last executing test programs: 15m32.362635263s ago: executing program 32 (id=662): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000100000000fcffffff180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f9ffffff850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000580)='mmap_lock_acquire_returned\x00', r0}, 0x18) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) 15m12.1623871s ago: executing program 33 (id=880): r0 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f00000000c0)=0x3, 0x4) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80000}, 0x0) 15m2.369775204s ago: executing program 34 (id=963): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0xa, 0xffffffffffffffff, 0x7) 14m57.723168493s ago: executing program 35 (id=1000): r0 = fanotify_init(0x0, 0x40000) fanotify_mark(r0, 0x1, 0x8000008, r0, 0x0) r1 = fsopen(&(0x7f0000000c00)='bdev\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='\x00', &(0x7f00000000c0)="ce", 0x1) readv(r1, &(0x7f0000000100)=[{&(0x7f0000000280)=""/73, 0x49}], 0x1) 14m54.405824872s ago: executing program 36 (id=1015): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000000000)=0x1, 0x4) sendmsg$inet6(r0, &(0x7f0000000500)={&(0x7f0000000080)={0xa, 0xce27, 0x81, @dev={0xfe, 0x80, '\x00', 0x23}, 0x8}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000000c0)="06", 0x1}], 0x1}, 0x80001) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000040)) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x6, @private1, 0xd1}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x6}, 0x8) 14m47.458931464s ago: executing program 37 (id=1037): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10}) 14m44.510150058s ago: executing program 38 (id=1043): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000100), 0x21c004, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) write$FUSE_LK(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x3, 0xee4, 0x2}}}, 0x28) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000200)={0xa0, 0x0, 0x0, {{0x2, 0x0, 0x8, 0x8001, 0x80000000, 0x5, {0x2, 0x9, 0xb66, 0x8001, 0xffffffff, 0x6, 0x3, 0x6, 0xfffffff7, 0x8000, 0x6, 0x0, 0x0, 0xff, 0x7}}}}, 0xa0) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000180)={0x18, 0x1, 0x0, {0x9}}, 0x18) write$P9_RREAD(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="0f"], 0x10f) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x8000, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file1\x00', 0x42, 0x1ff) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) 14m22.001550759s ago: executing program 39 (id=1150): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x1, 0x4, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x8008000}, 0x80) 14m20.772436528s ago: executing program 40 (id=1160): r0 = socket(0x2, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'veth1_to_hsr\x00', &(0x7f0000000440)=@ethtool_rxnfc={0x30, 0x10, 0x8a, {0x5, @tcp_ip4_spec={@loopback, @local, 0x4e21, 0x4e21, 0x5}, {0x0, @broadcast, 0x4, 0x7, [0x7f, 0x8]}, @udp_ip4_spec={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0x4e24, 0x4e20, 0x3}, {0x0, @broadcast, 0x7, 0x1, [0x5bdaaabe, 0x101]}, 0x6, 0x9}}}) 14m14.783209335s ago: executing program 41 (id=1179): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) read$watch_queue(r0, &(0x7f0000000500)=""/156, 0x9c) read$FUSE(r0, &(0x7f0000001040)={0x2020}, 0x2020) 13m55.553164658s ago: executing program 42 (id=1282): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0xd0}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15) 13m44.685085909s ago: executing program 43 (id=1387): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@bridge_delneigh={0x58, 0x1d, 0x1, 0x70bd2c, 0x25dfdbed, {0x7, 0x0, 0x0, 0x0, 0x80, 0x24, 0x1}, [@NDA_VLAN={0x6, 0x5, 0x2}, @NDA_LLADDR={0xa, 0x2, @broadcast}, @NDA_IFINDEX={0x8}, @NDA_LINK_NETNSID={0x8, 0xa, 0xfffffe00}, @NDA_FLAGS_EXT={0xfffffffffffffc6b}, @NDA_NH_ID={0x8, 0xd, 0x7fffffff}, @NDA_PROTOCOL={0x5, 0xc, 0xe6}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000800}, 0x20040040) 13m42.808640156s ago: executing program 44 (id=1399): add_key$keyring(&(0x7f00000001c0), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) request_key(&(0x7f00000008c0)='user\x00', &(0x7f0000000900)={'syz', 0x0}, &(0x7f0000000940)='\x00', 0x0) r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='D', 0x1, r0) request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000680)={'syz', 0x0}, 0x0, 0x0) 13m41.607032804s ago: executing program 45 (id=1403): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000780)={'batadv_slave_0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000f40), r1) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, 0x0, 0x20008810) 13m32.060401645s ago: executing program 46 (id=1412): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f0000000000)=0x800000, 0x4) 13m25.423482342s ago: executing program 47 (id=1418): r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r4 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24044c04}, 0x24040014) 13m12.678818141s ago: executing program 48 (id=1505): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0xf50}, [@jmp={0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x28}, 0x94) 13m11.492630078s ago: executing program 49 (id=1515): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x11, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 13m7.092919602s ago: executing program 50 (id=1540): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x4, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x7b}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x20, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40) 13m5.396206418s ago: executing program 51 (id=1545): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa0900"/483], 0x610) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90) close_range(r0, 0xffffffffffffffff, 0x0) 12m42.305166048s ago: executing program 52 (id=1629): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x6, 0x1, 0x5, 0x7fffffff}]}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x1, 0x0) 12m40.837749279s ago: executing program 53 (id=1641): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x10, 0x4) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0x80, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x9}}, 0x8, 0x9f}, &(0x7f0000000080)=0x90) 12m36.662599341s ago: executing program 54 (id=1668): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x101002, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$TUNSETIFINDEX(r0, 0x400454da, 0xffffffffffffffff) 12m36.210234878s ago: executing program 55 (id=1670): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@bridge_newneigh={0x30, 0x1c, 0x114236db3b607435, 0x70bd28, 0x25dfd3fe, {0x2, 0x0, 0x0, r2, 0x40, 0x80, 0x4}, [@NDA_DST_IPV4={0x8, 0x1, @empty}, @NDA_LLADDR={0xa, 0x2, @multicast}]}, 0x30}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) 11m53.717681454s ago: executing program 56 (id=2000): syz_emit_ethernet(0x355, &(0x7f0000000440)={@random="61fe71b72b5f", @link_local={0x17, 0x80, 0xc2, 0x2, 0x9}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d23396", 0x31f, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, [{0x3, 0xa, "a78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000000000000026000400"}, {0x3, 0xc, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d"}, {0x18, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x1f, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c764c2d227a83b89483b1084743474677e45e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcc1876d4ec1876d4e6fa3ce2dfdb43a6f021659ff5c2d6b3d9363ed09bd9281c9fe68a3000000006f0000044e43e740e077e1d16212fb"}, {0x5, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c000000000000000000"}, {0x0, 0x5, "090000000900000036da018dff16e70b8b1400000000e18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) 11m52.821789227s ago: executing program 57 (id=2005): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)={0x14, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x800) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000000301"], 0x14}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) close(r0) 11m51.480215217s ago: executing program 58 (id=2014): quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000280)=@filename='./file0/file1\x00', 0xffffffffffffffff, 0x0) 11m19.342489841s ago: executing program 59 (id=2228): futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, 0x0, 0x0, 0x400000) futex(0x0, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x4, 0x0, &(0x7f0000fd7ff0), &(0x7f0000048000)=0x1, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 10m23.927284419s ago: executing program 60 (id=2893): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000007b00)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000080)="e6cab0ed", 0x4}], 0x1}}, {{&(0x7f0000000800)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x10}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @broadcast, @multicast1}}}], 0x30}}], 0x2, 0x40000) 3m15.700473381s ago: executing program 61 (id=8141): sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000d0000000028bd7000fddbdf25e700020073797a32000000000800410073697700140033006d6163766c612e"], 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x8041) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000d000000090000000000000f00"], &(0x7f0000001540)=""/4088, 0x31, 0xff8, 0x1}, 0x28) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) 2m50.386880375s ago: executing program 62 (id=8377): getrandom(&(0x7f0000003f40)=""/1, 0x1, 0x3) 2m47.862450942s ago: executing program 0 (id=8405): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000002c0)='./file0\x00', 0x0, &(0x7f0000000140)={[{@iocharset={'iocharset', 0x3d, 'cp437'}}]}, 0x1, 0x203, &(0x7f00000006c0)="$eJzs289qE10YBvAnbb9+0S5SxJW6GHDjqrS9gkapIgaESha6MtgWpJFCCgUFrTt3Xog3I/RquhAqJJP+iXGhJQ46vx+EecnJQ95ZJO9ZnHl5583e9v7B7tf3x2k2iiwkGzlJljOX+Yw0yuvcsF7MRR8DAPxttrZ67ap7YLYGg3bvRpKlH1a6XyppCAAAAAAAAAAAgCtz/h8A6uc3zv83ZtQKMzIYtHu3y/3bZc7/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANU5OT1tnU55/Z+kmeRakutJxu9X3S8AcHXmPwDUj/kPAPVj/gNA/Tx7/uJJu9PZ3CqKZtL/dNg97I6uo/X2bl6nn52sppVvw31AaVQ/fNzZXC2GlvO5f1Tmjw678+P8o2ayk7W0sjw9vzbKF5fz/w33HWffv55Wbk7Pr0/NL+be3Qv5lbRy/Cr76Wd7uJ85z39YK4oHTzsT+aXh5wDgX7RSbJTVxPxulOsrxdjEfB+t/8L+YGK+LuTWQmW3DQC1dvD23V6v398ZVFjcL3upuA2FQnFWVPzHBMzc+Y++6k4AAAAAAAAAAAAAAICf+ROPE1V9jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUz/cAAAD//8Z67Ls=") bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) getdents64(r0, &(0x7f0000000980)=""/254, 0xfe) 2m47.648310535s ago: executing program 0 (id=8407): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000001540)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x100) read$FUSE(r0, &(0x7f00000020c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r0, &(0x7f0000000000)={0x18, 0x0, r1, {0x800000007}}, 0x18) 2m46.6499779s ago: executing program 0 (id=8417): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_delroute={0x38, 0x19, 0x1, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x20, 0x0, 0xff, 0x2, 0xff, 0x2, 0x1800}, [@RTA_DST={0x8, 0x1, @local}, @RTA_METRICS={0x11, 0x8, 0x0, 0x1, "8c5f8a2f45e7f083fe02a76768"}]}, 0x38}, 0x1, 0x0, 0x0, 0x44050}, 0x1000) 2m43.612390015s ago: executing program 0 (id=8434): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000680)=ANY=[], 0x3, 0x268, &(0x7f0000000b40)="$eJzs289rI2UYB/AntbJpl24q/mIXxBc9qJdh27OHXaSCWFDUCqsgO2unGjsmpRMKUbE96XX/BM/i0ZsgiycvvfgXePDWS497EEfSpLUplV38kS7dz+eQPMw73+TN+4bhSUj2Xr796fpala3lvZhqNGLqWuzE3emYj6k4tBMvvXDj52fevvHe69eXl5ujo4sppUvP/vj+F989d6d38d3vL/1wIXbnP9jbX/xt96ndy3t/vPNxu0rtKnW6vZSnW91uL79VFmm1Xa1nKb1ZFnlVpHanKjbHxtfK7sZGP+Wd1bnZjc2iqlLe6af1op963dTb7Kf8o7zdSVmWpbnZ4N9Y+fZuXcd+/ejNqOt65pu4eCfmfo1WNB5LjcevNZ682Xh6p3F5v65bJ6MzZzNj/lv/eP85F0YX9aW3UmpGlF9vrWytDO8Ho824vhbtKKOIqzETv8fgbTIyrF99bXnpajowH1+V26P89tbKIwePf5RfiFbMn55fGObTYf5CRAxuZ4/nF6MVT5yeXzyRHz5/M158/lg+i1b88mF0o4zVGGRje7QES18upPTKG8sn8lcOzgMAOG+ydGTQvw2atrH+LcvGxo/1R8P8sf6wdY/+8ER/NR1Xps/2tRNR9T9bz8uy2Bx8wDsojo48pMXtsWW5n+Lwq5D/b2JTY3v2gCzUhIrPf4p4AKZxajF9jvci4pOzuCAxUX9t+j1PbU5kQgAAAAAAAAAAANyXSfycMCL8fRQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhbfwYAAP//aLm/Nw==") socket$inet_sctp(0x2, 0x5, 0x84) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x194068, 0x0, 0x1, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffff9c, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 2m43.22845206s ago: executing program 0 (id=8438): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x164) r1 = fanotify_init(0x2, 0x1000) fanotify_mark(r1, 0x541, 0x4000002b, r0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x200) 2m42.59358281s ago: executing program 0 (id=8444): r0 = socket(0x2, 0x3, 0x103) sendmmsg$inet(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)}}, {{&(0x7f0000000140)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001580)=[{0x0}, {&(0x7f0000000280)="c7bace4ebe91b42a7bf8f8285d1045a6fe4a609cfb8b4a926453e0ec420e051dc8", 0x21}], 0x2}}], 0x2, 0x480c4) 2m42.075549698s ago: executing program 63 (id=8444): r0 = socket(0x2, 0x3, 0x103) sendmmsg$inet(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)}}, {{&(0x7f0000000140)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001580)=[{0x0}, {&(0x7f0000000280)="c7bace4ebe91b42a7bf8f8285d1045a6fe4a609cfb8b4a926453e0ec420e051dc8", 0x21}], 0x2}}], 0x2, 0x480c4) 2m39.292130129s ago: executing program 2 (id=8471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) 2m39.147449671s ago: executing program 2 (id=8472): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0x9362, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0x80049370, 0x0) 2m38.979776833s ago: executing program 2 (id=8473): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x28, r1, 0x1, 0x2070bd26, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004850}, 0x4044014) 2m38.871280085s ago: executing program 2 (id=8474): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000680)=ANY=[], 0x3, 0x268, &(0x7f0000000b40)="$eJzs289rI2UYB/AntbJpl24q/mIXxBc9qJdh27OHXaSCWFDUCqsgO2unGjsmpRMKUbE96XX/BM/i0ZsgiycvvfgXePDWS497EEfSpLUplV38kS7dz+eQPMw73+TN+4bhSUj2Xr796fpala3lvZhqNGLqWuzE3emYj6k4tBMvvXDj52fevvHe69eXl5ujo4sppUvP/vj+F989d6d38d3vL/1wIXbnP9jbX/xt96ndy3t/vPNxu0rtKnW6vZSnW91uL79VFmm1Xa1nKb1ZFnlVpHanKjbHxtfK7sZGP+Wd1bnZjc2iqlLe6af1op963dTb7Kf8o7zdSVmWpbnZ4N9Y+fZuXcd+/ejNqOt65pu4eCfmfo1WNB5LjcevNZ682Xh6p3F5v65bJ6MzZzNj/lv/eP85F0YX9aW3UmpGlF9vrWytDO8Ho824vhbtKKOIqzETv8fgbTIyrF99bXnpajowH1+V26P89tbKIwePf5RfiFbMn55fGObTYf5CRAxuZ4/nF6MVT5yeXzyRHz5/M158/lg+i1b88mF0o4zVGGRje7QES18upPTKG8sn8lcOzgMAOG+ydGTQvw2atrH+LcvGxo/1R8P8sf6wdY/+8ER/NR1Xps/2tRNR9T9bz8uy2Bx8wDsojo48pMXtsWW5n+Lwq5D/b2JTY3v2gCzUhIrPf4p4AKZxajF9jvci4pOzuCAxUX9t+j1PbU5kQgAAAAAAAAAAANyXSfycMCL8fRQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhbfwYAAP//aLm/Nw==") socket$inet_sctp(0x2, 0x5, 0x84) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x194068, 0x0, 0x1, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffff9c, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 2m38.708864567s ago: executing program 2 (id=8475): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000040)=0x0) timer_settime(r0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x3938700}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000100)={{}, {0x77359400}}, 0x0) timer_delete(r0) 2m38.343916973s ago: executing program 2 (id=8478): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m38.017889737s ago: executing program 64 (id=8478): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m8.05577786s ago: executing program 9 (id=8808): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 2m7.876988103s ago: executing program 9 (id=8809): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000240)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0xff60}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) 2m7.557805617s ago: executing program 9 (id=8814): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) 2m7.288099991s ago: executing program 9 (id=8817): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000680)=ANY=[], 0x3, 0x268, &(0x7f0000000b40)="$eJzs289rI2UYB/AntbJpl24q/mIXxBc9qJdh27OHXaSCWFDUCqsgO2unGjsmpRMKUbE96XX/BM/i0ZsgiycvvfgXePDWS497EEfSpLUplV38kS7dz+eQPMw73+TN+4bhSUj2Xr796fpala3lvZhqNGLqWuzE3emYj6k4tBMvvXDj52fevvHe69eXl5ujo4sppUvP/vj+F989d6d38d3vL/1wIXbnP9jbX/xt96ndy3t/vPNxu0rtKnW6vZSnW91uL79VFmm1Xa1nKb1ZFnlVpHanKjbHxtfK7sZGP+Wd1bnZjc2iqlLe6af1op963dTb7Kf8o7zdSVmWpbnZ4N9Y+fZuXcd+/ejNqOt65pu4eCfmfo1WNB5LjcevNZ682Xh6p3F5v65bJ6MzZzNj/lv/eP85F0YX9aW3UmpGlF9vrWytDO8Ho824vhbtKKOIqzETv8fgbTIyrF99bXnpajowH1+V26P89tbKIwePf5RfiFbMn55fGObTYf5CRAxuZ4/nF6MVT5yeXzyRHz5/M158/lg+i1b88mF0o4zVGGRje7QES18upPTKG8sn8lcOzgMAOG+ydGTQvw2atrH+LcvGxo/1R8P8sf6wdY/+8ER/NR1Xps/2tRNR9T9bz8uy2Bx8wDsojo48pMXtsWW5n+Lwq5D/b2JTY3v2gCzUhIrPf4p4AKZxajF9jvci4pOzuCAxUX9t+j1PbU5kQgAAAAAAAAAAANyXSfycMCL8fRQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhbfwYAAP//aLm/Nw==") syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x194068, 0x0, 0x1, 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 2m6.951786276s ago: executing program 9 (id=8819): r0 = epoll_create1(0x80000) r1 = epoll_create1(0x80000) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x20000001}) epoll_pwait2(r1, &(0x7f0000000640)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa000201e}) 2m6.331809755s ago: executing program 9 (id=8823): unshare(0x28000600) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) vmsplice(r0, &(0x7f0000000a00)=[{&(0x7f0000000200)='c', 0x1}, {&(0x7f0000000080)="9d", 0x1}], 0x2, 0x9) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x4) 2m5.835987723s ago: executing program 65 (id=8823): unshare(0x28000600) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) vmsplice(r0, &(0x7f0000000a00)=[{&(0x7f0000000200)='c', 0x1}, {&(0x7f0000000080)="9d", 0x1}], 0x2, 0x9) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x4) 1m21.658355285s ago: executing program 6 (id=9282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x31}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0xfff}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x804}, 0x4000040) 1m21.286547291s ago: executing program 6 (id=9286): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001600)={0x20, 0x1, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 1m21.045644634s ago: executing program 6 (id=9287): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@gettaction={0x28, 0x30, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8011}, 0x4) 1m20.739773079s ago: executing program 6 (id=9290): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000680)=ANY=[], 0x3, 0x268, &(0x7f0000000b40)="$eJzs289rI2UYB/AntbJpl24q/mIXxBc9qJdh27OHXaSCWFDUCqsgO2unGjsmpRMKUbE96XX/BM/i0ZsgiycvvfgXePDWS497EEfSpLUplV38kS7dz+eQPMw73+TN+4bhSUj2Xr796fpala3lvZhqNGLqWuzE3emYj6k4tBMvvXDj52fevvHe69eXl5ujo4sppUvP/vj+F989d6d38d3vL/1wIXbnP9jbX/xt96ndy3t/vPNxu0rtKnW6vZSnW91uL79VFmm1Xa1nKb1ZFnlVpHanKjbHxtfK7sZGP+Wd1bnZjc2iqlLe6af1op963dTb7Kf8o7zdSVmWpbnZ4N9Y+fZuXcd+/ejNqOt65pu4eCfmfo1WNB5LjcevNZ682Xh6p3F5v65bJ6MzZzNj/lv/eP85F0YX9aW3UmpGlF9vrWytDO8Ho824vhbtKKOIqzETv8fgbTIyrF99bXnpajowH1+V26P89tbKIwePf5RfiFbMn55fGObTYf5CRAxuZ4/nF6MVT5yeXzyRHz5/M158/lg+i1b88mF0o4zVGGRje7QES18upPTKG8sn8lcOzgMAOG+ydGTQvw2atrH+LcvGxo/1R8P8sf6wdY/+8ER/NR1Xps/2tRNR9T9bz8uy2Bx8wDsojo48pMXtsWW5n+Lwq5D/b2JTY3v2gCzUhIrPf4p4AKZxajF9jvci4pOzuCAxUX9t+j1PbU5kQgAAAAAAAAAAANyXSfycMCL8fRQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhbfwYAAP//aLm/Nw==") syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x194068, 0x0, 0x1, 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 1m20.402270694s ago: executing program 6 (id=9293): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(r0, 0x0, 0x40002) r1 = socket(0x2, 0x2, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000140)={0x11, 0x3, r4, 0x1, 0x5, 0x6, @local}, 0x14) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x44014}, 0x4024004) 1m19.776704273s ago: executing program 6 (id=9299): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000040c0)='reno\x00', 0x5) sendmmsg$inet(r0, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000000700)="5e405601bc617d89f8c34d8595a2035a2110b9361559a391f4119f8c201a3bc46827a87083bc268c54440000000000", 0x2f}, {&(0x7f0000000740)="ee57921e90fa86a8a114b8edfa5b4abfc3fe8f2bbe45d03edda24a30ca6b9b190ca992760626f2d22a5c4d221fed10f80479ab263bb7f13db52e35e79015c68107fae2f58a3c29305c5e9d4f0532f6aa6a", 0x51}, {0x0}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x80) 1m19.095503273s ago: executing program 66 (id=9299): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000040c0)='reno\x00', 0x5) sendmmsg$inet(r0, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000000700)="5e405601bc617d89f8c34d8595a2035a2110b9361559a391f4119f8c201a3bc46827a87083bc268c54440000000000", 0x2f}, {&(0x7f0000000740)="ee57921e90fa86a8a114b8edfa5b4abfc3fe8f2bbe45d03edda24a30ca6b9b190ca992760626f2d22a5c4d221fed10f80479ab263bb7f13db52e35e79015c68107fae2f58a3c29305c5e9d4f0532f6aa6a", 0x51}, {0x0}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x80) 1m5.815779119s ago: executing program 4 (id=9432): syz_emit_ethernet(0x8d, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa3d1b82de082486dd611be70000572f00fe800bad7ad0000000000000000000bbfe8000000000000000000000000000aa0c2088be00060001bf3f030b7d2701009900fffd000b003e1f515cedcd1b8100008608"], 0x0) 1m5.581795262s ago: executing program 4 (id=9435): prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x7, 0xffff}, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f00000003c0)=ANY=[@ANYBLOB="611404"], 0xa8) sendmsg$inet6(r0, &(0x7f0000000480)={&(0x7f0000000080)={0xa, 0x4e22, 0x1aab, @loopback, 0x5}, 0x1c, 0x0}, 0x41) 1m5.414451494s ago: executing program 4 (id=9438): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@setneightbl={0x14, 0x43, 0x1, 0x70bd25, 0x25dfdbff, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24048095}, 0x24040000) 1m5.147796239s ago: executing program 4 (id=9441): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200010, &(0x7f0000000680)=ANY=[], 0x3, 0x268, &(0x7f0000000b40)="$eJzs289rI2UYB/AntbJpl24q/mIXxBc9qJdh27OHXaSCWFDUCqsgO2unGjsmpRMKUbE96XX/BM/i0ZsgiycvvfgXePDWS497EEfSpLUplV38kS7dz+eQPMw73+TN+4bhSUj2Xr796fpala3lvZhqNGLqWuzE3emYj6k4tBMvvXDj52fevvHe69eXl5ujo4sppUvP/vj+F989d6d38d3vL/1wIXbnP9jbX/xt96ndy3t/vPNxu0rtKnW6vZSnW91uL79VFmm1Xa1nKb1ZFnlVpHanKjbHxtfK7sZGP+Wd1bnZjc2iqlLe6af1op963dTb7Kf8o7zdSVmWpbnZ4N9Y+fZuXcd+/ejNqOt65pu4eCfmfo1WNB5LjcevNZ682Xh6p3F5v65bJ6MzZzNj/lv/eP85F0YX9aW3UmpGlF9vrWytDO8Ho824vhbtKKOIqzETv8fgbTIyrF99bXnpajowH1+V26P89tbKIwePf5RfiFbMn55fGObTYf5CRAxuZ4/nF6MVT5yeXzyRHz5/M158/lg+i1b88mF0o4zVGGRje7QES18upPTKG8sn8lcOzgMAOG+ydGTQvw2atrH+LcvGxo/1R8P8sf6wdY/+8ER/NR1Xps/2tRNR9T9bz8uy2Bx8wDsojo48pMXtsWW5n+Lwq5D/b2JTY3v2gCzUhIrPf4p4AKZxajF9jvci4pOzuCAxUX9t+j1PbU5kQgAAAAAAAAAAANyXSfycMCL8fRQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhbfwYAAP//aLm/Nw==") syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x194068, 0x0, 0x1, 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0xa1c08, 0x0) 1m4.960431811s ago: executing program 4 (id=9444): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x1, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='target '], 0x15) 1m4.440812739s ago: executing program 4 (id=9451): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000009f00)=[{{0x0, 0x0, &(0x7f0000005000)=[{&(0x7f0000003cc0)='i', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000006440)='?', 0x1}], 0x1, &(0x7f00000075c0)=[{0x10, 0x10f, 0x3ff}, {0x10, 0x1, 0x1}], 0x20}}], 0x2, 0x40) 1m3.982943756s ago: executing program 67 (id=9451): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000009f00)=[{{0x0, 0x0, &(0x7f0000005000)=[{&(0x7f0000003cc0)='i', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000006440)='?', 0x1}], 0x1, &(0x7f00000075c0)=[{0x10, 0x10f, 0x3ff}, {0x10, 0x1, 0x1}], 0x20}}], 0x2, 0x40) 36.309698024s ago: executing program 8 (id=9776): r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$tcp_mem(r0, &(0x7f00000000c0)={0x800000008, 0x20, 0x53, 0x20, 0x7}, 0x14) 36.007168799s ago: executing program 8 (id=9781): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r2, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000040)={r2, 0x1, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) 35.776302152s ago: executing program 8 (id=9784): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000030c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x1, 0x0, 0x0, 0x8, 0x1}]}}, &(0x7f00000002c0)=""/215, 0x26, 0xd7, 0x1}, 0x28) 35.606947965s ago: executing program 8 (id=9785): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$9p_unix(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0) 35.292303849s ago: executing program 8 (id=9788): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x0, 0xc9) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='kmem_cache_free\x00', r1}, 0x18) fcntl$notify(r0, 0x402, 0x2) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x0) open_by_handle_at(r2, &(0x7f0000000000)=@ceph_nfs_fh={0x8, 0x1, {0x1}}, 0x0) 34.858615056s ago: executing program 8 (id=9793): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000003dc0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x2000}, 0x1c) 34.251187045s ago: executing program 68 (id=9793): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000003dc0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x2000}, 0x1c) 5.397972351s ago: executing program 1 (id=10117): r0 = socket$igmp(0x2, 0x3, 0x2) io_setup(0x19, &(0x7f0000000100)=0x0) socket$inet_sctp(0x2, 0x5, 0x84) r2 = eventfd2(0x8, 0x0) io_submit(r1, 0x1, &(0x7f0000004500)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x1, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) io_pgetevents(r1, 0x2, 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x391, 0x4) userfaultfd(0x80801) socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r3, 0x541c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000000)={0x6, 0x100000001, 0x3, 0xffffffff, 0x2627bc41, 0xba4, 0x3, 0x7}, 0x0, &(0x7f0000000040)={0x7ff, 0x7838, 0x0, 0x8, 0x1, 0x3, 0x1, 0x7f}, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x4, &(0x7f0000001080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) 4.335796856s ago: executing program 1 (id=10133): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000fdffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014001500b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000cc0)={r0, 0x0, 0x0, 0x21, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x4) 4.09586019s ago: executing program 1 (id=10136): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x10042, 0x282) writev(r0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000040)="d19d", 0x2}, {0x0}, {&(0x7f00000002c0)="be87133a", 0x4}], 0x4) 3.917253833s ago: executing program 1 (id=10139): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='syscall\x00') r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000540)={0xaa, 0x110}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) syz_open_dev$evdev(&(0x7f0000001a80), 0x910, 0x200) read$FUSE(r0, &(0x7f0000006a40)={0x2020}, 0x2020) 2.74375955s ago: executing program 5 (id=10151): syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000008c0)={[{@nodots}, {@fat=@dmask={'dmask', 0x3d, 0x3}}, {@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffcc2}}, {@fat=@uid}, {@fat=@flush}]}, 0x1, 0x20f, &(0x7f0000000580)="$eJzs3D1rW1ccB+AjWa6tlhZPhXbpoV3a5bb20qVDS3GhVNDSWiUv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3KJKt2PgtceQ4zvMs+nN+51ydowMXcSTu5i93bzVWs2Q17YTSbCEUfw39sFMIc6EYdvXDDw+ubN/57+q1v36rVBb/HbQtzZdjjF988/j67fvfPul89v/DQWshhLC18Gzjy42vNl8s3axnsZ7FVrsT07jcbnfS5WYtrtSzRhLjP81amtVivZXV1vblq832+K1DLcti2urFRq0XO+3YWevF9EZab8UkSeJs4Eyq93byPGzleZ7P9EOe5296gcJk5sV5OeP+84Hbu6nHwd30eb9b7VaHr8P8jz8riz/FV+bGo7a73erUXj4/zOP+fDp8OsoXDs0/Cd9/N8wH2e9/Vw7k5bAy+eUDAAAAAMCllMQ9h57vJ8lR+bB67feBA+f3pfB1adwyNfmlAAAAAEfIeuuNtLkyvTYsmrULU/z8aDTFkzr/+PTkPhMqPh8V4S2vUw4hHN2nGC7KXky42P0f+ahlerTxpxteelfTKF+QT+P4ohzWGzPnsykAAMDlMv7Sf+ohxYlOCAAAAAAAAAAAAAAAAAAAAD5C5/Hosve9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA47wMAAD//2OnWSE=") openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) truncate(&(0x7f0000000080)='./file1\x00', 0xa47b) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140) 2.478842234s ago: executing program 5 (id=10153): move_pages(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000/0x4000)=nil], 0x0, &(0x7f00000001c0), 0x2) 2.306504476s ago: executing program 7 (id=10156): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x4008af21, 0x0) 2.199826448s ago: executing program 5 (id=10158): r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) truncate(&(0x7f0000000080)='./file1\x00', 0xa47b) 1.909970142s ago: executing program 7 (id=10159): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) 1.778442354s ago: executing program 7 (id=10160): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4040011) sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x881}, 0x4085) 1.605807737s ago: executing program 7 (id=10162): syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000008c0)={[{@nodots}, {@fat=@dmask={'dmask', 0x3d, 0x3}}, {@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffcc2}}, {@fat=@uid}, {@fat=@flush}]}, 0x1, 0x20f, &(0x7f0000000580)="$eJzs3D1rW1ccB+AjWa6tlhZPhXbpoV3a5bb20qVDS3GhVNDSWiUv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3KJKt2PgtceQ4zvMs+nN+51ydowMXcSTu5i93bzVWs2Q17YTSbCEUfw39sFMIc6EYdvXDDw+ubN/57+q1v36rVBb/HbQtzZdjjF988/j67fvfPul89v/DQWshhLC18Gzjy42vNl8s3axnsZ7FVrsT07jcbnfS5WYtrtSzRhLjP81amtVivZXV1vblq832+K1DLcti2urFRq0XO+3YWevF9EZab8UkSeJs4Eyq93byPGzleZ7P9EOe5296gcJk5sV5OeP+84Hbu6nHwd30eb9b7VaHr8P8jz8riz/FV+bGo7a73erUXj4/zOP+fDp8OsoXDs0/Cd9/N8wH2e9/Vw7k5bAy+eUDAAAAAMCllMQ9h57vJ8lR+bB67feBA+f3pfB1adwyNfmlAAAAAEfIeuuNtLkyvTYsmrULU/z8aDTFkzr/+PTkPhMqPh8V4S2vUw4hHN2nGC7KXky42P0f+ahlerTxpxteelfTKF+QT+P4ohzWGzPnsykAAMDlMv7Sf+ohxYlOCAAAAAAAAAAAAAAAAAAAAD5C5/Hosve9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA47wMAAD//2OnWSE=") openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) truncate(&(0x7f0000000080)='./file1\x00', 0xa47b) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140) 1.39313012s ago: executing program 5 (id=10163): r0 = syz_create_resource$binfmt(&(0x7f0000000000)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file1', [{0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}]}, 0x61) r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) io_setup(0x9, &(0x7f0000000300)=0x0) io_submit(r3, 0x1, &(0x7f00000019c0)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x4, r2, 0x0}]) 1.259904692s ago: executing program 3 (id=10164): syz_emit_ethernet(0x56, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x2, 0x3e, 0x48, 0x66, 0x0, 0x4, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@timestamp_prespec={0x44, 0x1c, 0xf, 0x3, 0xb, [{@multicast2, 0x4}, {@empty, 0x2}, {@broadcast, 0x85}]}, @ssrr={0x89, 0x3, 0xbe}]}}, {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x5, 0x0, 0x5dc}}}}}}, 0x0) 1.220429013s ago: executing program 7 (id=10165): r0 = socket$igmp(0x2, 0x3, 0x2) io_setup(0x19, &(0x7f0000000100)=0x0) socket$inet_sctp(0x2, 0x5, 0x84) r2 = eventfd2(0x8, 0x0) io_submit(r1, 0x1, &(0x7f0000004500)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x1, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) io_pgetevents(r1, 0x2, 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x391, 0x4) userfaultfd(0x80801) socket$inet6(0xa, 0x2, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r3, 0x541c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000000)={0x6, 0x100000001, 0x3, 0xffffffff, 0x2627bc41, 0xba4, 0x3, 0x7}, 0x0, &(0x7f0000000040)={0x7ff, 0x7838, 0x0, 0x8, 0x1, 0x3, 0x1, 0x7f}, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x4, &(0x7f0000001080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) 1.178377813s ago: executing program 5 (id=10166): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1fc0a0869fd0e76753a00000400", 0x0, 0x400006, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.132937063s ago: executing program 3 (id=10167): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000fdffffff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014001500b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000cc0)={r1, 0x0, 0x0, 0x21, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x4) 947.707396ms ago: executing program 3 (id=10168): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) io_setup(0xea, &(0x7f00000000c0)=0x0) close(0x3) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000002f00), 0x80401, 0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x8, r0, 0x0, 0x0, 0x0, 0x0, 0x2}]) 740.23305ms ago: executing program 1 (id=10169): r0 = syz_clone3(&(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, 0x0, 0x0, 0x15, 0x0) 545.567382ms ago: executing program 3 (id=10170): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4040011) sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x881}, 0x4085) 483.870573ms ago: executing program 1 (id=10171): r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) truncate(&(0x7f0000000080)='./file1\x00', 0xa47b) 342.917355ms ago: executing program 3 (id=10172): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) io_setup(0x1, &(0x7f0000000140)=0x0) io_submit(r3, 0x1, &(0x7f00000007c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x2, r2, 0x0}]) 112.116029ms ago: executing program 5 (id=10173): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket(0x2c, 0x3, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.21138ms ago: executing program 3 (id=10174): openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file1', [{0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}]}, 0x61) r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) io_setup(0x9, &(0x7f0000000300)=0x0) io_submit(r2, 0x1, &(0x7f00000019c0)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}]) 0s ago: executing program 7 (id=10175): r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x1bbc, 0x801) fcntl$setstatus(r0, 0x4, 0x42400) write$evdev(r0, &(0x7f00000000c0)=[{{}, 0x0, 0x1, 0x3}], 0x5b) kernel console output (not intermixed with test programs): 6] System zones: 0-1, 3-36 [ 867.336685][ T2266] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 867.420217][ T2279] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 867.573693][T31673] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 867.746550][ T2291] loop1: detected capacity change from 0 to 128 [ 868.598729][ T2335] overlayfs: failed to resolve './bus': -2 [ 868.796965][ T3475] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.920159][ T3475] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.035664][ T3475] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.252987][ T3475] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.656563][ T2366] overlayfs: failed to resolve './bus': -2 [ 870.131781][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 870.143884][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 870.152953][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 870.182302][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 870.195919][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 870.203518][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 870.286127][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 870.295859][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.304556][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.540271][ T2394] chnl_net:caif_netlink_parms(): no params data found [ 872.187750][ T3475] hsr_slave_0: left promiscuous mode [ 872.206195][ T3475] hsr_slave_1: left promiscuous mode [ 872.244745][ T3475] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 872.258464][ T3475] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 872.272404][ T3475] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 872.284330][ T50] Bluetooth: hci1: command tx timeout [ 872.325068][ T3475] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 872.365442][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 872.402658][ T3475] bridge_slave_1: left allmulticast mode [ 872.409075][ T3475] bridge_slave_1: left promiscuous mode [ 872.416314][ T3475] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.498088][ T3475] bridge_slave_0: left allmulticast mode [ 872.513412][ T2708] overlayfs: failed to resolve './bus': -2 [ 872.522870][ T3475] bridge_slave_0: left promiscuous mode [ 872.529790][ T3475] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.634842][ T3475] veth1_macvtap: left promiscuous mode [ 872.640456][ T3475] veth0_macvtap: left promiscuous mode [ 872.654444][ T3475] veth1_vlan: left promiscuous mode [ 872.672301][ T3475] veth0_vlan: left promiscuous mode [ 874.273646][ T3475] team0 (unregistering): Port device team_slave_1 removed [ 874.373664][ T5793] Bluetooth: hci1: command tx timeout [ 874.388776][ T3475] team0 (unregistering): Port device team_slave_0 removed [ 874.593612][ T3475] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 874.777331][ T3475] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 876.098122][ T3475] bond0 (unregistering): Released all slaves [ 876.250870][ T2394] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.280080][ T2394] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.303114][ T2394] bridge_slave_0: entered allmulticast mode [ 876.318279][ T2394] bridge_slave_0: entered promiscuous mode [ 876.332027][ T2394] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.341663][ T2394] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.349502][ T2394] bridge_slave_1: entered allmulticast mode [ 876.358762][ T2394] bridge_slave_1: entered promiscuous mode [ 876.444316][ T5793] Bluetooth: hci1: command tx timeout [ 876.495537][ T2394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.519309][ T2394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.793780][ T2898] overlayfs: workdir and upperdir must reside under the same mount [ 876.942759][ T2895] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.950304][ T2895] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.924501][ T2895] bridge_slave_0: left allmulticast mode [ 877.930324][ T2895] bridge_slave_0: left promiscuous mode [ 877.955058][ T2895] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.070328][ T2895] bridge_slave_1: left allmulticast mode [ 878.094059][ T2895] bridge_slave_1: left promiscuous mode [ 878.100003][ T2895] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.248715][ T2895] bond0: (slave bond_slave_0): Releasing backup interface [ 878.357389][ T2895] bond0: (slave bond_slave_1): Releasing backup interface [ 878.515929][ T2895] team0: Port device team_slave_0 removed [ 878.525857][ T5793] Bluetooth: hci1: command tx timeout [ 878.612759][ T2895] team0: Port device team_slave_1 removed [ 878.655294][ T2895] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 878.697923][ T2895] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 878.782035][ T2895] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 878.797537][ T2895] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 879.003147][ T2973] GUP no longer grows the stack in syz.2.8248 (2973): 200000009000-200000018000 (200000008000) [ 879.014495][ T2973] CPU: 0 PID: 2973 Comm: syz.2.8248 Not tainted 6.6.98-syzkaller #0 [ 879.022544][ T2973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 879.032668][ T2973] Call Trace: [ 879.035989][ T2973] [ 879.038968][ T2973] dump_stack_lvl+0x16c/0x230 [ 879.043707][ T2973] ? show_regs_print_info+0x20/0x20 [ 879.048948][ T2973] ? load_image+0x3b0/0x3b0 [ 879.053475][ T2973] ? find_vma+0x12e/0x1b0 [ 879.057857][ T2973] __get_user_pages+0xfb9/0x1470 [ 879.062840][ T2973] ? populate_vma_page_range+0x370/0x370 [ 879.068495][ T2973] ? __gup_longterm_locked+0x1e3c/0x2920 [ 879.074158][ T2973] ? down_read_killable+0x1d0/0x340 [ 879.079396][ T2973] __gup_longterm_locked+0x1f92/0x2920 [ 879.084904][ T2973] ? pin_user_pages_remote+0x210/0x210 [ 879.090393][ T2973] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 879.096392][ T2973] ? lock_chain_count+0x20/0x20 [ 879.101308][ T2973] ? internal_get_user_pages_fast+0x1fa2/0x2730 [ 879.107619][ T2973] internal_get_user_pages_fast+0x217f/0x2730 [ 879.113784][ T2973] ? get_user_pages_fast_only+0xa0/0xa0 [ 879.119379][ T2973] __iov_iter_get_pages_alloc+0x380/0xa90 [ 879.125130][ T2973] iov_iter_get_pages2+0x5f/0xa0 [ 879.130119][ T2973] fuse_copy_fill+0x551/0xad0 [ 879.134850][ T2973] ? list_move_tail+0x150/0x150 [ 879.139731][ T2973] ? fuse_dev_do_read+0xb53/0x11a0 [ 879.144870][ T2973] ? __lock_acquire+0x7c80/0x7c80 [ 879.149915][ T2973] ? do_raw_spin_lock+0x121/0x2c0 [ 879.154969][ T2973] ? __rwlock_init+0x150/0x150 [ 879.159763][ T2973] fuse_copy_one+0x91/0x120 [ 879.164293][ T2973] fuse_dev_do_read+0xb91/0x11a0 [ 879.169268][ T2973] ? queue_interrupt+0x390/0x390 [ 879.174228][ T2973] ? try_to_wake_up+0x729/0x10b0 [ 879.179214][ T2973] fuse_dev_read+0x14d/0x1d0 [ 879.183825][ T2973] ? fuse_dev_release+0x500/0x500 [ 879.188873][ T2973] ? common_file_perm+0x198/0x1f0 [ 879.193922][ T2973] vfs_read+0x431/0x920 [ 879.198106][ T2973] ? kernel_read+0x1e0/0x1e0 [ 879.202718][ T2973] ? __fget_files+0x44a/0x4d0 [ 879.207432][ T2973] ? __fdget_pos+0x1d8/0x330 [ 879.212061][ T2973] ? ksys_read+0x75/0x250 [ 879.216417][ T2973] ksys_read+0x147/0x250 [ 879.220683][ T2973] ? vfs_write+0x940/0x940 [ 879.225131][ T2973] ? lockdep_hardirqs_on+0x98/0x150 [ 879.230348][ T2973] do_syscall_64+0x55/0xb0 [ 879.234789][ T2973] ? clear_bhb_loop+0x40/0x90 [ 879.239491][ T2973] ? clear_bhb_loop+0x40/0x90 [ 879.244192][ T2973] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 879.250108][ T2973] RIP: 0033:0x7f69f678e929 [ 879.254553][ T2973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 879.274183][ T2973] RSP: 002b:00007f69f76bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 879.282628][ T2973] RAX: ffffffffffffffda RBX: 00007f69f69b5fa0 RCX: 00007f69f678e929 [ 879.290626][ T2973] RDX: 0000000000002020 RSI: 0000200000008e80 RDI: 0000000000000003 [ 879.298613][ T2973] RBP: 00007f69f6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 879.306599][ T2973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 879.314589][ T2973] R13: 0000000000000000 R14: 00007f69f69b5fa0 R15: 00007fff3569abc8 [ 879.322589][ T2973] [ 879.756360][ T2895] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 879.765733][ T2895] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 879.778364][ T2895] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 879.788327][ T2895] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.157263][ T2394] team0: Port device team_slave_0 added [ 880.178869][ T2394] team0: Port device team_slave_1 added [ 880.321956][ T2394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 880.339763][ T2394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 880.358475][ T3041] overlayfs: failed to clone upperpath [ 880.378570][ T2394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 880.428204][ T2394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 880.461269][ T2394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 880.535458][ T2394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 880.812765][ T2394] hsr_slave_0: entered promiscuous mode [ 880.855237][ T2394] hsr_slave_1: entered promiscuous mode [ 880.886288][ T2394] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 880.910719][ T2394] Cannot create hsr debugfs directory [ 882.826483][ T2394] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 882.841774][ T2394] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 882.864839][ T2394] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 882.885030][ T2394] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 883.179048][ T2394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 883.223827][ T2394] 8021q: adding VLAN 0 to HW filter on device team0 [ 883.254500][T28788] bridge0: port 1(bridge_slave_0) entered blocking state [ 883.261822][T28788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 883.319657][T28788] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.326935][T28788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 884.115174][ T2394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 884.199958][ T2394] veth0_vlan: entered promiscuous mode [ 884.229970][ T2394] veth1_vlan: entered promiscuous mode [ 884.296388][ T2394] veth0_macvtap: entered promiscuous mode [ 884.319735][ T2394] veth1_macvtap: entered promiscuous mode [ 884.342875][ T2394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 884.353913][ T2394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 884.365528][ T2394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 884.378088][ T2394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 884.405895][ T2394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 884.438686][ T2394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 884.460177][ T2394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 884.472477][ T2394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 884.483844][ T2394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 884.515811][ T2394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 884.550026][ T2394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.576079][ T2394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.592925][ T2394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.603648][ T2394] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.816837][ T3457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.840366][ T3457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 884.965410][ T3457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.973311][ T3457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 886.032465][ T3383] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.040313][ T3383] bridge0: port 1(bridge_slave_0) entered disabled state [ 886.485606][ T3383] bridge_slave_0: left allmulticast mode [ 886.491344][ T3383] bridge_slave_0: left promiscuous mode [ 886.511720][ T3383] bridge0: port 1(bridge_slave_0) entered disabled state [ 886.653133][ T3383] bridge_slave_1: left allmulticast mode [ 886.658973][ T3383] bridge_slave_1: left promiscuous mode [ 886.665830][ T3383] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.749551][ T3383] bond0: (slave bond_slave_0): Releasing backup interface [ 886.801192][ T3383] bond0: (slave bond_slave_1): Releasing backup interface [ 886.880970][ T3383] team0: Port device team_slave_0 removed [ 886.949952][ T3383] team0: Port device team_slave_1 removed [ 886.973114][ T3383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 887.016177][ T3383] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 887.078817][ T3383] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 887.110265][ T3383] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 887.645824][ T3383] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.655460][ T3383] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.665171][ T3383] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.674177][ T3383] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 887.736288][ T5793] Bluetooth: hci4: command 0x0406 tx timeout [ 887.853535][ T3383] team0: Port device macvlan2 removed [ 888.120180][ T3476] loop0: detected capacity change from 0 to 136 [ 889.051320][ T3517] fuse: Bad value for 'fd' [ 889.131421][ T3500] bridge0: port 2(bridge_slave_1) entered disabled state [ 889.139328][ T3500] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.458294][ T3500] bridge_slave_0: left allmulticast mode [ 890.464346][ T3500] bridge_slave_0: left promiscuous mode [ 890.470252][ T3500] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.558905][ T3500] bridge_slave_1: left allmulticast mode [ 890.565587][ T3500] bridge_slave_1: left promiscuous mode [ 890.572501][ T3500] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.641854][ T3500] bond0: (slave bond_slave_0): Releasing backup interface [ 890.713764][ T3500] bond0: (slave bond_slave_1): Releasing backup interface [ 890.777885][ T3500] team0: Port device team_slave_0 removed [ 890.828377][ T3500] team0: Port device team_slave_1 removed [ 890.839426][ T3500] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 890.871694][ T3500] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 890.906846][ T3500] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 890.937936][ T3500] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 891.438038][ T3500] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.447309][ T3500] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.456870][ T3500] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.465890][ T3500] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.918525][ T3574] fuse: Bad value for 'fd' [ 892.810268][ T3633] overlayfs: failed to resolve './bus': -2 [ 893.250263][ T3659] loop5: detected capacity change from 0 to 128 [ 893.414224][T25880] FAT-fs (loop5): error, invalid access to FAT (entry 0x00007372) [ 893.437597][T25880] FAT-fs (loop5): Filesystem has been set read-only [ 893.458686][T25880] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 893.500818][T25880] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 894.023459][ T3457] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.176850][ T3457] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.380670][ T3457] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.512057][ T3457] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 895.427288][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 895.441655][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 895.458244][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 895.471634][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 895.479758][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 895.489237][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 895.927537][ T3796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8392'. [ 896.859299][ T3754] chnl_net:caif_netlink_parms(): no params data found [ 896.985254][ T3922] loop0: detected capacity change from 0 to 256 [ 897.564691][ T50] Bluetooth: hci2: command tx timeout [ 897.626574][ T3754] bridge0: port 1(bridge_slave_0) entered blocking state [ 897.648943][ T3754] bridge0: port 1(bridge_slave_0) entered disabled state [ 897.691282][ T3754] bridge_slave_0: entered allmulticast mode [ 897.731402][ T3754] bridge_slave_0: entered promiscuous mode [ 897.795051][ T3457] hsr_slave_0: left promiscuous mode [ 897.820592][ T3457] hsr_slave_1: left promiscuous mode [ 897.835704][ T3457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 897.854106][ T3457] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 897.874169][ T3457] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 897.899170][ T3457] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 897.925123][ T3457] bridge_slave_1: left allmulticast mode [ 897.932035][ T3457] bridge_slave_1: left promiscuous mode [ 897.944290][ T3457] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.972192][ T3457] bridge_slave_0: left allmulticast mode [ 897.987474][ T3457] bridge_slave_0: left promiscuous mode [ 898.000084][ T3457] bridge0: port 1(bridge_slave_0) entered disabled state [ 898.245746][ T3457] veth1_macvtap: left promiscuous mode [ 898.251462][ T3457] veth0_macvtap: left promiscuous mode [ 898.286331][ T3457] veth1_vlan: left promiscuous mode [ 898.291764][ T3457] veth0_vlan: left promiscuous mode [ 899.481556][ T4072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8427'. [ 899.621485][ T4076] loop2: detected capacity change from 0 to 512 [ 899.629538][ T3457] team0 (unregistering): Port device team_slave_1 removed [ 899.644092][ T50] Bluetooth: hci2: command tx timeout [ 899.693015][ T4076] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (24500!=4028) [ 899.739693][ T4076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 899.816705][ T4076] overlayfs: failed to resolve './bus': -2 [ 899.913141][T28629] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 899.931227][ T3457] team0 (unregistering): Port device team_slave_0 removed [ 900.061823][ T3457] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 900.171538][ T3457] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 900.524308][ T785] kernel write not supported for file bpf-prog (pid: 785 comm: kworker/0:2) [ 900.946085][ T3457] bond0 (unregistering): Released all slaves [ 901.041607][ T3754] bridge0: port 2(bridge_slave_1) entered blocking state [ 901.049256][ T3754] bridge0: port 2(bridge_slave_1) entered disabled state [ 901.056761][ T3754] bridge_slave_1: entered allmulticast mode [ 901.066108][ T3754] bridge_slave_1: entered promiscuous mode [ 901.185802][ T3754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 901.220140][ T3754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 901.242970][ T4136] loop0: detected capacity change from 0 to 128 [ 901.521267][ T3754] team0: Port device team_slave_0 added [ 901.534421][ T2394] FAT-fs (loop0): error, invalid access to FAT (entry 0x00007372) [ 901.579318][ T2394] FAT-fs (loop0): Filesystem has been set read-only [ 901.594829][ T3754] team0: Port device team_slave_1 added [ 901.626653][ T2394] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 901.672138][ T2394] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 901.727423][ T50] Bluetooth: hci2: command tx timeout [ 901.845069][ T3754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 901.872437][ T3754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 901.925252][ T3754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 901.985753][ T3754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 902.006663][ T3754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 902.050730][ T3754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 902.308323][ T3754] hsr_slave_0: entered promiscuous mode [ 902.325549][ T3754] hsr_slave_1: entered promiscuous mode [ 902.354135][ T3754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 902.382090][ T3754] Cannot create hsr debugfs directory [ 903.382899][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 903.395097][ T5793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 903.411817][ T5793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 903.424552][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 903.434724][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 903.443426][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 903.806809][ T5793] Bluetooth: hci2: command tx timeout [ 904.092753][ T4404] overlayfs: missing 'lowerdir' [ 905.013901][ T3754] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 905.040507][ T3754] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 905.181429][ T3754] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 905.196849][ T3754] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 905.346554][ T4345] chnl_net:caif_netlink_parms(): no params data found [ 905.487689][ T5793] Bluetooth: hci1: command tx timeout [ 905.697480][ T4345] bridge0: port 1(bridge_slave_0) entered blocking state [ 905.714227][ T4345] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.721597][ T4345] bridge_slave_0: entered allmulticast mode [ 905.736542][ T4345] bridge_slave_0: entered promiscuous mode [ 905.780630][ T4345] bridge0: port 2(bridge_slave_1) entered blocking state [ 905.790782][ T4345] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.800354][ T4345] bridge_slave_1: entered allmulticast mode [ 905.814596][ T4345] bridge_slave_1: entered promiscuous mode [ 905.950004][ T4660] loop2: detected capacity change from 0 to 128 [ 906.006689][ T4345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 906.045572][ T4345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 906.050123][T28629] FAT-fs (loop2): error, invalid access to FAT (entry 0x00007372) [ 906.066502][T28629] FAT-fs (loop2): Filesystem has been set read-only [ 906.076596][T28629] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 906.087010][T28629] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 906.311404][ T4345] team0: Port device team_slave_0 added [ 906.327455][ T4345] team0: Port device team_slave_1 added [ 906.506394][ T3457] hsr_slave_0: left promiscuous mode [ 906.533814][ T3457] hsr_slave_1: left promiscuous mode [ 907.096419][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 907.123784][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 907.145937][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 907.163694][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 907.188210][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 907.204113][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 907.567803][ T5793] Bluetooth: hci1: command tx timeout [ 908.147716][ T3457] bond0 (unregistering): Released all slaves [ 908.250722][ T4345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 908.257960][ T4345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 908.285398][ T4345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 908.307093][ T4345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 908.315531][ T4345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 908.352039][ T4345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 908.397958][ T3754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 908.567078][ T4345] hsr_slave_0: entered promiscuous mode [ 908.576237][ T4345] hsr_slave_1: entered promiscuous mode [ 908.593630][ T4345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 908.601808][ T4345] Cannot create hsr debugfs directory [ 908.777775][ T3754] 8021q: adding VLAN 0 to HW filter on device team0 [ 908.846735][ T3475] bridge0: port 1(bridge_slave_0) entered blocking state [ 908.853926][ T3475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 908.944753][ T3475] bridge0: port 2(bridge_slave_1) entered blocking state [ 908.951960][ T3475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 909.245256][ T5793] Bluetooth: hci3: command tx timeout [ 909.647859][ T5793] Bluetooth: hci1: command tx timeout [ 909.824564][ T4739] chnl_net:caif_netlink_parms(): no params data found [ 910.149193][ T4739] bridge0: port 1(bridge_slave_0) entered blocking state [ 910.157256][ T4739] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.164770][ T4739] bridge_slave_0: entered allmulticast mode [ 910.172237][ T4739] bridge_slave_0: entered promiscuous mode [ 910.211788][ T4739] bridge0: port 2(bridge_slave_1) entered blocking state [ 910.229095][ T4739] bridge0: port 2(bridge_slave_1) entered disabled state [ 910.239920][ T4739] bridge_slave_1: entered allmulticast mode [ 910.252759][ T4739] bridge_slave_1: entered promiscuous mode [ 910.370152][ T4739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 910.422130][ T4739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 910.481895][ T4345] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 910.550617][ T4345] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 910.573349][ T4345] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 910.590488][ T4739] team0: Port device team_slave_0 added [ 910.616107][ T4345] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 910.643822][ T4739] team0: Port device team_slave_1 added [ 910.738119][ T4739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 910.746509][ T4739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 910.773071][ T4739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 910.820883][ T3754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 910.829779][ T4739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 910.837590][ T4739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 910.870371][ T4739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 911.017539][ T4739] hsr_slave_0: entered promiscuous mode [ 911.039865][ T4739] hsr_slave_1: entered promiscuous mode [ 911.056648][ T4739] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 911.071524][ T4739] Cannot create hsr debugfs directory [ 911.326952][ T5793] Bluetooth: hci3: command tx timeout [ 911.725057][ T5793] Bluetooth: hci1: command tx timeout [ 911.878801][ T4345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 911.898756][ T3754] veth0_vlan: entered promiscuous mode [ 911.997786][ T4345] 8021q: adding VLAN 0 to HW filter on device team0 [ 912.014067][ T2684] bridge0: port 1(bridge_slave_0) entered blocking state [ 912.021260][ T2684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 912.032795][ T3754] veth1_vlan: entered promiscuous mode [ 912.062375][ T3475] bridge0: port 2(bridge_slave_1) entered blocking state [ 912.069600][ T3475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 912.138712][ T3457] hsr_slave_0: left promiscuous mode [ 912.152860][ T3457] hsr_slave_1: left promiscuous mode [ 912.871662][ T5333] fuse: Bad value for 'fd' [ 913.404186][ T5793] Bluetooth: hci3: command tx timeout [ 913.644818][ T5354] overlayfs: failed to clone upperpath [ 913.812678][ T3457] bond0 (unregistering): Released all slaves [ 914.217232][ T3754] veth0_macvtap: entered promiscuous mode [ 914.363663][ T3754] veth1_macvtap: entered promiscuous mode [ 914.604996][ T3754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 914.663717][ T3754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 914.711297][ T3754] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.740546][ T3754] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.772078][ T3754] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.794730][ T3754] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.081575][ T4345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 915.137339][ T3475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 915.158532][ T3475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 915.213912][ T4739] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 915.234667][ T3475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 915.242558][ T3475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 915.242944][ T4739] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 915.284217][ T4739] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 915.320391][ T4739] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 915.484229][ T5793] Bluetooth: hci3: command tx timeout [ 915.690598][ T4739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 915.758735][ T4739] 8021q: adding VLAN 0 to HW filter on device team0 [ 915.795313][ T3475] bridge0: port 1(bridge_slave_0) entered blocking state [ 915.802543][ T3475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 915.898911][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 915.906150][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 916.135873][ T4345] veth0_vlan: entered promiscuous mode [ 916.167883][ T4345] veth1_vlan: entered promiscuous mode [ 916.220963][ T4345] veth0_macvtap: entered promiscuous mode [ 916.238666][ T4345] veth1_macvtap: entered promiscuous mode [ 916.268946][ T4345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 916.283625][ T4345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 916.298840][ T4345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 916.346252][ T4345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 916.360575][ T4345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 916.392859][ T4345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 916.442193][ T4345] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.468531][ T4345] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.486331][ T4345] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.509571][ T4345] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.734524][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.773033][ T4739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 916.782394][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 916.902250][ T2684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.928100][ T2684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.753212][ T4739] veth0_vlan: entered promiscuous mode [ 917.822583][ T4739] veth1_vlan: entered promiscuous mode [ 917.912392][ T5555] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8560'. [ 917.943802][ T5555] ip6erspan0: entered allmulticast mode [ 917.999998][ T4739] veth0_macvtap: entered promiscuous mode [ 918.061576][ T4739] veth1_macvtap: entered promiscuous mode [ 918.146066][ T4739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 918.172769][ T4739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 918.199465][ T4739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 918.237329][ T4739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 918.258442][ T4739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 918.292208][ T4739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 918.332927][ T4739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 918.379785][ T4739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 918.408601][ T4739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 918.431530][ T4739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 918.487742][ T4739] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.499717][ T4739] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.518003][ T4739] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.547932][ T4739] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.755289][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 918.799028][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 918.867311][ T3475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 918.898639][ T3475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 919.023661][ T5612] loop9: detected capacity change from 0 to 8192 [ 919.045267][ T5612] FAT-fs (loop9): Unrecognized mount option "appraise_type=imasig" or missing value [ 919.153601][T27767] I/O error, dev loop9, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 920.120236][ T5690] loop4: detected capacity change from 0 to 512 [ 920.551007][ T5712] loop9: detected capacity change from 0 to 512 [ 920.648911][ T5712] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 920.716224][ T5712] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 920.936037][ T5712] EXT4-fs error (device loop9): ext4_validate_block_bitmap:439: comm syz.9.8585: bg 0: block 64: padding at end of block bitmap is not set [ 921.146787][ T4345] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 921.353386][ T5759] autofs4:pid:5759:autofs_fill_super: called with bogus options [ 921.819012][ T5790] overlayfs: missing 'lowerdir' [ 921.997085][ T5797] autofs4:pid:5797:autofs_fill_super: called with bogus options [ 922.067290][ T5801] loop9: detected capacity change from 0 to 512 [ 922.109813][ T5801] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 922.234666][ T5801] EXT4-fs error (device loop9): __ext4_get_inode_loc:4483: comm syz.9.8607: Invalid inode table block 0 in block_group 0 [ 922.401369][ T4345] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 922.647187][ T27] audit: type=1326 audit(1752585608.356:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5833 comm="syz.6.8614" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb363d8e929 code=0x0 [ 922.911250][ T5846] autofs4:pid:5846:autofs_fill_super: called with bogus options [ 922.966899][ T5851] netlink: 44 bytes leftover after parsing attributes in process `syz.9.8618'. [ 923.690771][ T5900] overlayfs: missing 'lowerdir' [ 924.251184][ T5934] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8639'. [ 924.268654][ T5932] loop9: detected capacity change from 0 to 1024 [ 924.361160][ T5932] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 924.423154][ T5932] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 924.505391][ T5944] overlayfs: missing 'workdir' [ 925.167030][ T4345] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 925.614048][ T6009] fuse: Bad value for 'fd' [ 926.031406][ T6034] fuse: Bad value for 'fd' [ 926.531917][ T6065] loop8: detected capacity change from 0 to 512 [ 927.208735][ T6113] overlayfs: missing 'lowerdir' [ 927.458493][ T6126] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8690'. [ 927.596406][ T6131] overlayfs: failed to clone upperpath [ 927.788129][ T6144] fuse: Bad value for 'fd' [ 927.961729][ T6155] overlayfs: missing 'lowerdir' [ 928.834301][ T6206] autofs4:pid:6206:autofs_fill_super: called with bogus options [ 929.540056][ T6247] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 929.552477][ T6247] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 929.687738][ T6254] autofs4:pid:6254:autofs_fill_super: called with bogus options [ 930.262643][ T6290] loop9: detected capacity change from 0 to 1024 [ 930.332941][ T6290] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 930.342651][ T6297] autofs4:pid:6297:autofs_fill_super: called with bogus options [ 930.429849][ T6290] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 930.626062][ T4345] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 930.963308][ T6324] ip6gre1: entered allmulticast mode [ 930.997233][ T6324] bond0: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 931.035562][ T6324] bond0: (slave ip6gre1): Error -95 calling set_mac_address [ 931.320750][ T6350] overlayfs: missing 'lowerdir' [ 931.730500][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.738337][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.058482][ T6391] overlayfs: missing 'lowerdir' [ 932.777758][ T6373] bridge0: port 2(bridge_slave_1) entered disabled state [ 932.785596][ T6373] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.962448][ T6373] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 934.031974][ T6373] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 934.476652][ T6373] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.489492][ T6373] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.500460][ T6373] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.515083][ T6373] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.611204][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.619046][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state [ 934.638605][ T6446] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 934.677245][ T6451] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 935.216759][ T6508] loop8: detected capacity change from 0 to 1024 [ 935.265548][ T6508] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 935.297000][ T6508] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 935.326047][ T6508] fuse: Bad value for 'fd' [ 935.451448][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 935.923636][ T6538] loop8: detected capacity change from 0 to 8192 [ 935.970261][ T6538] loop8: p1 p3 p4 [ 936.015066][ T6538] loop8: p1 size 50333697 extends beyond EOD, truncated [ 936.053463][ T6538] loop8: p3 size 196608 extends beyond EOD, truncated [ 936.079109][ T6538] loop8: p4 size 524032 extends beyond EOD, truncated [ 936.219366][ T6565] loop4: detected capacity change from 0 to 1024 [ 936.275738][ T6565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 936.451232][ T1917] udevd[1917]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory [ 936.458923][T27767] udevd[27767]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 936.469330][ T1914] udevd[1914]: inotify_add_watch(7, /dev/loop8p4, 10) failed: No such file or directory [ 936.537636][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 936.736653][ T6580] loop8: detected capacity change from 0 to 8192 [ 937.596567][ T6630] loop9: detected capacity change from 0 to 128 [ 937.774548][ T6639] loop4: detected capacity change from 0 to 1024 [ 937.812070][ T4345] FAT-fs (loop9): error, invalid access to FAT (entry 0x00007372) [ 937.834471][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 937.850543][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 937.857010][ T4345] FAT-fs (loop9): Filesystem has been set read-only [ 937.864503][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 937.874217][ T4345] FAT-fs (loop9): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 937.886930][ T4345] FAT-fs (loop9): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 937.901567][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 937.918001][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 937.929746][ T6639] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 937.940339][ T6627] loop8: detected capacity change from 0 to 8192 [ 937.949203][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 938.037358][ T6639] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 938.154283][ T6639] fuse: Bad value for 'fd' [ 938.248371][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 939.443166][ T6643] chnl_net:caif_netlink_parms(): no params data found [ 940.047352][ T5793] Bluetooth: hci0: command tx timeout [ 940.144213][ T6871] autofs4:pid:6871:autofs_fill_super: called with bogus options [ 940.163651][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 940.174582][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 940.185298][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 940.209143][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 940.225739][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 940.248453][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 940.523040][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state [ 940.550642][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state [ 940.561666][ T6643] bridge_slave_0: entered allmulticast mode [ 940.575248][ T6643] bridge_slave_0: entered promiscuous mode [ 940.593457][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state [ 940.602274][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state [ 940.616715][ T6643] bridge_slave_1: entered allmulticast mode [ 940.624306][ T6643] bridge_slave_1: entered promiscuous mode [ 940.795238][ T6940] autofs4:pid:6940:autofs_fill_super: called with bogus options [ 941.002418][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 941.139765][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 941.411675][ T6643] team0: Port device team_slave_0 added [ 941.442644][ T6989] IPv6: NLM_F_CREATE should be specified when creating new route [ 941.520655][ T6643] team0: Port device team_slave_1 added [ 941.632387][ T7032] autofs4:pid:7032:autofs_fill_super: called with bogus options [ 941.669942][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 941.684319][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 941.720028][ T6643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 941.803859][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 941.811710][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 941.841873][ T6643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 942.090359][ T998] hsr_slave_0: left promiscuous mode [ 942.096632][ T998] hsr_slave_1: left promiscuous mode [ 942.133071][ T5793] Bluetooth: hci0: command tx timeout [ 942.287270][ T5793] Bluetooth: hci1: command tx timeout [ 942.949757][ T7125] loop4: detected capacity change from 0 to 512 [ 943.409040][ T7141] autofs4:pid:7141:autofs_fill_super: called with bogus options [ 944.166475][ T7163] autofs4:pid:7163:autofs_fill_super: called with bogus options [ 944.208033][ T5793] Bluetooth: hci0: command tx timeout [ 944.368275][ T5793] Bluetooth: hci1: command tx timeout [ 944.582493][ T998] bond0 (unregistering): Released all slaves [ 944.705477][ T6643] hsr_slave_0: entered promiscuous mode [ 944.712315][ T6643] hsr_slave_1: entered promiscuous mode [ 945.237887][ T6870] chnl_net:caif_netlink_parms(): no params data found [ 945.321085][ T7311] 9pnet_fd: Insufficient options for proto=fd [ 945.691380][ T7364] loop4: detected capacity change from 0 to 128 [ 946.115354][ T6870] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.135111][ T6870] bridge0: port 1(bridge_slave_0) entered disabled state [ 946.152356][ T6870] bridge_slave_0: entered allmulticast mode [ 946.174390][ T6870] bridge_slave_0: entered promiscuous mode [ 946.289193][ T5793] Bluetooth: hci0: command tx timeout [ 946.305430][ T6870] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.349834][ T6870] bridge0: port 2(bridge_slave_1) entered disabled state [ 946.357155][ T6870] bridge_slave_1: entered allmulticast mode [ 946.400240][ T6870] bridge_slave_1: entered promiscuous mode [ 946.451925][ T5793] Bluetooth: hci1: command tx timeout [ 946.537054][ T998] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 946.727754][ T6870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 946.788280][ T998] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 946.841245][ T6870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 946.944507][ T998] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 946.982810][ T6870] team0: Port device team_slave_0 added [ 947.068809][ T998] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 947.115618][ T6870] team0: Port device team_slave_1 added [ 947.283374][ T6870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 947.308731][ T6870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 947.385723][ T6870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 947.434323][ T6870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 947.469761][ T6870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 947.569808][ T6870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 947.672636][ T6643] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 947.815270][ T6643] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 947.838664][ T6643] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 947.909199][ T6643] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 948.053335][ T6870] hsr_slave_0: entered promiscuous mode [ 948.064687][ T6870] hsr_slave_1: entered promiscuous mode [ 948.072060][ T6870] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 948.082081][ T6870] Cannot create hsr debugfs directory [ 948.295680][ T7649] loop4: detected capacity change from 0 to 512 [ 948.348855][ T7649] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 948.459962][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 948.530655][ T5793] Bluetooth: hci1: command tx timeout [ 949.497206][ T7742] loop4: detected capacity change from 0 to 512 [ 949.537142][ T7736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 949.551780][ T7736] 8021q: adding VLAN 0 to HW filter on device team0 [ 949.554843][ T7742] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 949.587897][ T7736] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 949.605765][ T7742] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 949.766541][ T7742] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.8904: corrupted xattr block 32: invalid header [ 949.846466][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 950.118330][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 950.834752][ T2684] bond0: (slave bond_slave_0): interface is now down [ 950.854846][ T2684] bond0: (slave bond_slave_1): interface is now down [ 950.863824][ T6643] 8021q: adding VLAN 0 to HW filter on device team0 [ 950.887422][ T2684] bond0: now running without any active interface! [ 951.019842][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 951.027115][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 951.093987][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 951.101195][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 951.401668][ T998] hsr_slave_0: left promiscuous mode [ 951.415112][ T998] hsr_slave_1: left promiscuous mode [ 951.441429][ T998] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 951.449214][ T998] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 951.470624][ T998] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 951.478840][ T998] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 951.502606][ T998] bridge_slave_1: left allmulticast mode [ 951.508318][ T998] bridge_slave_1: left promiscuous mode [ 951.532861][ T998] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.583855][ T998] bridge_slave_0: left allmulticast mode [ 951.589581][ T998] bridge_slave_0: left promiscuous mode [ 951.613662][ T998] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.727135][ T998] veth1_macvtap: left promiscuous mode [ 951.738320][ T998] veth0_macvtap: left promiscuous mode [ 951.753334][ T998] veth1_vlan: left promiscuous mode [ 951.764544][ T998] veth0_vlan: left promiscuous mode [ 952.508606][ T7891] loop4: detected capacity change from 0 to 512 [ 953.077170][ T998] team0 (unregistering): Port device team_slave_1 removed [ 953.083566][ T7917] loop4: detected capacity change from 0 to 2364 [ 953.225986][ T998] team0 (unregistering): Port device team_slave_0 removed [ 953.320367][ T998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 953.407130][ T998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 953.467670][ T7930] loop4: detected capacity change from 0 to 512 [ 953.971270][ T7951] loop8: detected capacity change from 0 to 2368 [ 954.492650][ T7975] loop8: detected capacity change from 0 to 1024 [ 954.600353][ T7975] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 954.695636][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 954.716084][ T998] bond0 (unregistering): Released all slaves [ 954.915930][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8944'. [ 954.965025][ T7959] bond1 (unregistering): Released all slaves [ 955.027809][ T6870] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 955.041023][ T6870] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 955.103975][ T6870] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 955.125824][ T6870] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 955.593186][ T6870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 955.670404][ T6870] 8021q: adding VLAN 0 to HW filter on device team0 [ 955.715363][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 955.722582][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 955.849111][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 955.856492][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 955.881089][ T6643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 956.368830][ T8081] loop8: detected capacity change from 0 to 512 [ 956.421425][ T8088] loop4: detected capacity change from 0 to 736 [ 956.431120][ T8081] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 956.643619][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 956.811412][ T8104] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8961'. [ 956.850246][ T6870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 956.952989][ T6643] veth0_vlan: entered promiscuous mode [ 957.016951][ T6643] veth1_vlan: entered promiscuous mode [ 957.154291][ T6643] veth0_macvtap: entered promiscuous mode [ 957.230227][ T6643] veth1_macvtap: entered promiscuous mode [ 957.316020][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 957.355976][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 957.383543][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 957.458386][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 957.504674][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 957.537067][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 957.580359][ T6643] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.624791][ T6643] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.633658][ T6643] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.668285][ T6643] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.949764][T28788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 958.002070][T28788] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 958.110931][T28788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 958.145051][T28788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 958.183122][ T6870] veth0_vlan: entered promiscuous mode [ 958.252640][ T6870] veth1_vlan: entered promiscuous mode [ 958.381879][ T6870] veth0_macvtap: entered promiscuous mode [ 958.417160][ T6870] veth1_macvtap: entered promiscuous mode [ 958.510945][ T6870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.525485][ T6870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.548940][ T6870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.585534][ T6870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.617652][ T6870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 958.678554][ T6870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.704270][ T6870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.722990][ T6870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.744681][ T6870] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.766326][ T6870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 958.788935][ T8197] netlink: 80 bytes leftover after parsing attributes in process `syz.6.8978'. [ 958.812198][ T8197] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8978'. [ 958.837187][ T8197] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8978'. [ 958.881576][ T8197] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8978'. [ 958.929085][ T6870] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.988471][ T6870] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.015811][ T6870] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.045548][ T6870] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.139466][ T8209] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8982'. [ 959.322500][ T2684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 959.362292][ T2684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 959.462959][ T8225] netlink: 24 bytes leftover after parsing attributes in process `syz.6.8983'. [ 959.528899][T28788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 959.572045][T28788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 959.720307][ T8241] 9pnet_fd: Insufficient options for proto=fd [ 960.255743][ T8269] loop7: detected capacity change from 0 to 4096 [ 960.301999][ T8269] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 960.418640][ T8269] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 960.545680][ T8285] tmpfs: Bad value for 'mpol' [ 960.554694][ T8269] EXT4-fs error (device loop7): __ext4_get_inode_loc:4483: comm syz.7.8992: Invalid inode table block 7016996765293437281 in block_group 0 [ 960.601540][ T8269] EXT4-fs error (device loop7): __ext4_get_inode_loc:4483: comm syz.7.8992: Invalid inode table block 7016996765293437281 in block_group 0 [ 960.650042][ T8269] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 960.669918][ T8269] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #15: comm syz.7.8992: mark_inode_dirty error [ 960.687014][ T8269] EXT4-fs error (device loop7): ext4_map_blocks:608: inode #15: block 112: comm syz.7.8992: lblock 0 mapped to illegal pblock 112 (length 1) [ 960.736359][ T8269] EXT4-fs error (device loop7): ext4_map_blocks:608: inode #15: block 112: comm syz.7.8992: lblock 0 mapped to illegal pblock 112 (length 1) [ 960.780612][ T27] audit: type=1326 audit(1752585646.485:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8292 comm="syz.8.8998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x0 [ 960.820179][ T8269] EXT4-fs error (device loop7): __ext4_get_inode_loc:4483: comm syz.7.8992: Invalid inode table block 7016996765293437281 in block_group 0 [ 960.872438][ T8269] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 960.907922][ T8299] loop6: detected capacity change from 0 to 512 [ 960.937243][ T8281] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:478: comm ext4lazyinit: Invalid block bitmap block 7016996765293437281 in block_group 0 [ 960.946921][ T8269] EXT4-fs error (device loop7): ext4_ext_truncate:4451: inode #15: comm syz.7.8992: mark_inode_dirty error [ 960.990783][ T8299] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 961.012281][ T8299] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 961.206697][ T6643] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 961.227270][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 961.480832][ T8326] loop6: detected capacity change from 0 to 16 [ 961.509490][ T8326] erofs: (device loop6): mounted with root inode @ nid 36. [ 961.799285][ T8344] autofs4:pid:8344:autofs_fill_super: called with bogus options [ 962.213089][ T8363] loop6: detected capacity change from 0 to 1024 [ 962.291278][ T8370] overlayfs: failed to resolve './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 962.304279][ T8363] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 962.441966][ T8363] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 963.107645][ T6643] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 963.787345][ T8447] loop7: detected capacity change from 0 to 1024 [ 963.859198][ T8447] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 963.889901][ T8447] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 964.123707][ T8473] loop4: detected capacity change from 0 to 128 [ 964.183246][ T8473] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 964.230158][ T8473] ext4 filesystem being mounted at /172/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 964.339258][ T8466] team0: Port device team_slave_0 removed [ 964.339579][ T4739] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 964.584122][ T8493] 9pnet_fd: Insufficient options for proto=fd [ 964.755738][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 964.769726][ T8502] netlink: 12 bytes leftover after parsing attributes in process `syz.8.9047'. [ 964.941147][ T8509] loop6: detected capacity change from 0 to 2368 [ 965.473732][ T8542] 9pnet_fd: Insufficient options for proto=fd [ 965.525527][ T8548] loop4: detected capacity change from 0 to 512 [ 965.550159][ T8548] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 965.967850][ T8568] loop4: detected capacity change from 0 to 512 [ 966.088537][ T8568] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.143068][ T8568] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 966.272160][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.698526][ T8615] loop7: detected capacity change from 0 to 2048 [ 966.774847][ T8615] loop7: p1 < > p4 < > [ 966.796962][ T8615] loop7: partition table partially beyond EOD, truncated [ 966.825287][ T8615] loop7: p4 start 42180 is beyond EOD, truncated [ 967.187208][ T8648] 9pnet_fd: Insufficient options for proto=fd [ 967.234503][T27937] udevd[27937]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory [ 967.385080][ T8652] macvtap1: entered allmulticast mode [ 967.397145][ T8652] veth1_vlan: entered allmulticast mode [ 967.427898][ T8652] veth1_vlan: left allmulticast mode [ 968.128545][ T8701] loop6: detected capacity change from 0 to 164 [ 968.178292][ T8701] rock: corrupted directory entry. extent=32, offset=131072, size=237 [ 968.239469][ T8701] isofs: Unable to find the ".." directory for NFS. [ 968.317093][ T8707] loop7: detected capacity change from 0 to 1024 [ 968.436499][ T8707] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 968.527390][ T8707] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 968.643650][ T8707] fuse: Bad value for 'fd' [ 968.756541][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 969.721068][ T8794] loop8: detected capacity change from 0 to 164 [ 970.405309][ T8840] loop8: detected capacity change from 0 to 512 [ 970.502757][ T8840] FAT-fs (loop8): error, fat_get_cluster: invalid start cluster (i_pos 0, start ff000003) [ 970.524397][ T8840] FAT-fs (loop8): Filesystem has been set read-only [ 970.738052][ T8857] loop7: detected capacity change from 0 to 512 [ 970.770818][ T8857] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 970.788616][ T8861] loop4: detected capacity change from 0 to 1024 [ 970.803933][ T8857] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.871215][ T8861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.958391][ T8861] ext4 filesystem being mounted at /198/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 971.176265][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 971.190565][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 971.530223][ T8892] loop8: detected capacity change from 0 to 4096 [ 971.610059][ T8892] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 971.665329][ T8909] loop4: detected capacity change from 0 to 128 [ 971.711357][ T8892] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 971.773343][ T8909] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 971.822084][ T8909] ext4 filesystem being mounted at /200/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 972.266085][ T4739] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 972.616762][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.135850][ T8988] loop7: detected capacity change from 0 to 1024 [ 973.184214][ T8988] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 973.279739][ T8993] team0: Device ipvlan2 failed to register rx_handler [ 973.396070][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 975.240951][ T9106] loop7: detected capacity change from 0 to 1024 [ 975.300626][ T9106] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 975.362636][ T9106] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 975.639819][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 975.916687][ T9151] loop4: detected capacity change from 0 to 128 [ 975.965729][ T9151] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 976.050890][ T9151] ext4 filesystem being mounted at /211/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 976.149235][ T9163] netlink: 28 bytes leftover after parsing attributes in process `syz.8.9200'. [ 976.201860][ T9166] loop7: detected capacity change from 0 to 164 [ 976.235992][ T9169] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 976.270003][ T4739] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 976.276095][ T9169] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 976.427250][ T9176] loop8: detected capacity change from 0 to 1024 [ 976.577597][ T9176] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 976.634083][ T9176] ext4 filesystem being mounted at /194/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 977.031728][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 977.211019][ T9222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.251937][ T9222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.279712][ T9222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.290708][ T9222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.302290][ T9222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.319828][ T9222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.901851][ T9253] autofs4:pid:9253:autofs_fill_super: called with bogus options [ 977.958058][ T9253] loop6: detected capacity change from 0 to 512 [ 977.993618][ T9259] loop4: detected capacity change from 0 to 256 [ 978.012645][ T9253] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 978.312330][ T6643] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 979.243924][ T9313] pimreg: tun_chr_ioctl cmd 1074812117 [ 979.262994][ T9313] pimreg: tun_chr_ioctl cmd 1074025681 [ 979.699123][ T9345] loop8: detected capacity change from 0 to 128 [ 979.762314][ T9345] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 979.863732][ T9345] ext4 filesystem being mounted at /206/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 980.033220][ T9364] autofs4:pid:9364:autofs_fill_super: called with bogus options [ 980.068893][ T3754] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 980.125813][ T9364] loop4: detected capacity change from 0 to 512 [ 980.220542][ T9364] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 980.423001][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.861313][ T9408] autofs4:pid:9408:autofs_fill_super: called with bogus options [ 980.907949][ T9408] loop8: detected capacity change from 0 to 512 [ 980.933215][ T9408] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 981.084188][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 981.301982][ T9430] loop7: detected capacity change from 0 to 512 [ 981.347322][ T9430] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 981.584109][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 981.913012][ T9465] loop8: detected capacity change from 0 to 512 [ 981.974414][ T9465] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 982.178334][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 982.901921][ T9517] loop6: detected capacity change from 0 to 512 [ 982.949340][ T9517] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 983.081645][ T6643] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 983.642518][ T9562] loop8: detected capacity change from 0 to 512 [ 983.678355][ T9562] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 983.895247][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 984.151615][ T9581] loop6: detected capacity change from 0 to 128 [ 984.193858][ T9586] netlink: 'syz.8.9289': attribute type 5 has an invalid length. [ 984.337800][ T6643] FAT-fs (loop6): error, invalid access to FAT (entry 0x00007372) [ 984.366152][ T6643] FAT-fs (loop6): Filesystem has been set read-only [ 984.394044][ T6643] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 984.426039][ T6643] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 984.498692][ T9598] loop4: detected capacity change from 0 to 256 [ 984.996209][ T9622] loop4: detected capacity change from 0 to 512 [ 985.062239][ T9622] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 985.272210][ T4739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 985.304267][ T3457] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.519246][ T3457] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.642640][ T3457] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.850638][ T3457] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.757261][ T9698] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 986.772089][ T9698] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 986.786953][ T9698] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 986.812804][ T9698] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 986.825554][ T9698] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 986.840550][ T9698] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 987.476851][ T9747] ip6tnl1: entered allmulticast mode [ 988.187669][ T9693] chnl_net:caif_netlink_parms(): no params data found [ 988.557676][ T3457] hsr_slave_0: left promiscuous mode [ 988.581083][ T3457] hsr_slave_1: left promiscuous mode [ 988.677714][ T3457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 988.712939][ T3457] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 988.733807][ T9917] loop7: detected capacity change from 0 to 1024 [ 988.748641][ T3457] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 988.766947][ T3457] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 988.777831][ T3457] bridge_slave_1: left allmulticast mode [ 988.789997][ T9917] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000e01c, mo2=0002] [ 988.790638][ T3457] bridge_slave_1: left promiscuous mode [ 988.804519][ T3457] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.814581][ T3457] bridge_slave_0: left allmulticast mode [ 988.818267][ T9917] System zones: [ 988.820342][ T3457] bridge_slave_0: left promiscuous mode [ 988.820543][ T3457] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.829967][ T9917] 0-1, 3-36 [ 988.869481][ T9917] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 988.888522][ T3457] veth1_macvtap: left promiscuous mode [ 988.894435][ T3457] veth0_macvtap: left promiscuous mode [ 988.900127][ T3457] veth1_vlan: left promiscuous mode [ 988.905624][ T3457] veth0_vlan: left promiscuous mode [ 988.960779][ T5793] Bluetooth: hci0: command tx timeout [ 989.078795][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 989.286228][ T9940] sctp: [Deprecated]: syz.4.9335 (pid 9940) Use of int in max_burst socket option deprecated. [ 989.286228][ T9940] Use struct sctp_assoc_value instead [ 989.777284][ T3457] team0 (unregistering): Port device team_slave_1 removed [ 989.827764][ T3457] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 989.886279][ T3457] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 990.375305][ T9950] loop7: detected capacity change from 0 to 512 [ 990.417565][ T9950] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 990.504182][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 990.523103][ T9958] loop4: detected capacity change from 0 to 128 [ 990.561891][ T9958] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 990.592114][ T9958] ext4 filesystem being mounted at /250/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 990.640227][ T9958] EXT4-fs (loop4): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 990.757546][ T4739] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 990.897829][ T9974] sctp: [Deprecated]: syz.7.9344 (pid 9974) Use of int in max_burst socket option deprecated. [ 990.897829][ T9974] Use struct sctp_assoc_value instead [ 991.031487][ T5793] Bluetooth: hci0: command tx timeout [ 991.253099][ T3457] bond0 (unregistering): Released all slaves [ 991.325788][ T9992] autofs4:pid:9992:autofs_fill_super: called with bogus options [ 991.456414][ T9918] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9329'. [ 991.558092][T10017] support for the xor transformation has been removed. [ 991.733796][ T9693] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.741095][ T9693] bridge0: port 1(bridge_slave_0) entered disabled state [ 991.760993][ T9693] bridge_slave_0: entered allmulticast mode [ 991.781234][ T9693] bridge_slave_0: entered promiscuous mode [ 991.793949][ T9693] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.801247][ T9693] bridge0: port 2(bridge_slave_1) entered disabled state [ 991.827820][ T9693] bridge_slave_1: entered allmulticast mode [ 991.872508][ T9693] bridge_slave_1: entered promiscuous mode [ 992.108807][ T9693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 992.152192][T10064] batadv_slave_1: entered promiscuous mode [ 992.194606][ T9693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 992.195007][T10088] autofs4:pid:10088:autofs_fill_super: called with bogus options [ 992.333960][T10063] batadv_slave_1: left promiscuous mode [ 992.357568][ T9693] team0: Port device team_slave_0 added [ 992.425612][ T9693] team0: Port device team_slave_1 added [ 992.702606][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 992.709626][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 992.786203][T10162] netlink: 15 bytes leftover after parsing attributes in process `syz.7.9364'. [ 992.810470][ T9693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 992.833973][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 992.840976][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 992.978370][ T9693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 993.114000][ T5793] Bluetooth: hci0: command tx timeout [ 993.203399][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.209871][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.354673][ T9693] hsr_slave_0: entered promiscuous mode [ 993.420273][ T9693] hsr_slave_1: entered promiscuous mode [ 994.021565][T10300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9379'. [ 994.093189][T10308] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9380'. [ 995.193955][ T5793] Bluetooth: hci0: command tx timeout [ 995.956977][ T9693] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 995.990312][ T9693] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 996.014654][ T9693] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 996.040087][ T9693] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 996.056757][T10433] 9pnet_fd: Insufficient options for proto=fd [ 996.404646][ T9693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 996.498525][ T9693] 8021q: adding VLAN 0 to HW filter on device team0 [ 996.521909][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 996.529158][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 996.622796][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 996.630143][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 997.322922][ T9693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 997.480426][ T9693] veth0_vlan: entered promiscuous mode [ 997.539556][ T9693] veth1_vlan: entered promiscuous mode [ 997.679383][ T9693] veth0_macvtap: entered promiscuous mode [ 997.714328][ T9693] veth1_macvtap: entered promiscuous mode [ 997.766903][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 997.781191][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 997.822885][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 997.833759][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 997.849883][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 997.906603][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 997.952298][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 997.986004][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 998.004346][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 998.041128][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 998.075869][ T9693] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.095120][ T9693] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.105197][ T9693] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.125970][ T9693] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.485153][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 998.488328][T10555] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9426'. [ 998.493010][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 998.597846][ T3457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 998.626732][ T3457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 999.349643][T10606] sctp: [Deprecated]: syz.8.9437 (pid 10606) Use of int in max_burst socket option deprecated. [ 999.349643][T10606] Use struct sctp_assoc_value instead [ 999.399343][T10582] team0: Port device team_slave_0 removed [ 999.668622][T10623] loop4: detected capacity change from 0 to 128 [ 999.790456][ T4739] FAT-fs (loop4): error, invalid access to FAT (entry 0x00007372) [ 999.803453][ T4739] FAT-fs (loop4): Filesystem has been set read-only [ 999.830991][ T4739] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 999.867200][ T4739] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00006c6c) [ 1000.416192][T10664] sctp: [Deprecated]: syz.7.9450 (pid 10664) Use of int in max_burst socket option deprecated. [ 1000.416192][T10664] Use struct sctp_assoc_value instead [ 1000.505338][ T37] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.692992][ T37] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.873482][ T37] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1001.072650][ T37] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1001.258738][T10696] loop8: detected capacity change from 0 to 16 [ 1001.306186][T10696] erofs: (device loop8): mounted with root inode @ nid 36. [ 1001.803606][T10735] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1001.832353][T10735] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1001.855502][T10735] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1001.879979][T10735] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1001.903293][T10735] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1001.932867][T10735] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1002.885217][T10803] bridge0: port 2(bridge_slave_1) entered disabled state [ 1002.893064][T10803] bridge0: port 1(bridge_slave_0) entered disabled state [ 1002.938214][T10803] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.945480][T10803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1002.953125][T10803] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.960372][T10803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1003.031736][T10803] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1003.993195][T10728] chnl_net:caif_netlink_parms(): no params data found [ 1004.001290][ T5793] Bluetooth: hci3: command tx timeout [ 1004.091055][T10940] loop3: detected capacity change from 0 to 512 [ 1004.181660][T10940] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1004.210722][T10940] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1004.570703][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1004.587496][ T37] hsr_slave_0: left promiscuous mode [ 1004.607766][ T37] hsr_slave_1: left promiscuous mode [ 1004.690797][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1004.733784][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1004.784125][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1004.812254][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1004.877707][T11023] tmpfs: Bad value for 'size' [ 1004.880989][ T37] bridge_slave_1: left allmulticast mode [ 1004.888123][ T37] bridge_slave_1: left promiscuous mode [ 1004.923089][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.985020][ T37] bridge_slave_0: left allmulticast mode [ 1004.994860][T11027] tmpfs: Bad value for 'mpol' [ 1004.997330][ T37] bridge_slave_0: left promiscuous mode [ 1005.020112][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 1005.239864][ T37] veth1_macvtap: left promiscuous mode [ 1005.245750][ T37] veth0_macvtap: left promiscuous mode [ 1005.264799][ T37] veth1_vlan: left promiscuous mode [ 1005.304985][ T37] veth0_vlan: left promiscuous mode [ 1005.446771][T11050] loop8: detected capacity change from 0 to 512 [ 1005.509995][T11050] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1005.566878][T11050] ext4 filesystem being mounted at /288/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1005.598517][T11050] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 1005.654399][T11050] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 1005.681959][T11050] EXT4-fs error (device loop8): ext4_acquire_dquot:6938: comm syz.8.9506: Failed to acquire dquot type 1 [ 1005.816988][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1005.983365][ T27] audit: type=1326 audit(1752585691.662:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11073 comm="syz.3.9511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd91918e929 code=0x0 [ 1006.089102][ T5793] Bluetooth: hci3: command tx timeout [ 1006.819149][ T37] team0 (unregistering): Port device team_slave_1 removed [ 1006.867792][ T37] team0 (unregistering): Port device team_slave_0 removed [ 1006.924538][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1006.976186][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1007.585905][T11109] 9pnet_fd: Insufficient options for proto=fd [ 1007.639532][ T37] bond0 (unregistering): Released all slaves [ 1007.806558][T10728] bridge0: port 1(bridge_slave_0) entered blocking state [ 1007.815266][T10728] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.828624][T10728] bridge_slave_0: entered allmulticast mode [ 1007.836481][T10728] bridge_slave_0: entered promiscuous mode [ 1007.855341][T11062] pim6reg0: tun_chr_ioctl cmd 1074304026 [ 1007.861778][T11064] pim6reg0: tun_chr_ioctl cmd 2148553947 [ 1007.901546][T10728] bridge0: port 2(bridge_slave_1) entered blocking state [ 1007.911752][T10728] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.924492][T10728] bridge_slave_1: entered allmulticast mode [ 1007.932714][T10728] bridge_slave_1: entered promiscuous mode [ 1008.152528][T11166] sctp: [Deprecated]: syz.8.9521 (pid 11166) Use of int in max_burst socket option deprecated. [ 1008.152528][T11166] Use struct sctp_assoc_value instead [ 1008.170043][ T5793] Bluetooth: hci3: command tx timeout [ 1008.212317][T10728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1008.243642][T10728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1008.511875][T11205] loop7: detected capacity change from 0 to 1024 [ 1008.520745][T10728] team0: Port device team_slave_0 added [ 1008.558642][T10728] team0: Port device team_slave_1 added [ 1008.638045][T11205] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1008.788762][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1008.923950][T11225] team0: Port device team_slave_0 removed [ 1009.058519][T10728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1009.081904][T10728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1009.116523][T10728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1009.150999][T10728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1009.165135][T10728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1009.260542][T10728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1009.278083][T11268] loop8: detected capacity change from 0 to 1024 [ 1009.344644][T11268] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1009.423076][T11268] ext4 filesystem being mounted at /300/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1009.472386][T11288] loop3: detected capacity change from 0 to 512 [ 1009.530186][T11288] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1009.563406][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1009.605882][T11288] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1009.666006][T10728] hsr_slave_0: entered promiscuous mode [ 1009.715466][T10728] hsr_slave_1: entered promiscuous mode [ 1009.756064][T10728] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1009.774003][T10728] Cannot create hsr debugfs directory [ 1009.776510][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1010.077077][ T27] audit: type=1326 audit(1752585695.750:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.185252][ T27] audit: type=1326 audit(1752585695.750:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.242058][ T5793] Bluetooth: hci3: command tx timeout [ 1010.291284][ T27] audit: type=1326 audit(1752585695.750:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.370629][ T27] audit: type=1326 audit(1752585695.780:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.435604][ T27] audit: type=1326 audit(1752585695.780:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.479499][ T27] audit: type=1326 audit(1752585695.780:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.516323][ T27] audit: type=1326 audit(1752585695.780:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e878e929 code=0x7ffc0000 [ 1010.602163][ T27] kauditd_printk_skb: 81 callbacks suppressed [ 1010.602178][ T27] audit: type=1326 audit(1752585696.280:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.647935][T11384] team0: Port device team_slave_0 removed [ 1010.668193][ T27] audit: type=1326 audit(1752585696.310:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.728068][ T27] audit: type=1326 audit(1752585696.310:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.780798][ T27] audit: type=1326 audit(1752585696.320:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.862271][ T27] audit: type=1326 audit(1752585696.320:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.925793][ T27] audit: type=1326 audit(1752585696.320:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1010.976244][ T27] audit: type=1326 audit(1752585696.320:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1011.046261][ T27] audit: type=1326 audit(1752585696.320:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1011.135291][ T27] audit: type=1326 audit(1752585696.320:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1011.221909][ T27] audit: type=1326 audit(1752585696.320:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.8.9537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f15e87c11e5 code=0x7ffc0000 [ 1012.267267][T10728] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1012.309775][T10728] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1012.339186][T10728] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1012.381383][T10728] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1012.732787][T10728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1012.847038][T10728] 8021q: adding VLAN 0 to HW filter on device team0 [ 1012.921876][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 1012.929118][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1012.974025][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 1012.981349][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1013.236223][T11548] loop3: detected capacity change from 0 to 164 [ 1013.541888][T11566] loop3: detected capacity change from 0 to 512 [ 1013.647655][T11566] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1013.760516][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1013.874378][T11581] batadv_slave_1: entered promiscuous mode [ 1013.893623][T11578] batadv_slave_1: left promiscuous mode [ 1014.047683][T10728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1014.235471][T10728] veth0_vlan: entered promiscuous mode [ 1014.316478][T10728] veth1_vlan: entered promiscuous mode [ 1014.422336][T11604] loop3: detected capacity change from 0 to 512 [ 1014.467525][T10728] veth0_macvtap: entered promiscuous mode [ 1014.494720][T11604] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1014.514335][T10728] veth1_macvtap: entered promiscuous mode [ 1014.574119][T10728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1014.586179][T10728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.596328][T10728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1014.607899][T10728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.619882][T10728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1014.640011][T10728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.671191][T10728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.698234][T10728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1014.710708][T10728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1014.729393][T10728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1014.742879][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1014.760690][T10728] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.787548][T10728] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.823247][T10728] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.851373][T10728] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1015.118386][ T2684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1015.148321][ T2684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1015.236213][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1015.260812][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1015.482061][T11657] loop7: detected capacity change from 0 to 512 [ 1015.547267][T11657] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1015.736777][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1017.077164][T11757] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9605'. [ 1017.108712][T11757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9605'. [ 1017.398777][T11772] sctp: [Deprecated]: syz.1.9611 (pid 11772) Use of int in max_burst socket option deprecated. [ 1017.398777][T11772] Use struct sctp_assoc_value instead [ 1017.435188][T11775] overlay: ./file1 is not a directory [ 1018.478347][T11841] netlink: 24 bytes leftover after parsing attributes in process `syz.7.9630'. [ 1018.789524][T11856] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9633'. [ 1018.827950][T11856] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9633'. [ 1019.561746][T11903] loop1: detected capacity change from 0 to 512 [ 1019.596707][T11903] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1019.693117][T11903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1019.924057][T10728] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1020.264939][T11945] autofs4:pid:11945:autofs_fill_super: called with bogus options [ 1020.349565][T11949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9658'. [ 1020.889937][T10735] Bluetooth: hci2: command 0x0406 tx timeout [ 1020.930113][T11987] 9pnet_fd: Insufficient options for proto=fd [ 1021.378214][T12015] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9675'. [ 1021.777214][T12042] 9pnet_fd: Insufficient options for proto=fd [ 1022.000586][T12034] team0: Port device team_slave_0 removed [ 1022.225623][T12065] netlink: 40 bytes leftover after parsing attributes in process `syz.8.9688'. [ 1022.403205][T12076] loop3: detected capacity change from 0 to 512 [ 1022.475128][T12076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1022.580496][T12076] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1022.681510][T12076] __quota_error: 62 callbacks suppressed [ 1022.681529][T12076] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 1022.770203][T12076] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 1022.802069][T12076] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.9690: Failed to acquire dquot type 1 [ 1022.924173][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1023.504825][T12131] loop3: detected capacity change from 0 to 8192 [ 1023.593378][T12143] tap0: tun_chr_ioctl cmd 35111 [ 1023.899972][T12166] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9710'. [ 1024.448509][T12195] 9pnet_fd: Insufficient options for proto=fd [ 1024.487012][T12197] overlayfs: failed to resolve './bus': -2 [ 1025.152165][T12240] loop7: detected capacity change from 0 to 1764 [ 1025.204829][T12240] ISOFS: unable to read i-node block [ 1025.246330][T12240] isofs_fill_super: get root inode failed [ 1025.497347][T12260] autofs4:pid:12260:autofs_fill_super: called with bogus options [ 1025.819450][T12282] ip6tnl1: entered allmulticast mode [ 1026.092661][T12298] loop8: detected capacity change from 0 to 512 [ 1026.132659][T12301] sctp: [Deprecated]: syz.1.9746 (pid 12301) Use of int in max_burst socket option deprecated. [ 1026.132659][T12301] Use struct sctp_assoc_value instead [ 1026.177229][T12298] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1026.230721][T12298] ext4 filesystem being mounted at /358/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1026.470760][ T3754] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1026.484783][T12323] autofs4:pid:12323:autofs_fill_super: called with bogus options [ 1026.685766][T12336] loop3: detected capacity change from 0 to 512 [ 1026.747081][T12336] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 1027.077311][T12353] loop3: detected capacity change from 0 to 128 [ 1027.118303][T12353] overlayfs: failed to resolve './bus': -2 [ 1027.375634][T12375] autofs4:pid:12375:autofs_fill_super: called with bogus options [ 1027.386129][T12374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9760'. [ 1027.482956][T12379] fuse: Bad value for 'fd' [ 1027.959387][T12410] loop3: detected capacity change from 0 to 128 [ 1028.127939][T12410] syz.3.9770: attempt to access beyond end of device [ 1028.127939][T12410] loop3: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 1028.243857][T12420] syz.3.9770: attempt to access beyond end of device [ 1028.243857][T12420] loop3: rw=2049, sector=220, nr_sectors = 2 limit=128 [ 1028.311067][T12420] Buffer I/O error on dev loop3, logical block 110, lost async page write [ 1028.395709][T12433] fuse: Bad value for 'fd' [ 1028.858060][T12458] batadv_slave_1: entered promiscuous mode [ 1028.871055][T12456] batadv_slave_1: left promiscuous mode [ 1029.087319][T12471] autofs4:pid:12471:autofs_fill_super: called with bogus options [ 1029.125723][T12471] loop7: detected capacity change from 0 to 512 [ 1029.172444][T12471] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1029.377157][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1029.429871][T12447] loop1: detected capacity change from 0 to 32768 [ 1029.933208][T12499] loop1: detected capacity change from 0 to 8192 [ 1030.075466][T12509] batadv_slave_1: entered promiscuous mode [ 1030.087825][T12508] batadv_slave_1: left promiscuous mode [ 1030.606282][T12532] autofs4:pid:12532:autofs_fill_super: called with bogus options [ 1030.614362][T12533] loop3: detected capacity change from 0 to 164 [ 1030.668222][T12532] loop7: detected capacity change from 0 to 512 [ 1030.759081][T12532] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1031.067397][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1031.180069][T12565] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9800'. [ 1031.495954][T10735] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1031.506973][T10735] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1031.528383][T10735] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1031.544939][T10735] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1031.556100][T10735] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1031.565919][T10735] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1031.580566][T12579] batadv_slave_1: entered promiscuous mode [ 1031.630529][T12576] batadv_slave_1: left promiscuous mode [ 1031.783301][T12590] loop7: detected capacity change from 0 to 8192 [ 1031.867771][T12603] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9807'. [ 1032.267541][T12636] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9810'. [ 1032.521132][T12650] batadv_slave_1: entered promiscuous mode [ 1032.693006][T12666] loop7: detected capacity change from 0 to 16 [ 1032.720570][T12666] erofs: (device loop7): mounted with root inode @ nid 36. [ 1032.826445][T12649] batadv_slave_1: left promiscuous mode [ 1032.937850][T12663] loop1: detected capacity change from 0 to 8192 [ 1033.156278][T12581] chnl_net:caif_netlink_parms(): no params data found [ 1033.299520][ T1000] hsr_slave_0: left promiscuous mode [ 1033.358329][T12770] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9820'. [ 1033.362247][ T1000] hsr_slave_1: left promiscuous mode [ 1033.387723][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9820'. [ 1033.399449][ T1000] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1033.454969][ T1000] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1033.497964][ T1000] bridge_slave_1: left allmulticast mode [ 1033.511625][ T1000] bridge_slave_1: left promiscuous mode [ 1033.542598][ T1000] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.572460][ T1000] bridge_slave_0: left allmulticast mode [ 1033.595763][ T1000] bridge_slave_0: left promiscuous mode [ 1033.613131][T10735] Bluetooth: hci2: command tx timeout [ 1033.624953][ T1000] bridge0: port 1(bridge_slave_0) entered disabled state [ 1034.217307][T12799] loop3: detected capacity change from 0 to 8192 [ 1034.669219][T12824] autofs4:pid:12824:autofs_fill_super: called with bogus options [ 1034.986740][T12837] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9835'. [ 1035.411487][T12859] overlayfs: failed to resolve './bus': -2 [ 1035.676987][ T1000] team0 (unregistering): Port device team_slave_1 removed [ 1035.694100][T10735] Bluetooth: hci2: command tx timeout [ 1035.742129][ T1000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1035.865369][ T1000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1036.975829][ T1000] bond0 (unregistering): Released all slaves [ 1037.168995][T12886] loop1: detected capacity change from 0 to 32768 [ 1037.198675][T12899] netlink: 'syz.3.9853': attribute type 18 has an invalid length. [ 1037.220317][T12886] loop1: p9 p11 p16 [ 1037.674998][T12581] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.694020][T12581] bridge0: port 1(bridge_slave_0) entered disabled state [ 1037.717193][T12581] bridge_slave_0: entered allmulticast mode [ 1037.750238][T12581] bridge_slave_0: entered promiscuous mode [ 1037.775675][T10735] Bluetooth: hci2: command tx timeout [ 1037.787994][T12581] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.820564][T12581] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.875040][T12581] bridge_slave_1: entered allmulticast mode [ 1037.882568][T12581] bridge_slave_1: entered promiscuous mode [ 1038.020551][T27767] udevd[27767]: inotify_add_watch(7, /dev/loop1p11, 10) failed: No such file or directory [ 1038.031116][T27937] udevd[27937]: inotify_add_watch(7, /dev/loop1p9, 10) failed: No such file or directory [ 1038.058800][ T1917] udevd[1917]: inotify_add_watch(7, /dev/loop1p16, 10) failed: No such file or directory [ 1038.207660][T12581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1038.252418][T12581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1038.479566][T12581] team0: Port device team_slave_0 added [ 1038.516690][T12581] team0: Port device team_slave_1 added [ 1038.707748][T12581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1038.735234][T12581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1038.817573][T12581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1038.866387][T12581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1038.884263][T12581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1038.935325][T12581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1038.968886][T13085] loop7: detected capacity change from 0 to 8192 [ 1039.140348][T12581] hsr_slave_0: entered promiscuous mode [ 1039.158320][T12581] hsr_slave_1: entered promiscuous mode [ 1039.170807][T12581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1039.180561][T12581] Cannot create hsr debugfs directory [ 1039.361077][T13159] netlink: 24 bytes leftover after parsing attributes in process `syz.7.9871'. [ 1039.856145][T10735] Bluetooth: hci2: command tx timeout [ 1040.738840][T12581] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1040.801210][T12581] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1040.857533][T12581] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1040.923195][T12581] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1041.271731][T12581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1041.360516][T12581] 8021q: adding VLAN 0 to HW filter on device team0 [ 1041.374830][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.382077][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1041.422627][T13291] loop7: detected capacity change from 0 to 2048 [ 1041.433493][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.440726][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1041.490578][T13291] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1041.549831][T13291] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1041.618429][T13303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9888'. [ 1041.627809][T13303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9888'. [ 1041.860353][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1042.128294][T13327] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9893'. [ 1042.364930][T12581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1042.367374][T13339] loop7: detected capacity change from 0 to 128 [ 1043.517035][T12581] veth0_vlan: entered promiscuous mode [ 1043.582944][T12581] veth1_vlan: entered promiscuous mode [ 1043.678968][T12581] veth0_macvtap: entered promiscuous mode [ 1043.713347][T12581] veth1_macvtap: entered promiscuous mode [ 1043.762846][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.785108][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.797441][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.818991][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.840127][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.861997][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.891085][T12581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1043.923887][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1043.953141][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.979381][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.002351][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.022387][T12581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.045310][T12581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.070852][T12581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1044.099971][T12581] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.115600][T12581] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.127591][T12581] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.141193][T12581] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.265960][T13425] ip6gre1: entered allmulticast mode [ 1044.368773][T28800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.397566][T28800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1044.505280][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.535670][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1044.734746][T13459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9922'. [ 1045.659347][T13495] loop3: detected capacity change from 0 to 8192 [ 1045.751358][T13513] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9933'. [ 1045.915222][T13521] overlayfs: failed to resolve './file1': -2 [ 1046.010205][T13528] fuse: Bad value for 'fd' [ 1046.327289][T13544] loop1: detected capacity change from 0 to 1024 [ 1046.448192][T13544] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1046.512831][T13544] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1046.748583][T10728] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1047.420774][T13607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9956'. [ 1047.443323][T13607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9956'. [ 1048.080238][T13636] loop5: detected capacity change from 0 to 8192 [ 1048.457774][T13666] netlink: 'syz.7.9970': attribute type 29 has an invalid length. [ 1048.487001][T13666] netlink: 'syz.7.9970': attribute type 29 has an invalid length. [ 1048.498386][T13670] loop1: detected capacity change from 0 to 512 [ 1048.567723][T13670] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1048.700806][T13670] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1048.790997][T13684] overlayfs: failed to resolve './file0': -2 [ 1049.427460][T13698] loop5: detected capacity change from 0 to 8192 [ 1049.488646][T13718] loop7: detected capacity change from 0 to 512 [ 1049.565221][T13718] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1049.727972][T10728] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1049.804150][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1049.834085][T13727] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9981'. [ 1049.881189][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9981'. [ 1050.217997][T13750] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9985'. [ 1050.776493][T13773] loop1: detected capacity change from 0 to 8192 [ 1050.961906][T13788] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9994'. [ 1051.014577][T13788] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9994'. [ 1051.737250][T13836] overlayfs: failed to resolve './file0': -2 [ 1051.893789][T13827] loop1: detected capacity change from 0 to 8192 [ 1051.960453][T13847] loop3: detected capacity change from 0 to 512 [ 1052.004768][T13847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1052.075758][T13847] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1052.257915][ T9693] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1052.499378][T13875] overlayfs: failed to resolve './file0': -2 [ 1053.049426][T13893] loop3: detected capacity change from 0 to 8192 [ 1053.367204][T13921] overlayfs: failed to resolve './file1': -2 [ 1054.056124][T13958] fuse: Bad value for 'fd' [ 1054.078707][T13961] overlayfs: failed to resolve './file1': -2 [ 1054.670403][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.677703][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.742761][T13998] fuse: Bad value for 'fd' [ 1055.959962][T14063] loop7: detected capacity change from 0 to 128 [ 1056.052837][T14063] syz.7.10067: attempt to access beyond end of device [ 1056.052837][T14063] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 1056.075811][T14063] syz.7.10067: attempt to access beyond end of device [ 1056.075811][T14063] loop7: rw=2049, sector=220, nr_sectors = 2 limit=128 [ 1056.119248][T14063] Buffer I/O error on dev loop7, logical block 110, lost async page write [ 1056.727520][T14104] overlayfs: failed to resolve './file1': -2 [ 1057.056801][T14124] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10085'. [ 1057.739391][T14168] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10098'. [ 1058.234815][T14193] loop5: detected capacity change from 0 to 128 [ 1058.263007][T14192] syz.5.10104: attempt to access beyond end of device [ 1058.263007][T14192] loop5: rw=2049, sector=138, nr_sectors = 84 limit=128 [ 1058.788686][T14220] loop1: detected capacity change from 0 to 128 [ 1058.862501][T14220] syz.1.10108: attempt to access beyond end of device [ 1058.862501][T14220] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 1060.047117][T14289] loop5: detected capacity change from 0 to 128 [ 1060.842507][T14339] loop7: detected capacity change from 0 to 512 [ 1060.869606][T14339] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 1060.963919][T14339] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1061.885200][T14397] loop7: detected capacity change from 0 to 512 [ 1061.987797][T14397] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1061.999798][T14407] loop5: detected capacity change from 0 to 128 [ 1062.051983][T14397] ext4 filesystem being mounted at /328/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1062.063904][T14406] syz.5.10151: attempt to access beyond end of device [ 1062.063904][T14406] loop5: rw=2049, sector=138, nr_sectors = 84 limit=128 [ 1062.099037][T14397] Quota error (device loop7): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 1062.156929][T14397] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0 [ 1062.178119][T14397] EXT4-fs error (device loop7): ext4_acquire_dquot:6938: comm syz.7.10149: Failed to acquire dquot type 1 [ 1062.315228][ T6870] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1063.243392][T14462] loop7: detected capacity change from 0 to 128 [ 1063.289718][T14460] syz.7.10162: attempt to access beyond end of device [ 1063.289718][T14460] loop7: rw=2049, sector=138, nr_sectors = 84 limit=128 [ 1064.886270][T14531] [ 1064.888665][T14531] ===================================================== [ 1064.895648][T14531] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 1064.903162][T14531] 6.6.98-syzkaller #0 Not tainted [ 1064.908210][T14531] ----------------------------------------------------- [ 1064.915171][T14531] syz.7.10175/14531 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1064.923015][T14531] ffff888065078948 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 1064.931792][T14531] [ 1064.931792][T14531] and this task is already holding: [ 1064.939173][T14531] ffff88805e069028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 1064.948940][T14531] which would create a new lock dependency: [ 1064.954834][T14531] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){...-}-{2:2} [ 1064.962952][T14531] [ 1064.962952][T14531] but this new dependency connects a HARDIRQ-irq-safe lock: [ 1064.972404][T14531] (&dev->event_lock#2){-.-.}-{2:2} [ 1064.972437][T14531] [ 1064.972437][T14531] ... which became HARDIRQ-irq-safe at: [ 1064.985368][T14531] lock_acquire+0x197/0x410 [ 1064.989973][T14531] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1064.995266][T14531] input_event+0x7a/0xc0 [ 1064.999610][T14531] psmouse_report_standard_packet+0x53/0x200 [ 1065.005698][T14531] psmouse_process_byte+0x478/0x670 [ 1065.010996][T14531] psmouse_handle_byte+0x43/0x490 [ 1065.016111][T14531] ps2_interrupt+0x164/0x980 [ 1065.020806][T14531] serio_interrupt+0x8b/0x130 [ 1065.025600][T14531] i8042_interrupt+0x394/0x730 [ 1065.030461][T14531] __handle_irq_event_percpu+0x276/0x930 [ 1065.036186][T14531] handle_irq_event+0x8b/0x1e0 [ 1065.041046][T14531] handle_edge_irq+0x247/0xb30 [ 1065.045918][T14531] __common_interrupt+0x13b/0x230 [ 1065.051045][T14531] common_interrupt+0xb4/0xd0 [ 1065.055880][T14531] asm_common_interrupt+0x26/0x40 [ 1065.060997][T14531] deref_stack_reg+0x87/0x240 [ 1065.065775][T14531] unwind_next_frame+0x1789/0x2970 [ 1065.070997][T14531] arch_stack_walk+0x144/0x190 [ 1065.075857][T14531] stack_trace_save+0x9c/0xe0 [ 1065.080647][T14531] kasan_set_track+0x4e/0x70 [ 1065.085345][T14531] __kasan_kmalloc+0x8f/0xa0 [ 1065.090042][T14531] call_usermodehelper_setup+0x8e/0x260 [ 1065.095679][T14531] kobject_uevent_env+0x65d/0x8c0 [ 1065.100791][T14531] driver_register+0x2d4/0x310 [ 1065.105681][T14531] usb_register_driver+0x206/0x3d0 [ 1065.110882][T14531] do_one_initcall+0x1fd/0x750 [ 1065.115742][T14531] do_initcall_level+0x137/0x1f0 [ 1065.120782][T14531] do_initcalls+0x69/0xd0 [ 1065.125201][T14531] kernel_init_freeable+0x3d2/0x570 [ 1065.130495][T14531] kernel_init+0x1d/0x1c0 [ 1065.134919][T14531] ret_from_fork+0x48/0x80 [ 1065.139431][T14531] ret_from_fork_asm+0x11/0x20 [ 1065.144304][T14531] [ 1065.144304][T14531] to a HARDIRQ-irq-unsafe lock: [ 1065.151339][T14531] (tasklist_lock){.+.+}-{2:2} [ 1065.151367][T14531] [ 1065.151367][T14531] ... which became HARDIRQ-irq-unsafe at: [ 1065.164016][T14531] ... [ 1065.164080][T14531] lock_acquire+0x197/0x410 [ 1065.171292][T14531] _raw_read_lock+0x36/0x50 [ 1065.175893][T14531] do_wait+0x294/0xaf0 [ 1065.180063][T14531] kernel_wait+0xac/0x170 [ 1065.184509][T14531] call_usermodehelper_exec_work+0xb9/0x220 [ 1065.190506][T14531] process_scheduled_works+0xa45/0x15b0 [ 1065.196151][T14531] worker_thread+0xa55/0xfc0 [ 1065.200836][T14531] kthread+0x2fa/0x390 [ 1065.205008][T14531] ret_from_fork+0x48/0x80 [ 1065.209528][T14531] ret_from_fork_asm+0x11/0x20 [ 1065.214390][T14531] [ 1065.214390][T14531] other info that might help us debug this: [ 1065.214390][T14531] [ 1065.224653][T14531] Chain exists of: [ 1065.224653][T14531] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1065.224653][T14531] [ 1065.238230][T14531] Possible interrupt unsafe locking scenario: [ 1065.238230][T14531] [ 1065.246556][T14531] CPU0 CPU1 [ 1065.251940][T14531] ---- ---- [ 1065.257301][T14531] lock(tasklist_lock); [ 1065.261567][T14531] local_irq_disable(); [ 1065.268337][T14531] lock(&dev->event_lock#2); [ 1065.275553][T14531] lock(&client->buffer_lock); [ 1065.282948][T14531] [ 1065.286399][T14531] lock(&dev->event_lock#2); [ 1065.291263][T14531] [ 1065.291263][T14531] *** DEADLOCK *** [ 1065.291263][T14531] [ 1065.299406][T14531] 7 locks held by syz.7.10175/14531: [ 1065.304691][T14531] #0: ffff888026226110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17b/0x470 [ 1065.313945][T14531] #1: ffff88801ab78230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0xab/0x320 [ 1065.324066][T14531] #2: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 1065.333738][T14531] #3: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x1300 [ 1065.343402][T14531] #4: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x79/0x330 [ 1065.352574][T14531] #5: ffff88805e069028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 1065.362764][T14531] #6: ffffffff8cd2fae0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 1065.371831][T14531] [ 1065.371831][T14531] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 1065.382241][T14531] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 1065.387910][T14531] IN-HARDIRQ-W at: [ 1065.391986][T14531] lock_acquire+0x197/0x410 [ 1065.398330][T14531] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1065.405361][T14531] input_event+0x7a/0xc0 [ 1065.411445][T14531] psmouse_report_standard_packet+0x53/0x200 [ 1065.419283][T14531] psmouse_process_byte+0x478/0x670 [ 1065.426327][T14531] psmouse_handle_byte+0x43/0x490 [ 1065.433184][T14531] ps2_interrupt+0x164/0x980 [ 1065.439620][T14531] serio_interrupt+0x8b/0x130 [ 1065.446144][T14531] i8042_interrupt+0x394/0x730 [ 1065.452743][T14531] __handle_irq_event_percpu+0x276/0x930 [ 1065.460217][T14531] handle_irq_event+0x8b/0x1e0 [ 1065.466813][T14531] handle_edge_irq+0x247/0xb30 [ 1065.473402][T14531] __common_interrupt+0x13b/0x230 [ 1065.480256][T14531] common_interrupt+0xb4/0xd0 [ 1065.486792][T14531] asm_common_interrupt+0x26/0x40 [ 1065.493654][T14531] deref_stack_reg+0x87/0x240 [ 1065.500171][T14531] unwind_next_frame+0x1789/0x2970 [ 1065.507135][T14531] arch_stack_walk+0x144/0x190 [ 1065.513737][T14531] stack_trace_save+0x9c/0xe0 [ 1065.520246][T14531] kasan_set_track+0x4e/0x70 [ 1065.526666][T14531] __kasan_kmalloc+0x8f/0xa0 [ 1065.533087][T14531] call_usermodehelper_setup+0x8e/0x260 [ 1065.540473][T14531] kobject_uevent_env+0x65d/0x8c0 [ 1065.547326][T14531] driver_register+0x2d4/0x310 [ 1065.553943][T14531] usb_register_driver+0x206/0x3d0 [ 1065.560893][T14531] do_one_initcall+0x1fd/0x750 [ 1065.567492][T14531] do_initcall_level+0x137/0x1f0 [ 1065.574260][T14531] do_initcalls+0x69/0xd0 [ 1065.580421][T14531] kernel_init_freeable+0x3d2/0x570 [ 1065.587451][T14531] kernel_init+0x1d/0x1c0 [ 1065.593627][T14531] ret_from_fork+0x48/0x80 [ 1065.599887][T14531] ret_from_fork_asm+0x11/0x20 [ 1065.606495][T14531] IN-SOFTIRQ-W at: [ 1065.610573][T14531] lock_acquire+0x197/0x410 [ 1065.616937][T14531] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1065.624001][T14531] input_inject_event+0xab/0x320 [ 1065.630781][T14531] led_trigger_event+0x133/0x210 [ 1065.637556][T14531] kbd_bh+0x1c0/0x2d0 [ 1065.643372][T14531] tasklet_action_common+0x2eb/0x4c0 [ 1065.650485][T14531] handle_softirqs+0x280/0x820 [ 1065.657079][T14531] __irq_exit_rcu+0xc7/0x190 [ 1065.663500][T14531] irq_exit_rcu+0x9/0x20 [ 1065.669566][T14531] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1065.677041][T14531] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1065.684851][T14531] preempt_schedule_irq+0xb0/0x140 [ 1065.691810][T14531] irqentry_exit+0x67/0x70 [ 1065.698058][T14531] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1065.705350][T14531] queue_work_on+0x187/0x1e0 [ 1065.711776][T14531] soft_cursor+0xaf1/0xd50 [ 1065.718025][T14531] bit_cursor+0x15ef/0x1e10 [ 1065.724356][T14531] con_flush_chars+0x1fa/0x280 [ 1065.731015][T14531] n_tty_receive_buf_common+0xc77/0x12d0 [ 1065.738484][T14531] tiocsti+0x23e/0x2c0 [ 1065.744398][T14531] tty_ioctl+0x62e/0xdd0 [ 1065.750514][T14531] __se_sys_ioctl+0xfd/0x170 [ 1065.756938][T14531] do_syscall_64+0x55/0xb0 [ 1065.763193][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1065.770914][T14531] INITIAL USE at: [ 1065.774902][T14531] lock_acquire+0x197/0x410 [ 1065.781153][T14531] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1065.788094][T14531] input_inject_event+0xab/0x320 [ 1065.794784][T14531] led_trigger_event+0x133/0x210 [ 1065.801476][T14531] kbd_led_trigger_activate+0xbd/0x100 [ 1065.808680][T14531] led_trigger_set+0x524/0x940 [ 1065.815190][T14531] led_trigger_set_default+0x1a0/0x1e0 [ 1065.822394][T14531] led_classdev_register_ext+0x6e9/0x940 [ 1065.829776][T14531] input_leds_connect+0x4eb/0x6b0 [ 1065.836543][T14531] input_register_device+0xcdc/0x1070 [ 1065.843660][T14531] atkbd_connect+0x6fb/0x9a0 [ 1065.850003][T14531] serio_driver_probe+0x7a/0xa0 [ 1065.856598][T14531] really_probe+0x25b/0xb40 [ 1065.862864][T14531] __driver_probe_device+0x18c/0x330 [ 1065.869912][T14531] driver_probe_device+0x4f/0x420 [ 1065.876701][T14531] __driver_attach+0x44e/0x6f0 [ 1065.883212][T14531] bus_for_each_dev+0x22d/0x2a0 [ 1065.889805][T14531] serio_handle_event+0x1a2/0x860 [ 1065.896578][T14531] process_scheduled_works+0xa45/0x15b0 [ 1065.903868][T14531] worker_thread+0xa55/0xfc0 [ 1065.910205][T14531] kthread+0x2fa/0x390 [ 1065.916012][T14531] ret_from_fork+0x48/0x80 [ 1065.922169][T14531] ret_from_fork_asm+0x11/0x20 [ 1065.928678][T14531] } [ 1065.931269][T14531] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1065.940395][T14531] -> (&client->buffer_lock){....}-{2:2} { [ 1065.946141][T14531] INITIAL USE at: [ 1065.950038][T14531] lock_acquire+0x197/0x410 [ 1065.956112][T14531] _raw_spin_lock+0x2e/0x40 [ 1065.962185][T14531] evdev_pass_values+0xcb/0xab0 [ 1065.968605][T14531] evdev_events+0x1d8/0x330 [ 1065.974689][T14531] input_pass_values+0x907/0x1300 [ 1065.981292][T14531] input_event_dispose+0x346/0x6c0 [ 1065.987974][T14531] input_inject_event+0x1f9/0x320 [ 1065.994577][T14531] evdev_write+0x32a/0x470 [ 1066.000571][T14531] vfs_write+0x288/0x940 [ 1066.006385][T14531] ksys_write+0x147/0x250 [ 1066.012279][T14531] do_syscall_64+0x55/0xb0 [ 1066.018268][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.025731][T14531] } [ 1066.028233][T14531] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 1066.036402][T14531] ... acquired at: [ 1066.040229][T14531] _raw_spin_lock+0x2e/0x40 [ 1066.044916][T14531] evdev_pass_values+0xcb/0xab0 [ 1066.049958][T14531] evdev_events+0x1d8/0x330 [ 1066.054645][T14531] input_pass_values+0x907/0x1300 [ 1066.059850][T14531] input_event_dispose+0x346/0x6c0 [ 1066.065168][T14531] input_inject_event+0x1f9/0x320 [ 1066.070384][T14531] evdev_write+0x32a/0x470 [ 1066.074984][T14531] vfs_write+0x288/0x940 [ 1066.079414][T14531] ksys_write+0x147/0x250 [ 1066.083923][T14531] do_syscall_64+0x55/0xb0 [ 1066.088527][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.094601][T14531] [ 1066.096942][T14531] [ 1066.096942][T14531] the dependencies between the lock to be acquired [ 1066.096954][T14531] and HARDIRQ-irq-unsafe lock: [ 1066.110504][T14531] -> (tasklist_lock){.+.+}-{2:2} { [ 1066.115823][T14531] HARDIRQ-ON-R at: [ 1066.119983][T14531] lock_acquire+0x197/0x410 [ 1066.126497][T14531] _raw_read_lock+0x36/0x50 [ 1066.133005][T14531] do_wait+0x294/0xaf0 [ 1066.139089][T14531] kernel_wait+0xac/0x170 [ 1066.145429][T14531] call_usermodehelper_exec_work+0xb9/0x220 [ 1066.153337][T14531] process_scheduled_works+0xa45/0x15b0 [ 1066.160901][T14531] worker_thread+0xa55/0xfc0 [ 1066.167514][T14531] kthread+0x2fa/0x390 [ 1066.173597][T14531] ret_from_fork+0x48/0x80 [ 1066.180023][T14531] ret_from_fork_asm+0x11/0x20 [ 1066.186798][T14531] SOFTIRQ-ON-R at: [ 1066.190960][T14531] lock_acquire+0x197/0x410 [ 1066.197484][T14531] _raw_read_lock+0x36/0x50 [ 1066.203998][T14531] do_wait+0x294/0xaf0 [ 1066.210082][T14531] kernel_wait+0xac/0x170 [ 1066.216428][T14531] call_usermodehelper_exec_work+0xb9/0x220 [ 1066.224342][T14531] process_scheduled_works+0xa45/0x15b0 [ 1066.231904][T14531] worker_thread+0xa55/0xfc0 [ 1066.238507][T14531] kthread+0x2fa/0x390 [ 1066.244578][T14531] ret_from_fork+0x48/0x80 [ 1066.251013][T14531] ret_from_fork_asm+0x11/0x20 [ 1066.257792][T14531] INITIAL USE at: [ 1066.261872][T14531] lock_acquire+0x197/0x410 [ 1066.268304][T14531] _raw_write_lock_irq+0xa3/0xe0 [ 1066.275168][T14531] copy_process+0x225d/0x3d70 [ 1066.281767][T14531] kernel_clone+0x21b/0x840 [ 1066.288199][T14531] user_mode_thread+0xde/0x130 [ 1066.294891][T14531] rest_init+0x27/0x300 [ 1066.300977][T14531] arch_call_rest_init+0xe/0x10 [ 1066.307768][T14531] start_kernel+0x459/0x4e0 [ 1066.314193][T14531] x86_64_start_reservations+0x2a/0x30 [ 1066.321572][T14531] copy_bootdata+0x0/0xe0 [ 1066.327820][T14531] secondary_startup_64_no_verify+0x179/0x17b [ 1066.335818][T14531] INITIAL READ USE at: [ 1066.340330][T14531] lock_acquire+0x197/0x410 [ 1066.347188][T14531] _raw_read_lock+0x36/0x50 [ 1066.354048][T14531] do_wait+0x294/0xaf0 [ 1066.360665][T14531] kernel_wait+0xac/0x170 [ 1066.367358][T14531] call_usermodehelper_exec_work+0xb9/0x220 [ 1066.375618][T14531] process_scheduled_works+0xa45/0x15b0 [ 1066.383528][T14531] worker_thread+0xa55/0xfc0 [ 1066.390475][T14531] kthread+0x2fa/0x390 [ 1066.396905][T14531] ret_from_fork+0x48/0x80 [ 1066.403689][T14531] ret_from_fork_asm+0x11/0x20 [ 1066.410825][T14531] } [ 1066.413508][T14531] ... key at: [] tasklist_lock+0x18/0x40 [ 1066.421418][T14531] ... acquired at: [ 1066.425424][T14531] _raw_read_lock+0x36/0x50 [ 1066.430127][T14531] send_sigurg+0xf0/0x3c0 [ 1066.434662][T14531] sk_send_sigurg+0x6f/0xc0 [ 1066.439455][T14531] tcp_check_urg+0x200/0x750 [ 1066.444233][T14531] tcp_urg+0x161/0x3f0 [ 1066.448502][T14531] tcp_rcv_established+0xa2e/0x1cf0 [ 1066.453900][T14531] tcp_v4_do_rcv+0x4ed/0xb80 [ 1066.458692][T14531] __release_sock+0x1bd/0x430 [ 1066.463563][T14531] release_sock+0x5f/0x1c0 [ 1066.468176][T14531] tcp_sendmsg+0x39/0x50 [ 1066.472612][T14531] ____sys_sendmsg+0x5bf/0x950 [ 1066.477557][T14531] ___sys_sendmsg+0x220/0x290 [ 1066.482432][T14531] __se_sys_sendmsg+0x1a5/0x270 [ 1066.487477][T14531] do_syscall_64+0x55/0xb0 [ 1066.492095][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.498181][T14531] [ 1066.500515][T14531] -> (&f->f_owner.lock){...-}-{2:2} { [ 1066.506012][T14531] IN-SOFTIRQ-R at: [ 1066.510094][T14531] lock_acquire+0x197/0x410 [ 1066.516433][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1066.523554][T14531] send_sigio+0x33/0x360 [ 1066.529635][T14531] kill_fasync+0x228/0x4b0 [ 1066.535896][T14531] sock_wake_async+0x137/0x160 [ 1066.542504][T14531] sk_wake_async+0x184/0x280 [ 1066.548934][T14531] sock_wfree+0x488/0x610 [ 1066.555098][T14531] skb_release_head_state+0xfa/0x240 [ 1066.562232][T14531] kfree_skb_reason+0xd7/0x170 [ 1066.568836][T14531] neigh_invalidate+0x22c/0x450 [ 1066.575530][T14531] neigh_timer_handler+0x914/0xff0 [ 1066.582485][T14531] call_timer_fn+0x16e/0x530 [ 1066.588908][T14531] __run_timers+0x52d/0x7d0 [ 1066.595242][T14531] run_timer_softirq+0x67/0xf0 [ 1066.601835][T14531] handle_softirqs+0x280/0x820 [ 1066.608437][T14531] do_softirq+0xed/0x180 [ 1066.614512][T14531] __local_bh_enable_ip+0x178/0x1c0 [ 1066.621555][T14531] __neigh_event_send+0x9b/0x14c0 [ 1066.628429][T14531] neigh_resolve_output+0x19b/0x730 [ 1066.635470][T14531] ip_finish_output2+0xd21/0x11d0 [ 1066.642403][T14531] ip_send_skb+0x12d/0x1d0 [ 1066.648657][T14531] raw_sendmsg+0x1488/0x1950 [ 1066.655085][T14531] ____sys_sendmsg+0x5bf/0x950 [ 1066.661681][T14531] ___sys_sendmsg+0x220/0x290 [ 1066.668186][T14531] __sys_sendmmsg+0x275/0x4a0 [ 1066.674700][T14531] __x64_sys_sendmmsg+0xa0/0xb0 [ 1066.681389][T14531] do_syscall_64+0x55/0xb0 [ 1066.687661][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.695393][T14531] INITIAL USE at: [ 1066.699384][T14531] lock_acquire+0x197/0x410 [ 1066.705684][T14531] _raw_write_lock_irq+0xa3/0xe0 [ 1066.712473][T14531] __f_setown+0x3b/0x330 [ 1066.718487][T14531] f_setown+0x14b/0x200 [ 1066.724414][T14531] do_fcntl+0x650/0x1380 [ 1066.730423][T14531] __se_sys_fcntl+0xc9/0x1a0 [ 1066.736775][T14531] do_syscall_64+0x55/0xb0 [ 1066.742946][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.750605][T14531] INITIAL READ USE at: [ 1066.755032][T14531] lock_acquire+0x197/0x410 [ 1066.761719][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1066.769197][T14531] send_sigurg+0x29/0x3c0 [ 1066.775715][T14531] sk_send_sigurg+0x6f/0xc0 [ 1066.782413][T14531] tcp_check_urg+0x200/0x750 [ 1066.789192][T14531] tcp_urg+0x161/0x3f0 [ 1066.795449][T14531] tcp_rcv_established+0xa2e/0x1cf0 [ 1066.802824][T14531] tcp_v4_do_rcv+0x4ed/0xb80 [ 1066.809608][T14531] __release_sock+0x1bd/0x430 [ 1066.816471][T14531] release_sock+0x5f/0x1c0 [ 1066.823073][T14531] tcp_sendmsg+0x39/0x50 [ 1066.829513][T14531] ____sys_sendmsg+0x5bf/0x950 [ 1066.836452][T14531] ___sys_sendmsg+0x220/0x290 [ 1066.843309][T14531] __sys_sendmmsg+0x275/0x4a0 [ 1066.850164][T14531] __x64_sys_sendmmsg+0xa0/0xb0 [ 1066.857191][T14531] do_syscall_64+0x55/0xb0 [ 1066.863793][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.871895][T14531] } [ 1066.874495][T14531] ... key at: [] init_file.__key+0x0/0x20 [ 1066.882428][T14531] ... acquired at: [ 1066.886322][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1066.891796][T14531] send_sigio+0x33/0x360 [ 1066.896235][T14531] kill_fasync+0x228/0x4b0 [ 1066.900844][T14531] lease_break_callback+0x26/0x30 [ 1066.906058][T14531] __break_lease+0x4a7/0x12c0 [ 1066.910928][T14531] do_dentry_open+0x823/0x1500 [ 1066.915884][T14531] dentry_open+0xbb/0x100 [ 1066.920412][T14531] do_mq_open+0x581/0x750 [ 1066.924933][T14531] __x64_sys_mq_open+0x16b/0x1b0 [ 1066.930065][T14531] do_syscall_64+0x55/0xb0 [ 1066.934673][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1066.940758][T14531] [ 1066.943088][T14531] -> (&new->fa_lock){...-}-{2:2} { [ 1066.948237][T14531] IN-SOFTIRQ-R at: [ 1066.952229][T14531] lock_acquire+0x197/0x410 [ 1066.958394][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1066.965345][T14531] kill_fasync+0x192/0x4b0 [ 1066.971428][T14531] sock_wake_async+0x137/0x160 [ 1066.977864][T14531] sk_wake_async+0x184/0x280 [ 1066.984117][T14531] sock_wfree+0x488/0x610 [ 1066.990112][T14531] skb_release_head_state+0xfa/0x240 [ 1066.997062][T14531] kfree_skb_reason+0xd7/0x170 [ 1067.003493][T14531] neigh_invalidate+0x22c/0x450 [ 1067.010006][T14531] neigh_timer_handler+0x914/0xff0 [ 1067.016787][T14531] call_timer_fn+0x16e/0x530 [ 1067.023042][T14531] __run_timers+0x52d/0x7d0 [ 1067.029201][T14531] run_timer_softirq+0x67/0xf0 [ 1067.035644][T14531] handle_softirqs+0x280/0x820 [ 1067.042090][T14531] do_softirq+0xed/0x180 [ 1067.047997][T14531] __local_bh_enable_ip+0x178/0x1c0 [ 1067.054856][T14531] __neigh_event_send+0x9b/0x14c0 [ 1067.061557][T14531] neigh_resolve_output+0x19b/0x730 [ 1067.068442][T14531] ip_finish_output2+0xd21/0x11d0 [ 1067.075140][T14531] ip_send_skb+0x12d/0x1d0 [ 1067.081217][T14531] raw_sendmsg+0x1488/0x1950 [ 1067.087478][T14531] ____sys_sendmsg+0x5bf/0x950 [ 1067.093899][T14531] ___sys_sendmsg+0x220/0x290 [ 1067.100235][T14531] __sys_sendmmsg+0x275/0x4a0 [ 1067.106568][T14531] __x64_sys_sendmmsg+0xa0/0xb0 [ 1067.113078][T14531] do_syscall_64+0x55/0xb0 [ 1067.119150][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1067.126708][T14531] INITIAL USE at: [ 1067.130649][T14531] lock_acquire+0x197/0x410 [ 1067.136724][T14531] _raw_write_lock_irq+0xa3/0xe0 [ 1067.143229][T14531] fasync_remove_entry+0xf4/0x1c0 [ 1067.149826][T14531] lease_modify+0x1a6/0x390 [ 1067.155905][T14531] locks_remove_file+0x4c0/0xe20 [ 1067.162415][T14531] __fput+0x18f/0x970 [ 1067.167961][T14531] task_work_run+0x1ce/0x250 [ 1067.174121][T14531] exit_to_user_mode_loop+0xe6/0x110 [ 1067.181002][T14531] exit_to_user_mode_prepare+0xb1/0x140 [ 1067.188127][T14531] syscall_exit_to_user_mode+0x1a/0x50 [ 1067.195151][T14531] do_syscall_64+0x61/0xb0 [ 1067.201154][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1067.208613][T14531] INITIAL READ USE at: [ 1067.212939][T14531] lock_acquire+0x197/0x410 [ 1067.219447][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1067.226741][T14531] kill_fasync+0x192/0x4b0 [ 1067.233176][T14531] lease_break_callback+0x26/0x30 [ 1067.240217][T14531] __break_lease+0x4a7/0x12c0 [ 1067.246903][T14531] do_dentry_open+0x823/0x1500 [ 1067.253671][T14531] dentry_open+0xbb/0x100 [ 1067.260010][T14531] do_mq_open+0x581/0x750 [ 1067.266343][T14531] __x64_sys_mq_open+0x16b/0x1b0 [ 1067.273282][T14531] do_syscall_64+0x55/0xb0 [ 1067.279713][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1067.287615][T14531] } [ 1067.290123][T14531] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1067.298819][T14531] ... acquired at: [ 1067.302642][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1067.308110][T14531] kill_fasync+0x192/0x4b0 [ 1067.312715][T14531] evdev_pass_values+0x54b/0xab0 [ 1067.317838][T14531] evdev_events+0x1d8/0x330 [ 1067.322520][T14531] input_pass_values+0x907/0x1300 [ 1067.327728][T14531] input_event_dispose+0x346/0x6c0 [ 1067.333028][T14531] input_inject_event+0x1f9/0x320 [ 1067.338245][T14531] evdev_write+0x32a/0x470 [ 1067.342852][T14531] vfs_write+0x288/0x940 [ 1067.347290][T14531] ksys_write+0x147/0x250 [ 1067.351805][T14531] do_syscall_64+0x55/0xb0 [ 1067.356413][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1067.362489][T14531] [ 1067.364823][T14531] [ 1067.364823][T14531] stack backtrace: [ 1067.370721][T14531] CPU: 1 PID: 14531 Comm: syz.7.10175 Not tainted 6.6.98-syzkaller #0 [ 1067.379051][T14531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1067.389109][T14531] Call Trace: [ 1067.392395][T14531] [ 1067.395341][T14531] dump_stack_lvl+0x16c/0x230 [ 1067.400037][T14531] ? load_image+0x3b0/0x3b0 [ 1067.404551][T14531] ? show_regs_print_info+0x20/0x20 [ 1067.409764][T14531] ? load_image+0x3b0/0x3b0 [ 1067.414279][T14531] ? print_shortest_lock_dependencies+0xf4/0x160 [ 1067.420618][T14531] __lock_acquire+0x678f/0x7c80 [ 1067.425498][T14531] ? verify_lock_unused+0x140/0x140 [ 1067.430733][T14531] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1067.436641][T14531] ? verify_lock_unused+0x140/0x140 [ 1067.441848][T14531] lock_acquire+0x197/0x410 [ 1067.446361][T14531] ? kill_fasync+0x192/0x4b0 [ 1067.450983][T14531] ? read_lock_is_recursive+0x20/0x20 [ 1067.456392][T14531] _raw_read_lock_irqsave+0xb0/0x100 [ 1067.461706][T14531] ? kill_fasync+0x192/0x4b0 [ 1067.466324][T14531] ? _raw_read_lock+0x50/0x50 [ 1067.471033][T14531] kill_fasync+0x192/0x4b0 [ 1067.475474][T14531] ? kill_fasync+0x53/0x4b0 [ 1067.479997][T14531] evdev_pass_values+0x54b/0xab0 [ 1067.484955][T14531] ? evdev_pass_values+0x5c1/0xab0 [ 1067.490086][T14531] evdev_events+0x1d8/0x330 [ 1067.494604][T14531] ? evdev_events+0x79/0x330 [ 1067.499211][T14531] ? evdev_event+0xe0/0xe0 [ 1067.503655][T14531] input_pass_values+0x907/0x1300 [ 1067.508684][T14531] ? input_pass_values+0xa3/0x1300 [ 1067.513816][T14531] input_event_dispose+0x346/0x6c0 [ 1067.518952][T14531] input_inject_event+0x1f9/0x320 [ 1067.523992][T14531] ? input_inject_event+0xbc/0x320 [ 1067.529116][T14531] evdev_write+0x32a/0x470 [ 1067.533549][T14531] ? evdev_read+0xb50/0xb50 [ 1067.538065][T14531] ? common_file_perm+0x198/0x1f0 [ 1067.543105][T14531] ? fsnotify_perm+0x5d/0x5e0 [ 1067.547784][T14531] ? security_file_permission+0x79/0xa0 [ 1067.553335][T14531] ? evdev_read+0xb50/0xb50 [ 1067.557845][T14531] vfs_write+0x288/0x940 [ 1067.562108][T14531] ? file_end_write+0x250/0x250 [ 1067.566967][T14531] ? __fget_files+0x28/0x4d0 [ 1067.571572][T14531] ? __fget_files+0x44a/0x4d0 [ 1067.576265][T14531] ? __fdget_pos+0x1d8/0x330 [ 1067.580868][T14531] ? ksys_write+0x75/0x250 [ 1067.585290][T14531] ksys_write+0x147/0x250 [ 1067.589624][T14531] ? __ia32_sys_read+0x90/0x90 [ 1067.594387][T14531] ? lockdep_hardirqs_on+0x98/0x150 [ 1067.599629][T14531] do_syscall_64+0x55/0xb0 [ 1067.604055][T14531] ? clear_bhb_loop+0x40/0x90 [ 1067.608737][T14531] ? clear_bhb_loop+0x40/0x90 [ 1067.613423][T14531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1067.619345][T14531] RIP: 0033:0x7fec5d98e929 [ 1067.623767][T14531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1067.643388][T14531] RSP: 002b:00007fec5e845038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1067.651812][T14531] RAX: ffffffffffffffda RBX: 00007fec5dbb5fa0 RCX: 00007fec5d98e929 [ 1067.659818][T14531] RDX: 000000000000005b RSI: 00002000000000c0 RDI: 0000000000000003 [ 1067.667885][T14531] RBP: 00007fec5da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1067.675864][T14531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.683848][T14531] R13: 0000000000000000 R14: 00007fec5dbb5fa0 R15: 00007ffd2c0c1508 [ 1067.691831][T14531] [ 1069.801935][T10735] Bluetooth: hci1: command 0x0406 tx timeout