last executing test programs: 16.442888567s ago: executing program 1 (id=1061): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x80000, 0x140) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x1800, r0}, 0x0) landlock_restrict_self(r1, 0x0) linkat(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) 16.413329356s ago: executing program 1 (id=1062): r0 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000004500), 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x3, &(0x7f0000000240), 0x1, 0x625, &(0x7f0000000800)="$eJzs3c1vFOUfAPDvbLfvv58txKh4kCbGQKK0tIIhxkS4G4IvN71UWgihUEJrYpHEkuhN48WDiScP4l9hJPHqP+DBiydDQozhIIbImpmdbaftbunb7pT280mGzsvuPN8Bvn2effZ5ZgLYt0bSPyoRhyLiWhIxVDhWjfzgSP119/+6eT5dkqjV3v0ziZufJovFcyX5zwP5m/8diiR9+8GJH9eUO7dw4/LkzMz09WyrN9+7cOPYpSuTF6cvTl+deG3i1MkTJ0+NH9/+9RUvJ+L97799mIz/8NvZJE7Ho676zvS6Vr+3d1slp2WPRK3uQXF/GsipbZ57t/h7aPkvtq4/kmpp4bBJF/L/j90R8WwMRVfhX3MoPn+71OCAtqol0aijgH0n2VL+9+18IECHNdoBjc/2zT4Hr1Vpc6sE6IR7Z+odAPXc746IRv5X876zvqxvYOB+sqKfJ4mI7fXM1aVl/PLz2c/SJVr0wwHtsXirN++3X13/J1luDkdftjVwv7Ii/yuFJd3/zhbLH1m1Lf+hcxZvRcRzef3fE5vK/5FC/n+4xfLlPwAAAAAAAOycO2ci4pVm4/8qS+N/epqM/xmMiNM7UP7jv/+r3M1Xkh0oDii4dybijabjf5fG+A535Vv/z8YDdCcXLs1MH4+IpyLiaHT3ptvjq85bHCF87MuD37Qqvzj+L13S8htjAfMz3a2umog7NTk/ud3rBiLu3Yp4Phv/ezjfs3L8T1r/J03q/zS/r22wjIMv3T7X6tjj8x9ol9p3EUea1v/Lze10bWz+yrWxuab35xjL2gNjjVZBw3IL4IVPvhpsVf46+e8uEtBmaf0/sH7+9ybF+/XMbe78PRHx6kK11ur4Vtv/Pcl7XY3zpz6enJ+/Ph7Rk7y1dv/E5mKGvaqRD418SfP/6Ivr9/8ttf8LedgfEYurT96ih+6ZR4O/t4pH+x/Kk+b/1Pr1//DK+n/zKxO3h39qVf65DdX/J7I6/Wi+R/8fFK29H8eaLByIpglaSrgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ISrRMT/IqmMLq1XKqOjEYMR8XQMVGZm5+ZfvjD70dWp9Fj2/P9K40m/Q/XtpPH8/+HC9sTK7f60rAMR8XVXf3Z89PzszFTZFw8AAAAAAAAAAAAAAAAAAAC7xGA257/Wu3r+f+qPrrKjA9qumv9czvee0mIBOivP/y8+2PQ7a707Hw3QSdWyAwBKs/H8725rHEDntc7/Bw9rmY6GA3SQ9j/sX1vMf18Pwh6g/of9aoN9en3tjgMog/ofAAAAAAD2lAOH7/yaRMTi6/3ZEoXJvwb7w95WKTsAoDTG8ML+VZ0tOwKgLD7jA8nS2j9NJ/u3Hv2ftCcgAAAAAAAAAAAAAGCNI4fM/4f9av35/8b2w162zvz/LPmzRwM8rG3g5cCTpvWjP9T9sNet8xnfA79gn3hcbW/+PwAAAAAAAAAAAADsAn03Lk/OzExfn1t48lbe3B1hbG5lcXJXhLHdlf6IWNrzqD1ldUdE+Ve6cyvViMrGXty4BUeJMZf8ewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjyXwAAAP//CHogwg==") bpf$OBJ_GET_PROG(0x7, &(0x7f0000000000)=@generic={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x18) socket$nl_route(0x10, 0x3, 0x0) write$smackfs_netlabel(r0, &(0x7f0000000000)=@l2={{0x951f, 0x2e, 0x2, 0x2e, 0x0, 0x2e, 0x5}, 0x2f, 0xfff, 0x20, '\x8f\xe3\x85\xfd\xdd\x1b\x9bg\xeaQ\xa8\x99\xbf\x8e\xdc?y\xfe\xd8\x13aeEm\x18q\xbc\x15\xe6\r]\xaf\xbb\x94E\xe8r\x94-\xe5\xf0(\xccS\x1c\x91\xab\r\xc0\xac\x14\x9c\x92\xedQ\xd4M.\xd4Z\x92\x84\x887\xda+\x16,\xf7\xfd\xbf\a\x91j\xb3\xd3!\x90\xa1HVqS\x8d\xe4,\x91\xbd\xcb\x8c\xa6W\x85\xb9\xcf\x1d\x1d\x1d(\xbd\x12Kx\x01\x9b@\x1b\x1b\xe0\xda\xb4\xddD\xbf8K\xeej\x90\x91\'\xa8%\xaaO\x00\xdd\x1a\a\xf0\x00\x00\x00\x00\x00\x00\xb4\x0eY\xbf\n2x.\xd6\xccb\xff\xdc\xf7\x1b\xad)Kg\xb8\xc5\x85\xdf\x8e\xa2n\x1f&\x9b\xe8\xc9\x9eS\xd4\xcd\x02Y\x95M,\xae.\xc4Q\x14:\xef\xd9\x96\xa1\x0f\xc5\x00\xe2$\xe9\vb\xa22F\xed%\xf7\xb6\x02\xcd\n%\\\x96\xa3\x87\x1a\x826`\xd9 r\xc88\x00*\x844\xbb\b\x92\x80\x98g\x01_\xe7\xf0\x0fdW\x1diq\xf3\xd8\xc8\x9e\xa3H/\x0f\xddKc\xd1\x16>{\x8d\x97g\xdd\xd94\x98\x12\x88\x8aM\x99\x1c\xf5\xf1\xfe\x83H.\x19\xb9\xb7\xa4\xc7\x9b\x94\xb4!\xc50\n\b\xce[\xf6O3\xc2GH\x16\x87\xf4\xc5\xdcb\xa9\xeb\xbb\xb8\xffmG\xf7O\xaci\x7f\x11\xba\xb3\r\xef\x90\xc3t\x99\\$\xf7\xebu{P\x9d4\xf0\x18\xd7\xb6\x81\xfa\x1dS\xcd\xfe\x9c\xd8L \xab+\x96b\xd1*\xd5#\x91\xc8\'\xb9B\xf1=|0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000840)={r1, @in6={{0xa, 0x4e20, 0x3b1, @empty, 0x8c2ac}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c) 12.597497517s ago: executing program 0 (id=1140): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006"], 0xd8}, 0x1, 0x0, 0x0, 0x4000101}, 0x0) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0) 12.557904769s ago: executing program 0 (id=1143): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r1, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@rights={{0x10}}], 0x10, 0x8800}}], 0x2, 0x0) 12.52596948s ago: executing program 0 (id=1144): mknodat(0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x11c0, 0x40000) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x1, 0x10001043, r0, 0x0) renameat2(r0, &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0, &(0x7f0000000440)='./file0\x00', 0x1) 12.456583782s ago: executing program 0 (id=1149): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000300)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x90e, &(0x7f0000000280)={[{@init_itable_val={'init_itable', 0x3d, 0x957}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@stripe={'stripe', 0x3d, 0x8}}, {@orlov}, {@lazytime}]}, 0x4, 0x46f, &(0x7f0000000780)="$eJzs289vFFUcAPDvTFt+IyviDxC1isbGH1sooBy8aDTxoImJFzzWthBkoYbWRAgRNAaPhsTEo/Fo4l/gSS9GPZl41bshIYaL6GnM7M6022W73ZYtK93PJ9nueztv+t533rzdN/N2AxhYo/mfJGJHRPweEbsa2aUFRhtPN29cnPrnxsWpJLLs7b+Serm/b1ycKouW+20vMmNpRPppEg+3qXfu/IXTk7XazLkiPz5/5v3xufMXnj91ZvLkzMmZsxPHjh05fOjFFyaO9iTOe/O27vtodv/e19+5+ubU8avv/vxtUsbfEkePjHba+FSW9bi6/trZlE6Gu9hhaB0bQ9fybsi7a6Q+/nfFUCx23q547ZO+Ng5YV1lhmc2XM2ADS6LfLQD6o/ygz69/y8edm3303/WXGxdAedw3i0djy3CkRZmRluvbXhqNiOOX//0qf8Tq70O4igYAVu37fP7z3C3zv62t5e6JzfW1oUqxlrI7Iu6LiD0RcX9EPBARD0bEQ+0q6bAg0LpIcuv8J7221ti6kc//XirWtpbO/8rZX1SGitzOevxH04jazMH6MYkYi5HNJ07VZg51qOOHV3/7fLltzfO//JHXX84Fi3ZcG968dJ/pyfnJ24m52fWPI/YNt4s/WVgJSCJib0TsW2Mdp575Zv9y21aOv4Nu1plWkH0d8XSj/y9HS/ylpPP65PiW/HwYz8+Cg23r+OXXK28tV/9txd8Def9va3v+L8RfSZrXa+dW898bo/vKH58te01TXdP5v/jCpuL5w8n5+XOHIjYlbzQa3fz6xOK+Zb4sn8c/dqD9+N9df84WDkR+Ej8SEY9GxGNFdI9HxBMRcaDDUfjplSff63SE2se/pcN/7J08/umW/q8sLdLS/4uJTdH6SvvE0Okfv1v6H7uJv5T3/5F6aqx4pf7+92XnuLpp12rPZgAAALhbpRGxI5K0upBO02q18R3+PbEtrc3OzT97YvaDs9ON3whUYiQt73Q17gePJOX9z0pTfqIlf7i4b/zF0NZ6vjo1W5vud/Aw4LY3j//yTme18fSnb5fAxteDdTTgLmX8w+Ay/mFwGf8wuNqM/1u+AA5sTO0+/y/1oR3Andcy/i37wQBx/Q+Da7jpR47AYGn+/PdGAANjbmus/CP5jZDIsiz7HzRj4yQi7bbwpX43deVEss6jYEe/A1x9ot/vTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xXwAAAP//BL/saw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) 12.411518006s ago: executing program 0 (id=1152): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x800004, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000000)="826bb66f", 0x18, 0x0, 0x0, 0x0) 12.208525402s ago: executing program 4 (id=1161): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x7f}], 0x1, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 12.058755604s ago: executing program 4 (id=1165): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) close(0xffffffffffffffff) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f00000000c0)={[&(0x7f0000000000)='\\\\\x98\xae!\\A\xc1=3\x06\x01\x80\xb2\xb7r@\xd7\xac\xb1\xafeN\xdf\x98 \x81\x8a\xe0?', &(0x7f0000000080)='\\\\\x98\xae!\\A\xc1=3\x06\x01\x80\xb2\xb7r@\xd7\xac\xb1\xafeN\xdf\x98 \x81\x8a\xe0?']}, 0x1000) 12.058222777s ago: executing program 4 (id=1166): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf09"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x55}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) 11.994681835s ago: executing program 4 (id=1168): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000)={[{@errors_remount}, {@nobh}]}, 0x3, 0x519, &(0x7f0000001300)="$eJzs3c9vI1cdAPDvTOJtsptiFxAqlSgVLcpWsHbS0DZCCMoFTpWAcl9C4kRR7DiKnbKJKkjFf4CQQOLEiQsSfwBS1QN/AKpUCS6IAwIEQrCFA+JHB9ke041jJ6k2yezGn4/04vdmxvN9byy/+eGXmQAm1lMR8VJETEXEsxFRzqeneYrDfuou987d11a7KYkse+WvSST5tMG6uuXpiLiRv20mIr725YhvJsfjtvcPtlYajfpuXq51mju19v7Brc3mykZ9o769tLT4wvKLy88vL2S5+2pnZZD5yZc+/8anv/W723+++e1utT73kSjFUDvOU7/ppd62GOhuo92LCFaAqbw9paIrAgDAmXSP8T8YEZ/oHf+XY6p3NDdkqoiaAQAAAOcl+8Jc/CeJyAAAAIArK42IuUjSaj4WYC7S9Fp+beDDcT1ttNqdT6239rbXuvMiKlFK1zcb9YV8rHAlSkm3vJiPsR2UnxsqL0XEYxHx/fJsr1xdbTXWCr72AQAAAJPixtD5/z/KaS9/uhH/JwAAAAA8uCpjCwAAAMBV4ZQfAAAArr7h8/83CqoHAAAAcCG+8vLL3ZQNnn+99ur+3lbr1Vtr9fZWtbm3Wl1t7e5UN1qtjd49+5qnra/Rau18Jrb37tQ69Xan1t4/uN1s7W13bm8eeQQ2AAAAcIke+/ibv04i4vCzs70U+X0AAY74Q9EVAM7TVNEVAArjLt4wuUpFVwAoXHLKfIN3AADg4Tf/0eO//w+e/+/aAFxtxvoAwOSZjtmiqwAUpGQEIEy0NCI+0M8+Mm6Zsb////KsUbIs4q3yvVNcXwQAgMs110tJWs3PA+YiTavViEcj0kqUkvXNRn0hPz/4Vbn0SLe82HtncuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgL8uSyAAAAIArLSL9U9K7m3/EfPmZueHrA9eSf5bjj3nhR6/84M5Kp7O72J3+t96zvK5FROeH+fTnxj4+DAAAADhvyeHYWf3z9Px18VJrBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEeOfua6uDdJlx//LFiKiMij8dM73XmShFxPW/JzF9z/uSiJg6h/iHr0fE46PiJ/FulmWVvBbD8dOImL3g+JXephkf/8Y5xIdJ9ma3/3lp1Pcvjad6r6O/f9N5ul/j+780j/x4r58b1f89emxtzZExnnj7Z7Wx8V+PeGJ6dP8z6H+TMfGfPra2f2dZdjzGN75+cDAufvbjiPmR+5/kSKxap7lTa+8f3NpsrmzUN+rbS0uLLyy/uPz88kJtfbNRz/+OjPG9j/383ZPaf31E/N/+pt//ntT+Z8atdMh/375z90P9bGlU/JtPj9z/zsSY+Gm+7/tknu/Onx/kD/v5ez3507eePKn9a2O2/2mf/80ztv/Zr37392dcFAC4BO39g62VRqO+e0Jm5gzLPIyZX8w8ENV4n5nsO/1P7oRlysXV8F9nXrh7tPrelEGrCt+8RzLZpcWaigekyf/PFNotAQAAF+C9g/6iawIAAAAAAAAAAAAAAAAAAACT6zJuJzYc87CYpgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOh/AQAA///uxuBB") madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) syz_clone3(&(0x7f00000004c0)={0x84004400, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x64) 11.67203717s ago: executing program 4 (id=1175): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000030e0095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff02"], 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1) 11.286531112s ago: executing program 4 (id=1180): r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) close(0x3) socket$unix(0x1, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x4000, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 11.16815818s ago: executing program 33 (id=1180): r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) close(0x3) socket$unix(0x1, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x4000, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 10.068851906s ago: executing program 5 (id=1190): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a31000000001400048008000240e7b140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket(0xa, 0x3, 0xff) sendmsg$inet6(r1, &(0x7f0000001c00)={&(0x7f0000000140)={0xa, 0xa, 0x7, @mcast2, 0x2}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000003c0)="e31723d7c6012cc217028c19caeec9129ea45298e758b4d5c8a3e85d7f5ddcaf1f67e776ce1ae9514b74", 0x2a}], 0x1}, 0x388) 9.990537105s ago: executing program 5 (id=1191): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmmsg(r0, &(0x7f000000a540)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000380)="ef8a561e07173f1a4d", 0x9}], 0x1}}], 0x4000000000001cc, 0x20040891) 9.138477523s ago: executing program 5 (id=1200): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x9412}, {0xffffffffffffffff, 0x2}, {r0, 0x4666}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x3000}, {}, {0xffffffffffffffff, 0x40}, {r1, 0x8}], 0x8, 0x0, 0x0, 0x0) 9.063834386s ago: executing program 5 (id=1201): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0xc5c, &(0x7f0000000380)={[{@test_dummy_encryption}, {@errors_remount}]}, 0x3, 0x459, &(0x7f0000000540)="$eJzs3MtvG0UYAPBvN48S2pJQyqMPIFAQEY+kaQv0wAEQSByKhAQHOEZJWpWmDWqCRKsIWoTKCSEk7ogj/wInuCDECYkr3FGlCuWSlpPR2ruN7dhu4tpxi38/ycnMzmxmPu+OPbtjJ4C+NZ79SCJ2RcSfETFaydZWGK/8ur66MntjdWU2iVLp3X+Scr211ZXZomqx3848M5FGpF8kcaBBu0sXLp6ZWViYP5/np5bPfjS1dOHiC6fPzpyaPzV/7sjx48eOTr/80pEXOxJn1qe1/Z8uHtz31gffvH3iq5r46+LokPFWhU+XSh1urrd2V6WTwQ3FI9vaGTZtICKywzVUHv+jMRDrB2803vy8p50DuqpUKpV2Ni++VAL+x5KozRvy0C+KN/q11ZU0VldmG10Hv9q96UfPXXutcgGUxX09f1RKBiPN6wzVXd920nhEvH/p3++yR3TnPgQAQI2fsvnP85V5x1rN/C+Nh6rq3ZevDY1FxP0RsSciHoiIvRHxYES57sMR8cgW269fJNk4/0mvthXYJmXzv1fyta3a+V8x+4uxgTy3uxz/UHLy9ML84fw5mYihHVl+ukUbP7/xx9fNyqrnf9kja7+YC+b9uDq4o3afuZnlmduJudq1yxH7BxvFn9xcCUgiYl9E7G+zjdPP/nCwWdmt429h4zrTlpW+j3imcvwvRV38haT1+uTUPbEwf3iqOCs2+u33K+80a/+24u+A7Pjf2/D8vxn/WFK9Xru09Tau/PVl02uads//4eS9cno43/bJzPLy+emI4eREpdPV24+s71vki/pZ/BOHGo//PbH+TByIiOwkfjQiHouIx/O+PxERT0bEoRbx//r6Ux+2H393ZfHPben4ryeGo35L48TAmV9+rGl0bEP8N1of/2Pl1ES+ZTOvf5vpV3tnMwAAANx90ojYFUk6eTOdppOTlc/L741IFxaXlp87ufjxubnKdwTGYigt7nSNVt0Pnc4v6yv5yxFR+WhBUX40v2/87cBIOT85u7gw1+vgoc/tbDL+M38P9Lp3QNd1YB0NuEsZ/9C/jH/oX8Y/9K8G498/bIE+0ej9/7Me9APYfnXj37If9BHX/9C/jH/oX8Y/9KWlkbj1l+RbJoq/1Obut5sY2fRX/bc5EUN3RDe6loj0juiGRJcSvX1dAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6JT/AgAA//9OFd7A") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x2009850, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x105) lseek(r0, 0xfffffffffffffffe, 0x0) 8.774336005s ago: executing program 5 (id=1208): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000b80)={[{@errors_remount}, {@bh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@oldalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x400c8a1}, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 8.32827389s ago: executing program 5 (id=1213): r0 = syz_io_uring_setup(0x3e3, &(0x7f0000000080)={0x0, 0xe138, 0x0, 0x1200001, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_modify_offsets$generic(r1, r2, 0x2c, 0x10000) io_uring_enter(r0, 0x35b3, 0x22c8, 0x46, 0x0, 0x0) io_uring_enter(r0, 0x24b7, 0xcb15, 0x21, 0x0, 0x0) io_uring_enter(r0, 0x1, 0xfffffffd, 0x1, 0x0, 0x0) 8.269249253s ago: executing program 34 (id=1213): r0 = syz_io_uring_setup(0x3e3, &(0x7f0000000080)={0x0, 0xe138, 0x0, 0x1200001, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_modify_offsets$generic(r1, r2, 0x2c, 0x10000) io_uring_enter(r0, 0x35b3, 0x22c8, 0x46, 0x0, 0x0) io_uring_enter(r0, 0x24b7, 0xcb15, 0x21, 0x0, 0x0) io_uring_enter(r0, 0x1, 0xfffffffd, 0x1, 0x0, 0x0) 1.388457737s ago: executing program 2 (id=1338): syz_mount_image$ext4(&(0x7f00000008c0)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x1000040, &(0x7f0000000880), 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143142, 0x159) fadvise64(r1, 0x7, 0x3, 0x4) 1.189025788s ago: executing program 2 (id=1342): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1400c, &(0x7f0000000840)={[{@stripe={'stripe', 0x3d, 0x3d}}, {@init_itable}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x3, 0x457, &(0x7f0000000bc0)="$eJzs281vFOUfAPDvTLvl11/BVsQ38KWKRuJLSwGVgwc1mnjAxEQPevDQtAtBFjC0JkJIBGPwZIyJd+PRf8GTXozxZOJV74aEGC6CpzWzO9PuLrtLt+x2kf18koHnmZc+3+/OPLvPzLMbwMiazf5JIrZHxO8RMV2vNu8wW//v2tXzS9evnl9Kolp9+6+ktt/fV88vFbsWx03llX1pRPpZEnvatLty9tyJxUqlfCavz6+e/HB+5ey5546fXDxWPlY+deDw4UMHF1584cDzfclzKtK89MZ7X7155Ium/Fvy6JPZbhufrFb73Nxw7WgoJ+NDDISejEVEdrpKtf4/HWOxfvKm4/VPhxocMFDVarU61XnzhSpwB0uiua7Lw6goPuiz+99iaR0EvDy44cfQXXmlfgOU5X0tX+pbxteeGJRa7m/7aTYi3r3wzzfZEoN5DgEA0OSHbPzzbDbaaR3/pXFfw3535XNDMxFxd0TsjIh74lTsioh7I2r73h8RD/TYfuskyY3jn/TyphLboGz891I+t9U8/itGfzEzltd21PIvJUePV8r766/J+/kwurzQpY0fX/vty07bGsd/2ZK1X4wF8zguj29rPmZ5cXXxVnJudOVixO7xdvknazMBSUQ8GBG7N9nG8ae/e6jTtpvn30Uf5pmq30Y8VT//F6Il/0LSfX5y/n9RKe+fL66KG/3y66W3OrV/S/n3QXb+/9/2+l/LfyZpnK9d6b2NS3983vGeZrPX/0TyTq08ka/7eHF19cxCxERypB504/oD68cW9WL/LP99e9v3/52x/krsiYjsIn44Ih6JiEfz2B+LiMcjYm+X/H9+9YkPWtdNbjj/wcryX+7p/K8XJqJ1TfvC2Imfvm9qdGa9mOd/vfv5P1Qr7cvXbOT9byNxbe5qBgAAgP+eNCK2R5LOrZXTdG6u/h3+XRFp5fTK6jNHT390arn+G4GZKKXFk67phuehC/ltfb1+MSLqXy0oth/Mnxt/PTZZq88tna4sDzt5GHFTHfp/VvlzbNjRAQPn91owunrq/8ng4gC2ns9/GF299f9tA4sD2Gqldv1/chiRAFuv3ef/J0OIA9h6Lf3ftB+MEM//YHTp/zC69H8YSSuTcfMfyXctFH9pk4ffsYUo3RZhDKwQ6W0RhsKACsN9XwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiXfwMAAP//EBbjLA==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103142, 0x2) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x8004587d, &(0x7f0000000340)={0x2, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) fdatasync(r0) 851.257869ms ago: executing program 7 (id=1344): rt_sigprocmask(0x2, &(0x7f0000000340)={[0xffffffffffffffff]}, 0x0, 0x8) syz_clone3(&(0x7f0000000600)={0x100000000, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setitimer(0x0, &(0x7f0000000080)={{0x0, 0x2710}, {r0, r1/1000+60000}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffff8]}, 0x0, 0x0, 0x8) 847.17021ms ago: executing program 3 (id=1345): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\r\x00'}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 824.709755ms ago: executing program 6 (id=1346): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x2, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) lseek(r0, 0xfffffffffffffff6, 0x1) 735.73843ms ago: executing program 3 (id=1347): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000700), 0xff, 0x49b, &(0x7f0000001040)="$eJzs3MtvVNUfAPDvnbY8fjzaHyIKglbQSHy0tKCycKFGExeamOgCl7UtiAzU0JoIabQYg0tD4t64NPEvcOfGqAtj4lYTl4aEaGNCcTXmvugwnSltaTvS+XyS6ZxzH3PO9957Zs69p/cG0LH60z9JxPaI+DUievPsrQv0529zs9OjN2anR5Oo1d74M8mWuz47PVouWq63rcgcrkRUPkni+WRhuZMXLp4ZqVbHzxf5wamz7w1OXrj41OmzI6fGT42fGz5+/NjRoWefGX56VeJM47q+78OJ/XtfeevKa6Mnrrz9w9dptfYcyOfXx3FbN5oE1ER/utX+qmUa5z26jLrfDXbUpZPuNlaEZemKiHR39WTtvze6Yn7n9cbLH7dec/P6VBBYM+lv0yIteaYGbGBJtLsGQHuUP/Tp+W/5Wqeux3/CtRciNhXpudnp0bmb8XdHpZjes4bl90fEiZl/vkhfsdzrEAAAK5D1bZ5s1v+rxJ7sPR/r2FmMofRFxP8jYldE3BMRuyPi3ohs2fsi4v585VrvEsvvb8gv7P9Urjat8ypJ+3/P1fX95uriL976uorcjiz+nuTk6er4kWKbHI6ezWl+aJEyvn3pl89azavv/6WvtPyyL1hU4Gp3wwW6sZGpkdXaCNcuRezrbhZ/cnMkID0C9kbEvuV99M4ycfrxr/a3Wuj28S9iFcaZal9GPJbv/5loiL+ULD4+ObglquNHBsujYqEff778eqvy7yj+VXDt4AN5Yn7/NyzR+3eSj9f2RLU6fn5y+WVc/u3Tluc0Kz3+NyVvZmPWP72TT/tgZGrq/FDEpuTVLF+e02XTh+fXLfPl8unxf/hQ8/a/q1gnjT/dSulBfCAiHoyIh4q6PxwRByPi0CLxf//iI+8uEn8SSbRv/1+KGGv6/Xfz+O9L6sfrV5DoOvPdN61GzOv3fy1ptf+PxUz2XZvLvv9uY6kVvMPNBwAAAHeFSkRsj6QykKf7t0elMjCQ/w//7vhfpToxOfXEyYn3z43l9wj0RU+lvNLVW3c9dCiZKT4xzw8X14rL+UeL68afd23N8gOjE9WxNscOnW7bre0/yvaf+qOr3bUD1pz7taBzNbb/SpvqAay/pfz+OxeAjenW9r8l/bO1XXUB1pfzf+hczdr/Rw15/X/YmBY+AOj3Jo+sAzYi/X/oXNo/dC7tHzpSfif8lVjJff0rT5Q3C6z8c7Ys+Q7/TkmUT7xYy7K2xvyUqLQ95A5KpC1mfQudf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3ezfAAAA//+5XeWQ") mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0/file0\x00', 0x8042, 0x0) pwrite64(r0, &(0x7f0000000080)="cce8a6af4d58d4a1c6de83881ff1e92cf0093fe3b42907d96bb79dc42e309d", 0x1f, 0x8080c61) fallocate(r0, 0x3, 0x80020, 0x8000c5f) 735.262229ms ago: executing program 2 (id=1348): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181341, 0x84) symlinkat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x28541, 0x0) 720.474482ms ago: executing program 6 (id=1349): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @local}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000500)=""/45, 0x2d}], 0x1, 0x80000000, 0xffffff7c) 616.003639ms ago: executing program 3 (id=1350): r0 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000040)='./file0/../file0\x00', r1, &(0x7f0000000140)='./file0\x00') readlinkat(r1, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000010980)=""/204, 0xcc) 608.844889ms ago: executing program 7 (id=1351): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000c40)='./file0\x00', 0x808080, &(0x7f0000000c80)={[{@discard}, {@bh}, {@noblock_validity}]}, 0x2c, 0x52c, &(0x7f0000000640)="$eJzs3d9rY1kdAPBvMv2Rdjrbru7DKuqO6+oowyRtZrcs+6DriyDLssK6TyKzpc2U0qQpTbpua8EO+Oar4IBP+if4IPggzJPvvumbLyMojDo4TAWRyE1uOm2adMq0aWaazwcuOefc2/s9J3DP6T1J7glgaF2NiN2IGIuIjyNiOi3PpFu829qS4x4/3Fnce7izmIlG48N/jqRH7iy2j2+7nJ4zF/FBkh/vEre2tb26UC6XNtJ8oV5ZL9S2tm+sVBaWS8ultWJxfm5+9u2bbxXPrK2vVX7z4Dsr7330+9998f4fd7/x46TO32rtGkvadmaBDmi9L6MxdaAseefe60ewAbiUtmds0BXhmWQj4jMR8Xqa3pcbXJ0AgP5qNKajMX0w31vmBMcAAM+/5J5/KjLZfHr/PxXZbD7fnMPLvRKT2XK1Vr9+u7q5thTNOayZGM3eXimXZtO5wpkYzST5uWb6Sb7Ykb8ZES9HxM/HJ5r5/GK1vDSof3oAYMhd7hj/H423xv8T8AkBALzIjOQAMHyOjv+jA6kHAHB+3P8DwPA5MP53+60uAHAB5Tp++w8AXHwH7v9Huh7wavzkh+dXHQDgHPj8HwCGyvfefz/ZGnvp86+XPtnaXK1+cmOpVFvNVzYX84vVjfX8crW63HxmT+Vp5ytXq+tzb8bmp4V6qVYv1La2b1Wqm2v1W83net8q+WEBAAzey6/d+3MmInbfmWhu0V7LwRcC4MJzmcPwujToCgAD0/37PsAwMB8PZJ6yv+dXhO72/puJU9QH6L9rn+sx/9/tf4M7+6n/Nc6vikCfmP+H4XW6+X+zB/AiM/8Pw6vRyFjPHwCGzAnu4H1FEC64Z/78HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYVHPLZPPpWuBTkc3m8xFXImJmYjRze6Vcmo2IlyLiT+Oj40l+btCVBgBOKfv3TLr+17XpN6Y6945l/jPefI2IH/3yw198ulCvb8wl5f/aL6/fTcuLXQOM978NAMABI50F7XG6PY631/d9/HBnsb2dZwUffLu1uGgSdy/d2lVvVT4XoxEx+e/MocZkzmhh4t07EfFqZ/uz+/tn0pVPO+Mnsa/0LX40Wzh1KH72UPxsc1/rNXkvPnsGdYFhcy/pf97tdv1l42rzNb3+Moc701z87Gjn+gza/d9eo7P/a13vH1zJNfuabv3f1ZPGePMP3+25786lxudHIvaO9L/tFaFzzdSR+CMRb3Q74U+/+Wizo+gvX/jS673iN34VcS2Oi99KFeqV9UJta/vGSmVhubRcWisW5+fmZ9+++Vax0JyjLrRnqo/6xzvXX+rd/ojJHvFzx7U/Ir7a66Qdfv3fj3/w5WPif/0r3eJn45Vj4idj4tdOGH9h8rc9l+9O4i/1aP/Iofhjh/4uKbt+wvj3/7q9dMJDAYBzUNvaXl0ol0sbEqdN5Pp15svPSQMleiT+9tGha2rg9TmTxMC6JOCcPLnoB10TAAAAAAAAAAAAAACgl9r300f+9fHHcINuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wMAAP//OkHLZw==") r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002680)=ANY=[@ANYBLOB="140000001000010000000000000007000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x0) close(r0) 608.751279ms ago: executing program 6 (id=1352): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0x105}, 0x1c) listen(r1, 0x0) 456.925241ms ago: executing program 2 (id=1353): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000200)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001680)={r2, r1, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x4, 0x0, 0x1}}, 0x3c) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) 427.81337ms ago: executing program 6 (id=1354): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2711, &(0x7f0000032580)=""/102396, &(0x7f0000000000)=0x18ffc) 392.265987ms ago: executing program 3 (id=1355): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000200)) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x38, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x2f}, @void, @val={0xc, 0x99, {0x4, 0x4f}}}}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r2}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x38}, 0x1, 0x0, 0x0, 0x497dced191a4904}, 0x4000c90) 365.156844ms ago: executing program 7 (id=1356): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x374}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000a78000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000}) 270.389014ms ago: executing program 3 (id=1357): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x8016, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @broadcast}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x1}}}}, 0xfdef) 259.459053ms ago: executing program 2 (id=1358): syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000300)={[{@errors_remount}]}, 0x2, 0xbbf, &(0x7f0000000440)="$eJzs3M9rHOUbAPBnJptt2ub73VRErBcjIi2I26SSYotgKxUvHgS9Cg3ppoRsf5BEatIcNvoPiHoWvAhqUTzYcy+KXr1oe1U8CEVioyCikdkfSdpk09TudmL7+cC7877z7u7zPDvszrywuwHctwazmzRib0ScSCJKzf1pRBTrvb6IWuN+S4vzY78vzo8lsbz8yi9JJBFxfXF+rPVcSXO7uznoi4hvn0/igbfWx52enZscrVYrU83xgZnT5w5Mz849NXF69FTlVOXM8KFnRg6OHBo6PNKxWv/44eil3x578afanx//dfHXdz9M4mj0N+fW1tEpgzG48pqsVYiI0U4Hy0lPs561dSaFWzwo7XJSAAC0la65hnsoStETqxdvpfjyu1yTAwAAADpiuSdiGQAAALjHJdb/AAAAcI9rfQ/g+uL8WKvl+42Eu+vasYgYaNS/1GyNmULU6tu+6I2IXdeTWPuz1qTxsDs2GBE/Xj38WdaiS79D3kxtISIe3uj4J/X6B+q/4l5ffxoRQx2IP3jT+L9U/9EOxM+7fgDuT5ePNU5k689/6cr1T2xw/itscO76N/I+/7Wu/5bWXf+t1t/T5vrv5S3GuPDR++fbzWX1P3vphU9bLYufbe+oqNtwbSHikcJG9Scr9Sdt6j+xxRilv89X2s3lXf/yBxH7YuP6W5LN/5/owPhEtTLUuN0wxsI3I5+0i593/dnx39Wm/tb/P7U7/ue2GOO148c/X7fz6mp38/rTn4vJq/VesbnnjdGZmanhiGLy0vr9BzfPpXWf1nNk9e9/fPP3/0b1Z58JtebrkK0FFprbbPzmTTGfu3jhi3b5tNZ/eR7/k22O/9r6vy6sP/5vbzHGE1+9s7/d3Nr1b9ay+K21MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0pBHRH0laXumnabkcsTsiHoxdafXs9MyT42dfP3Mym4sYiN50fKJaGYqIUmOcZOPhen91fPCm8dMRsSci3ivtrI/LY2erJ/MuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBW7I6I/krQcEWlELJXStFzOOysAAACg4wZuHBbzygMAAADonoG8EwAAAAC6zvofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALtvz6OUrSUTUjuyst0yxOdeba2ZAt6V5JwDkpifvBIDcFPJOAMjNba7xXS7APSi5xXxf25kdHc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO1r397LV5KIqB3ZWW+ZYnOuN9fMgG5L804AyE3PZpOFu5cHcPd5i8P9yxofSG4x37d6n9qNMzu6lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA209/vSVpOSKKzX3lcsT/ImIgepPxiWplKCL+HxHfl3p3ZOPhlUf35ZY3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnTU9Ozc5Wq1WprJOGs3Oyh6d1U7SeMVq2yUfnTvsFGNbpLFNO3l/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIfp2bnJ0Wq1MjWddyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3qZn5yZHq9XKVBc7edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+/gkAAP//FUoKgg==") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./bus\x00', 0xd01ce0, 0x0, 0x82, 0x0, &(0x7f0000000080)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./bus/file0\x00', 0x0) renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2) 240.550194ms ago: executing program 7 (id=1359): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000400)='\v', 0x1}], 0x1}}], 0x1, 0x8020) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000540)={0x0, 0x4, 0x8, 0x1, 0x6, 0x9}, 0x14) 193.005409ms ago: executing program 6 (id=1360): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f0000000040)=[@acquire, @acquire={0x40046305, 0x1}], 0x0, 0x0, 0x0}) 145.204993ms ago: executing program 7 (id=1361): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x0, &(0x7f0000000000), 0x0, 0x23b, &(0x7f0000000700)="$eJzs3TFo9GQcBvAnuTs/63fIpy6CoIKIaKF8boJLXRQLUoqIoEJFxEVphdri1jq5OOis0smliJvVUboUF0VwqtihLoIWB4uDDie5tFLtScVrL2J+PwiXXPK+/zckz3u3hARorWtJZpN0kkwn6SUpTh9wd71cO97cnNpdTAaDJ38qhsfV27WTdleTbCR5KMlOWeTlbrK2/ezBL3uP3ffWau/eD7afmZroSR47PNh/4uj9+Tc/nntw7cuvf5gvMpv+n87r4hUjvusWya2XUew/oug2PQL+iYXXP/qmyv1tSe4Z5r+XMvXFe3vlhp1eHnjv79q+8+NXd0xyrMDFGwx61W/gxgBonTJJP0U5k6ReL8uZmfo//I1J+cryymvTLy2vLr3Y9EwFXJR+sv/op1c+ufqX/H/fqfMP/H9V+X9qYevbav2o0/RogEmq8j/9/Pr9kX9oHfmHdirkH1pN/qG95B/aS/6hveQf2kv+ob3kH9pL/qG9TucfAGiXwZWmn0AGmtL0/AMAAAAAAAAAAAAAAAAAAJy1ObW7eLJMqubn7yaHjyTpjqrfGb6PePgW8iQ3/VxUh/2hqJuN5bm7xuxgTB82/PT1zd81W/+LO5utv76UbLyR5Hq3e/b+K47vv3/vlnP2914Ys8CYHn76cvt//Jz9v21dbv3zzO0ln1Xzz/VR80+Z24efo+effnX9xqz/6q9jdgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDE/B4AAP//mglskg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000140)={@id={0x2, 0x0, @a}}) 97.37298ms ago: executing program 6 (id=1362): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x5}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000140), 0x4) 48.002133ms ago: executing program 3 (id=1363): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x48}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 36.284212ms ago: executing program 7 (id=1364): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000140003"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 0s ago: executing program 2 (id=1365): r0 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x800, 0x1, 0x82, 0x0, 0x0}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x33d, 0x4) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000040)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r0, 0x8, 0x0, 0x91a, 0x2}) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): 3] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 28.934908][ T4721] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 28.935937][ T4721] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 28.936702][ T4721] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 28.936829][ T4721] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 28.936957][ T4721] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 28.937108][ T4721] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 28.937273][ T4721] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 28.938175][ T4721] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 28.940247][ T4721] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 29.286654][ T4714] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.287007][ T4714] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.287084][ T4714] bridge_slave_0: entered allmulticast mode [ 29.287587][ T4714] bridge_slave_0: entered promiscuous mode [ 29.299360][ T4714] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.299406][ T4714] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.302983][ T4714] bridge_slave_1: entered allmulticast mode [ 29.304302][ T4714] bridge_slave_1: entered promiscuous mode [ 29.330228][ T4714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.331297][ T4714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.371065][ T4714] team0: Port device team_slave_0 added [ 29.374704][ T4714] team0: Port device team_slave_1 added [ 29.407277][ T4707] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.408812][ T4707] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.408902][ T4707] bridge_slave_0: entered allmulticast mode [ 29.409359][ T4707] bridge_slave_0: entered promiscuous mode [ 29.411958][ T4707] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.411986][ T4707] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.412071][ T4707] bridge_slave_1: entered allmulticast mode [ 29.412476][ T4707] bridge_slave_1: entered promiscuous mode [ 29.420569][ T4707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.422734][ T4714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.424102][ T4714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.429065][ T4714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.436941][ T4707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.443475][ T4714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.443495][ T4714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.443508][ T4714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.453769][ T4714] hsr_slave_0: entered promiscuous mode [ 29.454115][ T4714] hsr_slave_1: entered promiscuous mode [ 29.465600][ T4709] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.467195][ T4709] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.468649][ T4709] bridge_slave_0: entered allmulticast mode [ 29.470339][ T4709] bridge_slave_0: entered promiscuous mode [ 29.472379][ T4709] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.473992][ T4709] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.475420][ T4709] bridge_slave_1: entered allmulticast mode [ 29.477037][ T4709] bridge_slave_1: entered promiscuous mode [ 29.481886][ T4707] team0: Port device team_slave_0 added [ 29.483610][ T4707] team0: Port device team_slave_1 added [ 29.508295][ T4706] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.509801][ T4706] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.511301][ T4706] bridge_slave_0: entered allmulticast mode [ 29.513060][ T4706] bridge_slave_0: entered promiscuous mode [ 29.514976][ T4706] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.516377][ T4706] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.517827][ T4706] bridge_slave_1: entered allmulticast mode [ 29.519448][ T4706] bridge_slave_1: entered promiscuous mode [ 29.526038][ T4709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.527381][ T4709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.530674][ T4707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.530704][ T4707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.530716][ T4707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.531648][ T4707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.531658][ T4707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.531676][ T4707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.551658][ T4708] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.552712][ T4708] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.552786][ T4708] bridge_slave_0: entered allmulticast mode [ 29.553255][ T4708] bridge_slave_0: entered promiscuous mode [ 29.558810][ T4709] team0: Port device team_slave_0 added [ 29.560766][ T4706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.561793][ T4706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.564491][ T4708] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.565974][ T4708] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.567624][ T4708] bridge_slave_1: entered allmulticast mode [ 29.569271][ T4708] bridge_slave_1: entered promiscuous mode [ 29.575325][ T4709] team0: Port device team_slave_1 added [ 29.589882][ T4708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.596060][ T4706] team0: Port device team_slave_0 added [ 29.599713][ T4706] team0: Port device team_slave_1 added [ 29.604731][ T4708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.620934][ T4707] hsr_slave_0: entered promiscuous mode [ 29.621261][ T4707] hsr_slave_1: entered promiscuous mode [ 29.621467][ T4707] debugfs: 'hsr0' already exists in 'hsr' [ 29.621501][ T4707] Cannot create hsr debugfs directory [ 29.628923][ T4709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.630288][ T4709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.633127][ T4709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.633774][ T4709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.633782][ T4709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.633798][ T4709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.644311][ T4709] hsr_slave_0: entered promiscuous mode [ 29.644626][ T4709] hsr_slave_1: entered promiscuous mode [ 29.644830][ T4709] debugfs: 'hsr0' already exists in 'hsr' [ 29.644840][ T4709] Cannot create hsr debugfs directory [ 29.648134][ T4706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.648142][ T4706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.648155][ T4706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.648714][ T4706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.648721][ T4706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.648736][ T4706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.670938][ T4708] team0: Port device team_slave_0 added [ 29.672374][ T4708] team0: Port device team_slave_1 added [ 29.677089][ T4706] hsr_slave_0: entered promiscuous mode [ 29.677422][ T4706] hsr_slave_1: entered promiscuous mode [ 29.677616][ T4706] debugfs: 'hsr0' already exists in 'hsr' [ 29.677626][ T4706] Cannot create hsr debugfs directory [ 29.699838][ T4708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.699863][ T4708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.699889][ T4708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.700459][ T4708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.700473][ T4708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.700493][ T4708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.744905][ T4708] hsr_slave_0: entered promiscuous mode [ 29.745285][ T4708] hsr_slave_1: entered promiscuous mode [ 29.745507][ T4708] debugfs: 'hsr0' already exists in 'hsr' [ 29.745517][ T4708] Cannot create hsr debugfs directory [ 29.815931][ T4714] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 29.819271][ T4714] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 29.821069][ T4714] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 29.823732][ T4714] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 29.825470][ T4714] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 29.827993][ T4714] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 29.829776][ T4714] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 29.832260][ T4714] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 29.865297][ T4707] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 29.867883][ T4707] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 29.869580][ T4707] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 29.872256][ T4707] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 29.874891][ T4707] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 29.877076][ T4707] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 29.878871][ T4707] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 29.881027][ T4707] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 29.886231][ T4714] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.886281][ T4714] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.886436][ T4714] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.886470][ T4714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.911338][ T4709] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 29.914476][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 29.917080][ T4707] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.917143][ T4707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.917229][ T4707] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.917265][ T4707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.927281][ T4709] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 29.929735][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 29.930306][ T4709] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 29.931971][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 29.938190][ T4709] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 29.941077][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 29.960059][ T4714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.976764][ T4708] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 29.979200][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 29.979498][ T4708] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 29.981373][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 29.985507][ T4709] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.985548][ T4709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.985638][ T4709] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.985672][ T4709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.990086][ T4108] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.991337][ T4108] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.995474][ T4108] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.996864][ T4108] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.998471][ T4108] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.000422][ T4108] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.005910][ T4708] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.008345][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.010121][ T4708] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.012286][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.021829][ T4706] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.024347][ T4706] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 30.026643][ T4714] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.030540][ T4706] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.033458][ T4706] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 30.033740][ T4706] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.035613][ T4706] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.038504][ T4707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.041060][ T4706] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.044834][ T4706] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.054348][ T4108] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.054394][ T4108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.059303][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.059352][ T4222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.065875][ T4707] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.087993][ T4108] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.088037][ T4108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.098367][ T4108] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.098410][ T4108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.108318][ T4709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.131468][ T4709] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.140591][ T4706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.151813][ T4707] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.156366][ T4108] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.156394][ T4108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.161761][ T4708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.170254][ T4706] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.173566][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.173611][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.205272][ T4708] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.220301][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.220345][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.223872][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.223907][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.225314][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.225334][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.225908][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.225926][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.269353][ T4714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.280519][ T4706] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.280565][ T4706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.309359][ T4714] veth0_vlan: entered promiscuous mode [ 30.325254][ T4714] veth1_vlan: entered promiscuous mode [ 30.345569][ T4714] veth0_macvtap: entered promiscuous mode [ 30.347269][ T4714] veth1_macvtap: entered promiscuous mode [ 30.350452][ T4714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.357553][ T4714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.375177][ T15] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.375405][ T15] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.375424][ T15] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.375440][ T15] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.419518][ T4707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.444966][ T4707] veth0_vlan: entered promiscuous mode [ 30.466606][ T4707] veth1_vlan: entered promiscuous mode [ 30.478637][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.480379][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.488153][ T4707] veth0_macvtap: entered promiscuous mode [ 30.494958][ T4707] veth1_macvtap: entered promiscuous mode [ 30.525985][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.526020][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.530207][ T4708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.535831][ T4709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.543235][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.544702][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.547725][ T15] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.555712][ T15] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.555861][ T15] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.555891][ T15] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.580606][ T4706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.590815][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.592477][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.601838][ T4714] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.616639][ T228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.616673][ T228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.648238][ T4709] veth0_vlan: entered promiscuous mode [ 30.653543][ T4706] veth0_vlan: entered promiscuous mode [ 30.657805][ T4709] veth1_vlan: entered promiscuous mode [ 30.670440][ T4709] veth0_macvtap: entered promiscuous mode [ 30.697490][ T4706] veth1_vlan: entered promiscuous mode [ 30.704942][ T4708] veth0_vlan: entered promiscuous mode [ 30.710282][ T4708] veth1_vlan: entered promiscuous mode [ 30.721816][ T4709] veth1_macvtap: entered promiscuous mode [ 30.732338][ T4706] veth0_macvtap: entered promiscuous mode [ 30.739345][ T4706] veth1_macvtap: entered promiscuous mode [ 30.743986][ T4708] veth0_macvtap: entered promiscuous mode [ 30.746292][ T4708] veth1_macvtap: entered promiscuous mode [ 30.751795][ T4708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.756051][ T4708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.760778][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.761798][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.786067][ T4706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.787080][ T4706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.794701][ T40] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794760][ T40] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794796][ T40] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794817][ T40] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794838][ T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794857][ T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794875][ T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.794894][ T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.821161][ T40] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.821221][ T40] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.821253][ T40] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.821275][ T40] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.886678][ T228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.886703][ T228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.902385][ T228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.902415][ T228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.928785][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.928822][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.940878][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.940908][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.953426][ T4722] Bluetooth: hci1: command tx timeout [ 30.955388][ T228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.955417][ T228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.962793][ T4722] Bluetooth: hci0: command tx timeout [ 30.963231][ T4722] Bluetooth: hci2: command tx timeout [ 30.984200][ T228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.984237][ T228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.033576][ T4720] Bluetooth: hci4: command tx timeout [ 31.033794][ T4720] Bluetooth: hci3: command tx timeout [ 31.058351][ T4920] loop1: detected capacity change from 0 to 512 [ 31.062302][ T4920] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 31.063924][ T4920] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 31.138227][ T4877] IPVS: starting estimator thread 0... [ 31.174822][ T4934] loop0: detected capacity change from 0 to 512 [ 31.184225][ T4934] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 31.201199][ T4934] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.21: inode has both inline data and extents flags [ 31.205449][ T4934] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 31.206111][ T4934] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.21: couldn't read orphan inode 15 (err -117) [ 31.210440][ T4934] loop0: lost filesystem error report for type 5 error -117 [ 31.213697][ T4934] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.222642][ T4930] IPVS: using max 59 ests per chain, 141600 per kthread [ 31.257389][ T4937] syzkaller1: entered allmulticast mode [ 31.260820][ T4914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 31.261051][ T4914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 31.289934][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.322293][ T4944] warning: `syz.0.24' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 31.335786][ T40] IPVS: stop unused estimator thread 0... [ 31.348980][ T4946] loop0: detected capacity change from 0 to 512 [ 31.350807][ T4946] EXT4-fs: Ignoring removed bh option [ 31.360856][ T4946] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 31.360885][ T4946] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 31.367307][ T4946] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 31.369523][ T4946] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 31.375576][ T4946] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.383439][ T4946] fscrypt (loop0, inode 12): Error -61 getting encryption context [ 31.400109][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.465431][ T4960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29'. [ 31.557147][ T4968] netlink: 40 bytes leftover after parsing attributes in process `syz.0.32'. [ 31.604778][ T4974] loop4: detected capacity change from 0 to 1024 [ 31.611124][ T4974] EXT4-fs: Ignoring removed oldalloc option [ 31.612674][ T4974] EXT4-fs: Ignoring removed orlov option [ 31.627336][ T4974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.694570][ T4708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.756188][ T4984] syz.4.40 uses obsolete (PF_INET,SOCK_PACKET) [ 31.769377][ T4984] syzkaller1: entered promiscuous mode [ 31.769414][ T4984] syzkaller1: entered allmulticast mode [ 31.831037][ T4994] sctp: [Deprecated]: syz.0.46 (pid 4994) Use of struct sctp_assoc_value in delayed_ack socket option. [ 31.831037][ T4994] Use struct sctp_sack_info instead [ 31.918695][ T5002] Illegal XDP return value 54 on prog (id 3) dev syz_tun, expect packet loss! [ 32.011304][ T5005] loop1: detected capacity change from 0 to 512 [ 32.013422][ T5005] EXT4-fs: user quota file already specified [ 32.076612][ T5016] Zero length message leads to an empty skb [ 32.186049][ T5031] input: syz0 as /devices/virtual/input/input2 [ 32.258171][ T5040] loop0: detected capacity change from 0 to 1024 [ 32.262119][ T5040] ======================================================= [ 32.262119][ T5040] WARNING: The mand mount option has been deprecated and [ 32.262119][ T5040] and is ignored by this kernel. Remove the mand [ 32.262119][ T5040] option from the mount to silence this warning. [ 32.262119][ T5040] ======================================================= [ 32.305129][ T5040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.373807][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.456774][ T5055] loop3: detected capacity change from 0 to 512 [ 32.466635][ T5055] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.74: invalid indirect mapped block 256 (level 2) [ 32.466677][ T5055] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 32.470171][ T5055] EXT4-fs (loop3): 2 truncates cleaned up [ 32.471969][ T5055] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.499627][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.928555][ T40] Bluetooth: hci5: Frame reassembly failed (-84) [ 33.032642][ T4719] Bluetooth: hci0: command tx timeout [ 33.032680][ T4719] Bluetooth: hci1: command tx timeout [ 33.034872][ T4724] Bluetooth: hci2: command tx timeout [ 33.113705][ T4724] Bluetooth: hci3: command tx timeout [ 33.113746][ T4724] Bluetooth: hci4: command tx timeout [ 33.280885][ T5115] netlink: 'syz.2.99': attribute type 1 has an invalid length. [ 33.282271][ T5115] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.99'. [ 33.305730][ T5117] syzkaller1: entered promiscuous mode [ 33.305766][ T5117] syzkaller1: entered allmulticast mode [ 33.630697][ T5139] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 33.755250][ T5156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.114'. [ 34.039823][ T5196] trusted_key: syz.3.129 sent an empty control message without MSG_MORE. [ 34.227358][ T5217] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'. [ 34.575926][ T5241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.148'. [ 34.939938][ T5250] tun0: tun_chr_ioctl cmd 1074025675 [ 34.939974][ T5250] tun0: persist enabled [ 34.940346][ T5250] tun0: tun_chr_ioctl cmd 1074025675 [ 34.940354][ T5250] tun0: persist enabled [ 34.955619][ T4720] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 35.033055][ T5258] Injecting memory failure for pfn 0x123da7 at process virtual address 0x20fff000 [ 35.041978][ T5258] Memory failure: 0x123da7: Sending SIGBUS to syz.2.154:5258 due to hardware memory corruption [ 35.045245][ T5258] Memory failure: 0x123da7: recovery action for dirty LRU page: Recovered [ 35.063937][ T5257] syzkaller1: entered promiscuous mode [ 35.063977][ T5257] syzkaller1: entered allmulticast mode [ 35.076361][ T5261] tap0: tun_chr_ioctl cmd 1074025677 [ 35.077651][ T5261] tap0: linktype set to 774 [ 35.079350][ T5261] tap0: tun_chr_ioctl cmd 1074025677 [ 35.079947][ T5252] capability: warning: `syz.2.154' uses deprecated v2 capabilities in a way that may be insecure [ 35.083311][ T5261] tap0: linktype set to 804 [ 35.114115][ T4720] Bluetooth: hci0: command tx timeout [ 35.114163][ T4720] Bluetooth: hci2: command tx timeout [ 35.114192][ T4720] Bluetooth: hci1: command 0x040f tx timeout [ 35.136199][ T5265] loop2: detected capacity change from 0 to 1024 [ 35.139027][ T5265] EXT4-fs: Ignoring removed nomblk_io_submit option [ 35.164931][ T5265] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.193608][ T4722] Bluetooth: hci4: command tx timeout [ 35.193654][ T4722] Bluetooth: hci3: command tx timeout [ 35.221924][ T4714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.267919][ T5281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.270444][ T5281] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.359905][ T5290] loop3: detected capacity change from 0 to 512 [ 35.363734][ T5290] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 35.384533][ T5292] sctp: [Deprecated]: syz.0.170 (pid 5292) Use of struct sctp_assoc_value in delayed_ack socket option. [ 35.384533][ T5292] Use struct sctp_sack_info instead [ 35.394811][ T5290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.447403][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.490196][ T4720] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 35.492256][ T4720] CPU: 0 UID: 0 PID: 4720 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT [ 35.492277][ T4720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 35.492287][ T4720] Workqueue: hci3 hci_rx_work [ 35.492308][ T4720] Call trace: [ 35.492312][ T4720] show_stack+0x2c/0x3c (C) [ 35.492329][ T4720] __dump_stack+0x30/0x40 [ 35.492341][ T4720] dump_stack_lvl+0xd8/0x12c [ 35.492352][ T4720] dump_stack+0x1c/0x28 [ 35.492363][ T4720] sysfs_warn_dup+0x9c/0xb8 [ 35.492375][ T4720] sysfs_create_dir_ns+0x190/0x1f4 [ 35.492385][ T4720] kobject_add_internal+0x28c/0x6e8 [ 35.492397][ T4720] kobject_add_varg+0x98/0xe4 [ 35.492406][ T4720] kobject_add+0x110/0x1cc [ 35.492415][ T4720] device_add+0x390/0x9e4 [ 35.492425][ T4720] hci_conn_add_sysfs+0xc0/0x1f4 [ 35.492438][ T4720] le_conn_complete_evt+0xc8c/0x10ec [ 35.492449][ T4720] hci_le_conn_complete_evt+0x114/0x40c [ 35.492459][ T4720] hci_le_meta_evt+0x2d4/0x49c [ 35.492471][ T4720] hci_event_packet+0x4e4/0xa00 [ 35.492482][ T4720] hci_rx_work+0x2fc/0xd1c [ 35.492491][ T4720] process_scheduled_works+0x79c/0x1098 [ 35.492510][ T4720] worker_thread+0x754/0xba0 [ 35.492521][ T4720] kthread+0x2f8/0x3c8 [ 35.492529][ T4720] ret_from_fork+0x10/0x20 [ 35.503578][ T4720] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 35.503608][ T4720] Bluetooth: hci3: failed to register connection device [ 35.551576][ T5304] loop0: detected capacity change from 0 to 256 [ 35.733263][ T5311] syzkaller1: entered promiscuous mode [ 35.733300][ T5311] syzkaller1: entered allmulticast mode [ 35.923294][ T5328] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.085008][ T5340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.191'. [ 36.259803][ T5358] netlink: 16 bytes leftover after parsing attributes in process `syz.0.198'. [ 36.259834][ T5358] netlink: 20 bytes leftover after parsing attributes in process `syz.0.198'. [ 36.325562][ T5364] sctp: [Deprecated]: syz.0.200 (pid 5364) Use of int in max_burst socket option deprecated. [ 36.325562][ T5364] Use struct sctp_assoc_value instead [ 36.344130][ T5366] sctp: [Deprecated]: syz.1.202 (pid 5366) Use of struct sctp_assoc_value in delayed_ack socket option. [ 36.344130][ T5366] Use struct sctp_sack_info instead [ 36.376219][ T5371] set_capacity_and_notify: 1 callbacks suppressed [ 36.380389][ T5371] loop3: detected capacity change from 0 to 1024 [ 36.381106][ T5371] ext4: Unknown parameter 'debug_want_extra_isiz' [ 36.392297][ T5372] netlink: 24 bytes leftover after parsing attributes in process `syz.0.205'. [ 36.586884][ T5398] syz_tun: entered allmulticast mode [ 36.588835][ T5398] syz_tun: left allmulticast mode [ 36.642271][ T5402] netlink: 'syz.3.219': attribute type 4 has an invalid length. [ 36.642306][ T5402] __nla_validate_parse: 1 callbacks suppressed [ 36.642459][ T5402] netlink: 17 bytes leftover after parsing attributes in process `syz.3.219'. [ 36.727650][ T5412] loop1: detected capacity change from 0 to 512 [ 36.744850][ T5412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.899300][ T5426] loop4: detected capacity change from 0 to 2048 [ 36.970169][ T5426] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.084877][ T4708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.200945][ T4720] Bluetooth: hci2: command tx timeout [ 37.200978][ T4720] Bluetooth: hci0: command tx timeout [ 37.203707][ T4722] Bluetooth: hci1: command 0x040f tx timeout [ 37.272563][ T4719] Bluetooth: hci4: command tx timeout [ 37.273723][ T4722] Bluetooth: hci3: command tx timeout [ 37.603007][ T5487] mmap: syz.0.248 (5487) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 38.041371][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.134689][ T5541] loop1: detected capacity change from 0 to 512 [ 38.213947][ T5541] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.391920][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.438753][ T5572] netlink: 24 bytes leftover after parsing attributes in process `syz.1.263'. [ 38.525178][ T5581] Soft offlining pfn 0x10d022 at process virtual address 0x200f2000 [ 38.537733][ T5581] Soft offline: 0x10d022: thp split failed [ 38.583909][ T5589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.271'. [ 38.634986][ T5591] loop0: detected capacity change from 0 to 4096 [ 38.650457][ T5591] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 38.668563][ T5591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.708516][ T5604] binder: 5603:5604 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 38.722032][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.823443][ T5617] netlink: 868 bytes leftover after parsing attributes in process `syz.1.285'. [ 38.940006][ T5635] loop0: detected capacity change from 0 to 1024 [ 38.975153][ T5635] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 38.990975][ T5635] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm syz.0.292: lblock 0 mapped to illegal pblock 0 (length 1) [ 38.992001][ T5635] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 38.992019][ T5635] EXT4-fs (loop0): This should not happen!! Data will be lost [ 38.992019][ T5635] [ 39.007407][ T40] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm kworker/u8:3: lblock 0 mapped to illegal pblock 0 (length 1) [ 39.020335][ T40] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 39.020371][ T40] EXT4-fs (loop0): This should not happen!! Data will be lost [ 39.020371][ T40] [ 39.034159][ T4707] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 39.034957][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 39.274421][ T4722] Bluetooth: hci1: command 0x040f tx timeout [ 39.287504][ T5671] netlink: 36 bytes leftover after parsing attributes in process `syz.2.309'. [ 39.387463][ T5683] loop0: detected capacity change from 0 to 1024 [ 39.416641][ T5683] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 39.429454][ T5683] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm syz.0.314: lblock 0 mapped to illegal pblock 0 (length 6) [ 39.430161][ T5683] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 39.430180][ T5683] EXT4-fs (loop0): This should not happen!! Data will be lost [ 39.430180][ T5683] [ 39.448979][ T40] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm kworker/u8:3: bg 0: block 112: padding at end of block bitmap is not set [ 39.454316][ T40] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 32 with error 117 [ 39.454345][ T40] EXT4-fs (loop0): This should not happen!! Data will be lost [ 39.454345][ T40] [ 39.461894][ T4707] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 39.462894][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 39.657577][ T5710] loop0: detected capacity change from 0 to 2048 [ 39.687876][ T5710] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.718043][ T5718] loop3: detected capacity change from 0 to 512 [ 39.719976][ T5718] EXT4-fs: Ignoring removed nobh option [ 39.730467][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.775875][ T5718] EXT4-fs error (device loop3): ext4_do_update_inode:5690: inode #16: comm syz.3.326: corrupted inode contents [ 39.775920][ T5718] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 39.779938][ T5718] EXT4-fs (loop3): Remounting filesystem read-only [ 39.780231][ T5718] EXT4-fs (loop3): 1 truncate cleaned up [ 39.780718][ T5718] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.803497][ T5162] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 39.803533][ T5162] Quota error (device loop3): write_blk: dquota write failed [ 39.803557][ T5162] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 39.803573][ T5162] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 39.803587][ T5162] Quota error (device loop3): write_blk: dquota write failed [ 39.803598][ T5162] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 39.803632][ T5162] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 39.803644][ T5162] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 39.803683][ T5162] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 39.820841][ T5730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.332'. [ 39.821766][ T5730] netlink: 34959 bytes leftover after parsing attributes in process `syz.2.332'. [ 39.871560][ T5740] Injecting memory failure for pfn 0x122a03 at process virtual address 0x20003000 [ 39.886539][ T5740] Memory failure: 0x122a03: recovery action for dirty LRU page: Recovered [ 39.948532][ T5747] syzkaller1: entered promiscuous mode [ 39.948564][ T5747] syzkaller1: entered allmulticast mode [ 40.002011][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.186824][ T5770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.349'. [ 40.188909][ T5770] netlink: 'syz.1.349': attribute type 1 has an invalid length. [ 40.190576][ T5770] netlink: 100 bytes leftover after parsing attributes in process `syz.1.349'. [ 40.358290][ T5786] netlink: 20 bytes leftover after parsing attributes in process `syz.3.357'. [ 40.595699][ T5819] bridge_slave_0: left allmulticast mode [ 40.595737][ T5819] bridge_slave_0: left promiscuous mode [ 40.596197][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.604154][ T5819] bridge_slave_1: left allmulticast mode [ 40.604191][ T5819] bridge_slave_1: left promiscuous mode [ 40.604276][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.621399][ T5819] bond0: (slave bond_slave_0): Releasing backup interface [ 40.633403][ T5824] netlink: 'syz.2.372': attribute type 10 has an invalid length. [ 40.666572][ T5819] bond0: (slave bond_slave_1): Releasing backup interface [ 40.677564][ T5819] team0: Port device team_slave_0 removed [ 40.680822][ T5819] team0: Port device team_slave_1 removed [ 40.682961][ T5819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 40.684716][ T5819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 40.688214][ T5819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 40.692032][ T5819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 40.695174][ T5819] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 40.701942][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.711304][ T5824] team0: Port device bond0 added [ 40.830586][ T5845] loop3: detected capacity change from 0 to 128 [ 40.996933][ T5865] batadv_slave_1: entered promiscuous mode [ 40.999749][ T5863] batadv_slave_1: left promiscuous mode [ 41.194665][ T5894] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 41.466323][ T4714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.851271][ T5162] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.894600][ T4719] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 41.895250][ T4719] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 41.895537][ T4719] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 41.895876][ T4719] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 41.896232][ T4719] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 41.951746][ T5162] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.031727][ T5162] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.103394][ T5162] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.198548][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.198598][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.198674][ T5927] bridge_slave_0: entered allmulticast mode [ 42.199105][ T5927] bridge_slave_0: entered promiscuous mode [ 42.199746][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.199774][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.199842][ T5927] bridge_slave_1: entered allmulticast mode [ 42.200246][ T5927] bridge_slave_1: entered promiscuous mode [ 42.224450][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.227288][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.245643][ T5927] team0: Port device team_slave_0 added [ 42.247721][ T5927] team0: Port device team_slave_1 added [ 42.285606][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.285642][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.285667][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.286239][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.286247][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.286261][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.521042][ T5988] loop0: detected capacity change from 0 to 256 [ 42.530174][ T5988] FAT-fs (loop0): Directory bread(block 64) failed [ 42.530215][ T5988] FAT-fs (loop0): Directory bread(block 65) failed [ 42.530251][ T5988] FAT-fs (loop0): Directory bread(block 66) failed [ 42.530263][ T5988] FAT-fs (loop0): Directory bread(block 67) failed [ 42.530285][ T5988] FAT-fs (loop0): Directory bread(block 68) failed [ 42.530295][ T5988] FAT-fs (loop0): Directory bread(block 69) failed [ 42.530316][ T5988] FAT-fs (loop0): Directory bread(block 70) failed [ 42.530326][ T5988] FAT-fs (loop0): Directory bread(block 71) failed [ 42.530348][ T5988] FAT-fs (loop0): Directory bread(block 72) failed [ 42.530358][ T5988] FAT-fs (loop0): Directory bread(block 73) failed [ 42.653934][ T5996] sctp: [Deprecated]: syz.0.439 (pid 5996) Use of int in max_burst socket option deprecated. [ 42.653934][ T5996] Use struct sctp_assoc_value instead [ 42.701025][ T5162] team0: Port device bond0 removed [ 42.705005][ T5162] bond0 (unregistering): Released all slaves [ 42.712299][ T5927] hsr_slave_0: entered promiscuous mode [ 42.717195][ T5927] hsr_slave_1: entered promiscuous mode [ 42.718814][ T5927] debugfs: 'hsr0' already exists in 'hsr' [ 42.718844][ T5927] Cannot create hsr debugfs directory [ 42.723968][ T4394] 8021q: adding VLAN 0 to HW filter on device eth0 [ 42.737131][ T5999] loop1: detected capacity change from 0 to 8192 [ 42.948805][ T6023] vcan0: tx drop: invalid da for name 0x0000000080000000 [ 43.032295][ T4394] 8021q: adding VLAN 0 to HW filter on device eth1 [ 43.034508][ T6029] loop4: detected capacity change from 0 to 512 [ 43.045094][ T6029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.086576][ T4708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.130927][ T5162] hsr_slave_0: left promiscuous mode [ 43.132204][ T5162] hsr_slave_1: left promiscuous mode [ 43.164741][ T5162] veth1_macvtap: left promiscuous mode [ 43.164793][ T5162] veth0_macvtap: left promiscuous mode [ 43.164848][ T5162] veth1_vlan: left promiscuous mode [ 43.164881][ T5162] veth0_vlan: left promiscuous mode [ 43.313639][ T6045] loop1: detected capacity change from 0 to 128 [ 43.525548][ T6052] Bluetooth: MGMT ver 1.23 [ 43.604168][ T6050] __nla_validate_parse: 2 callbacks suppressed [ 43.604233][ T6050] netlink: 20 bytes leftover after parsing attributes in process `syz.4.455'. [ 43.613633][ T6059] loop0: detected capacity change from 0 to 128 [ 43.664699][ T6059] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 43.748402][ T4707] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 43.821424][ T6076] loop0: detected capacity change from 0 to 256 [ 43.914069][ T4719] Bluetooth: hci4: command tx timeout [ 43.924263][ T5927] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 43.931349][ T5927] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 43.931680][ T5927] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 43.937721][ T5927] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 43.938199][ T5927] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 43.959173][ T5927] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 43.963783][ T5927] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 43.973416][ T5927] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 44.083966][ T5927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.106261][ T5927] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.129240][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.129297][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.129876][ T1308] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.129902][ T1308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.147926][ T6109] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 44.162054][ T5927] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.162095][ T5927] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.369662][ T6149] loop0: detected capacity change from 0 to 1024 [ 44.378490][ T6149] EXT4-fs: Ignoring removed bh option [ 44.387899][ T6149] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 44.400194][ T6149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.424809][ T5927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.439285][ T5927] veth0_vlan: entered promiscuous mode [ 44.441424][ T5927] veth1_vlan: entered promiscuous mode [ 44.444008][ T6149] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 44.455939][ T5927] veth0_macvtap: entered promiscuous mode [ 44.457783][ T5927] veth1_macvtap: entered promiscuous mode [ 44.461758][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.468075][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.476497][ T5162] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.476542][ T5162] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.476564][ T5162] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.476580][ T5162] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.512396][ T4707] EXT4-fs error (device loop0): ext4_read_inline_dir:1494: inode #12: block 7: comm syz-executor: path /124/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 44.517576][ T4108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.517603][ T4108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.531679][ T4707] EXT4-fs (loop0): Remounting filesystem read-only [ 44.546538][ T4108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.546571][ T4108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.556444][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.830496][ T6176] loop2: detected capacity change from 0 to 512 [ 44.841807][ T6176] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.489: bg 0: block 5: invalid block bitmap [ 44.841847][ T6176] loop2: lost filesystem error report for type 5 error -117 [ 44.842584][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 44.842608][ C0] EXT4-fs (loop2): initial error at time 44: ext4_validate_block_bitmap:432 [ 44.842637][ C0] EXT4-fs (loop2): last error at time 44: ext4_validate_block_bitmap:432 [ 44.843923][ T6176] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 44.843937][ T6176] loop2: lost filesystem error report for type 5 error -117 [ 44.844059][ T6176] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.489: invalid indirect mapped block 3 (level 2) [ 44.844073][ T6176] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 44.844272][ T6176] EXT4-fs (loop2): 1 orphan inode deleted [ 44.844284][ T6176] EXT4-fs (loop2): 1 truncate cleaned up [ 44.844724][ T6176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.907027][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.067946][ T6193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.498'. [ 45.067980][ T6193] netlink: 12 bytes leftover after parsing attributes in process `syz.2.498'. [ 45.068032][ T6193] netlink: 'syz.2.498': attribute type 19 has an invalid length. [ 45.085567][ T4151] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 45.085627][ T4151] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 45.085818][ T4151] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 45.085888][ T4151] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 45.161800][ T6200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.194890][ T6200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.301130][ T6214] loop3: detected capacity change from 0 to 128 [ 45.307569][ T6214] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 45.339023][ T6214] FAT-fs (loop3): error, clusters badly computed (96 != 1) [ 45.341111][ T6214] FAT-fs (loop3): Filesystem has been set read-only [ 45.359851][ T4709] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 45.447897][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.511'. [ 45.449731][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.511'. [ 45.622144][ T6243] input: syz0 as /devices/virtual/input/input3 [ 45.734342][ T6257] input: syz1 as /devices/virtual/input/input4 [ 45.736997][ T6259] loop3: detected capacity change from 0 to 1024 [ 45.739024][ T6259] EXT4-fs: Ignoring removed bh option [ 45.741418][ T6259] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 45.757158][ T6259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.800440][ T4709] EXT4-fs error (device loop3): ext4_read_inline_dir:1494: inode #12: block 7: comm syz-executor: path /110/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 45.801509][ T4709] EXT4-fs (loop3): Remounting filesystem read-only [ 45.811053][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.865200][ T6272] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 45.992970][ T4719] Bluetooth: hci4: command tx timeout [ 46.339157][ T6329] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.369822][ T6333] netem: change failed [ 46.565510][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.600207][ T30] audit: type=1400 audit(46.590:2): lsm=SMACK fn=smack_key_permission action=denied subject="w" object="_" requested=w pid=6346 comm="syz.3.563" key_serial=227675034 key_desc="_uid_ses.0" [ 46.876244][ T6376] process 'syz.2.581' launched './file2' with NULL argv: empty string added [ 46.911367][ T6376] 9p: Could not find request transport: xen [ 47.094792][ T6383] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 47.108593][ T4708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 47.169634][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 47.169681][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 47.171555][ T6393] ip6gretap1: entered allmulticast mode [ 47.241439][ T6396] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.248415][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.592'. [ 47.251576][ T6396] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: block 3: comm syz.2.591: lblock 3 mapped to illegal pblock 3 (length 3) [ 47.257286][ T6396] EXT4-fs error (device loop2): ext4_ext_remove_space:2969: inode #15: comm syz.2.591: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 47.271440][ T6396] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: comm syz.2.591: lblock 0 mapped to illegal pblock 0 (length 1) [ 47.275383][ T6396] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 47.275425][ T6396] EXT4-fs (loop2): This should not happen!! Data will be lost [ 47.275425][ T6396] [ 47.289020][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.595'. [ 47.289061][ T6409] netlink: 16 bytes leftover after parsing attributes in process `syz.4.595'. [ 47.299644][ T5927] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 47.300475][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 47.370906][ T6415] EXT4-fs (loop2): Test dummy encryption mode enabled [ 47.375628][ T6415] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103] [ 47.375695][ T6415] System zones: 0-5 [ 47.380887][ T6415] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.406361][ T6415] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 47.439484][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.074819][ T4719] Bluetooth: hci4: command tx timeout [ 48.155646][ T4798] IPVS: starting estimator thread 0... [ 48.191575][ T6474] tipc: Started in network mode [ 48.191625][ T6474] tipc: Node identity ac1414aa, cluster identity 4711 [ 48.192036][ T6474] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.192052][ T6474] tipc: Enabled bearer , priority 10 [ 48.253647][ T6482] input: syz1 as /devices/virtual/input/input5 [ 48.256155][ T6475] IPVS: using max 46 ests per chain, 110400 per kthread [ 48.259340][ T6482] input: failed to attach handler leds to device input5, error: -6 [ 48.323350][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.472611][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.612605][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.752626][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.892627][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 48.904520][ T6555] set_capacity_and_notify: 5 callbacks suppressed [ 48.906240][ T6555] loop1: detected capacity change from 0 to 4096 [ 48.948854][ T6555] EXT4-fs (loop1): Test dummy encryption mode enabled [ 48.952124][ T6555] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103] [ 48.952201][ T6555] System zones: 0-5 [ 48.953505][ T6555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.999733][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.032742][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 49.081650][ T6571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.081864][ T6571] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.172596][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 49.323624][ T4877] tipc: Node number set to 2886997162 [ 49.430925][ T6599] __nla_validate_parse: 1 callbacks suppressed [ 49.430959][ T6599] netlink: 180 bytes leftover after parsing attributes in process `syz.1.680'. [ 49.462578][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 49.714643][ T6618] netlink: 'syz.2.689': attribute type 29 has an invalid length. [ 49.717265][ T6618] netlink: 'syz.2.689': attribute type 29 has an invalid length. [ 49.718942][ T6618] netlink: 44 bytes leftover after parsing attributes in process `syz.2.689'. [ 49.742590][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 50.065048][ T30] audit: type=1400 audit(50.060:3): lsm=SMACK fn=smack_inode_permission action=denied subject="_" object="low" requested=w pid=6651 comm="syz.1.704" name="file0" dev="tmpfs" ino=765 [ 50.117935][ T6655] loop0: detected capacity change from 0 to 4096 [ 50.124315][ T6660] loop1: detected capacity change from 0 to 256 [ 50.145624][ T6655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.153571][ T4719] Bluetooth: hci4: command tx timeout [ 50.187022][ T6655] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #15: comm syz.0.705: corrupted inode contents [ 50.192392][ T6655] EXT4-fs error (device loop0): ext4_dirty_inode:6587: inode #15: comm syz.0.705: mark_inode_dirty error [ 50.197409][ T4719] Bluetooth: hci3: connection err: -111 [ 50.198927][ T6655] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #15: comm syz.0.705: corrupted inode contents [ 50.201736][ T6655] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #15: comm syz.0.705: mark_inode_dirty error [ 50.205158][ T6655] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #15: comm syz.0.705: corrupted inode contents [ 50.207635][ T6655] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #15: comm syz.0.705: mark_inode_dirty error [ 50.216146][ T6655] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #15: comm syz.0.705: corrupted inode contents [ 50.227338][ T6655] EXT4-fs error (device loop0): ext4_truncate:4690: inode #15: comm syz.0.705: mark_inode_dirty error [ 50.229423][ T6655] EXT4-fs error (device loop0) in ext4_setattr:6120: Corrupt filesystem [ 50.239868][ T6655] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #15: comm syz.0.705: corrupted inode contents [ 50.314256][ T4707] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 50.317103][ T4707] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 50.320405][ T4707] EXT4-fs warning (device loop0): ext4_evict_inode:270: couldn't mark inode dirty (err -117) [ 50.327661][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.337827][ T6674] loop1: detected capacity change from 0 to 1024 [ 50.348176][ T6674] EXT4-fs: Ignoring removed nomblk_io_submit option [ 50.368102][ T6674] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.395961][ T6674] netlink: 64 bytes leftover after parsing attributes in process `syz.1.714'. [ 50.493269][ T6674] nbd0: detected capacity change from 0 to 6219491448979456 [ 50.496860][ T4719] block nbd0: Receive control failed (result -32) [ 50.515174][ T4700] block nbd0: Dead connection, failed to find a fallback [ 50.517438][ T4700] block nbd0: shutting down sockets [ 50.518755][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.520634][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.523071][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.526522][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.528292][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.529964][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.531701][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.534569][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.536618][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.538245][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.540009][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.541594][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.585466][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.586503][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.586520][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.586562][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.586573][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.586595][ T4700] ldm_validate_partition_table(): Disk read failed. [ 50.586616][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.586626][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.586667][ T4700] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 50.586676][ T4700] Buffer I/O error on dev nbd0, logical block 0, async page read [ 50.586757][ T4700] Dev nbd0: unable to read RDB block 0 [ 50.586907][ T4700] nbd0: unable to read partition table [ 50.631332][ T4700] ldm_validate_partition_table(): Disk read failed. [ 50.631466][ T4700] Dev nbd0: unable to read RDB block 0 [ 50.631599][ T4700] nbd0: unable to read partition table [ 50.736731][ T6706] loop2: detected capacity change from 0 to 1024 [ 50.769955][ T6706] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.796532][ T6706] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: comm syz.2.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 50.811769][ T6706] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 50.811836][ T6706] EXT4-fs (loop2): This should not happen!! Data will be lost [ 50.811836][ T6706] [ 50.814265][ T6706] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #15: comm syz.2.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 50.826463][ T6706] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #15: comm syz.2.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 50.846429][ T6706] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #15: comm syz.2.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 50.850091][ T6706] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #15: comm syz.2.727: lblock 0 mapped to illegal pblock 0 (length 1) [ 50.876808][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 51.003519][ T6734] loop1: detected capacity change from 0 to 1024 [ 51.037136][ T6734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.050827][ T6746] loop3: detected capacity change from 0 to 512 [ 51.075168][ T6746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.106659][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.106977][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.336750][ T6790] netlink: 'syz.0.762': attribute type 11 has an invalid length. [ 51.455487][ T6809] netlink: 64 bytes leftover after parsing attributes in process `syz.0.772'. [ 51.620593][ T6834] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 51.623606][ T6834] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 51.625632][ T6834] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 51.679308][ T6842] loop4: detected capacity change from 0 to 512 [ 51.681640][ T6842] EXT4-fs: Ignoring removed nobh option [ 51.684118][ T6842] EXT4-fs: Ignoring removed nobh option [ 51.709457][ T6842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.742359][ T6842] EXT4-fs (loop4): shut down requested (2) [ 51.748417][ T6852] loop2: detected capacity change from 0 to 1024 [ 51.750156][ T6852] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.752913][ T6852] EXT4-fs: inline encryption not supported [ 51.758611][ T6852] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 51.769762][ T6852] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #3: block 2: comm syz.2.790: lblock 2 mapped to illegal pblock 2 (length 1) [ 51.777626][ T6852] loop2: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 51.779699][ T4708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.782531][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 51.782545][ C1] EXT4-fs (loop2): initial error at time 51: ext4_map_blocks:791: inode 3: block 2 [ 51.782569][ C1] EXT4-fs (loop2): last error at time 51: ext4_map_blocks:791: inode 3: block 2 [ 51.792642][ T6852] EXT4-fs (loop2): Remounting filesystem read-only [ 51.792699][ T6852] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 51.792766][ T6852] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 51.792824][ T6852] EXT4-fs (loop2): 1 orphan inode deleted [ 51.793385][ T6852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.798557][ T6852] EXT4-fs (loop2): shut down requested (1) [ 51.821671][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.830771][ T6855] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.842708][ T6855] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm syz.0.792: lblock 0 mapped to illegal pblock 0 (length 1) [ 51.847131][ T6855] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 51.850204][ T6855] EXT4-fs (loop0): This should not happen!! Data will be lost [ 51.850204][ T6855] [ 51.855472][ T6855] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #15: comm syz.0.792: lblock 0 mapped to illegal pblock 0 (length 1) [ 51.860282][ T6855] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #15: comm syz.0.792: lblock 0 mapped to illegal pblock 0 (length 1) [ 51.864797][ T6855] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #15: comm syz.0.792: lblock 0 mapped to illegal pblock 0 (length 1) [ 51.868186][ T6855] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #15: comm syz.0.792: lblock 0 mapped to illegal pblock 0 (length 1) [ 51.890506][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 51.999460][ T6871] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 52.015172][ T6871] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: block 3: comm syz.0.799: lblock 3 mapped to illegal pblock 3 (length 3) [ 52.016767][ T6871] EXT4-fs error (device loop0): ext4_ext_remove_space:2969: inode #15: comm syz.0.799: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 52.018084][ T6871] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #15: block 3: comm syz.0.799: lblock 3 mapped to illegal pblock 3 (length 3) [ 52.047107][ T4707] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 52.429480][ T6899] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 52.527249][ T6905] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 52.584610][ T4706] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 52.777174][ T6930] netlink: 'syz.2.821': attribute type 11 has an invalid length. [ 52.868429][ T6935] nullb0: AHDI p1 [ 53.049061][ T6955] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.106705][ T4706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.162489][ T6974] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 53.166497][ T6974] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 53.266019][ T6979] EXT4-fs: Ignoring removed mblk_io_submit option [ 53.266057][ T6979] EXT4-fs: inline encryption not supported [ 53.269303][ T6979] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 53.281415][ T6979] EXT4-fs error (device loop0): ext4_map_blocks:791: inode #3: block 2: comm syz.0.842: lblock 2 mapped to illegal pblock 2 (length 1) [ 53.281467][ T6979] loop0: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 53.281657][ T6979] EXT4-fs (loop0): Remounting filesystem read-only [ 53.281675][ T6979] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 53.281695][ T6979] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 53.281744][ T6979] EXT4-fs (loop0): 1 orphan inode deleted [ 53.298834][ T6979] EXT4-fs (loop0): shut down requested (1) [ 53.432604][ C0] net_ratelimit: 17 callbacks suppressed [ 53.432641][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 53.565616][ T7007] netlink: 104 bytes leftover after parsing attributes in process `syz.4.855'. [ 54.002273][ T7062] set_capacity_and_notify: 6 callbacks suppressed [ 54.002315][ T7062] loop3: detected capacity change from 0 to 8 [ 54.006893][ T7062] squashfs: SQUASHFS error: Xattrs in filesystem, these will be ignored [ 54.006923][ T7062] unable to read xattr id index table [ 54.223885][ T7090] loop3: detected capacity change from 0 to 512 [ 54.224317][ T7090] EXT4-fs: Ignoring removed bh option [ 54.263038][ T7090] EXT4-fs error (device loop3): ext4_resize_begin:60: comm syz.3.895: resize_inode disabled but reserved GDT blocks non-zero [ 54.267127][ T7090] EXT4-fs (loop3): Remounting filesystem read-only [ 54.472588][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 54.717902][ T7141] loop2: detected capacity change from 0 to 1024 [ 54.718601][ T7141] EXT4-fs: Ignoring removed i_version option [ 54.718621][ T7141] EXT4-fs: inline encryption not supported [ 54.719386][ T7141] EXT4-fs (loop2): Test dummy encryption mode enabled [ 54.823274][ T7141] EXT4-fs error (device loop2): __ext4_remount:6837: comm syz.2.916: Abort forced by user [ 54.824144][ T7141] EXT4-fs (loop2): Remounting filesystem read-only [ 54.824162][ T7141] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 54.934557][ T7152] xt_hashlimit: size too large, truncated to 1048576 [ 55.032717][ T4719] Bluetooth: hci3: command 0x2016 tx timeout [ 55.198786][ T7164] netlink: 'syz.2.925': attribute type 32 has an invalid length. [ 55.346756][ T7184] loop2: detected capacity change from 0 to 512 [ 55.352198][ T7184] EXT4-fs: inline encryption not supported [ 55.361697][ T7184] EXT4-fs (loop2): 1 truncate cleaned up [ 55.442259][ T7195] gre0: entered promiscuous mode [ 55.442299][ T7195] gre0: entered allmulticast mode [ 55.522733][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 55.667807][ T7229] netlink: 'syz.1.950': attribute type 9 has an invalid length. [ 55.669562][ T7229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.950'. [ 55.675450][ T7229] gretap0: entered promiscuous mode [ 55.677844][ T7229] macvlan2: entered promiscuous mode [ 55.679088][ T7229] macvlan2: entered allmulticast mode [ 55.680243][ T7229] gretap0: entered allmulticast mode [ 55.704263][ T7229] netlink: 'syz.1.950': attribute type 9 has an invalid length. [ 55.704294][ T7229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.950'. [ 55.706440][ T7229] macvlan3: entered promiscuous mode [ 55.706511][ T7229] macvlan3: entered allmulticast mode [ 55.753855][ T7240] netlink: 116 bytes leftover after parsing attributes in process `syz.3.951'. [ 55.836812][ T7253] netlink: 428 bytes leftover after parsing attributes in process `syz.0.961'. [ 55.836857][ T7253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.961'. [ 55.853010][ T7255] input: syz1 as /devices/virtual/input/input8 [ 55.993546][ T7269] syzkaller1: entered promiscuous mode [ 55.993584][ T7269] syzkaller1: entered allmulticast mode [ 56.028613][ T7275] bond0: entered promiscuous mode [ 56.032615][ T7275] bond_slave_0: entered promiscuous mode [ 56.032752][ T7275] bond_slave_1: entered promiscuous mode [ 56.034139][ T7275] batadv0: entered promiscuous mode [ 56.552596][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 56.764979][ T7327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.765183][ T7327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.891007][ T7350] netlink: 'syz.0.1006': attribute type 1 has an invalid length. [ 56.954025][ T7357] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 57.069402][ T7363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.069620][ T7363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.112840][ T4722] Bluetooth: hci3: command 0x2016 tx timeout [ 57.288355][ T7376] loop3: detected capacity change from 0 to 512 [ 57.526123][ T7376] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.1017: inode has both inline data and extents flags [ 57.526164][ T7376] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 57.529278][ T7376] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.1017: couldn't read orphan inode 15 (err -117) [ 57.529317][ T7376] loop3: lost filesystem error report for type 5 error -117 [ 57.533747][ C1] EXT4-fs (loop3): error count since last fsck: 2 [ 57.533758][ C1] EXT4-fs (loop3): initial error at time 57: ext4_orphan_get:1397: inode 15 [ 57.533773][ C1] EXT4-fs (loop3): last error at time 57: ext4_orphan_get:1402 [ 57.592588][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 57.611812][ T7384] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1021'. [ 57.669485][ T7390] bridge0: port 3(syz_tun) entered blocking state [ 57.676561][ T7390] bridge0: port 3(syz_tun) entered disabled state [ 57.676834][ T7390] syz_tun: entered allmulticast mode [ 57.677509][ T7390] syz_tun: entered promiscuous mode [ 57.677840][ T7390] bridge0: port 3(syz_tun) entered blocking state [ 57.677876][ T7390] bridge0: port 3(syz_tun) entered forwarding state [ 57.710837][ T7389] loop4: detected capacity change from 0 to 8192 [ 57.841178][ T7405] loop1: detected capacity change from 0 to 256 [ 57.950235][ T7412] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 57.954790][ T7412] FAT-fs (loop4): Filesystem has been set read-only [ 57.959044][ T7415] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 57.984891][ T7389] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 57.987495][ T7389] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 57.989375][ T7389] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 58.043242][ T7414] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1035'. [ 58.171768][ T7437] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1040'. [ 58.179182][ T7435] loop7: detected capacity change from 0 to 7 [ 58.194499][ T7441] IPv6: NLM_F_CREATE should be specified when creating new route [ 58.195135][ T7441] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 58.195143][ T7441] IPv6: NLM_F_CREATE should be set when creating new route [ 58.205557][ T7441] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 58.205590][ T7441] IPv6: NLM_F_CREATE should be set when creating new route [ 58.217649][ T7439] loop1: detected capacity change from 0 to 2048 [ 58.231892][ T7445] tipc: Started in network mode [ 58.233153][ T7445] tipc: Node identity ac14142f, cluster identity 4711 [ 58.236670][ T7445] tipc: Enabled bearer , priority 10 [ 58.240281][ T7435] Dev loop7: unable to read RDB block 7 [ 58.240569][ T7435] loop7: unable to read partition table [ 58.240644][ T7435] loop7: partition table beyond EOD, truncated [ 58.240667][ T7435] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 58.247769][ T7445] tipc: Can't add remote ip to TIPC UDP multicast bearer [ 58.430516][ T7459] loop2: detected capacity change from 0 to 1024 [ 58.430910][ T7459] EXT4-fs: Ignoring removed bh option [ 58.481918][ T7465] SQUASHFS error: Unable to read inode 0x127 [ 58.487204][ T7459] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 58.600804][ T7475] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 58.632621][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 58.634700][ T7479] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 58.636900][ T7479] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 58.640219][ T7479] EXT4-fs error (device loop1): ext4_get_journal_inode:5896: inode #32: comm syz.1.1062: iget: special inode unallocated [ 58.640366][ T7479] loop1: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 58.643325][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 58.643340][ C1] EXT4-fs (loop1): initial error at time 58: ext4_get_journal_inode:5896: inode 32 [ 58.643358][ C1] EXT4-fs (loop1): last error at time 58: ext4_get_journal_inode:5896: inode 32 [ 58.651786][ T7479] EXT4-fs (loop1): no journal found [ 58.732275][ T7487] EXT4-fs: Ignoring removed nobh option [ 58.769920][ T7487] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #16: comm syz.1.1066: corrupted inode contents [ 58.773040][ T7487] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 58.773256][ T7487] EXT4-fs (loop1): Remounting filesystem read-only [ 58.776688][ T7487] EXT4-fs (loop1): 1 truncate cleaned up [ 58.794524][ T4151] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 58.794557][ T4151] Quota error (device loop1): write_blk: dquota write failed [ 58.795215][ T4151] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 58.795231][ T4151] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 58.795245][ T4151] Quota error (device loop1): write_blk: dquota write failed [ 58.795256][ T4151] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 58.795284][ T4151] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 58.795295][ T4151] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 58.795331][ T4151] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 58.912601][ T7498] Injecting memory failure for pfn 0x13c400 at process virtual address 0x20000000 [ 58.938963][ T7498] Memory failure: 0x13c400: Sending SIGBUS to syz.1.1066:7498 due to hardware memory corruption [ 58.939410][ T7498] Memory failure: 0x13c400: recovery action for dirty LRU page: Recovered [ 59.355336][ T4683] tipc: Node number set to 2886997039 [ 59.371998][ T7510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1074'. [ 59.376567][ T7512] geneve2: entered promiscuous mode [ 59.606590][ T4722] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.609036][ T4722] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.610706][ T4722] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.612874][ T4722] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.615073][ T4722] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.672618][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 59.888326][ T7527] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.890012][ T7527] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.890107][ T7527] bridge_slave_0: entered allmulticast mode [ 59.890563][ T7527] bridge_slave_0: entered promiscuous mode [ 59.898569][ T7527] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.900166][ T7527] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.901755][ T7527] bridge_slave_1: entered allmulticast mode [ 59.904941][ T7527] bridge_slave_1: entered promiscuous mode [ 59.929617][ T7527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.934407][ T7527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.953283][ T7527] team0: Port device team_slave_0 added [ 59.956527][ T7527] team0: Port device team_slave_1 added [ 59.973966][ T7527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.973998][ T7527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.974031][ T7527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.985672][ T7527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.988298][ T7527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.988350][ T7527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.022347][ T7527] hsr_slave_0: entered promiscuous mode [ 60.024403][ T7527] hsr_slave_1: entered promiscuous mode [ 60.077733][ T7527] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 60.102177][ T7527] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 60.104808][ T7527] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 60.165000][ T7527] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 60.174786][ T7527] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 60.201999][ T7527] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 60.208191][ T7527] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 60.258395][ T7527] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 60.280341][ T7527] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.280386][ T7527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.280475][ T7527] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.280520][ T7527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.307497][ T7527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.357568][ T4108] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.366627][ T4108] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.650002][ T7527] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.712601][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 60.720103][ T4151] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.720166][ T4151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.720739][ T4151] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.720761][ T4151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.724198][ T7641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1092'. [ 60.864769][ T7663] set_capacity_and_notify: 3 callbacks suppressed [ 60.868561][ T7663] loop4: detected capacity change from 0 to 128 [ 60.870979][ T7663] EXT4-fs (loop4): Test dummy encryption mode enabled [ 60.940854][ T7527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.995327][ T7680] loop2: detected capacity change from 0 to 512 [ 61.013126][ T7680] EXT4-fs: quotafile must be on filesystem root [ 61.140924][ T7691] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1109'. [ 61.171911][ T7698] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1112'. [ 61.177506][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1112'. [ 61.218445][ T7527] veth0_vlan: entered promiscuous mode [ 61.238652][ T7527] veth1_vlan: entered promiscuous mode [ 61.284536][ T7527] veth0_macvtap: entered promiscuous mode [ 61.285831][ T7527] veth1_macvtap: entered promiscuous mode [ 61.319636][ T7527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.320744][ T7527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.334515][ T4151] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.335359][ T40] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.335439][ T40] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.335499][ T40] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.416627][ T4151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.416659][ T4151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.444367][ T4151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.444404][ T4151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.672807][ T4719] Bluetooth: hci1: command tx timeout [ 61.752651][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 62.055771][ T7751] team0 (unregistering): Port device team_slave_0 removed [ 62.065294][ T7751] team0 (unregistering): Port device team_slave_1 removed [ 62.449041][ T7772] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1140'. [ 62.792620][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 63.060363][ T7828] loop4: detected capacity change from 0 to 512 [ 63.062061][ T7828] EXT4-fs: Ignoring removed nobh option [ 63.075814][ T7828] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #16: comm syz.4.1168: corrupted inode contents [ 63.075847][ T7828] loop4: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 63.078590][ T7828] EXT4-fs (loop4): Remounting filesystem read-only [ 63.081986][ T7828] EXT4-fs (loop4): 1 truncate cleaned up [ 63.083224][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 63.083238][ C1] EXT4-fs (loop4): initial error at time 63: ext4_do_update_inode:5690: inode 16 [ 63.083255][ C1] EXT4-fs (loop4): last error at time 63: ext4_do_update_inode:5690: inode 16 [ 63.093669][ T4151] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 63.093700][ T4151] Quota error (device loop4): write_blk: dquota write failed [ 63.093713][ T4151] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 63.093726][ T4151] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 63.093734][ T4151] Quota error (device loop4): write_blk: dquota write failed [ 63.093741][ T4151] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 63.093765][ T4151] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 63.251775][ T7839] Injecting memory failure for pfn 0x121800 at process virtual address 0x20000000 [ 63.300599][ T7839] Memory failure: 0x121800: Sending SIGBUS to syz.4.1168:7839 due to hardware memory corruption [ 63.321011][ T7839] Memory failure: 0x121800: recovery action for unsplit thp: Failed [ 63.370238][ T7846] capability: warning: `syz.5.1174' uses 32-bit capabilities (legacy support in use) [ 63.412077][ T7848] loop5: detected capacity change from 0 to 512 [ 63.412474][ T7848] EXT4-fs: Ignoring removed bh option [ 63.444675][ T7848] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.1176: iget: bad i_size value: 2533274857506816 [ 63.446392][ T7848] EXT4-fs (loop5): Remounting filesystem read-only [ 63.541674][ T7854] loop5: detected capacity change from 0 to 1024 [ 63.546720][ T7854] EXT4-fs: Ignoring removed nobh option [ 63.546761][ T7854] EXT4-fs: Ignoring removed i_version option [ 63.625777][ T7854] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 63.627811][ T7854] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 63.627828][ T7854] EXT4-fs (loop5): This should not happen!! Data will be lost [ 63.627828][ T7854] [ 63.627836][ T7854] EXT4-fs (loop5): Total free blocks count 0 [ 63.627843][ T7854] EXT4-fs (loop5): Free/Dirty block details [ 63.627862][ T7854] EXT4-fs (loop5): free_blocks=20480 [ 63.627879][ T7854] EXT4-fs (loop5): dirty_blocks=2576 [ 63.627885][ T7854] EXT4-fs (loop5): Block reservation details [ 63.627891][ T7854] EXT4-fs (loop5): i_reserved_data_blocks=161 [ 63.700197][ T40] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 63.700238][ T40] EXT4-fs (loop5): This should not happen!! Data will be lost [ 63.700238][ T40] [ 63.717252][ T7527] EXT4-fs warning (device loop5): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 63.816322][ T4151] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.842764][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 63.914161][ T4151] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.955123][ T4720] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.956085][ T4720] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.956773][ T4720] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.957454][ T4720] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.957690][ T4720] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.959200][ T7869] loop5: detected capacity change from 0 to 256 [ 63.988282][ T4151] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.059755][ T4151] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.245295][ T4151] bridge_slave_1: left allmulticast mode [ 64.245331][ T4151] bridge_slave_1: left promiscuous mode [ 64.246011][ T4151] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.248425][ T4151] bridge_slave_0: left allmulticast mode [ 64.248438][ T4151] bridge_slave_0: left promiscuous mode [ 64.248502][ T4151] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.371018][ T4151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.404489][ T4151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.415138][ T4151] bond0 (unregistering): Released all slaves [ 64.475879][ T4151] tipc: Disabling bearer [ 64.476113][ T4151] tipc: Left network mode [ 64.480596][ T1593] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.482058][ T1593] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.485558][ T1057] cfg80211: failed to load regulatory.db [ 64.611519][ T7866] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.611575][ T7866] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.611645][ T7866] bridge_slave_0: entered allmulticast mode [ 64.612409][ T7866] bridge_slave_0: entered promiscuous mode [ 64.613188][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.613207][ T7866] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.613273][ T7866] bridge_slave_1: entered allmulticast mode [ 64.613674][ T7866] bridge_slave_1: entered promiscuous mode [ 64.621066][ T7866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.622003][ T7866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.632814][ T7866] team0: Port device team_slave_0 added [ 64.633965][ T7866] team0: Port device team_slave_1 added [ 64.687413][ T4394] 8021q: adding VLAN 0 to HW filter on device eth0 [ 64.690298][ T7866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.692070][ T7866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.697684][ T7866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.758287][ T7866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.758314][ T7866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.758341][ T7866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.829950][ T4151] hsr_slave_0: left promiscuous mode [ 64.831292][ T4151] hsr_slave_1: left promiscuous mode [ 64.831588][ T4151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.831638][ T4151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.835329][ T4151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.835341][ T4151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.841988][ T4151] veth1_macvtap: left promiscuous mode [ 64.842012][ T4151] veth0_macvtap: left promiscuous mode [ 64.842104][ T4151] veth1_vlan: left promiscuous mode [ 64.842132][ T4151] veth0_vlan: left promiscuous mode [ 64.872607][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 64.876066][ T4722] Bluetooth: hci1: command tx timeout [ 64.955528][ T4722] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 64.955700][ T4722] Bluetooth: hci4: Injecting HCI hardware error event [ 64.956568][ T4722] Bluetooth: hci4: hardware error 0x00 [ 65.061265][ T4151] team0 (unregistering): Port device team_slave_1 removed [ 65.089671][ T4151] team0 (unregistering): Port device team_slave_0 removed [ 65.234409][ T7866] hsr_slave_0: entered promiscuous mode [ 65.234782][ T7866] hsr_slave_1: entered promiscuous mode [ 65.234978][ T7866] debugfs: 'hsr0' already exists in 'hsr' [ 65.234989][ T7866] Cannot create hsr debugfs directory [ 65.273744][ T4720] Bluetooth: hci5: command 0x1003 tx timeout [ 65.273820][ T4719] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 65.344475][ C1] vcan0: j1939_tp_rxtimer: 0x000000006ce2dfd4: rx timeout, send abort [ 65.456253][ T7866] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 65.459312][ T7866] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 65.459877][ T7866] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 65.461074][ T7866] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 65.461788][ T7866] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 65.466035][ T7866] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 65.466456][ T7866] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 65.470286][ T7866] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 65.616952][ T7866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.631654][ T7866] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.637188][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.637236][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.645687][ T4394] 8021q: adding VLAN 0 to HW filter on device eth1 [ 65.647409][ T4108] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.647465][ T4108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.677370][ T7866] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.677413][ T7866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.758045][ T7990] loop2: detected capacity change from 0 to 256 [ 65.845148][ C1] vcan0: j1939_tp_rxtimer: 0x000000006ce2dfd4: abort rx timeout. Force session deactivation [ 65.848171][ C1] vcan0: j1939_tp_rxtimer: 0x000000004d274149: rx timeout, send abort [ 65.910089][ T1057] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 65.914013][ T1057] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 65.922607][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 65.928049][ T7999] input: syz1 as /devices/virtual/input/input10 [ 65.928089][ T7999] input: failed to attach handler leds to device input10, error: -6 [ 65.964621][ T8006] tap0: tun_chr_ioctl cmd 2147767521 [ 65.995341][ T4719] Bluetooth: hci2: command tx timeout [ 66.010869][ T7866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.026781][ T8017] loop5: detected capacity change from 0 to 512 [ 66.050950][ T8017] EXT4-fs (loop5): Test dummy encryption mode enabled [ 66.051002][ T8017] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 66.079464][ T8017] EXT4-fs (loop5): 1 truncate cleaned up [ 66.079937][ T8017] EXT4-fs mount: 24 callbacks suppressed [ 66.079963][ T8017] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.149846][ T4394] 8021q: adding VLAN 0 to HW filter on device eth2 [ 66.165404][ T8013] fido_id[8013]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 66.175134][ T8017] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 66.201159][ T8037] loop2: detected capacity change from 0 to 512 [ 66.252954][ T7527] EXT4-fs error (device loop5): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 66.261797][ T7527] EXT4-fs (loop5): Remounting filesystem read-only [ 66.276517][ T7866] veth0_vlan: entered promiscuous mode [ 66.281122][ T8037] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.1206: bad orphan inode 11862016 [ 66.281153][ T8037] loop2: lost filesystem error report for type 5 error -117 [ 66.282155][ T8037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 66.297332][ T7866] veth1_vlan: entered promiscuous mode [ 66.310395][ T8041] loop3: detected capacity change from 0 to 2048 [ 66.319864][ T7866] veth0_macvtap: entered promiscuous mode [ 66.321080][ T7866] veth1_macvtap: entered promiscuous mode [ 66.324873][ T7866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.325892][ T7866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.336467][ T4108] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.348216][ C1] vcan0: j1939_tp_rxtimer: 0x000000004d274149: abort rx timeout. Force session deactivation [ 66.348853][ T4108] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.348884][ T4108] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.348901][ T4108] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.357202][ T8041] Alternate GPT is invalid, using primary GPT. [ 66.357276][ T8041] loop3: p1 p2 p3 [ 66.361071][ T5159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.361131][ T5159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.374200][ T8041] overlayfs: failed lookup in lower (newroot/249, name='file0', err=-40): overlapping layers [ 66.403590][ T5159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.403628][ T5159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.525321][ T4700] udevd[4700]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 66.549423][ T4698] udevd[4698]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 66.566695][ T4732] udevd[4732]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 66.574675][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 66.632362][ T7527] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.720107][ T5159] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.770997][ T4394] 8021q: adding VLAN 0 to HW filter on device eth3 [ 66.841606][ T8076] overlayfs: failed to decode file handle (len=0, type=0, flags=0, err=-22) [ 66.875600][ T4720] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.877078][ T4720] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.879089][ T4720] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.883754][ T4720] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.885389][ T4720] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.895021][ T5159] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.962614][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 67.043762][ T5159] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.122135][ T5159] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.202779][ T4722] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 67.335306][ T5159] bridge_slave_1: left allmulticast mode [ 67.335341][ T5159] bridge_slave_1: left promiscuous mode [ 67.335433][ T5159] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.339403][ T5159] bridge_slave_0: left allmulticast mode [ 67.339442][ T5159] bridge_slave_0: left promiscuous mode [ 67.339516][ T5159] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.449495][ T8116] loop3: detected capacity change from 0 to 128 [ 67.465406][ T8116] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 67.483441][ T8116] EXT4-fs (loop3): shut down requested (2) [ 67.495610][ T4709] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 67.613593][ T5159] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.669227][ T5159] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.688278][ T5159] bond0 (unregistering): Released all slaves [ 67.737305][ T8126] netlink: 'syz.3.1233': attribute type 2 has an invalid length. [ 67.746477][ T8126] netlink: 'syz.3.1233': attribute type 2 has an invalid length. [ 67.992618][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.072678][ T4722] Bluetooth: hci2: command tx timeout [ 68.257561][ T4394] 8021q: adding VLAN 0 to HW filter on device eth4 [ 68.263748][ T8078] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.263788][ T8078] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.263917][ T8078] bridge_slave_0: entered allmulticast mode [ 68.268522][ T8078] bridge_slave_0: entered promiscuous mode [ 68.277989][ T8078] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.279521][ T8078] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.281120][ T8078] bridge_slave_1: entered allmulticast mode [ 68.283108][ T8078] bridge_slave_1: entered promiscuous mode [ 68.331075][ T8078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.339036][ T5159] hsr_slave_0: left promiscuous mode [ 68.340127][ T5159] hsr_slave_1: left promiscuous mode [ 68.340417][ T5159] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.340431][ T5159] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.341549][ T5159] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.341561][ T5159] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.347394][ T5159] veth1_macvtap: left promiscuous mode [ 68.347433][ T5159] veth0_macvtap: left promiscuous mode [ 68.347467][ T5159] veth1_vlan: left promiscuous mode [ 68.347493][ T5159] veth0_vlan: left promiscuous mode [ 68.528371][ T8078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.528452][ T8183] netlink: 'syz.3.1250': attribute type 12 has an invalid length. [ 68.528499][ T8183] netlink: 'syz.3.1250': attribute type 29 has an invalid length. [ 68.528515][ T8183] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1250'. [ 68.528530][ T8183] netlink: 'syz.3.1250': attribute type 1 has an invalid length. [ 68.528542][ T8183] netlink: 'syz.3.1250': attribute type 2 has an invalid length. [ 68.528553][ T8183] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1250'. [ 68.574297][ T8078] team0: Port device team_slave_0 added [ 68.577680][ T8078] team0: Port device team_slave_1 added [ 68.611004][ T8078] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.611090][ T8078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.611111][ T8078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.611771][ T8078] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.611779][ T8078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.611795][ T8078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.641470][ T8078] hsr_slave_0: entered promiscuous mode [ 68.643862][ T8078] hsr_slave_1: entered promiscuous mode [ 68.837707][ T8078] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 68.844791][ T8078] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 68.848910][ T8078] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 68.865179][ T8078] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 68.865524][ T8078] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 68.872166][ T8078] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 68.877547][ T8078] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 68.888196][ T8078] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 68.956516][ T4722] Bluetooth: hci1: command tx timeout [ 68.994774][ T4394] 8021q: adding VLAN 0 to HW filter on device eth5 [ 69.032609][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 69.121030][ T8078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.147491][ T8078] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.172128][ T4151] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.172185][ T4151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.173666][ T4151] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.173689][ T4151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.192374][ T8078] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.192417][ T8078] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.322729][ T8239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'. [ 69.550359][ T8078] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.638521][ T4394] 8021q: adding VLAN 0 to HW filter on device eth7 [ 69.796090][ T8078] veth0_vlan: entered promiscuous mode [ 69.835439][ T8078] veth1_vlan: entered promiscuous mode [ 69.842235][ T8078] veth0_macvtap: entered promiscuous mode [ 69.844548][ T8293] loop2: detected capacity change from 0 to 512 [ 69.863127][ T8293] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 69.872384][ T8293] EXT4-fs (loop2): 1 truncate cleaned up [ 69.872883][ T8293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.905923][ T8078] veth1_macvtap: entered promiscuous mode [ 69.919569][ T8293] EXT4-fs error (device loop2): ext4_find_dest_de:2050: inode #2: block 13: comm syz.2.1274: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 69.944821][ T8078] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.945920][ T8078] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.948430][ T40] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.948655][ T40] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.948723][ T40] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.949417][ T40] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.960554][ T8293] EXT4-fs (loop2): Remounting filesystem read-only [ 70.005301][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.072657][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 70.075288][ T4151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.075331][ T4151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.089824][ T4151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.089860][ T4151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.153563][ T4722] Bluetooth: hci2: command tx timeout [ 70.223529][ T8310] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 70.223870][ T8310] vimc vimc.0: first entity in the pipe 'Scaler' is not a source [ 70.304249][ T4394] 8021q: adding VLAN 0 to HW filter on device eth6 [ 70.372455][ T8321] pim6reg: entered allmulticast mode [ 70.385748][ T8321] pim6reg: left allmulticast mode [ 70.512633][ T8327] macsec1: entered allmulticast mode [ 70.513905][ T8327] veth1_macvtap: entered allmulticast mode [ 71.032863][ T4722] Bluetooth: hci1: command tx timeout [ 71.112668][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 71.169772][ T8358] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 71.534251][ T8370] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.163095][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 72.233567][ T4722] Bluetooth: hci2: command tx timeout [ 72.614765][ T8450] loop2: detected capacity change from 0 to 128 [ 72.617084][ T8450] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.677613][ T4151] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.731512][ T8371] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.852779][ T8463] loop2: detected capacity change from 0 to 8192 [ 72.925883][ T8465] loop2: detected capacity change from 0 to 512 [ 72.928850][ T8465] EXT4-fs: Ignoring removed mblk_io_submit option [ 72.931360][ T8465] EXT4-fs: inline encryption not supported [ 72.933275][ T8465] EXT4-fs: Ignoring removed mblk_io_submit option [ 72.945240][ T8465] EXT4-fs (loop2): Test dummy encryption mode enabled [ 72.945282][ T8465] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 72.946750][ T8371] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.971106][ T8465] EXT4-fs (loop2): 1 truncate cleaned up [ 72.971594][ T8465] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.024660][ T8371] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.080683][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.124262][ T4722] Bluetooth: hci1: command tx timeout [ 73.146202][ T1308] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.155261][ T1308] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.169404][ T1308] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.169465][ T1308] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.202587][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 73.257124][ T8472] loop7: detected capacity change from 0 to 1024 [ 73.257550][ T8472] EXT4-fs: Ignoring removed mblk_io_submit option [ 73.289246][ T8472] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 73.323192][ T8472] EXT4-fs (loop7): shut down requested (2) [ 73.339211][ T8478] loop3: detected capacity change from 0 to 512 [ 73.351324][ T8478] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.1332: inode has both inline data and extents flags [ 73.351363][ T8478] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 73.354746][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 73.354758][ C1] EXT4-fs (loop3): initial error at time 73: ext4_orphan_get:1397: inode 15 [ 73.354778][ C1] EXT4-fs (loop3): last error at time 73: ext4_orphan_get:1397: inode 15 [ 73.364764][ T8478] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.1332: couldn't read orphan inode 15 (err -117) [ 73.367410][ T8478] loop3: lost filesystem error report for type 5 error -117 [ 73.368885][ T8078] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 73.395227][ T8478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.467693][ T8483] loop7: detected capacity change from 0 to 512 [ 73.490509][ T8483] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.643360][ T8493] loop6: detected capacity change from 0 to 512 [ 73.643734][ T8493] EXT4-fs: Ignoring removed bh option [ 73.648681][ T8493] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 73.650515][ T8493] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 73.674281][ T8493] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 73.681199][ T8493] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 73.681854][ T8493] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.689901][ T8496] loop2: detected capacity change from 0 to 1024 [ 73.747805][ T8496] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 73.758248][ T8078] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.800933][ T8496] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: comm syz.2.1338: lblock 0 mapped to illegal pblock 0 (length 1) [ 73.805469][ T8496] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 73.805500][ T8496] EXT4-fs (loop2): This should not happen!! Data will be lost [ 73.805500][ T8496] [ 73.837662][ T7866] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.867797][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.107245][ T5927] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 74.108084][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 74.225123][ T8516] loop2: detected capacity change from 0 to 512 [ 74.225768][ T8516] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 74.239890][ T8516] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.1342: bad orphan inode 131083 [ 74.239935][ T8516] loop2: lost filesystem error report for type 5 error -117 [ 74.240775][ T8516] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.242591][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 74.274818][ T8516] EXT4-fs (loop2): shut down requested (2) [ 74.286718][ T8520] loop3: detected capacity change from 0 to 512 [ 74.302404][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.310056][ T8520] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.1347: inode has both inline data and extents flags [ 74.310089][ T8520] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 74.313142][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 74.313154][ C1] EXT4-fs (loop3): initial error at time 74: ext4_orphan_get:1397: inode 15 [ 74.313173][ C1] EXT4-fs (loop3): last error at time 74: ext4_orphan_get:1397: inode 15 [ 74.320706][ T8520] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.1347: couldn't read orphan inode 15 (err -117) [ 74.320750][ T8520] loop3: lost filesystem error report for type 5 error -117 [ 74.327606][ T8520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.386033][ T8523] EXT4-fs: Ignoring removed bh option [ 74.415570][ T4709] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.425144][ T8523] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 74.458671][ T8523] EXT4-fs (loop2): 1 truncate cleaned up [ 74.459328][ T8523] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.509344][ T8528] EXT4-fs: Ignoring removed bh option [ 74.532726][ T8528] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.532786][ T8528] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 74.547711][ T8528] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended [ 74.554040][ T8528] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 74.554657][ T8528] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.605009][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.681247][ T8078] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.804912][ T8546] syzkaller1: entered promiscuous mode [ 74.806090][ T8546] syzkaller1: entered allmulticast mode [ 74.883141][ T8552] binder: 8551:8552 Acquire 1 refcount change on invalid ref 1 ret -22 [ 74.916087][ T8548] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.961665][ T8555] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 74.970951][ T8548] EXT4-fs error (device loop2): ext4_get_first_dir_block:3557: inode #12: block 80: comm syz.2.1358: bad entry in directory: directory entry overrun - offset=12, inode=6, rec_len=4096, size=4096 fake=0 [ 74.977196][ T8548] EXT4-fs (loop2): Remounting filesystem read-only [ 75.007021][ T8078] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 75.032039][ T8560] ------------[ cut here ]------------ [ 75.032068][ T8560] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 10 MHz (7) [ 75.042777][ T8560] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2832 at mac80211_hwsim_sta_rc_update+0x4fc/0x6b0, CPU#0: syz.3.1363/8560 [ 75.045270][ T8560] Modules linked in: [ 75.046022][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.3.1363 Tainted: G L syzkaller #0 PREEMPT [ 75.048187][ T8560] Tainted: [L]=SOFTLOCKUP [ 75.049116][ T8560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 75.050973][ T8560] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 75.052476][ T8560] pc : mac80211_hwsim_sta_rc_update+0x4fc/0x6b0 [ 75.053689][ T8560] lr : mac80211_hwsim_sta_rc_update+0x4fc/0x6b0 [ 75.054885][ T8560] sp : ffff800095616d00 [ 75.055724][ T8560] x29: ffff800095616d40 x28: ffff0000d1799090 x27: ffff0000f45e32c0 [ 75.057354][ T8560] x26: ffff0000d1799090 x25: dfff800000000000 x24: 0000000000000014 [ 75.058952][ T8560] x23: 0000000000000000 x22: 0000000000000000 x21: ffff800089fbd000 [ 75.060509][ T8560] x20: ffff800089fbd000 x19: 0000000000000007 x18: 1fffe00034bf7420 [ 75.062082][ T8560] x17: ffff80008897b000 x16: ffff800088a2dc60 x15: 0000000000000000 [ 75.063728][ T8560] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000 [ 75.065301][ T8560] x11: ffff80008a3f3d08 x10: 0000000000000003 x9 : 50a8968b838c7700 [ 75.066862][ T8560] x8 : 50a8968b838c7700 x7 : 0000000000000000 x6 : 0000000000000000 [ 75.068416][ T8560] x5 : 0000000000000001 x4 : 0000000000000008 x3 : ffff800080155224 [ 75.069950][ T8560] x2 : 0000000000000006 x1 : ffff0000c5280000 x0 : 0000000000000001 [ 75.071474][ T8560] Call trace: [ 75.072091][ T8560] mac80211_hwsim_sta_rc_update+0x4fc/0x6b0 (P) [ 75.073267][ T8560] mac80211_hwsim_sta_add+0xa8/0x270 [ 75.074257][ T8560] drv_sta_state+0x6bc/0x1a24 [ 75.075275][ T8560] sta_info_insert_rcu+0x17fc/0x2398 [ 75.076357][ T8560] sta_info_insert+0x20/0xd8 [ 75.077305][ T8560] ieee80211_add_station+0x3ec/0x5e4 [ 75.078424][ T8560] rdev_add_station+0x118/0x428 [ 75.079415][ T8560] nl80211_new_station+0x1310/0x17e0 [ 75.080481][ T8560] genl_family_rcv_msg_doit+0x1e4/0x2d8 [ 75.081646][ T8560] genl_rcv_msg+0x444/0x620 [ 75.082616][ T8560] netlink_rcv_skb+0x22c/0x410 [ 75.083649][ T8560] genl_rcv+0x38/0x50 [ 75.084435][ T8560] netlink_unicast+0x610/0x800 [ 75.085397][ T8560] netlink_sendmsg+0x63c/0x920 [ 75.086330][ T8560] __sock_sendmsg+0xc8/0x138 [ 75.087206][ T8560] ____sys_sendmsg+0x418/0x70c [ 75.088107][ T8560] ___sys_sendmsg+0x198/0x224 [ 75.089005][ T8560] __sys_sendmsg+0x160/0x214 [ 75.089880][ T8560] __arm64_sys_sendmsg+0x80/0x94 [ 75.090797][ T8560] invoke_syscall+0x98/0x244 [ 75.091613][ T8560] el0_svc_common+0xe8/0x23c [ 75.092530][ T8560] do_el0_svc+0x48/0x58 [ 75.093305][ T8560] el0_svc+0x64/0x260 [ 75.094075][ T8560] el0t_64_sync_handler+0x48/0x148 [ 75.095049][ T8560] el0t_64_sync+0x198/0x19c [ 75.095933][ T8560] irq event stamp: 850 [ 75.096690][ T8560] hardirqs last enabled at (849): [] finish_task_switch+0x22c/0x768 [ 75.098480][ T8560] hardirqs last disabled at (850): [] el1_brk64+0x20/0x54 [ 75.100081][ T8560] softirqs last enabled at (834): [] rate_control_rate_init+0x374/0x5d0 [ 75.101869][ T8560] softirqs last disabled at (830): [] rate_control_rate_init+0x308/0x5d0 [ 75.103822][ T8560] ---[ end trace 0000000000000000 ]--- [ 75.134779][ T5927] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.192862][ T4722] Bluetooth: hci1: command tx timeout [ 75.282592][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 76.312578][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 77.362565][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 78.402570][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 79.432598][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 80.472967][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 81.512582][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 82.552572][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 83.592583][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 84.632592][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available