 [ 494.934017][ T23] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 494.952545][ T23] usb 5-1: can't read configurations, error -71 [ 495.083505][ T9435] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 495.083505][ T9435] program syz.6.1333 not setting count and/or reply_len properly [ 495.507129][ T9440] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 500.243632][ T13] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 501.200781][ T9493] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 502.253998][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.260737][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.759184][ T9515] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1357'. [ 505.783713][ T13] usb 7-1: too many configurations: 72, using maximum allowed: 8 [ 506.770380][ T13] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 506.813587][ T13] usb 7-1: can't read configurations, error -71 [ 509.915372][ T9548] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 510.903688][ T13] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 513.362518][ T9590] loop6: detected capacity change from 0 to 512 [ 513.473619][ T9590] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 513.593704][ T13] usb 6-1: too many configurations: 72, using maximum allowed: 8 [ 514.603810][ T13] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 514.646761][ T13] usb 6-1: can't read configurations, error -71 [ 514.824055][ T9590] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 514.958292][ T9590] Quota error (device loop6): write_blk: dquota write failed [ 514.974239][ T9590] Quota error (device loop6): find_free_dqentry: Can't write quota data block 5 [ 515.004153][ T9590] Quota error (device loop6): write_blk: dquota write failed [ 515.013380][ T9590] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 515.024918][ T9590] EXT4-fs error (device loop6): ext4_acquire_dquot:6234: comm syz.6.1377: Failed to acquire dquot type 1 [ 515.047837][ T9590] EXT4-fs (loop6): 1 truncate cleaned up [ 515.080851][ T9590] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,inode_readahead_blks=0x0000000000200000,resgid=0x0000000000000000,norecovery,quota,resuid=0x0000000000000000,sysvgroups,resgid=0x00000000000000002,errors=continue. Quota mode: writeback. [ 518.087999][ T9646] loop6: detected capacity change from 0 to 4096 [ 518.161423][ T9646] EXT4-fs (loop6): Test dummy encryption mode enabled [ 518.200606][ T9646] EXT4-fs (loop6): Ignoring removed oldalloc option [ 518.246366][ T9646] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 518.279227][ T9646] System zones: 0-5 [ 518.333108][ T9646] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 518.655518][ T9656] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 518.655518][ T9656] program syz.4.1388 not setting count and/or reply_len properly [ 519.193774][ T1107] Bluetooth: hci2: command 0x0406 tx timeout [ 520.880562][ T9673] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 522.543332][ T9703] loop5: detected capacity change from 0 to 4096 [ 522.675895][ T9703] EXT4-fs (loop5): Test dummy encryption mode enabled [ 522.706679][ T9703] EXT4-fs (loop5): Ignoring removed oldalloc option [ 522.750108][ T9703] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 522.784114][ T9703] System zones: 0-5 [ 522.843397][ T9703] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 523.056860][ T9711] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 523.056860][ T9711] program syz.6.1406 not setting count and/or reply_len properly [ 526.249723][ T9750] loop2: detected capacity change from 0 to 128 [ 527.622255][ T9763] attempt to access beyond end of device [ 527.622255][ T9763] loop2: rw=2049, want=1017, limit=128 [ 527.718719][ T9767] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 527.718719][ T9767] program syz.5.1421 not setting count and/or reply_len properly [ 527.760326][ T9747] loop3: detected capacity change from 0 to 256 [ 527.783304][ T4470] attempt to access beyond end of device [ 527.783304][ T4470] loop2: rw=1, want=705, limit=128 [ 527.810010][ T4470] attempt to access beyond end of device [ 527.810010][ T4470] loop2: rw=1, want=1041, limit=128 [ 527.842194][ T4470] attempt to access beyond end of device [ 527.842194][ T4470] loop2: rw=1, want=737, limit=128 [ 527.899961][ T9747] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 527.990014][ T26] audit: type=1800 audit(1775694869.258:36): pid=9747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1418" name="file1" dev="loop3" ino=1048623 res=0 errno=0 [ 528.032530][ T9747] FAT-fs (loop3): error, corrupted file size (i_pos 196, 16779008) [ 528.072396][ T9747] FAT-fs (loop3): Filesystem has been set read-only [ 531.116710][ T9795] loop3: detected capacity change from 0 to 128 [ 531.462882][ T9795] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 531.738651][ T9795] ext4 filesystem being mounted at /350/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 535.531956][ T9832] loop3: detected capacity change from 0 to 4096 [ 536.341523][ T9832] EXT4-fs (loop3): Test dummy encryption mode enabled [ 536.348787][ T9832] EXT4-fs (loop3): Ignoring removed oldalloc option [ 536.392259][ T9832] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 536.406414][ T9832] System zones: 0-5 [ 536.464347][ T9832] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 538.534132][ T9867] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 538.534132][ T9867] program syz.6.1450 not setting count and/or reply_len properly [ 538.558546][ T9870] loop4: detected capacity change from 0 to 128 [ 538.944615][ T9870] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 538.963787][ T9870] ext4 filesystem being mounted at /288/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 540.819622][ T9900] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1460'. [ 540.886753][ T9900] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1460'. [ 541.547151][ T9900] syz.5.1460 (9900) used greatest stack depth: 20568 bytes left [ 541.862662][ T9910] loop6: detected capacity change from 0 to 128 [ 542.026451][ T9904] loop3: detected capacity change from 0 to 4096 [ 542.249388][ T9904] EXT4-fs (loop3): Test dummy encryption mode enabled [ 542.305665][ T9904] EXT4-fs (loop3): Ignoring removed oldalloc option [ 542.546986][ T9904] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 542.812772][ T9904] System zones: 0-5 [ 542.856566][ T9904] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 547.315572][ T9962] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 547.315572][ T9962] program syz.2.1475 not setting count and/or reply_len properly [ 548.656529][ T9972] loop4: detected capacity change from 0 to 4096 [ 548.856806][ T9972] EXT4-fs (loop4): Test dummy encryption mode enabled [ 548.870355][ T9972] EXT4-fs (loop4): Ignoring removed oldalloc option [ 548.917408][ T9972] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 548.936494][ T9972] System zones: 0-5 [ 548.959018][ T9972] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 548.998018][ T9982] loop3: detected capacity change from 0 to 2048 [ 550.334472][ T9982] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 550.522803][T10002] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 550.612665][T10002] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28 [ 550.847515][T10002] EXT4-fs (loop3): This should not happen!! Data will be lost [ 550.847515][T10002] [ 551.343264][T10002] EXT4-fs (loop3): Total free blocks count 0 [ 551.383821][T10002] EXT4-fs (loop3): Free/Dirty block details [ 551.390059][T10002] EXT4-fs (loop3): free_blocks=2415919504 [ 551.535449][T10002] EXT4-fs (loop3): dirty_blocks=336 [ 551.540909][T10002] EXT4-fs (loop3): Block reservation details [ 551.566054][T10002] EXT4-fs (loop3): i_reserved_data_blocks=21 [ 551.600645][ T4354] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 551.625861][ T4354] EXT4-fs (loop3): This should not happen!! Data will be lost [ 551.625861][ T4354] [ 552.739137][T10014] loop5: detected capacity change from 0 to 4096 [ 552.828979][T10014] EXT4-fs (loop5): Test dummy encryption mode enabled [ 552.863626][T10014] EXT4-fs (loop5): Ignoring removed oldalloc option [ 553.009293][T10014] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 553.027585][T10014] System zones: 0-5 [ 553.037845][T10014] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 554.813483][T10049] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 554.813483][T10049] program syz.3.1503 not setting count and/or reply_len properly [ 555.689870][T10063] loop3: detected capacity change from 0 to 128 [ 557.632695][T10063] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 557.693953][T10063] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 557.724000][T10073] netlink: 'syz.5.1508': attribute type 21 has an invalid length. [ 557.790333][T10073] IPv6: NLM_F_CREATE should be specified when creating new route [ 557.836288][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1509'. [ 558.496159][T10089] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1513'. [ 558.557528][T10089] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1513'. [ 558.707095][T10087] loop3: detected capacity change from 0 to 4096 [ 558.775623][T10091] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 558.775623][T10091] program syz.4.1515 not setting count and/or reply_len properly [ 558.864669][T10087] EXT4-fs (loop3): Test dummy encryption mode enabled [ 558.922743][T10087] EXT4-fs (loop3): Ignoring removed oldalloc option [ 558.970064][T10087] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 558.979366][T10087] System zones: 0-5 [ 558.991061][T10087] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 560.660014][T10128] IPVS: ip_vs_add_dest(): server weight less than zero [ 560.735730][T10135] loop5: detected capacity change from 0 to 1024 [ 560.898658][T10131] sg_write: data in/out 1713772022/2642 bytes for SCSI command 0x49-- guessing data in; [ 560.898658][T10131] program syz.6.1527 not setting count and/or reply_len properly [ 561.945801][T10135] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 562.244956][T10135] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e11c, mo2=0000] [ 562.364070][T10135] System zones: 0-1, 3-12 [ 562.430276][T10135] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #11: comm syz.5.1526: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 562.474968][T10151] loop6: detected capacity change from 0 to 4096 [ 562.497958][T10135] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1526: couldn't read orphan inode 11 (err -117) [ 562.522207][T10135] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,debug,discard,usrjquota=,grpquota,norecovery,,errors=continue. Quota mode: writeback. [ 562.549140][T10159] device batadv0 entered promiscuous mode [ 562.562817][T10159] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 562.603935][T10159] device batadv0 left promiscuous mode [ 562.666626][T10135] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.1526: Invalid block bitmap block 0 in block_group 0 [ 562.683105][T10151] EXT4-fs (loop6): Test dummy encryption mode enabled [ 562.714857][T10151] EXT4-fs (loop6): Ignoring removed oldalloc option [ 562.785768][T10151] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 562.822905][T10135] Quota error (device loop5): write_blk: dquota write failed [ 562.867213][T10151] System zones: 0-5 [ 562.874965][T10135] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 562.886482][T10151] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 562.970368][T10135] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.1526: Failed to acquire dquot type 0 [ 563.174370][ T1429] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.174484][ T1429] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.794304][T10167] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.1526: Invalid inode bitmap blk 137438953472 in block_group 0 [ 564.801534][T10181] loop4: detected capacity change from 0 to 256 [ 564.877415][ T4274] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm kworker/u4:6: Invalid inode table block 8589934593 in block_group 0 [ 568.632890][T10221] loop4: detected capacity change from 0 to 4096 [ 568.694045][T10221] EXT4-fs (loop4): Test dummy encryption mode enabled [ 568.718342][T10221] EXT4-fs (loop4): Ignoring removed oldalloc option [ 568.751814][T10221] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 568.773767][T10221] System zones: 0-5 [ 568.791568][T10221] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 570.172693][T10241] loop4: detected capacity change from 0 to 2048 [ 570.875222][T10241] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 570.985228][T10253] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 571.013361][T10254] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1561'. [ 571.074052][T10252] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1561'. [ 571.089447][T10253] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 640 with error 28 [ 571.867234][T10253] EXT4-fs (loop4): This should not happen!! Data will be lost [ 571.867234][T10253] [ 571.964313][T10261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1563'. [ 571.997037][T10253] EXT4-fs (loop4): Total free blocks count 0 [ 572.032922][T10253] EXT4-fs (loop4): Free/Dirty block details [ 572.293605][T10253] EXT4-fs (loop4): free_blocks=2415919504 [ 572.381018][T10253] EXT4-fs (loop4): dirty_blocks=656 [ 572.448058][T10253] EXT4-fs (loop4): Block reservation details [ 572.483637][T10253] EXT4-fs (loop4): i_reserved_data_blocks=41 [ 572.495679][T10264] loop5: detected capacity change from 0 to 4096 [ 572.601426][T10274] loop6: detected capacity change from 0 to 512 [ 572.743829][T10264] EXT4-fs (loop5): Test dummy encryption mode enabled [ 572.750993][T10264] EXT4-fs (loop5): Ignoring removed oldalloc option [ 572.762733][ T4276] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 572.794055][ T4276] EXT4-fs (loop4): This should not happen!! Data will be lost [ 572.794055][ T4276] [ 572.811119][T10264] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=b842c018, mo2=0003] [ 572.832421][T10264] System zones: 0-5 [ 572.833247][T10274] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 572.854229][T10274] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 572.889210][T10264] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,delalloc,grpjquota=,test_dummy_encryption,i_version,oldalloc,data_err=abort,barrier,,errors=continue. Quota mode: writeback. [ 574.432585][ T26] audit: type=1800 audit(1775694915.698:37): pid=10288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1568" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 574.489576][T10291] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1572'. [ 574.531706][T10291] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1572'. [ 576.659270][T10316] loop6: detected capacity change from 0 to 1024 [ 577.400955][T10316] EXT4-fs (loop6): unsupported inode size: 16384 [ 577.416450][T10316] EXT4-fs (loop6): blocksize: 1024 [ 577.470571][T10326] loop4: detected capacity change from 0 to 512 [ 577.560350][T10326] EXT4-fs (loop4): Ignoring removed nobh option [ 577.750048][T10335] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1584'. [ 577.759067][T10326] [ 577.762430][T10326] ====================================================== [ 577.769808][T10326] WARNING: possible circular locking dependency detected [ 577.777509][T10326] syzkaller #0 Not tainted [ 577.781968][T10326] ------------------------------------------------------ [ 577.783008][T10335] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1584'. [ 577.789091][T10326] syz.4.1581/10326 is trying to acquire lock: [ 577.789108][T10326] ffff888072cd8bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x20f/0x2df0 [ 577.815986][T10326] [ 577.815986][T10326] but task is already holding lock: [ 577.823361][T10326] ffff888074945a80 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 577.834549][T10326] [ 577.834549][T10326] which lock already depends on the new lock. [ 577.834549][T10326] [ 577.846122][T10326] [ 577.846122][T10326] the existing dependency chain (in reverse order) is: [ 577.855532][T10326] [ 577.855532][T10326] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 577.864169][T10326] down_write+0x38/0x60 [ 577.869459][T10326] ext4_destroy_inline_data+0x24/0xe0 [ 577.875348][T10326] ext4_writepages+0x670/0x2df0 [ 577.880881][T10326] do_writepages+0x476/0x6e0 [ 577.885977][T10326] filemap_fdatawrite_wbc+0x1eb/0x240 [ 577.892036][T10326] filemap_flush+0xd4/0x130 [ 577.897147][T10326] ext4_convert_inline_data+0x18b/0x5f0 [ 577.903482][T10326] ext4_fallocate+0xf4/0x1ed0 [ 577.908684][T10326] vfs_fallocate+0x587/0x6f0 [ 577.913871][T10326] do_vfs_ioctl+0x1bd5/0x1ef0 [ 577.919271][T10326] __se_sys_ioctl+0x83/0x170 [ 577.924371][T10326] do_syscall_64+0x4c/0xa0 [ 577.929917][T10326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 577.936686][T10326] [ 577.936686][T10326] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 577.945738][T10326] __lock_acquire+0x2c42/0x7d10 [ 577.951108][T10326] lock_acquire+0x19e/0x400 [ 577.956206][T10326] percpu_down_read+0x46/0x1b0 [ 577.961505][T10326] ext4_writepages+0x20f/0x2df0 [ 577.967244][T10326] do_writepages+0x476/0x6e0 [ 577.973358][T10326] __writeback_single_inode+0x153/0xda0 [ 577.980672][T10326] writeback_single_inode+0x3cb/0x8e0 [ 577.987004][T10326] write_inode_now+0x23b/0x2c0 [ 577.992288][T10326] iput+0x5ab/0x8a0 [ 577.996793][T10326] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 578.002772][T10326] ext4_xattr_block_set+0x4fd/0x2d20 [ 578.008848][T10326] ext4_expand_extra_isize_ea+0xf3f/0x19b0 [ 578.015347][T10326] __ext4_expand_extra_isize+0x301/0x3e0 [ 578.021836][T10326] __ext4_mark_inode_dirty+0x469/0x700 [ 578.028798][T10326] ext4_evict_inode+0xa8d/0x1090 [ 578.035960][T10326] evict+0x4c9/0x8d0 [ 578.041694][T10326] ext4_orphan_cleanup+0xad2/0x1320 [ 578.048003][T10326] ext4_fill_super+0x8e25/0x95a0 [ 578.054619][T10326] mount_bdev+0x287/0x3c0 [ 578.060373][T10326] legacy_get_tree+0xe6/0x180 [ 578.066055][T10326] vfs_get_tree+0x88/0x270 [ 578.071908][T10326] do_new_mount+0x24a/0xa40 [ 578.078003][T10326] __se_sys_mount+0x2e3/0x3d0 [ 578.084016][T10326] do_syscall_64+0x4c/0xa0 [ 578.089853][T10326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 578.097365][T10326] [ 578.097365][T10326] other info that might help us debug this: [ 578.097365][T10326] [ 578.109813][T10326] Possible unsafe locking scenario: [ 578.109813][T10326] [ 578.118434][T10326] CPU0 CPU1 [ 578.124350][T10326] ---- ---- [ 578.130445][T10326] lock(&ei->xattr_sem); [ 578.135110][T10326] lock(&sbi->s_writepages_rwsem); [ 578.143686][T10326] lock(&ei->xattr_sem); [ 578.152008][T10326] lock(&sbi->s_writepages_rwsem); [ 578.157759][T10326] [ 578.157759][T10326] *** DEADLOCK *** [ 578.157759][T10326] [ 578.168335][T10326] 3 locks held by syz.4.1581/10326: [ 578.175872][T10326] #0: ffff88805ff320e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 578.191120][T10326] #1: ffff88805ff32650 (sb_internal){++++}-{0:0}, at: ext4_evict_inode+0x44a/0x1090 [ 578.205031][T10326] #2: ffff888074945a80 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 578.219958][T10326] [ 578.219958][T10326] stack backtrace: [ 578.228755][T10326] CPU: 1 PID: 10326 Comm: syz.4.1581 Not tainted syzkaller #0 [ 578.240310][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 578.254316][T10326] Call Trace: [ 578.257886][T10326] [ 578.261651][T10326] dump_stack_lvl+0x188/0x250 [ 578.268569][T10326] ? load_image+0x400/0x400 [ 578.274680][T10326] ? show_regs_print_info+0x20/0x20 [ 578.282832][T10326] ? print_circular_bug+0x12b/0x1a0 [ 578.289600][T10326] check_noncircular+0x296/0x330 [ 578.295368][T10326] ? look_up_lock_class+0x71/0x110 [ 578.302081][T10326] ? add_chain_block+0x940/0x940 [ 578.310133][T10326] ? lockdep_lock+0xf1/0x1f0 [ 578.315658][T10326] ? mark_lock+0x94/0x320 [ 578.321053][T10326] __lock_acquire+0x2c42/0x7d10 [ 578.330113][T10326] ? __lock_acquire+0x7d10/0x7d10 [ 578.337328][T10326] ? verify_lock_unused+0x140/0x140 [ 578.344730][T10326] lock_acquire+0x19e/0x400 [ 578.349968][T10326] ? ext4_writepages+0x20f/0x2df0 [ 578.356786][T10326] ? __might_sleep+0xf0/0xf0 [ 578.362697][T10326] ? read_lock_is_recursive+0x10/0x10 [ 578.370823][T10326] ? mark_lock+0x94/0x320 [ 578.376781][T10326] ? __lock_acquire+0x13bc/0x7d10 [ 578.384085][T10326] percpu_down_read+0x46/0x1b0 [ 578.390108][T10326] ? ext4_writepages+0x20f/0x2df0 [ 578.396395][T10326] ext4_writepages+0x20f/0x2df0 [ 578.402511][T10326] ? verify_lock_unused+0x140/0x140 [ 578.408103][T10326] ? verify_lock_unused+0x140/0x140 [ 578.413839][T10326] ? mark_lock+0x94/0x320 [ 578.418273][T10326] ? ext4_readpage+0x2e0/0x2e0 [ 578.423298][T10326] ? __lock_acquire+0x13bc/0x7d10 [ 578.428501][T10326] ? __lock_acquire+0x7d10/0x7d10 [ 578.433776][T10326] ? __lock_acquire+0x7d10/0x7d10 [ 578.438980][T10326] ? do_raw_spin_lock+0x128/0x2f0 [ 578.444538][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 578.450757][T10326] ? ext4_readpage+0x2e0/0x2e0 [ 578.455958][T10326] do_writepages+0x476/0x6e0 [ 578.461968][T10326] ? __writepage+0x130/0x130 [ 578.467547][T10326] ? writeback_single_inode+0x3c0/0x8e0 [ 578.475494][T10326] ? __lock_acquire+0x7d10/0x7d10 [ 578.486154][T10326] ? do_raw_spin_lock+0x128/0x2f0 [ 578.493048][T10326] __writeback_single_inode+0x153/0xda0 [ 578.502288][T10326] writeback_single_inode+0x3cb/0x8e0 [ 578.509723][T10326] ? write_inode_now+0x2c0/0x2c0 [ 578.515764][T10326] write_inode_now+0x23b/0x2c0 [ 578.521997][T10326] ? bdi_split_work_to_wbs+0x8a0/0x8a0 [ 578.532636][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 578.539839][T10326] iput+0x5ab/0x8a0 [ 578.544910][T10326] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 578.552179][T10326] ? ext4_xattr_ibody_set+0x330/0x330 [ 578.559164][T10326] ? __ext4_journal_get_write_access+0x2ea/0x6e0 [ 578.567271][T10326] ? __might_sleep+0xf0/0xf0 [ 578.573624][T10326] ? ext4_xattr_block_set+0xc2/0x2d20 [ 578.581293][T10326] ext4_xattr_block_set+0x4fd/0x2d20 [ 578.589536][T10326] ? ext4_get_inode_loc+0x120/0x120 [ 578.595957][T10326] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 578.602569][T10326] ? ext4_xattr_block_find+0x500/0x500 [ 578.609543][T10326] ? ext4_xattr_block_find+0x433/0x500 [ 578.616802][T10326] ext4_expand_extra_isize_ea+0xf3f/0x19b0 [ 578.624927][T10326] __ext4_expand_extra_isize+0x301/0x3e0 [ 578.632150][T10326] __ext4_mark_inode_dirty+0x469/0x700 [ 578.638341][T10326] ext4_evict_inode+0xa8d/0x1090 [ 578.643398][T10326] ? _raw_spin_unlock+0x24/0x40 [ 578.648526][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 578.654670][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 578.660033][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 578.666311][T10326] evict+0x4c9/0x8d0 [ 578.670756][T10326] ? proc_nr_inodes+0x320/0x320 [ 578.675977][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 578.682993][T10326] ? _raw_spin_unlock+0x24/0x40 [ 578.688321][T10326] ? iput+0x706/0x8a0 [ 578.692404][T10326] ext4_orphan_cleanup+0xad2/0x1320 [ 578.697863][T10326] ? ext4_orphan_del+0xbf0/0xbf0 [ 578.703394][T10326] ? errseq_check_and_advance+0x62/0x120 [ 578.710402][T10326] ext4_fill_super+0x8e25/0x95a0 [ 578.715815][T10326] ? ext4_mount+0x40/0x40 [ 578.720238][T10326] ? set_blocksize+0x1f3/0x370 [ 578.725621][T10326] ? sb_set_blocksize+0xa5/0xe0 [ 578.731089][T10326] mount_bdev+0x287/0x3c0 [ 578.735981][T10326] ? ext4_mount+0x40/0x40 [ 578.741490][T10326] legacy_get_tree+0xe6/0x180 [ 578.747979][T10326] ? ext4_errno_to_code+0x160/0x160 [ 578.753806][T10326] vfs_get_tree+0x88/0x270 [ 578.758484][T10326] do_new_mount+0x24a/0xa40 [ 578.762981][T10326] __se_sys_mount+0x2e3/0x3d0 [ 578.768447][T10326] ? __x64_sys_mount+0xc0/0xc0 [ 578.773282][T10326] ? lockdep_hardirqs_on+0x94/0x140 [ 578.779256][T10326] ? __x64_sys_mount+0x1c/0xc0 [ 578.784696][T10326] do_syscall_64+0x4c/0xa0 [ 578.790530][T10326] ? clear_bhb_loop+0x30/0x80 [ 578.795546][T10326] ? clear_bhb_loop+0x30/0x80 [ 578.800664][T10326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 578.807606][T10326] RIP: 0033:0x7f24327f7a8a [ 578.815480][T10326] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 578.835909][T10326] RSP: 002b:00007f2430a4fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 578.844706][T10326] RAX: ffffffffffffffda RBX: 00007f2430a4fee0 RCX: 00007f24327f7a8a [ 578.853484][T10326] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f2430a4fea0 [ 578.861562][T10326] RBP: 0000200000000180 R08: 00007f2430a4fee0 R09: 0000000000800718 [ 578.870683][T10326] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 578.879459][T10326] R13: 00007f2430a4fea0 R14: 00000000000004a3 R15: 0000200000000540 [ 578.887523][T10326] [ 578.939774][T10326] ------------[ cut here ]------------ [ 578.953643][T10326] EA inode 11 i_nlink=1026 [ 578.953847][T10326] WARNING: CPU: 0 PID: 10326 at fs/ext4/xattr.c:1006 ext4_xattr_inode_update_ref+0x4e7/0x540 [ 578.969634][T10326] Modules linked in: [ 578.974025][T10326] CPU: 0 PID: 10326 Comm: syz.4.1581 Not tainted syzkaller #0 [ 578.982589][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 578.994397][T10326] RIP: 0010:ext4_xattr_inode_update_ref+0x4e7/0x540 [ 579.001181][T10326] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 1a e6 a1 ff 49 8b 37 48 c7 c7 40 9b 3d 8a 89 da e8 f9 32 95 07 <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 43 22 a0 07 [ 579.022845][T10326] RSP: 0018:ffffc900040b7160 EFLAGS: 00010246 [ 579.029089][T10326] RAX: 225a1d010efe8900 RBX: 0000000000000402 RCX: 0000000000080000 [ 579.037562][T10326] RDX: ffffc9000cb81000 RSI: 000000000007ffff RDI: 0000000000080000 [ 579.046150][T10326] RBP: ffffc900040b7250 R08: ffff8880b902795b R09: 1ffff11017204f2b [ 579.059806][T10326] R10: dffffc0000000000 R11: ffffed1017204f2c R12: ffff8880749b5c58 [ 579.068482][T10326] R13: 1ffff1100e936bca R14: dffffc0000000000 R15: ffff8880749b5c98 [ 579.077113][T10326] FS: 00007f2430a506c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 579.086761][T10326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 579.093665][T10326] CR2: 000000110c27180f CR3: 0000000062673000 CR4: 00000000003506f0 [ 579.102098][T10326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 579.110498][T10326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 579.120422][T10326] Call Trace: [ 579.124009][T10326] [ 579.127641][T10326] ? ext4_xattr_block_csum+0x560/0x560 [ 579.133844][T10326] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 579.140199][T10326] ext4_xattr_set_entry+0xed9/0x3ea0 [ 579.145691][T10326] ? __sync_dirty_buffer+0x32d/0x370 [ 579.151201][T10326] ? __ext4_handle_dirty_metadata+0x39d/0x800 [ 579.157544][T10326] ? ext4_xattr_block_set+0xda0/0x2d20 [ 579.163227][T10326] ? ext4_xattr_ibody_set+0x330/0x330 [ 579.170251][T10326] ? ext4_get_inode_loc+0x120/0x120 [ 579.176046][T10326] ext4_xattr_ibody_set+0x112/0x330 [ 579.181270][T10326] ext4_expand_extra_isize_ea+0x10d3/0x19b0 [ 579.187831][T10326] __ext4_expand_extra_isize+0x301/0x3e0 [ 579.193514][T10326] __ext4_mark_inode_dirty+0x469/0x700 [ 579.199472][T10326] ext4_evict_inode+0xa8d/0x1090 [ 579.204638][T10326] ? _raw_spin_unlock+0x24/0x40 [ 579.209821][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 579.216617][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 579.222221][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 579.228489][T10326] evict+0x4c9/0x8d0 [ 579.232489][T10326] ? proc_nr_inodes+0x320/0x320 [ 579.237432][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 579.243011][T10326] ? _raw_spin_unlock+0x24/0x40 [ 579.248394][T10326] ? iput+0x706/0x8a0 [ 579.252504][T10326] ext4_orphan_cleanup+0xad2/0x1320 [ 579.258189][T10326] ? ext4_orphan_del+0xbf0/0xbf0 [ 579.263955][T10326] ? errseq_check_and_advance+0x62/0x120 [ 579.269961][T10326] ext4_fill_super+0x8e25/0x95a0 [ 579.276621][T10326] ? ext4_mount+0x40/0x40 [ 579.281243][T10326] ? set_blocksize+0x1f3/0x370 [ 579.286207][T10326] ? sb_set_blocksize+0xa5/0xe0 [ 579.291619][T10326] mount_bdev+0x287/0x3c0 [ 579.296354][T10326] ? ext4_mount+0x40/0x40 [ 579.300698][T10326] legacy_get_tree+0xe6/0x180 [ 579.305757][T10326] ? ext4_errno_to_code+0x160/0x160 [ 579.311248][T10326] vfs_get_tree+0x88/0x270 [ 579.316068][T10326] do_new_mount+0x24a/0xa40 [ 579.321509][T10326] __se_sys_mount+0x2e3/0x3d0 [ 579.326660][T10326] ? __x64_sys_mount+0xc0/0xc0 [ 579.331733][T10326] ? lockdep_hardirqs_on+0x94/0x140 [ 579.337540][T10326] ? __x64_sys_mount+0x1c/0xc0 [ 579.343021][T10326] do_syscall_64+0x4c/0xa0 [ 579.347797][T10326] ? clear_bhb_loop+0x30/0x80 [ 579.352754][T10326] ? clear_bhb_loop+0x30/0x80 [ 579.357838][T10326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 579.364009][T10326] RIP: 0033:0x7f24327f7a8a [ 579.368455][T10326] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 579.390034][T10326] RSP: 002b:00007f2430a4fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 579.398731][T10326] RAX: ffffffffffffffda RBX: 00007f2430a4fee0 RCX: 00007f24327f7a8a [ 579.407908][T10326] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f2430a4fea0 [ 579.416166][T10326] RBP: 0000200000000180 R08: 00007f2430a4fee0 R09: 0000000000800718 [ 579.424918][T10326] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 579.433261][T10326] R13: 00007f2430a4fea0 R14: 00000000000004a3 R15: 0000200000000540 [ 579.442330][T10326] [ 579.445411][T10326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 579.452963][T10326] CPU: 0 PID: 10326 Comm: syz.4.1581 Not tainted syzkaller #0 [ 579.460930][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 579.471529][T10326] Call Trace: [ 579.474903][T10326] [ 579.478189][T10326] dump_stack_lvl+0x188/0x250 [ 579.483801][T10326] ? show_regs_print_info+0x20/0x20 [ 579.489376][T10326] ? load_image+0x400/0x400 [ 579.494146][T10326] panic+0x2e5/0x810 [ 579.498252][T10326] ? bpf_jit_dump+0xd0/0xd0 [ 579.503191][T10326] ? ext4_xattr_inode_update_ref+0x4e7/0x540 [ 579.509263][T10326] __warn+0x248/0x2b0 [ 579.513711][T10326] ? ext4_xattr_inode_update_ref+0x4e7/0x540 [ 579.519924][T10326] report_bug+0x1b7/0x2e0 [ 579.524465][T10326] handle_bug+0x3a/0x70 [ 579.528791][T10326] exc_invalid_op+0x16/0x40 [ 579.533470][T10326] asm_exc_invalid_op+0x16/0x20 [ 579.538503][T10326] RIP: 0010:ext4_xattr_inode_update_ref+0x4e7/0x540 [ 579.545373][T10326] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 1a e6 a1 ff 49 8b 37 48 c7 c7 40 9b 3d 8a 89 da e8 f9 32 95 07 <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 43 22 a0 07 [ 579.566149][T10326] RSP: 0018:ffffc900040b7160 EFLAGS: 00010246 [ 579.572300][T10326] RAX: 225a1d010efe8900 RBX: 0000000000000402 RCX: 0000000000080000 [ 579.580926][T10326] RDX: ffffc9000cb81000 RSI: 000000000007ffff RDI: 0000000000080000 [ 579.589497][T10326] RBP: ffffc900040b7250 R08: ffff8880b902795b R09: 1ffff11017204f2b [ 579.597789][T10326] R10: dffffc0000000000 R11: ffffed1017204f2c R12: ffff8880749b5c58 [ 579.606109][T10326] R13: 1ffff1100e936bca R14: dffffc0000000000 R15: ffff8880749b5c98 [ 579.614447][T10326] ? ext4_xattr_block_csum+0x560/0x560 [ 579.620400][T10326] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 579.626225][T10326] ext4_xattr_set_entry+0xed9/0x3ea0 [ 579.632454][T10326] ? __sync_dirty_buffer+0x32d/0x370 [ 579.638000][T10326] ? __ext4_handle_dirty_metadata+0x39d/0x800 [ 579.644071][T10326] ? ext4_xattr_block_set+0xda0/0x2d20 [ 579.649877][T10326] ? ext4_xattr_ibody_set+0x330/0x330 [ 579.656125][T10326] ? ext4_get_inode_loc+0x120/0x120 [ 579.661463][T10326] ext4_xattr_ibody_set+0x112/0x330 [ 579.667587][T10326] ext4_expand_extra_isize_ea+0x10d3/0x19b0 [ 579.673800][T10326] __ext4_expand_extra_isize+0x301/0x3e0 [ 579.682301][T10326] __ext4_mark_inode_dirty+0x469/0x700 [ 579.688301][T10326] ext4_evict_inode+0xa8d/0x1090 [ 579.693676][T10326] ? _raw_spin_unlock+0x24/0x40 [ 579.698634][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 579.704813][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 579.710484][T10326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 579.716911][T10326] evict+0x4c9/0x8d0 [ 579.721034][T10326] ? proc_nr_inodes+0x320/0x320 [ 579.726325][T10326] ? do_raw_spin_unlock+0x11d/0x230 [ 579.731711][T10326] ? _raw_spin_unlock+0x24/0x40 [ 579.736919][T10326] ? iput+0x706/0x8a0 [ 579.741363][T10326] ext4_orphan_cleanup+0xad2/0x1320 [ 579.747954][T10326] ? ext4_orphan_del+0xbf0/0xbf0 [ 579.752894][T10326] ? errseq_check_and_advance+0x62/0x120 [ 579.760854][T10326] ext4_fill_super+0x8e25/0x95a0 [ 579.766662][T10326] ? ext4_mount+0x40/0x40 [ 579.772750][T10326] ? set_blocksize+0x1f3/0x370 [ 579.777972][T10326] ? sb_set_blocksize+0xa5/0xe0 [ 579.783275][T10326] mount_bdev+0x287/0x3c0 [ 579.788137][T10326] ? ext4_mount+0x40/0x40 [ 579.792663][T10326] legacy_get_tree+0xe6/0x180 [ 579.797967][T10326] ? ext4_errno_to_code+0x160/0x160 [ 579.803623][T10326] vfs_get_tree+0x88/0x270 [ 579.808453][T10326] do_new_mount+0x24a/0xa40 [ 579.814468][T10326] __se_sys_mount+0x2e3/0x3d0 [ 579.819580][T10326] ? __x64_sys_mount+0xc0/0xc0 [ 579.825140][T10326] ? lockdep_hardirqs_on+0x94/0x140 [ 579.830877][T10326] ? __x64_sys_mount+0x1c/0xc0 [ 579.836433][T10326] do_syscall_64+0x4c/0xa0 [ 579.841678][T10326] ? clear_bhb_loop+0x30/0x80 [ 579.846894][T10326] ? clear_bhb_loop+0x30/0x80 [ 579.851952][T10326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 579.858213][T10326] RIP: 0033:0x7f24327f7a8a [ 579.862788][T10326] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 579.883168][T10326] RSP: 002b:00007f2430a4fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 579.891834][T10326] RAX: ffffffffffffffda RBX: 00007f2430a4fee0 RCX: 00007f24327f7a8a [ 579.899898][T10326] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f2430a4fea0 [ 579.908528][T10326] RBP: 0000200000000180 R08: 00007f2430a4fee0 R09: 0000000000800718 [ 579.916811][T10326] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 579.925287][T10326] R13: 00007f2430a4fea0 R14: 00000000000004a3 R15: 0000200000000540 [ 579.933878][T10326] [ 579.938250][T10326] Kernel Offset: disabled [ 579.942896][T10326] Rebooting in 86400 seconds..