last executing test programs: 8.823758489s ago: executing program 1 (id=4030): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0xe4e}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/263, 0x107}, {&(0x7f0000003700)=""/213, 0xd5}, {&(0x7f0000002180)=""/205, 0xcd}, {&(0x7f0000000b40)=""/161, 0xa1}, {&(0x7f0000000780)=""/234, 0xea}], 0x6}, 0x1009}], 0x3, 0x40012160, 0x0) 7.961120007s ago: executing program 1 (id=4032): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x5c, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = userfaultfd(0x80801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100}) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 7.802094663s ago: executing program 1 (id=4035): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet(r5, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) unshare(0x60000600) 7.468928178s ago: executing program 1 (id=4038): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup(r0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40040) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0c0}, 0x50) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00400000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00010000000000000000000000000000a30a00000000fbffffffffffffffffff000000000000000000000000000800000000000000000000000000000041fbfdb9000000007c28524cc5ea06000000000000000c0000000000000000"], 0xb8}}, 0x0) 7.294434996s ago: executing program 1 (id=4040): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r5, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="00000000ac1e00010000000018000000000000000000000007"], 0x38}}], 0x1, 0x0) 6.102917697s ago: executing program 1 (id=4044): openat(0xffffffffffffff9c, 0x0, 0x6842, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f00000001c0)='.\x00', 0x4000423) r3 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x3, 0x1, 0x5, 0xa, 0x3, 0x1, {0x0, 0x17d, 0x8, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0x2, 0xc000, 0x20000000, 0x0, 0x0, 0x3ff, 0xb101}}, {0x0, 0x1e}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080)=0x2, 0x7f03) 4.822897762s ago: executing program 3 (id=4052): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setgroups(0x0, 0x0) 3.608049425s ago: executing program 0 (id=4058): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00), 0x0, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000680001000000000000c137bf333f2d9d3d8ec900e8e481137afaaff0e731286e759417bdf65fa6cde740b863380ee60716fb7ff3d9fa04f5d5efc3b2f3bd36b828902928b7f4dedc1797f21ce2f06ba3cbe144374acf493fdf2e8f55b7b27a8287d8502dfb9d8220bb670e83e8339317fe114d94f5352b49f1d7ec81b51a1ae99f14ba1cb966f8d391bf4e68e70edcdb7d3e80cc05dcbf7ffa1db2db21f57b26225523b8ae53a67d791b3710690f1bc36b72d0683b95df83941cd0aef23b87b509ed4634f31ce25d41077d4fe11200000000000000000000000000000000588d4c394be04f4baa0975088aa5acbc1148d1620024de033c19af43a131164b702a0cb7736e5de819b19d1d10a63eee9621ea908267e1a0bbb95be92b0b03d5989306df097a4c6467f2b46a6f3585aea19d55b77ad0f1b2c430814287f7ddc0b60c709e002821e18a526c7400"/348], 0x18}}, 0x40000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0xfffffff3) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r7, 0x0) 3.381763325s ago: executing program 0 (id=4059): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() 3.200646462s ago: executing program 0 (id=4061): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r3, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) 3.026537479s ago: executing program 0 (id=4062): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd']) 2.853059077s ago: executing program 3 (id=4063): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, 0x0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, 0x0) 2.693613574s ago: executing program 0 (id=4067): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x1, &(0x7f0000000140)={[{@quota}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@abort}]}, 0xfe, 0x452, &(0x7f0000000980)="$eJzs3M1vFOUfAPDvzG7L+6/8EF9A0CoaiS8tLS9y8ILRxIMmJnrAeKptIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGGC+hpzezOlKXdbbvtlq3M55MMPM/Os3me78w8u888z04DKK3h7J8kYntE/B4RQ83s3QWGm//dvnl58u+blyeTqNff+itplLt18/JkUbR437Zmpl7P85va1Hv13YiJWm36Qp4fnTv3wejsxUsvnDk3cXr69PT58ePHjxzeP3hs/GhP4sziurX345l9e15759obkyevvffzt1l7t+f7W+NYkXT5IsPNo9vW011VtvHtaEkn1T42hK5UIiI7XQON/j8Uldgyv28oXv2sr40D1lW9Xq+3+37OXakD97Ek+t0CoD+KL/rs/rfY7tHQY0O4caJ5A5TFfTvfmnuq87f4Awvub3tpOCJOXvnnq2yL1cxDAAB06fts/PN8u/FfGg+1lPtfvoayMyL+HxG7IuKBiNgdEQ9GNMo+HBGPdFn/whWSxeOf9PqqAluhbPz3Ur62dff4L22M+7KQK/lyz45G/APJqTO16UP5MTkYA5uy/NgSdfzwym9fdNrXOv7Ltqz+YiyYt+N6dcEE3dTE3MTaor7jxqcRe6vt4k+iWMZJImJPROxdZR1nnv1mX6d9y8e/hB6sM9W/jnimef6vxIL4C0nH9cmxF4+NHx3dHLXpQ6PFVbHYL79efbNT/WuKvwey87+17fU/H//OZHPE7MVLZxvrtbPd13H1j8873tOs9vofTN5upAfz1z6amJu7MBYxmLy++PXxO+8t8kX5LP6DB9r3/13VO0fi0YjILuL9EfFYRDyet/2JiHgyIg4sEf9PLz/1fvfxLzEr30NZ/FPLnf9oPf/dJypnf/yu+/gL2fk/0kgdzF9ZyeffShu4lmMHAAAA/xVp4zfwSToyn07TkZHmb/h3x9a0NjM799ypmQ/PTzV/K78zBtJipmuoZT50LJ8bLvLjC/KH83njLytbGvmRyZnaVL+Dh5Lb1qH/Z/6s9Lt1wLrzvBaUl/4P5aX/Q3np/1Be+j+UV7v+/0kf2gHce77/obz0fygv/R/KS/+HUur4bHy6pkf+1z1RfGRtlPbcD4kTXb0r0o3Q5hIkqiv+YxarTGxqu6vPH0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA98m8AAAD//0Fo4Oc=") 2.520291331s ago: executing program 3 (id=4069): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00), 0x0, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000680001000000000000c137bf333f2d9d3d8ec900e8e481137afaaff0e731286e759417bdf65fa6cde740b863380ee60716fb7ff3d9fa04f5d5efc3b2f3bd36b828902928b7f4dedc1797f21ce2f06ba3cbe144374acf493fdf2e8f55b7b27a8287d8502dfb9d8220bb670e83e8339317fe114d94f5352b49f1d7ec81b51a1ae99f14ba1cb966f8d391bf4e68e70edcdb7d3e80cc05dcbf7ffa1db2db21f57b26225523b8ae53a67d791b3710690f1bc36b72d0683b95df83941cd0aef23b87b509ed4634f31ce25d41077d4fe11200000000000000000000000000000000588d4c394be04f4baa0975088aa5acbc1148d1620024de033c19af43a131164b702a0cb7736e5de819b19d1d10a63eee9621ea908267e1a0bbb95be92b0b03d5989306df097a4c6467f2b46a6f3585aea19d55b77ad0f1b2c430814287f7ddc0b60c709e002821e18a526c7400"/348], 0x18}}, 0x40000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0xfffffff3) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r7, 0x0) 2.251858063s ago: executing program 3 (id=4072): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) 2.114139599s ago: executing program 0 (id=4074): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 1.600203271s ago: executing program 2 (id=4078): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, 0x0, 0x0, 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000680001000000000000c137bf333f2d9d3d8ec900e8e481137afaaff0e731286e759417bdf65fa6cde740b863380ee60716fb7ff3d9fa04f5d5efc3b2f3bd36b828902928b7f4dedc1797f21ce2f06ba3cbe144374acf493fdf2e8f55b7b27a8287d8502dfb9d8220bb670e83e8339317fe114d94f5352b49f1d7ec81b51a1ae99f14ba1cb966f8d391bf4e68e70edcdb7d3e80cc05dcbf7ffa1db2db21f57b26225523b8ae53a67d791b3710690f1bc36b72d0683b95df83941cd0aef23b87b509ed4634f31ce25d41077d4fe11200000000000000000000000000000000588d4c394be04f4baa0975088aa5acbc1148d1620024de033c19af43a131164b702a0cb7736e5de819b19d1d10a63eee9621ea908267e1a0bbb95be92b0b03d5989306df097a4c6467f2b46a6f3585aea19d55b77ad0f1b2c430814287f7ddc0b60c709e002821e18a526c7400"/348], 0x18}}, 0x40000) 1.427795608s ago: executing program 2 (id=4080): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f00000006c0)="9abab4d4b7a95e7f896e570942755aea1914fd58", 0x0, 0x4}, 0x20) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r5, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x4, 0x4]}}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.223828657s ago: executing program 2 (id=4082): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000680001000000000000c137bf333f2d9d3d8ec900e8e481137afaaff0e731286e759417bdf65fa6cde740b863380ee60716fb7ff3d9fa04f5d5efc3b2f3bd36b828902928b7f4dedc1797f21ce2f06ba3cbe144374acf493fdf2e8f55b7b27a8287d8502dfb9d8220bb670e83e8339317fe114d94f5352b49f1d7ec81b51a1ae99f14ba1cb966f8d391bf4e68e70edcdb7d3e80cc05dcbf7ffa1db2db21f57b26225523b8ae53a67d791b3710690f1bc36b72d0683b95df83941cd0aef23b87b509ed4634f31ce25d41077d4fe11200000000000000000000000000000000588d4c394be04f4baa0975088aa5acbc1148d1620024de033c19af43a131164b702a0cb7736e5de819b19d1d10a63eee9621ea908267e1a0bbb95be92b0b03d5989306df097a4c6467f2b46a6f3585aea19d55b77ad0f1b2c430814287f7ddc0b60c709e002821e18a526c7400"/348], 0x18}}, 0x40000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0xfffffff3) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r7, 0x0) 1.178560259s ago: executing program 4 (id=4083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000001c0), 0x10) sendmsg$can_bcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05000000d8"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0) 1.067466894s ago: executing program 4 (id=4084): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) 996.687087ms ago: executing program 2 (id=4085): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket(0x10, 0x803, 0x0) sendto(r5, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000001dc0)=""/4102, 0x1006}], 0x1}, 0x9}], 0x2, 0x40012160, 0x0) 910.445231ms ago: executing program 4 (id=4086): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 830.172604ms ago: executing program 2 (id=4087): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x10000002]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat(r4, &(0x7f0000000100)='./file0/../file0\x00', r4, 0x0) 810.884125ms ago: executing program 4 (id=4088): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) process_vm_writev(0x0, &(0x7f0000000780)=[{0x0}], 0x1, 0x0, 0x0, 0x0) 672.522681ms ago: executing program 2 (id=4089): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xfffffffffffffdf5, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 657.994842ms ago: executing program 4 (id=4090): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, 0x0, 0x0, 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000680001000000000000c137bf333f2d9d3d8ec900e8e481137afaaff0e731286e759417bdf65fa6cde740b863380ee60716fb7ff3d9fa04f5d5efc3b2f3bd36b828902928b7f4dedc1797f21ce2f06ba3cbe144374acf493fdf2e8f55b7b27a8287d8502dfb9d8220bb670e83e8339317fe114d94f5352b49f1d7ec81b51a1ae99f14ba1cb966f8d391bf4e68e70edcdb7d3e80cc05dcbf7ffa1db2db21f57b26225523b8ae53a67d791b3710690f1bc36b72d0683b95df83941cd0aef23b87b509ed4634f31ce25d41077d4fe11200000000000000000000000000000000588d4c394be04f4baa0975088aa5acbc1148d1620024de033c19af43a131164b702a0cb7736e5de819b19d1d10a63eee9621ea908267e1a0bbb95be92b0b03d5989306df097a4c6467f2b46a6f3585aea19d55b77ad0f1b2c430814287f7ddc0b60c709e002821e18a526c7400"/348], 0x18}}, 0x40000) 579.925215ms ago: executing program 3 (id=4091): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000400)={[{}, {@errors_continue}, {@sb={'sb', 0x3d, 0xffff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {}]}, 0x2, 0x454, &(0x7f0000000480)="$eJzs3M1vFOUfAPDvzG7Lr7z8WhVfeFGraGx8aWlB5eBFowkHTUz0gMe1LQRZqKFrIoQoGoNHQ+LdeDTxL/CkF6OeTLzq3ZAQwgX0tGZ2Z9jtultoWbqV/XySgeeZmc3z/e4zz+4z87AEMLQmsz+SiO0R8XtEjDerK0+YbP51/eq5+b+unptPol5/60rSOO/a1XPzxanF67bllak0Iv0siT1d2l0+c/ZEpVpdPJ3XZ2on359ZPnP2ueMnK8cWjy2emjt06OCB2RdfmHu+L3lmMV3b/dHS3l2H37n4xvyRi+/+/G1S5N+RR59MrnbwyXq9z80N1o62clIeYCCsSSkisu4aaYz/8ShFq/PG47VPBxoccEfV6/X6tt6Hz9eBu1gSg44AGIziiz67/y22DZp6bAqXX27eAGV5X8+35pFypPk5Ix33t/00GRFHzv/9VbbFnXkOAQCwwvfZ/OfZbvO/NB5oO+//+drQRETcExH3RsR9EbEzIu6PaJz7YEQ8tMb2OxdJrtWudMx/0kvrSuwWZfO/l/K1rWzbEq38cxOlvLajkf9IcvR4dXF//p5MxciWrD67Shs/vPrbF72Otc//si2LoZgL5nFcKm9Z+ZqFSq1yOzm3u/xJxO5yK//W/De5sRKQRMSuiNi9zjaOP/3N3l7Hbp7/KvqwzlT/OuKpZv+fj478C8nq65Mz/4vq4v6Z4qr4t19+vfBmr/Zv5H94LGKt+fdB1v9bo3v/5yaS9vXa5bW3ceGPz7vc0zTH13qv/9Hk7UZ5NN/3YaVWOz0bMZq83gy6ff9c67VFvTg/y39qX7f808ZnXPFO7ImI7CJ+OCIeiYhH89gfi4jHI2LfKvn/9MoT7/U6dlvXfx9k+S+sqf9bhdHo3NO9UDrx43crGp3onX8puvX/wUZpKt9zK59/txLX+q5mAAAA+O9JI2J7JOn0jXKaTk83/738ztiaVpeWa88cXfrg1ELzNwITMZIWT7rG256Hzua39UV9rqN+IH9u/GVprFGfnl+qLgw6eRhy23qM/8yfpUFHB9xxfq8Fw8v4h+Fl/MPwMv5heHUZ/2ODiAPYeN2+/z8eQBzAxusY/5b9YIi4/4fhZfzD8DL+YSgtj8XNfySvsCkK5R7/D8NgCpFuijBOVMqbI4y7rTDoTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID++CcAAP//10jezw==") 495.915349ms ago: executing program 4 (id=4092): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000380)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000000)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@resuid}, {@jqfmt_vfsv1}, {@errors_remount}, {@nobh}, {@usrjquota, 0x2e}], [], 0x2e}, 0x1, 0x46f, &(0x7f0000000580)="$eJzs20tvG0UcAPD/OnH6JqGURx9AoCAiHkmTFuiBCwikXpCQ4FCOIU2r0rRBTZBoVdGAUDmifgLgiMQn4AQXBJxAXEHigoSQKtQLhQNatPZu6ya28Stxi38/ye3M7mxm/rs79uyMHcDAGs/+SSK2R8RPIxGj1ezNBcar/127emHur6sX5pJI01f/SCrl/rx6Ya4oWhy3Lc9MlCJKHySxt069S+fOn5pdWJg/m+enlk+/NbV07vxTJ0/Pnpg/MX9m5vDhQwenn31m5umexLkja+uedxf37T7y+uWX545efuPbz7Pt2/P9tXFUjXVd53iM33wuazwa8Wuapl3XcavYUZNOhvvYENoyFBHZ5Spn/T9GYyhuXLzReOn9vjYOWFdpmqab1mwdKhIrKfA/lkS/WwD0R/FBnz3/Fq8NHH703ZXnqw9AWdzX8ld1z3CU8jLlVc+3vTQeEUdX/v44e0XdeQgAgN76Mhv/PFlv/FeKe2rK3RHVtaGxiLgzInZGxF0RsSsi7o6olL03Iu5rs/7xVfm1458ftnQUWIuy8d9z+drWzeO/YvQXY0N5bkcl/nJy/OTC/IH8nExEeVOWn25Sx1cv/vhRo32147/sldVfjAXzdvw+vGqC7tjs8mw3Mde68l7EnuF68SfXVwKSiNgdEXs6+PvZOTv5+Gf7Gu3/7/ib6ME6U/ppxGPV678Sq+IvJM3XJ6c2x8L8ganirljru+8vvdKo/q7i74Hs+m+te/9fj38sqV2vXWq/jks/f9jwmabT+38kea2SHsm3vTO7vHx2OmIkWVm7febGsUW+KJ/FP7G/fv/fGfHPJ/lxeyMiu4nvj4gHIuLBvO0PRcTDEbG/SfzfvPDIm53Hv76y+I+1df3bTwyd+vqLRvW3dv0PVVIT+ZZW3v9abWA35w4AAABuF0nlO/BJaTKf49wepdLkZPU7/Ltia2lhcWn5ieOLb585Vv2u/FiUS8VM12jNfOh0Pjdc5GdW5Q9W5o3TNE23VPKTc4sL67WmDrRmW4P+n/ltqN+tA9ZdW+tojX7RBtyW/F4TBpf+D4Or1f5fXud2ABvP5z8Mrnr9/2LEtT40BdhgPv9hcOn/MLj0fxhc+j8MpG5+198ssfNIx4enXdW+OQ+sw8N/WZez0SwxtIF19TIRpbq7yhFxi7SwSaJ0azSjmtgUEa0Wvtjpjd12os9vTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3ybwAAAP//pCzokA==") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48041, 0x0) 0s ago: executing program 3 (id=4093): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0xe4e}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/263, 0x107}, {&(0x7f0000003700)=""/213, 0xd5}, {&(0x7f0000002180)=""/205, 0xcd}, {&(0x7f0000000b40)=""/161, 0xa1}, {&(0x7f0000000780)=""/234, 0xea}], 0x6}, 0x1009}], 0x3, 0x40012160, 0x0) kernel console output (not intermixed with test programs): sing attributes in process `syz.4.2427'. [ 452.306700][T10281] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2427'. [ 452.328463][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2427'. [ 452.356076][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2427'. [ 452.471877][T10287] loop0: detected capacity change from 0 to 512 [ 452.528687][T10287] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 452.551607][T10287] EXT4-fs (loop0): inline encryption not supported [ 452.558223][T10287] EXT4-fs (loop0): Test dummy encryption mode enabled [ 452.611672][T10287] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 452.619011][T10287] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 452.659248][T10287] EXT4-fs (loop0): 1 truncate cleaned up [ 452.697803][T10287] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 455.904322][T10310] overlayfs: missing 'workdir' [ 456.874814][T10331] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2442'. [ 457.068613][T10333] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2447'. [ 458.412933][T10341] netlink: 'syz.3.2450': attribute type 4 has an invalid length. [ 458.420716][T10341] netlink: 'syz.3.2450': attribute type 5 has an invalid length. [ 458.472307][T10341] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2450'. [ 458.532115][T10345] netlink: 'syz.1.2452': attribute type 4 has an invalid length. [ 458.676260][T10347] fuse: Bad value for 'fd' [ 458.836885][T10353] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2457'. [ 458.882604][T10353] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2457'. [ 462.893215][T10369] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2463'. [ 462.900423][T10368] loop0: detected capacity change from 0 to 512 [ 462.941094][T10368] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 462.941128][T10368] EXT4-fs (loop0): inline encryption not supported [ 462.941194][T10368] EXT4-fs (loop0): Test dummy encryption mode enabled [ 462.941221][T10368] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 462.941237][T10368] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 462.973063][T10368] EXT4-fs (loop0): 1 truncate cleaned up [ 462.973094][T10368] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 463.079180][T10377] netlink: 'syz.4.2464': attribute type 4 has an invalid length. [ 463.079206][T10377] netlink: 'syz.4.2464': attribute type 5 has an invalid length. [ 463.079222][T10377] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2464'. [ 463.430451][T10391] netlink: 'syz.4.2469': attribute type 4 has an invalid length. [ 463.570602][T10395] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2462'. [ 463.994858][T10408] overlayfs: missing 'workdir' [ 464.882069][T10420] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2482'. [ 465.667795][T10440] loop3: detected capacity change from 0 to 512 [ 465.700695][T10442] netlink: 'syz.1.2493': attribute type 4 has an invalid length. [ 465.759821][T10440] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 465.781676][T10440] ext4 filesystem being mounted at /522/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 466.670338][T10467] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2494'. [ 466.748623][T10465] loop4: detected capacity change from 0 to 512 [ 466.848405][T10465] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 466.947930][T10465] EXT4-fs (loop4): inline encryption not supported [ 467.013000][T10465] EXT4-fs (loop4): Test dummy encryption mode enabled [ 467.083409][T10465] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 467.090575][T10465] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 467.137605][T10465] EXT4-fs (loop4): 1 truncate cleaned up [ 467.143592][T10465] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 467.231466][T10473] netlink: 'syz.1.2506': attribute type 4 has an invalid length. [ 468.838498][T10506] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2516'. [ 469.477856][T10510] device veth0_vlan left promiscuous mode [ 471.097802][T10540] netlink: 'syz.1.2534': attribute type 4 has an invalid length. [ 471.500580][T10548] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 472.313070][T10550] loop4: detected capacity change from 0 to 512 [ 472.325831][T10555] loop0: detected capacity change from 0 to 512 [ 472.449860][T10550] EXT4-fs (loop4): orphan cleanup on readonly fs [ 472.558317][T10550] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.2537: bad orphan inode 13 [ 472.582352][T10550] ext4_test_bit(bit=12, block=18) = 1 [ 472.587944][T10550] is_bad_inode(inode)=0 [ 472.631158][T10555] EXT4-fs (loop0): 1 orphan inode deleted [ 472.640174][T10555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 472.668376][T10555] ext4 filesystem being mounted at /503/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 472.681925][T10550] NEXT_ORPHAN(inode)=2130706432 [ 472.695302][T10550] max_ino=32 [ 472.709135][T10550] i_nlink=1 [ 472.727573][T10550] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 472.790365][T10550] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 473.031356][T10550] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.2537: bg 0: block 248: padding at end of block bitmap is not set [ 473.965547][T10550] __quota_error: 10 callbacks suppressed [ 473.965566][T10550] Quota error (device loop4): write_blk: dquota write failed [ 474.051698][T10550] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 474.053549][T10571] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2540'. [ 474.083131][T10550] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.2537: Failed to acquire dquot type 1 [ 474.097879][T10571] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2540'. [ 474.151164][T10550] EXT4-fs warning (device loop4): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 476.617721][T10634] netlink: 'syz.1.2567': attribute type 4 has an invalid length. [ 476.661281][T10634] netlink: 'syz.1.2567': attribute type 5 has an invalid length. [ 476.681634][T10634] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2567'. [ 477.345730][T10655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2575'. [ 478.481710][T10669] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2581'. [ 478.539550][T10669] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2581'. [ 478.979353][T10686] overlayfs: missing 'lowerdir' [ 479.949564][T10729] loop1: detected capacity change from 0 to 256 [ 479.966991][T10726] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2606'. [ 480.658017][T10729] FAT-fs (loop1): Directory bread(block 64) failed [ 480.683756][T10729] FAT-fs (loop1): Directory bread(block 65) failed [ 480.701512][T10729] FAT-fs (loop1): Directory bread(block 66) failed [ 480.711347][T10729] FAT-fs (loop1): Directory bread(block 67) failed [ 480.769089][T10729] FAT-fs (loop1): Directory bread(block 68) failed [ 480.783530][T10729] FAT-fs (loop1): Directory bread(block 69) failed [ 480.790182][T10729] FAT-fs (loop1): Directory bread(block 70) failed [ 480.827441][T10729] FAT-fs (loop1): Directory bread(block 71) failed [ 480.841392][T10729] FAT-fs (loop1): Directory bread(block 72) failed [ 480.859082][T10729] FAT-fs (loop1): Directory bread(block 73) failed [ 481.021387][T10753] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2617'. [ 482.411026][T10773] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 483.591608][T10795] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2632'. [ 483.628041][T10794] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2632'. [ 484.646407][T10807] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2637'. [ 486.074447][T10840] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2647'. [ 487.429409][T10858] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2654'. [ 488.490842][T10874] 9pnet: Insufficient options for proto=fd [ 488.633173][T10877] fuseblk: Bad value for 'fd' [ 489.310561][T10901] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2671'. [ 491.451573][ T26] audit: type=1326 audit(1763530038.615:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.564507][T10960] overlayfs: missing 'workdir' [ 491.590683][ T26] audit: type=1326 audit(1763530038.615:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.710537][ T26] audit: type=1326 audit(1763530038.615:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.721953][T10966] loop0: detected capacity change from 0 to 256 [ 491.812823][ T26] audit: type=1326 audit(1763530038.615:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.885115][ T26] audit: type=1326 audit(1763530038.615:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.913469][T10966] FAT-fs (loop0): Directory bread(block 64) failed [ 491.955303][T10966] FAT-fs (loop0): Directory bread(block 65) failed [ 491.991685][ T26] audit: type=1326 audit(1763530038.615:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 491.998727][T10966] FAT-fs (loop0): Directory bread(block 66) failed [ 492.049918][T10976] overlayfs: missing 'lowerdir' [ 492.089528][T10966] FAT-fs (loop0): Directory bread(block 67) failed [ 492.091589][ T26] audit: type=1326 audit(1763530038.615:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 492.118614][T10966] FAT-fs (loop0): Directory bread(block 68) failed [ 492.118660][T10966] FAT-fs (loop0): Directory bread(block 69) failed [ 492.118733][T10966] FAT-fs (loop0): Directory bread(block 70) failed [ 492.118773][T10966] FAT-fs (loop0): Directory bread(block 71) failed [ 492.118844][T10966] FAT-fs (loop0): Directory bread(block 72) failed [ 492.118877][T10966] FAT-fs (loop0): Directory bread(block 73) failed [ 492.235019][ T26] audit: type=1326 audit(1763530038.625:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 492.341740][ T26] audit: type=1326 audit(1763530038.625:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 492.471364][ T26] audit: type=1326 audit(1763530038.625:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.1.2695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcd0f66c9 code=0x7ffc0000 [ 492.542949][T10989] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2710'. [ 493.264413][T11014] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2718'. [ 493.280788][T11013] fuseblk: Bad value for 'fd' [ 493.551748][ T7] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 493.834706][T11026] overlayfs: missing 'workdir' [ 493.911773][ T7] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 493.932472][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 493.963601][ T7] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 494.163112][ T7] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 494.181824][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.210358][ T7] usb 5-1: Product: syz [ 494.214854][ T7] usb 5-1: Manufacturer: syz [ 494.219470][ T7] usb 5-1: SerialNumber: syz [ 494.255405][ T7] usb 5-1: config 0 descriptor?? [ 494.292865][ T7] usb-storage 5-1:0.0: USB Mass Storage device detected [ 494.332575][ T7] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 494.501054][ T7] usb 5-1: USB disconnect, device number 11 [ 494.671888][T11032] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2726'. [ 495.427812][T11052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2737'. [ 495.840754][T11065] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2741'. [ 496.962945][T11083] fuseblk: Bad value for 'fd' [ 497.128048][T11087] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2751'. [ 497.661925][T11093] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2755'. [ 498.819505][T11112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2763'. [ 501.231890][T11135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2774'. [ 501.364506][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.370823][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.057640][T11152] loop0: detected capacity change from 0 to 512 [ 503.494131][T11152] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2777: bg 0: block 393: padding at end of block bitmap is not set [ 503.518814][T11152] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 503.539067][T11152] EXT4-fs (loop0): 2 truncates cleaned up [ 503.545010][T11152] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 506.154333][T11183] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2792'. [ 507.277486][T11208] fuseblk: Bad value for 'fd' [ 507.883137][T11221] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2810'. [ 508.239724][T11214] chnl_net:caif_netlink_parms(): no params data found [ 508.505976][T11214] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.546685][T11214] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.583587][T11214] device bridge_slave_0 entered promiscuous mode [ 508.672348][T11214] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.701170][T11214] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.735732][T11238] loop2: detected capacity change from 0 to 512 [ 508.770387][T11214] device bridge_slave_1 entered promiscuous mode [ 508.832132][T11238] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 508.871826][T11238] ext4 filesystem being mounted at /525/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 508.998244][T11214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.047397][T11214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.222708][T11214] team0: Port device team_slave_0 added [ 509.262199][T11214] team0: Port device team_slave_1 added [ 509.323547][T11257] overlayfs: missing 'lowerdir' [ 509.361041][T11214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.388690][T11214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.448585][T11214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.497419][T11214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.517104][T11214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.553217][T11214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.684641][T11214] device hsr_slave_0 entered promiscuous mode [ 509.712816][T11214] device hsr_slave_1 entered promiscuous mode [ 509.761877][T11019] Bluetooth: hci2: command 0x0409 tx timeout [ 509.788757][T11214] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.841659][T11214] Cannot create hsr debugfs directory [ 510.254278][T11214] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.170373][T11214] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.346784][T11214] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.470860][T11214] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.871204][T11214] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 511.879808][T11022] Bluetooth: hci2: command 0x041b tx timeout [ 511.922479][T11214] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 511.973986][T11214] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 511.994802][T11214] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 512.383044][T11214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.446445][T11214] 8021q: adding VLAN 0 to HW filter on device team0 [ 512.502102][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 512.510010][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 512.611844][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 512.630736][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 512.672070][ T4673] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.679156][ T4673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 512.721961][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 512.752245][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 512.760868][ T4673] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.768027][ T4673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 512.811965][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 512.841243][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 512.871821][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 512.892646][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 512.932246][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 512.940297][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 512.989517][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 513.020414][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 513.050341][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 513.079573][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 513.098462][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 513.122389][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 513.169266][T11214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 513.669168][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 513.687075][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 513.707496][T11214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 513.872951][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 513.915982][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 513.921668][ T4308] Bluetooth: hci2: command 0x040f tx timeout [ 513.979770][T11214] device veth0_vlan entered promiscuous mode [ 513.999999][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 514.009872][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 514.026736][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 514.042395][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 514.068906][T11214] device veth1_vlan entered promiscuous mode [ 514.240985][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 514.260312][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 514.295926][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 514.334038][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 514.371334][T11214] device veth0_macvtap entered promiscuous mode [ 514.451182][T11214] device veth1_macvtap entered promiscuous mode [ 514.488390][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.520160][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.561496][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.581482][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.601573][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.621486][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.631756][ T4244] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 514.651498][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.671481][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.693469][T11214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 514.720667][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 514.740881][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 514.769454][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 514.794631][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 514.817421][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.838886][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.871504][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.891509][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.911544][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.941495][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.961502][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.981501][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.008360][T11214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 515.060198][T11214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.070529][ T4244] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 515.091000][ T4244] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 515.105912][T11214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 515.123089][ T4244] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 515.152594][ T4244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.194334][ T4244] usb 3-1: config 0 descriptor?? [ 515.211302][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 515.231126][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 515.242535][ T4244] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 515.305404][T11214] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.315035][T11314] overlayfs: missing 'lowerdir' [ 515.320014][T11214] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.329511][T11214] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.338670][T11214] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.470118][ T4244] usb 3-1: USB disconnect, device number 6 [ 515.620497][ T1233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.677755][ T1233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.726991][ T1233] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 515.772869][ T1233] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.788433][ T1233] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.948712][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 516.001529][ T4308] Bluetooth: hci2: command 0x0419 tx timeout [ 516.357192][ T144] device hsr_slave_0 left promiscuous mode [ 516.371304][ T144] device hsr_slave_1 left promiscuous mode [ 516.386245][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 516.400505][T11348] overlayfs: missing 'workdir' [ 516.406768][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.421892][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 516.438497][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 516.469803][ T144] device bridge_slave_1 left promiscuous mode [ 516.491139][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.538087][ T144] device bridge_slave_0 left promiscuous mode [ 516.551873][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.598397][ T144] device veth1_macvtap left promiscuous mode [ 516.613519][ T144] device veth0_macvtap left promiscuous mode [ 516.628182][ T144] device veth1_vlan left promiscuous mode [ 516.641214][ T144] device veth0_vlan left promiscuous mode [ 517.279892][ T144] team0 (unregistering): Port device team_slave_1 removed [ 517.319290][ T144] team0 (unregistering): Port device team_slave_0 removed [ 517.346876][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 517.556770][ T144] bond0 (unregistering): Released all slaves [ 517.836349][T11367] fuseblk: Bad value for 'fd' [ 518.124535][T11375] overlayfs: missing 'workdir' [ 518.488245][T11380] loop1: detected capacity change from 0 to 2048 [ 518.581376][T11380] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 520.325430][T11405] overlayfs: missing 'lowerdir' [ 520.347834][T11400] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 520.371724][T11400] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 521.352228][T11413] chnl_net:caif_netlink_parms(): no params data found [ 521.819971][T11413] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.838571][T11413] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.888624][T11413] device bridge_slave_0 entered promiscuous mode [ 521.950478][T11413] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.962136][T11442] loop4: detected capacity change from 0 to 256 [ 522.013123][T11413] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.043248][T11413] device bridge_slave_1 entered promiscuous mode [ 522.109257][T11442] FAT-fs (loop4): Directory bread(block 64) failed [ 522.121749][T11442] FAT-fs (loop4): Directory bread(block 65) failed [ 522.131971][T11442] FAT-fs (loop4): Directory bread(block 66) failed [ 522.162132][T11442] FAT-fs (loop4): Directory bread(block 67) failed [ 522.168760][T11442] FAT-fs (loop4): Directory bread(block 68) failed [ 522.206069][T11442] FAT-fs (loop4): Directory bread(block 69) failed [ 522.221161][T11413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 522.226402][T11442] FAT-fs (loop4): Directory bread(block 70) failed [ 522.261564][T11442] FAT-fs (loop4): Directory bread(block 71) failed [ 522.271338][T11413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.280594][T11442] FAT-fs (loop4): Directory bread(block 72) failed [ 522.302719][T11442] FAT-fs (loop4): Directory bread(block 73) failed [ 522.391160][T11413] team0: Port device team_slave_0 added [ 522.440428][T11413] team0: Port device team_slave_1 added [ 522.585611][T11413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 522.603436][T11413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.705605][T11413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 522.721568][ T4245] Bluetooth: hci5: command 0x0409 tx timeout [ 522.754296][T11413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 522.761363][T11413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 522.828297][T11413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 522.995735][T11413] device hsr_slave_0 entered promiscuous mode [ 523.037361][T11413] device hsr_slave_1 entered promiscuous mode [ 523.053903][T11413] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 523.084149][T11413] Cannot create hsr debugfs directory [ 523.431069][T11413] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.674524][T11413] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.799804][T11413] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.896372][T11413] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.294078][T11413] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 524.319325][T11413] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 524.354027][T11413] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 524.393020][T11413] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 524.801659][T11293] Bluetooth: hci5: command 0x041b tx timeout [ 524.864968][T11413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.974358][T11413] 8021q: adding VLAN 0 to HW filter on device team0 [ 525.005287][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 525.018029][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 525.069260][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 525.085647][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 525.115999][T10851] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.123138][T10851] bridge0: port 1(bridge_slave_0) entered forwarding state [ 525.197518][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 525.233542][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 525.272914][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 525.302179][T10851] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.309322][T10851] bridge0: port 2(bridge_slave_1) entered forwarding state [ 525.347555][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 525.383045][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 525.423357][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 525.472126][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 525.491211][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 525.534942][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 525.567094][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 525.611688][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 525.640303][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 525.670825][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 525.689858][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 525.744100][T11413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 526.006839][ T144] device hsr_slave_0 left promiscuous mode [ 526.032398][ T144] device hsr_slave_1 left promiscuous mode [ 526.042356][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 526.064531][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.091322][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 526.119677][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 526.155962][ T144] device bridge_slave_1 left promiscuous mode [ 526.176892][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.197537][ T144] device bridge_slave_0 left promiscuous mode [ 526.223986][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.263509][ T144] device veth1_macvtap left promiscuous mode [ 526.269599][ T144] device veth0_macvtap left promiscuous mode [ 526.300868][ T144] device veth1_vlan left promiscuous mode [ 526.880038][ T144] team0 (unregistering): Port device team_slave_1 removed [ 526.891481][T11293] Bluetooth: hci5: command 0x040f tx timeout [ 526.958278][ T144] team0 (unregistering): Port device team_slave_0 removed [ 527.003487][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.299275][ T144] bond0 (unregistering): Released all slaves [ 527.651634][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 527.668568][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 527.705904][T11413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.792168][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 527.823465][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 527.863759][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 527.882713][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 527.910414][T11413] device veth0_vlan entered promiscuous mode [ 527.929258][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 527.955275][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 528.024216][T11413] device veth1_vlan entered promiscuous mode [ 528.124695][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 528.133553][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 528.157382][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 528.204007][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 528.237727][T11413] device veth0_macvtap entered promiscuous mode [ 528.277841][T11413] device veth1_macvtap entered promiscuous mode [ 528.357978][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 528.400951][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.437999][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 528.457143][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.488203][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 528.564969][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.607615][T11413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 528.616301][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 528.625382][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 528.645324][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 528.657209][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 528.672926][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.704340][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.761114][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.795697][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.839756][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.873908][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.909840][T11413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.961945][T11293] Bluetooth: hci5: command 0x0419 tx timeout [ 528.968173][T11413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.005240][T11413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 529.031391][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 529.071938][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 529.098989][T11413] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.142921][T11413] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.181807][T11413] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.190550][T11413] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.497539][ T4408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.531750][ T4408] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.572322][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 529.643734][ T4408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.659102][ T4408] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.690457][T10851] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 530.065350][T11536] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 530.103344][T11535] loop3: detected capacity change from 0 to 256 [ 530.265636][T11535] FAT-fs (loop3): Directory bread(block 64) failed [ 530.289384][T11535] FAT-fs (loop3): Directory bread(block 65) failed [ 530.311638][T11535] FAT-fs (loop3): Directory bread(block 66) failed [ 530.338665][T11535] FAT-fs (loop3): Directory bread(block 67) failed [ 530.392477][T11535] FAT-fs (loop3): Directory bread(block 68) failed [ 530.424632][T11535] FAT-fs (loop3): Directory bread(block 69) failed [ 530.431293][T11535] FAT-fs (loop3): Directory bread(block 70) failed [ 530.461575][T11535] FAT-fs (loop3): Directory bread(block 71) failed [ 530.468318][T11535] FAT-fs (loop3): Directory bread(block 72) failed [ 530.501526][T11535] FAT-fs (loop3): Directory bread(block 73) failed [ 533.647288][ T4244] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 534.023983][T11615] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2964'. [ 534.871722][ T4244] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.908910][ T4244] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 534.942949][ T4244] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 534.961549][ T4244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.994845][ T4244] usb 3-1: config 0 descriptor?? [ 535.054870][ T4244] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 535.255438][ T4244] usb 3-1: USB disconnect, device number 7 [ 536.316468][T11628] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 537.513556][T11640] overlayfs: missing 'lowerdir' [ 538.111581][ T4299] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 538.179837][T11644] chnl_net:caif_netlink_parms(): no params data found [ 538.458207][T11644] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.499745][T11644] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.508446][T11644] device bridge_slave_0 entered promiscuous mode [ 538.517380][T11644] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.525578][T11644] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.542729][T11644] device bridge_slave_1 entered promiscuous mode [ 538.561954][ T4299] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 538.587272][ T4299] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 538.617110][ T4299] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 538.631514][ T4299] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.676486][T11644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.693018][ T4299] usb 2-1: config 0 descriptor?? [ 538.705578][T11644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.734073][ T4299] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 538.807860][T11644] team0: Port device team_slave_0 added [ 538.833881][T11644] team0: Port device team_slave_1 added [ 539.171127][ T4244] usb 2-1: USB disconnect, device number 12 [ 539.342397][T11644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.467443][T11644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.606157][T11644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.659425][T11644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.667274][T11644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.693360][T11644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.841708][T11293] Bluetooth: hci3: command 0x0409 tx timeout [ 539.864993][T11644] device hsr_slave_0 entered promiscuous mode [ 539.912700][T11644] device hsr_slave_1 entered promiscuous mode [ 539.921792][T11644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 539.949560][T11644] Cannot create hsr debugfs directory [ 540.118857][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.262771][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.378480][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.413238][T11676] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2986'. [ 540.509682][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.921770][T11293] Bluetooth: hci3: command 0x041b tx timeout [ 541.945417][T11644] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 542.041717][T11644] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 542.067179][T11644] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 542.131228][T11644] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 542.496588][T11716] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2994'. [ 542.604217][T11644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.692010][T11644] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.720711][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 542.732200][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 542.854202][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 542.880805][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 542.925470][T11155] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.932774][T11155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.999630][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 543.028887][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 543.054336][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 543.086663][T11155] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.093864][T11155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.152704][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 543.217149][ T155] device hsr_slave_0 left promiscuous mode [ 543.269187][ T155] device hsr_slave_1 left promiscuous mode [ 543.278682][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.313951][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 543.346968][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 543.357934][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 543.378147][ T155] device bridge_slave_1 left promiscuous mode [ 543.394478][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.412215][ T155] device bridge_slave_0 left promiscuous mode [ 543.435144][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.495902][ T155] device veth1_macvtap left promiscuous mode [ 543.519810][ T155] device veth0_macvtap left promiscuous mode [ 543.546394][ T155] device veth1_vlan left promiscuous mode [ 544.001849][ T4308] Bluetooth: hci3: command 0x040f tx timeout [ 544.014734][ T155] device team_slave_1 left promiscuous mode [ 544.040588][ T155] team0 (unregistering): Port device team_slave_1 removed [ 544.078152][ T155] device team_slave_0 left promiscuous mode [ 544.108514][ T155] team0 (unregistering): Port device team_slave_0 removed [ 544.149051][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 544.177858][ T155] device bond_slave_0 left promiscuous mode [ 544.338725][ T155] bond0 (unregistering): Released all slaves [ 544.433365][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 544.463869][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 544.491331][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 544.530665][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 544.735516][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 544.758401][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 544.819009][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 544.832333][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 544.858054][T11644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 544.888493][T11644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 544.917850][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 544.930707][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 545.255268][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 545.279150][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 545.313939][T11644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.512514][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 545.532414][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 545.607544][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 545.616757][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 545.640299][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 545.674749][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 545.709764][T11644] device veth0_vlan entered promiscuous mode [ 545.758996][T11644] device veth1_vlan entered promiscuous mode [ 545.876520][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 545.888255][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 545.916027][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 545.945047][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 545.987049][T11644] device veth0_macvtap entered promiscuous mode [ 546.008348][T11644] device veth1_macvtap entered promiscuous mode [ 546.081904][ T4308] Bluetooth: hci3: command 0x0419 tx timeout [ 546.102989][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.151491][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.161364][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.207369][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.235240][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.287798][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.348627][T11644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 546.371399][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 546.389551][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 546.422600][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 546.447525][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 546.495342][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.526431][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.567087][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.602653][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.646224][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.698157][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.737175][T11644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.777177][T11644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.837448][T11644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 546.860877][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 546.883154][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 546.925504][T11644] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.957271][T11644] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.991891][T11644] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.017731][T11644] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.210837][ T4672] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.230024][ T4672] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.288362][ T4672] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 547.305759][ T4350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.331679][ T4350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.382016][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 551.814862][T11824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3024'. [ 552.148725][T11831] netlink: 'syz.4.3029': attribute type 4 has an invalid length. [ 552.197628][T11831] netlink: 'syz.4.3029': attribute type 5 has an invalid length. [ 552.242492][T11831] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3029'. [ 552.724198][T11845] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 554.595136][T11859] overlayfs: statfs failed on './file0' [ 554.840647][T11871] loop2: detected capacity change from 0 to 512 [ 554.847387][T11869] loop4: detected capacity change from 0 to 512 [ 555.007584][T11869] EXT4-fs (loop4): Ignoring removed nobh option [ 555.067850][T11871] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 555.079984][T11869] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 555.081961][T11871] ext4 filesystem being mounted at /568/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 555.099200][T11869] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3045: attempt to clear invalid blocks 1 len 1 [ 555.118193][T11869] EXT4-fs (loop4): Remounting filesystem read-only [ 555.177530][T11869] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 555.209414][T11869] EXT4-fs (loop4): Remounting filesystem read-only [ 555.229425][T11869] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3045: invalid indirect mapped block 1819239214 (level 0) [ 555.302249][T11884] netlink: 'syz.0.3049': attribute type 4 has an invalid length. [ 555.310114][T11884] netlink: 'syz.0.3049': attribute type 5 has an invalid length. [ 555.327142][T11869] EXT4-fs (loop4): Remounting filesystem read-only [ 555.334250][T11869] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3045: invalid indirect mapped block 1819239214 (level 1) [ 555.351263][T11884] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.3049'. [ 555.361014][T11869] EXT4-fs (loop4): Remounting filesystem read-only [ 555.372619][T11869] EXT4-fs (loop4): 1 truncate cleaned up [ 555.378418][T11869] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 555.592904][T11869] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.3045: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 555.678354][T11869] EXT4-fs (loop4): Remounting filesystem read-only [ 555.845482][T11895] fuseblk: Bad value for 'fd' [ 556.451129][T11912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3061'. [ 557.309009][T11920] chnl_net:caif_netlink_parms(): no params data found [ 557.558376][T11920] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.602911][T11920] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.640573][T11920] device bridge_slave_0 entered promiscuous mode [ 557.686149][T11920] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.719707][T11920] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.751996][T11920] device bridge_slave_1 entered promiscuous mode [ 557.826206][T11920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.858590][T11920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.965334][T11920] team0: Port device team_slave_0 added [ 557.983758][T11920] team0: Port device team_slave_1 added [ 558.082729][T11920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.089710][T11920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.185973][T11920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.239475][T11920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.265100][T11920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.345890][T11920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.471647][T11920] device hsr_slave_0 entered promiscuous mode [ 558.501372][T11920] device hsr_slave_1 entered promiscuous mode [ 558.521257][T11920] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 558.541624][T11920] Cannot create hsr debugfs directory [ 558.800511][T11920] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.930629][T11920] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.961913][ T4308] Bluetooth: hci1: command 0x0409 tx timeout [ 559.059062][T11920] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.208742][T11920] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.466544][T11920] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 559.520793][T11920] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 559.530770][T11937] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3069'. [ 559.568775][T11920] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 559.651065][T11920] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 559.967187][T11920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.028245][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 560.042670][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 560.064361][T11920] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.144247][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 560.163104][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 560.190899][T11155] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.198104][T11155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.359025][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 560.451788][ T4672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 560.460781][ T4672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 560.512738][ T4672] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.519874][ T4672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.553706][T11953] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 560.562585][ T4672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 560.599506][ T4672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 560.679758][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 560.704709][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 560.750829][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 560.783414][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 560.809728][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 560.854113][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 560.897072][T11920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 560.950573][T11920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 561.023858][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 561.041608][ T4308] Bluetooth: hci1: command 0x041b tx timeout [ 561.048817][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 561.112200][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.586711][ T155] device hsr_slave_0 left promiscuous mode [ 561.629757][ T155] device hsr_slave_1 left promiscuous mode [ 561.649751][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 561.682385][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 561.689846][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 561.728153][ T155] device bridge_slave_1 left promiscuous mode [ 561.744468][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.782633][ T155] device bridge_slave_0 left promiscuous mode [ 561.813475][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.868501][ T155] device veth1_macvtap left promiscuous mode [ 561.881743][ T155] device veth0_macvtap left promiscuous mode [ 561.887860][ T155] device veth1_vlan left promiscuous mode [ 562.375060][T11983] loop2: detected capacity change from 0 to 256 [ 562.453484][ T155] team0 (unregistering): Port device team_slave_1 removed [ 562.499882][ T155] team0 (unregistering): Port device team_slave_0 removed [ 562.524172][T11983] FAT-fs (loop2): Directory bread(block 64) failed [ 562.552092][T11983] FAT-fs (loop2): Directory bread(block 65) failed [ 562.559074][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.568990][T11983] FAT-fs (loop2): Directory bread(block 66) failed [ 562.596311][T11983] FAT-fs (loop2): Directory bread(block 67) failed [ 562.616629][T11983] FAT-fs (loop2): Directory bread(block 68) failed [ 562.634089][T11983] FAT-fs (loop2): Directory bread(block 69) failed [ 562.651922][T11983] FAT-fs (loop2): Directory bread(block 70) failed [ 562.659036][T11983] FAT-fs (loop2): Directory bread(block 71) failed [ 562.687651][T11983] FAT-fs (loop2): Directory bread(block 72) failed [ 562.726095][T11983] FAT-fs (loop2): Directory bread(block 73) failed [ 562.806469][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.812892][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.915303][ T155] bond0 (unregistering): Released all slaves [ 563.065840][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 563.076593][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 563.103228][T11920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 563.121813][ T4308] Bluetooth: hci1: command 0x040f tx timeout [ 563.904743][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 563.932158][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 563.992077][T12018] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3097'. [ 564.015838][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 564.038892][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 564.068702][T11920] device veth0_vlan entered promiscuous mode [ 564.089435][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 564.115522][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 564.151405][T11920] device veth1_vlan entered promiscuous mode [ 564.236207][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 564.266186][ T7676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 564.294211][T11920] device veth0_macvtap entered promiscuous mode [ 564.313846][T12021] netlink: 'syz.1.3092': attribute type 4 has an invalid length. [ 564.328609][T12021] netlink: 'syz.1.3092': attribute type 5 has an invalid length. [ 564.361543][T12021] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3092'. [ 564.398419][T11920] device veth1_macvtap entered promiscuous mode [ 564.460698][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.491503][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.501384][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.605862][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.615825][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.626384][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.636297][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.647241][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.692872][T11920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 564.732197][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 564.750782][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 564.803777][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 564.832506][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 564.860121][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.882839][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.933436][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.971465][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.002268][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.038853][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.081695][T11920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.112757][T11920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.167427][T11920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.199622][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 565.207909][T11019] Bluetooth: hci1: command 0x0419 tx timeout [ 565.229066][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 565.262167][T11920] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.291278][T11920] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.336620][T11920] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.356886][T11920] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.573823][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.611067][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.654394][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 565.686882][ T4350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.711864][ T4350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.739920][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 566.266115][T12048] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3111'. [ 567.896100][T12066] loop4: detected capacity change from 0 to 256 [ 568.156147][T12066] FAT-fs (loop4): Directory bread(block 64) failed [ 568.201541][T12066] FAT-fs (loop4): Directory bread(block 65) failed [ 568.240328][T12066] FAT-fs (loop4): Directory bread(block 66) failed [ 568.294882][T12066] FAT-fs (loop4): Directory bread(block 67) failed [ 568.330583][T12066] FAT-fs (loop4): Directory bread(block 68) failed [ 568.355957][T12066] FAT-fs (loop4): Directory bread(block 69) failed [ 568.370128][T12066] FAT-fs (loop4): Directory bread(block 70) failed [ 568.384361][T12066] FAT-fs (loop4): Directory bread(block 71) failed [ 568.402990][T12066] FAT-fs (loop4): Directory bread(block 72) failed [ 568.417236][T12066] FAT-fs (loop4): Directory bread(block 73) failed [ 568.735768][T12073] loop4: detected capacity change from 0 to 512 [ 569.015283][T12073] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 569.031864][T12073] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 570.305013][T12088] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3130'. [ 571.017868][T12099] loop2: detected capacity change from 0 to 2048 [ 571.105889][T12099] loop2: p1 < > p4 < > [ 571.295527][T12103] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 571.406775][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 571.442768][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 571.571282][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 571.754835][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 574.954853][T12119] 9pnet: Insufficient options for proto=fd [ 575.414698][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3141'. [ 577.422855][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3152'. [ 578.263669][T12152] 9pnet: Insufficient options for proto=fd [ 578.406241][ T155] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.550530][ T155] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.625622][T12145] chnl_net:caif_netlink_parms(): no params data found [ 578.698680][ T155] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.816545][ T155] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.871923][T12171] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3160'. [ 579.041538][ T4308] Bluetooth: hci4: command 0x0409 tx timeout [ 579.163726][T12145] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.170841][T12145] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.199874][T12145] device bridge_slave_0 entered promiscuous mode [ 579.266830][T12145] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.280507][T12145] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.309807][T12145] device bridge_slave_1 entered promiscuous mode [ 579.476701][T12181] netlink: 'syz.1.3164': attribute type 4 has an invalid length. [ 579.500528][T12181] netlink: 'syz.1.3164': attribute type 5 has an invalid length. [ 579.549488][T12181] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3164'. [ 579.592810][T12145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.625340][T12145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 579.763373][T12145] team0: Port device team_slave_0 added [ 579.794299][T12145] team0: Port device team_slave_1 added [ 579.939356][T12145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 579.961707][T12145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.060258][T12145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 580.124626][T12145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 580.161896][T12145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.251571][T12145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.561142][T12145] device hsr_slave_0 entered promiscuous mode [ 580.578194][T12145] device hsr_slave_1 entered promiscuous mode [ 580.640771][T12145] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 580.650791][T12145] Cannot create hsr debugfs directory [ 581.121626][T11607] Bluetooth: hci4: command 0x041b tx timeout [ 581.847556][ T155] device hsr_slave_0 left promiscuous mode [ 581.878916][ T155] device hsr_slave_1 left promiscuous mode [ 581.921013][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 581.934078][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 581.972374][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 581.979853][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.018882][ T155] device bridge_slave_1 left promiscuous mode [ 582.040463][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.092662][ T155] device bridge_slave_0 left promiscuous mode [ 582.101818][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.186647][ T155] device veth1_macvtap left promiscuous mode [ 582.223613][ T155] device veth0_macvtap left promiscuous mode [ 582.229726][ T155] device veth1_vlan left promiscuous mode [ 583.053123][ T155] team0 (unregistering): Port device team_slave_1 removed [ 583.102225][ T155] team0 (unregistering): Port device team_slave_0 removed [ 583.142536][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 583.201568][T11607] Bluetooth: hci4: command 0x040f tx timeout [ 583.415098][ T155] bond0 (unregistering): Released all slaves [ 583.549845][T12233] loop4: detected capacity change from 0 to 512 [ 583.564685][T12234] loop0: detected capacity change from 0 to 512 [ 583.588719][T12233] EXT4-fs (loop4): Ignoring removed nobh option [ 583.624802][T12234] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.650426][T12233] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 583.663614][T12233] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3174: attempt to clear invalid blocks 1 len 1 [ 583.716995][T12145] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 583.724319][T12233] EXT4-fs (loop4): Remounting filesystem read-only [ 583.733430][T12233] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 583.743956][T12234] EXT4-fs (loop0): 1 truncate cleaned up [ 583.773509][T12234] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 583.782139][T12233] EXT4-fs (loop4): Remounting filesystem read-only [ 583.800573][T12233] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3174: invalid indirect mapped block 1819239214 (level 0) [ 583.816988][T12233] EXT4-fs (loop4): Remounting filesystem read-only [ 583.823648][T12233] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3174: invalid indirect mapped block 1819239214 (level 1) [ 583.842337][T12145] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 583.851938][T12233] EXT4-fs (loop4): Remounting filesystem read-only [ 583.862529][T12233] EXT4-fs (loop4): 1 truncate cleaned up [ 583.873357][T12233] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 583.898499][T12145] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 583.951217][T12145] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 584.012040][T12233] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.3174: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 584.102944][T12233] EXT4-fs (loop4): Remounting filesystem read-only [ 584.321960][T12145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 584.421598][T12145] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.503919][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 584.532213][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 584.644850][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 584.697164][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 584.723280][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.730397][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.798644][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 584.843497][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 584.872831][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 584.925722][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.932868][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 584.968054][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 585.032417][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 585.053272][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 585.103107][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 585.138653][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 585.192291][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 585.202721][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 585.231821][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 585.281642][ T1111] Bluetooth: hci4: command 0x0419 tx timeout [ 585.292491][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 585.333228][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 585.358329][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 585.401223][T12145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 585.936760][T12297] overlayfs: failed to resolve './file0': -2 [ 585.960872][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 585.977992][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 586.024836][T12145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 586.102975][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 586.130028][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 586.213714][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 586.242451][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 586.285248][T12145] device veth0_vlan entered promiscuous mode [ 586.332586][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 586.362247][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 586.388092][T12145] device veth1_vlan entered promiscuous mode [ 586.499586][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 586.533609][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 586.572698][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 586.603105][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 586.626490][T12145] device veth0_macvtap entered promiscuous mode [ 586.666566][T12145] device veth1_macvtap entered promiscuous mode [ 586.685715][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 586.718064][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 586.777776][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.839071][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.881378][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 586.933772][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.989562][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.040913][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.111466][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.138587][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.194235][T12145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.231556][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 587.242853][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 587.292522][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.331474][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.381480][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.431455][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.441310][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.501456][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.511310][T12145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.587056][T12145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.646197][T12145] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.671541][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 587.682420][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 587.723948][T12145] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.763925][T12145] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.801500][T12145] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.810269][T12145] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.013098][ T5291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.021170][ T5291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.062944][T11155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 588.096777][ T4349] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.111937][ T4349] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.123282][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 588.877064][T12346] overlayfs: failed to resolve './file0': -2 [ 589.584387][T12356] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3202'. [ 589.603785][T12359] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 589.726518][T12361] 9pnet: Insufficient options for proto=fd [ 591.553829][T12375] overlayfs: failed to resolve './file0': -2 [ 591.947614][T12380] loop0: detected capacity change from 0 to 512 [ 593.858979][T12380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.3217: bg 0: block 393: padding at end of block bitmap is not set [ 593.992233][T12380] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 594.004446][T12380] EXT4-fs (loop0): 2 truncates cleaned up [ 594.010214][T12380] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 594.356897][T12395] 9pnet: Insufficient options for proto=fd [ 594.687173][T12401] 9pnet: Insufficient options for proto=fd [ 596.402010][T12456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3244'. [ 597.141030][T12464] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3250'. [ 597.668984][T12478] loop0: detected capacity change from 0 to 512 [ 597.783984][T12478] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 597.851717][T12478] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 598.708465][T12514] overlayfs: missing 'lowerdir' [ 599.750336][T12539] loop1: detected capacity change from 0 to 512 [ 599.882452][T12545] netlink: 'syz.4.3286': attribute type 4 has an invalid length. [ 599.928152][T12545] netlink: 'syz.4.3286': attribute type 5 has an invalid length. [ 599.938662][T12545] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3286'. [ 599.956102][T12539] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 600.045152][T12539] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 602.223095][T12579] loop2: detected capacity change from 0 to 512 [ 602.533136][T12579] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 602.641578][T12579] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 604.709414][T12602] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3310'. [ 605.135802][T12613] overlayfs: statfs failed on './file0' [ 607.096649][T12636] loop4: detected capacity change from 0 to 512 [ 607.190414][T12636] EXT4-fs (loop4): Ignoring removed nobh option [ 607.236133][T12636] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 607.320632][T12636] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3320: attempt to clear invalid blocks 1 len 1 [ 607.447218][T12636] EXT4-fs (loop4): Remounting filesystem read-only [ 607.499257][T12636] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 607.623371][T12636] EXT4-fs (loop4): Remounting filesystem read-only [ 607.697002][T12636] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3320: invalid indirect mapped block 1819239214 (level 0) [ 607.791831][T12636] EXT4-fs (loop4): Remounting filesystem read-only [ 607.815887][T12636] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3320: invalid indirect mapped block 1819239214 (level 1) [ 607.922002][T12646] overlayfs: statfs failed on './file0' [ 607.928684][T12636] EXT4-fs (loop4): Remounting filesystem read-only [ 607.953853][T12636] EXT4-fs (loop4): 1 truncate cleaned up [ 607.959540][T12636] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 608.092414][T12636] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.3320: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 608.201761][T12636] EXT4-fs (loop4): Remounting filesystem read-only [ 610.024855][T12671] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 610.890205][T12676] netlink: 'syz.1.3334': attribute type 4 has an invalid length. [ 610.919481][T12676] netlink: 'syz.1.3334': attribute type 5 has an invalid length. [ 610.967794][T12676] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3334'. [ 611.138564][T12679] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3341'. [ 611.376498][T12684] loop1: detected capacity change from 0 to 512 [ 611.436316][T12684] EXT4-fs (loop1): Ignoring removed nobh option [ 611.522509][T12684] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 611.639377][T12684] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.3342: attempt to clear invalid blocks 1 len 1 [ 611.747186][T12684] EXT4-fs (loop1): Remounting filesystem read-only [ 611.776244][T12684] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 612.132093][T12684] EXT4-fs (loop1): Remounting filesystem read-only [ 612.138764][T12684] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3342: invalid indirect mapped block 1819239214 (level 0) [ 612.153989][T12684] EXT4-fs (loop1): Remounting filesystem read-only [ 612.160554][T12684] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.3342: invalid indirect mapped block 1819239214 (level 1) [ 612.329761][T12684] EXT4-fs (loop1): Remounting filesystem read-only [ 612.365823][T12684] EXT4-fs (loop1): 1 truncate cleaned up [ 612.502567][T12684] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 612.995223][T12684] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 13: comm syz.1.3342: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 613.077570][T12684] EXT4-fs (loop1): Remounting filesystem read-only [ 613.112097][T12701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 613.181275][T12701] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.264939][T12701] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 613.336524][T12705] netlink: 'syz.4.3351': attribute type 4 has an invalid length. [ 613.351490][T12705] netlink: 'syz.4.3351': attribute type 5 has an invalid length. [ 613.371647][T12705] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3351'. [ 613.545612][T12701] syz.3.3344 (12701) used greatest stack depth: 19392 bytes left [ 614.456759][T12730] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3359'. [ 615.149513][T12745] netlink: 'syz.2.3366': attribute type 4 has an invalid length. [ 615.218681][T12745] netlink: 'syz.2.3366': attribute type 5 has an invalid length. [ 615.249037][T12745] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3366'. [ 616.127467][T12763] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3373'. [ 618.033272][T12803] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3391'. [ 618.392558][T12815] loop3: detected capacity change from 0 to 512 [ 618.465581][T12815] EXT4-fs (loop3): Ignoring removed nobh option [ 618.499309][T12820] loop4: detected capacity change from 0 to 512 [ 618.541943][T12815] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 618.581315][T12815] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.3396: attempt to clear invalid blocks 1 len 1 [ 618.681911][T12815] EXT4-fs (loop3): Remounting filesystem read-only [ 618.703943][T12820] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 618.720708][T12815] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 618.735644][T12820] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 618.855433][T12815] EXT4-fs (loop3): Remounting filesystem read-only [ 618.901902][T12815] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.3396: invalid indirect mapped block 1819239214 (level 0) [ 618.950440][T12829] netlink: 'syz.2.3401': attribute type 4 has an invalid length. [ 618.969229][T12815] EXT4-fs (loop3): Remounting filesystem read-only [ 619.051641][T12829] netlink: 'syz.2.3401': attribute type 5 has an invalid length. [ 619.115116][T12815] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.3396: invalid indirect mapped block 1819239214 (level 1) [ 619.230358][T12829] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3401'. [ 619.331218][T12815] EXT4-fs (loop3): Remounting filesystem read-only [ 619.484377][T12815] EXT4-fs (loop3): 1 truncate cleaned up [ 619.598163][T12815] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 619.700532][T12815] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #2: block 13: comm syz.3.3396: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 619.758627][T12815] EXT4-fs (loop3): Remounting filesystem read-only [ 619.807038][T12837] overlayfs: failed to resolve './file0/file1': -2 [ 620.111516][T12842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3403'. [ 620.843573][T12846] 9pnet: Insufficient options for proto=fd [ 621.726503][T12868] loop0: detected capacity change from 0 to 512 [ 621.770411][T12868] EXT4-fs (loop0): Ignoring removed nobh option [ 621.817054][T12868] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 621.844218][T12868] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.3416: attempt to clear invalid blocks 1 len 1 [ 621.871966][T12868] EXT4-fs (loop0): Remounting filesystem read-only [ 621.878779][T12868] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 621.968428][T12871] overlayfs: failed to resolve './file0/file1': -2 [ 621.978908][T12868] EXT4-fs (loop0): Remounting filesystem read-only [ 621.996046][T12868] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3416: invalid indirect mapped block 1819239214 (level 0) [ 622.022074][T12868] EXT4-fs (loop0): Remounting filesystem read-only [ 622.032194][T12868] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.3416: invalid indirect mapped block 1819239214 (level 1) [ 622.111559][T12868] EXT4-fs (loop0): Remounting filesystem read-only [ 622.138079][T12868] EXT4-fs (loop0): 1 truncate cleaned up [ 622.153376][T12868] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 622.222094][T12868] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 13: comm syz.0.3416: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 622.322357][T12868] EXT4-fs (loop0): Remounting filesystem read-only [ 623.591748][T12893] overlayfs: missing 'lowerdir' [ 623.593406][T12896] 9pnet: Insufficient options for proto=fd [ 623.879722][T12902] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3430'. [ 624.204831][T12907] netlink: 'syz.4.3433': attribute type 4 has an invalid length. [ 624.251083][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.257488][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.280291][T12907] netlink: 'syz.4.3433': attribute type 5 has an invalid length. [ 624.349632][T12907] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3433'. [ 627.118509][T12959] overlayfs: missing 'lowerdir' [ 628.296268][T12969] loop3: detected capacity change from 0 to 2048 [ 628.400340][T12969] loop3: p1 < > p4 < > [ 628.664987][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 628.665533][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 630.392201][T13000] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 631.451511][ T4190] Bluetooth: hci2: command 0x0406 tx timeout [ 632.997952][T13038] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 633.858264][T13042] fuseblk: Bad value for 'fd' [ 639.130428][T13095] loop3: detected capacity change from 0 to 512 [ 639.234512][T13095] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 639.278082][T13095] EXT4-fs (loop3): 1 truncate cleaned up [ 639.291702][T13095] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 640.212788][T13113] 9pnet: Insufficient options for proto=fd [ 640.221451][T13113] overlayfs: failed to resolve './file0/file1': -2 [ 644.927855][T13164] loop2: detected capacity change from 0 to 512 [ 645.781654][T13164] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 645.864437][T13164] EXT4-fs (loop2): 1 truncate cleaned up [ 645.875585][T13164] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 647.077880][T11125] Bluetooth: hci5: command 0x0406 tx timeout [ 648.003014][T13200] netlink: 'syz.2.3551': attribute type 4 has an invalid length. [ 648.050386][T13200] netlink: 'syz.2.3551': attribute type 5 has an invalid length. [ 648.091531][T13200] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3551'. [ 648.486641][T13213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3555'. [ 651.000041][T13255] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3572'. [ 652.401772][T13269] netlink: 116 bytes leftover after parsing attributes in process `syz.2.3578'. [ 652.986907][T13273] overlayfs: failed to resolve './file0': -2 [ 653.999949][T13286] overlayfs: failed to resolve './file0/file1': -2 [ 654.604111][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3592'. [ 655.151274][T13311] loop1: detected capacity change from 0 to 512 [ 655.364231][T13311] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.3594: bg 0: block 393: padding at end of block bitmap is not set [ 655.532368][T13311] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 655.574991][T13311] EXT4-fs (loop1): 2 truncates cleaned up [ 655.608332][T13311] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 655.623210][T13323] overlayfs: failed to resolve './file0/file1': -2 [ 655.858304][T13325] loop3: detected capacity change from 0 to 512 [ 655.978048][T13325] EXT4-fs (loop3): Ignoring removed nobh option [ 656.015231][T13325] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 656.115699][T13325] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.3601: attempt to clear invalid blocks 1 len 1 [ 656.132115][T13325] EXT4-fs (loop3): Remounting filesystem read-only [ 656.138816][T13325] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 656.182100][T13325] EXT4-fs (loop3): Remounting filesystem read-only [ 656.188761][T13325] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.3601: invalid indirect mapped block 1819239214 (level 0) [ 656.249498][T13325] EXT4-fs (loop3): Remounting filesystem read-only [ 656.259995][T13325] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.3601: invalid indirect mapped block 1819239214 (level 1) [ 656.352139][T13325] EXT4-fs (loop3): Remounting filesystem read-only [ 656.369618][T13325] EXT4-fs (loop3): 1 truncate cleaned up [ 656.421457][T13325] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 656.515646][T13325] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #2: block 13: comm syz.3.3601: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 656.603412][T13325] EXT4-fs (loop3): Remounting filesystem read-only [ 657.714625][T13352] overlayfs: failed to resolve './file0/file1': -2 [ 657.918382][T13359] netlink: 'syz.4.3615': attribute type 4 has an invalid length. [ 657.946722][T13359] netlink: 'syz.4.3615': attribute type 5 has an invalid length. [ 657.967010][T13359] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3615'. [ 660.185148][T13391] netlink: 'syz.3.3628': attribute type 4 has an invalid length. [ 660.193537][T13391] netlink: 'syz.3.3628': attribute type 5 has an invalid length. [ 660.201291][T13391] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.3628'. [ 660.306727][T13400] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 661.163100][T13404] overlayfs: missing 'lowerdir' [ 662.161482][ T4308] Bluetooth: hci3: command 0x0406 tx timeout [ 663.734753][T13437] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3645'. [ 669.379163][T13496] loop2: detected capacity change from 0 to 2048 [ 669.638535][T10487] loop2: p1 < > p4 < > [ 670.212155][T13496] loop2: p1 < > p4 < > [ 670.404497][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 670.417446][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 670.473252][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 670.514448][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 671.923170][T13526] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 672.941188][T13533] loop0: detected capacity change from 0 to 2048 [ 674.150104][T13546] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3690'. [ 674.588730][T13560] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 675.577913][T13566] loop1: detected capacity change from 0 to 512 [ 675.949696][T13566] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 676.055759][T13566] EXT4-fs (loop1): inline encryption not supported [ 676.373803][T13566] EXT4-fs (loop1): Test dummy encryption mode enabled [ 676.427644][T13566] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 676.481614][T13566] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 676.613178][T13566] EXT4-fs (loop1): 1 truncate cleaned up [ 676.652030][T13566] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 677.177583][T13590] overlayfs: failed to resolve './file0/file1': -2 [ 682.659094][T11293] Bluetooth: hci1: command 0x0406 tx timeout [ 683.854919][T13651] fuseblk: Bad value for 'fd' [ 685.057170][T13661] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 685.691826][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.698151][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.748620][T13676] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3741'. [ 690.201616][T13704] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3752'. [ 692.539373][T13721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3763'. [ 694.952880][T13749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3771'. [ 694.984103][T13751] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3772'. [ 695.176633][T13756] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3774'. [ 697.173269][T13774] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3784'. [ 697.421742][T13780] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3786'. [ 699.116080][T13810] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 699.872409][T13805] syz.1.3798 (13805) used greatest stack depth: 18560 bytes left [ 699.994189][T13814] loop1: detected capacity change from 0 to 512 [ 700.223265][T13814] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 700.640165][T13814] EXT4-fs (loop1): 1 truncate cleaned up [ 700.661571][T13814] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 700.966914][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 700.966930][ T26] audit: type=1326 audit(1763530248.145:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 701.064392][ T26] audit: type=1326 audit(1763530248.185:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 701.220034][ T26] audit: type=1326 audit(1763530248.185:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 701.358653][T13846] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3809'. [ 701.491837][ T26] audit: type=1326 audit(1763530248.185:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.032520][ T26] audit: type=1326 audit(1763530248.185:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.114479][ T26] audit: type=1326 audit(1763530248.185:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.138232][ T26] audit: type=1326 audit(1763530248.185:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.196461][ T26] audit: type=1326 audit(1763530248.195:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.263714][ T26] audit: type=1326 audit(1763530248.195:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.341919][ T26] audit: type=1326 audit(1763530248.195:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.0.3807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd23a36c9 code=0x7ffc0000 [ 702.696427][T13863] loop2: detected capacity change from 0 to 512 [ 703.015684][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3817'. [ 703.148105][T13863] EXT4-fs (loop2): Ignoring removed nobh option [ 703.440978][T11293] Bluetooth: hci4: command 0x0406 tx timeout [ 703.525069][T13863] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 703.554184][T13863] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.3818: attempt to clear invalid blocks 1 len 1 [ 703.699844][T13863] EXT4-fs (loop2): Remounting filesystem read-only [ 703.740185][T13863] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 703.807875][T13863] EXT4-fs (loop2): Remounting filesystem read-only [ 703.827568][T13863] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3818: invalid indirect mapped block 1819239214 (level 0) [ 703.878501][T13863] EXT4-fs (loop2): Remounting filesystem read-only [ 703.905983][T13863] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3818: invalid indirect mapped block 1819239214 (level 1) [ 704.061638][T13863] EXT4-fs (loop2): Remounting filesystem read-only [ 704.101802][T13863] EXT4-fs (loop2): 1 truncate cleaned up [ 704.107502][T13863] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 704.703629][T13862] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 13: comm syz.2.3818: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 705.053604][T13862] EXT4-fs (loop2): Remounting filesystem read-only [ 706.535612][T13915] overlayfs: failed to resolve './file0/file1': -2 [ 707.325100][T13922] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3835'. [ 708.447892][T13927] loop4: detected capacity change from 0 to 512 [ 708.513144][T13927] EXT4-fs (loop4): Ignoring removed nobh option [ 708.620003][T13927] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 708.651307][T13935] overlayfs: failed to resolve './file1': -2 [ 708.685939][T13927] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3840: attempt to clear invalid blocks 1 len 1 [ 708.810601][T13927] EXT4-fs (loop4): Remounting filesystem read-only [ 708.880835][T13927] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 708.937363][T13927] EXT4-fs (loop4): Remounting filesystem read-only [ 708.954352][T13927] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3840: invalid indirect mapped block 1819239214 (level 0) [ 709.092621][T13927] EXT4-fs (loop4): Remounting filesystem read-only [ 709.110859][T13927] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3840: invalid indirect mapped block 1819239214 (level 1) [ 709.207556][T13927] EXT4-fs (loop4): Remounting filesystem read-only [ 709.254315][T13927] EXT4-fs (loop4): 1 truncate cleaned up [ 709.318015][T13927] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 709.472234][T13927] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.3840: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 709.599540][T13927] EXT4-fs (loop4): Remounting filesystem read-only [ 709.818577][T13946] fuseblk: Bad value for 'fd' [ 710.307064][T13954] capability: warning: `syz.1.3848' uses 32-bit capabilities (legacy support in use) [ 711.782871][T13972] fuseblk: Bad value for 'fd' [ 711.961569][T13978] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3856'. [ 712.089507][T13980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3857'. [ 713.922725][T11687] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 714.202040][T11687] usb 2-1: Using ep0 maxpacket: 16 [ 714.371937][T11687] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 714.490940][T11687] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 714.911692][T11687] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 714.920908][T11687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.971477][T11687] usb 2-1: Product: syz [ 714.975742][T11687] usb 2-1: Manufacturer: syz [ 714.980373][T11687] usb 2-1: SerialNumber: syz [ 714.992385][T14007] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3869'. [ 715.103856][T14009] netlink: 'syz.4.3867': attribute type 4 has an invalid length. [ 715.149314][T14009] netlink: 'syz.4.3867': attribute type 5 has an invalid length. [ 715.177622][T14009] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3867'. [ 715.411776][T11687] usb 2-1: 0:2 : does not exist [ 715.466163][T11687] usb 2-1: USB disconnect, device number 13 [ 715.784287][T10487] udevd[10487]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 720.180356][T14071] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3891'. [ 721.326040][T14083] 9pnet: p9_client_clunk (14083): Trying to clunk with invalid fid [ 721.341485][T14083] CPU: 1 PID: 14083 Comm: syz.0.3901 Not tainted syzkaller #0 [ 721.348999][T14083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 721.359100][T14083] Call Trace: [ 721.362402][T14083] [ 721.365354][T14083] dump_stack_lvl+0x168/0x230 [ 721.370092][T14083] ? show_regs_print_info+0x20/0x20 [ 721.375321][T14083] ? load_image+0x3b0/0x3b0 [ 721.379858][T14083] ? v9fs_fid_find+0x2d1/0x320 [ 721.384655][T14083] p9_client_clunk+0x2b3/0x380 [ 721.389457][T14083] v9fs_statfs+0x192/0x350 [ 721.393908][T14083] ? v9fs_drop_inode+0x130/0x130 [ 721.399015][T14083] ? ovl_mount_dir+0x1f6/0x2b0 [ 721.403821][T14083] ? kfree+0xef/0x2a0 [ 721.407843][T14083] vfs_statfs+0x13d/0x2c0 [ 721.412210][T14083] ovl_get_upper+0x181/0x580 [ 721.416839][T14083] ? ovl_fill_super+0x2ae0/0x2ae0 [ 721.421926][T14083] ovl_fill_super+0x170b/0x2ae0 [ 721.426856][T14083] ? ovl_mount+0x30/0x30 [ 721.431133][T14083] ? preempt_count_add+0x8d/0x190 [ 721.436196][T14083] ? sget+0x427/0x440 [ 721.440204][T14083] ? free_anon_bdev+0x20/0x20 [ 721.444911][T14083] ? ovl_mount+0x30/0x30 [ 721.449190][T14083] mount_nodev+0x52/0xe0 [ 721.453461][T14083] legacy_get_tree+0xe6/0x180 [ 721.458167][T14083] ? virtio_fs_zero_page_range+0x120/0x120 [ 721.464006][T14083] vfs_get_tree+0x88/0x270 [ 721.468461][T14083] do_new_mount+0x24a/0xa40 [ 721.473004][T14083] __se_sys_mount+0x2d6/0x3c0 [ 721.477713][T14083] ? __x64_sys_mount+0xc0/0xc0 [ 721.482508][T14083] ? lockdep_hardirqs_on+0x94/0x140 [ 721.487744][T14083] ? __x64_sys_mount+0x1c/0xc0 [ 721.492547][T14083] do_syscall_64+0x4c/0xa0 [ 721.497000][T14083] ? clear_bhb_loop+0x30/0x80 [ 721.501717][T14083] ? clear_bhb_loop+0x30/0x80 [ 721.506445][T14083] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 721.512381][T14083] RIP: 0033:0x7f7fd23a36c9 [ 721.517032][T14083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.536675][T14083] RSP: 002b:00007f7fd060a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 721.545123][T14083] RAX: ffffffffffffffda RBX: 00007f7fd25f9fa0 RCX: 00007f7fd23a36c9 [ 721.553137][T14083] RDX: 0000200000000440 RSI: 0000200000000100 RDI: 0000000000000000 [ 721.561139][T14083] RBP: 00007f7fd2425f91 R08: 0000200000000340 R09: 0000000000000000 [ 721.569144][T14083] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 721.577144][T14083] R13: 00007f7fd25fa038 R14: 00007f7fd25f9fa0 R15: 00007ffc53060e08 [ 721.585170][T14083] [ 722.022878][T14083] overlayfs: statfs failed on './file0' [ 722.030351][T14095] loop4: detected capacity change from 0 to 2048 [ 722.099687][T14095] loop4: p1 < > p4 < > [ 722.327087][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 722.338859][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 722.367469][T14101] loop1: detected capacity change from 0 to 512 [ 722.504648][T14101] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 722.590841][T14101] EXT4-fs (loop1): 1 truncate cleaned up [ 722.611765][T14101] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 722.672452][T14116] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3914'. [ 723.238638][T14132] 9pnet: p9_client_clunk (14132): Trying to clunk with invalid fid [ 723.267293][T14132] CPU: 1 PID: 14132 Comm: syz.1.3919 Not tainted syzkaller #0 [ 723.274819][T14132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 723.285000][T14132] Call Trace: [ 723.288311][T14132] [ 723.291272][T14132] dump_stack_lvl+0x168/0x230 [ 723.296097][T14132] ? show_regs_print_info+0x20/0x20 [ 723.301339][T14132] ? load_image+0x3b0/0x3b0 [ 723.305976][T14132] ? v9fs_fid_find+0x2d1/0x320 [ 723.310782][T14132] p9_client_clunk+0x2b3/0x380 [ 723.315590][T14132] v9fs_statfs+0x192/0x350 [ 723.320045][T14132] ? v9fs_drop_inode+0x130/0x130 [ 723.325024][T14132] ? ovl_mount_dir+0x1f6/0x2b0 [ 723.329825][T14132] ? kfree+0xef/0x2a0 [ 723.333848][T14132] vfs_statfs+0x13d/0x2c0 [ 723.338235][T14132] ovl_get_upper+0x181/0x580 [ 723.342896][T14132] ? ovl_fill_super+0x2ae0/0x2ae0 [ 723.347991][T14132] ovl_fill_super+0x170b/0x2ae0 [ 723.352909][T14132] ? ovl_mount+0x30/0x30 [ 723.357182][T14132] ? preempt_count_add+0x8d/0x190 [ 723.362245][T14132] ? sget+0x427/0x440 [ 723.366263][T14132] ? free_anon_bdev+0x20/0x20 [ 723.370986][T14132] ? ovl_mount+0x30/0x30 [ 723.375262][T14132] mount_nodev+0x52/0xe0 [ 723.379542][T14132] legacy_get_tree+0xe6/0x180 [ 723.384262][T14132] ? virtio_fs_zero_page_range+0x120/0x120 [ 723.390120][T14132] vfs_get_tree+0x88/0x270 [ 723.394578][T14132] do_new_mount+0x24a/0xa40 [ 723.399129][T14132] __se_sys_mount+0x2d6/0x3c0 [ 723.403850][T14132] ? __x64_sys_mount+0xc0/0xc0 [ 723.409004][T14132] ? lockdep_hardirqs_on+0x94/0x140 [ 723.414242][T14132] ? __x64_sys_mount+0x1c/0xc0 [ 723.419134][T14132] do_syscall_64+0x4c/0xa0 [ 723.423615][T14132] ? clear_bhb_loop+0x30/0x80 [ 723.428334][T14132] ? clear_bhb_loop+0x30/0x80 [ 723.433054][T14132] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 723.438981][T14132] RIP: 0033:0x7fd0c91ff6c9 [ 723.443429][T14132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.463082][T14132] RSP: 002b:00007fd0c7466038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 723.471538][T14132] RAX: ffffffffffffffda RBX: 00007fd0c9455fa0 RCX: 00007fd0c91ff6c9 [ 723.479544][T14132] RDX: 0000200000000440 RSI: 0000200000000100 RDI: 0000000000000000 [ 723.487554][T14132] RBP: 00007fd0c9281f91 R08: 0000200000000340 R09: 0000000000000000 [ 723.495658][T14132] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 723.503660][T14132] R13: 00007fd0c9456038 R14: 00007fd0c9455fa0 R15: 00007ffc645c3388 [ 723.511683][T14132] [ 723.905895][T14143] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3925'. [ 724.085038][T14132] overlayfs: statfs failed on './file0' [ 724.375803][T14152] loop1: detected capacity change from 0 to 512 [ 724.431440][T14152] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 724.470674][T14152] EXT4-fs (loop1): 1 truncate cleaned up [ 724.476614][T14152] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 725.154312][T14169] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 727.403955][T14192] overlayfs: failed to resolve './file0/file1': -2 [ 728.636958][T14203] loop1: detected capacity change from 0 to 2048 [ 728.721858][T14203] loop1: p1 < > p4 < > [ 728.938364][T10487] udevd[10487]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 728.945174][T10371] udevd[10371]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 730.422886][T14215] overlayfs: failed to resolve './file0/file1': -2 [ 733.488253][T14240] overlayfs: failed to resolve './file0/file1': -2 [ 734.074558][T14257] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 735.103597][T14272] overlayfs: failed to resolve './file0/file1': -2 [ 737.469612][T14294] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 742.860255][T14349] netlink: 'syz.3.4009': attribute type 4 has an invalid length. [ 742.933535][T14349] netlink: 'syz.3.4009': attribute type 5 has an invalid length. [ 742.951924][T14349] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.4009'. [ 744.359241][T14369] fuseblk: Bad value for 'fd' [ 746.131633][T14379] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 747.124156][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.130493][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.417878][T14446] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4048'. [ 751.813526][T14450] fuseblk: Bad value for 'fd' [ 753.620415][T14474] syz.3.4052[14474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 753.620523][T14474] syz.3.4052[14474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 753.674911][T14473] loop4: detected capacity change from 0 to 512 [ 753.724885][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 753.724902][ T26] audit: type=1326 audit(1763530300.905:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14470 comm="syz.3.4052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc43263c6c9 code=0x7ffc0000 [ 753.814697][T14473] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 753.826747][ T26] audit: type=1326 audit(1763530300.905:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14470 comm="syz.3.4052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7fc43263c6c9 code=0x7ffc0000 [ 753.947109][T14478] fuseblk: Bad value for 'fd' [ 753.981320][T14473] EXT4-fs (loop4): 1 truncate cleaned up [ 754.017300][T14473] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 754.025117][ T26] audit: type=1326 audit(1763530300.905:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14470 comm="syz.3.4052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc43263c6c9 code=0x7ffc0000 [ 754.163755][T14491] loop0: detected capacity change from 0 to 512 [ 754.180289][ T26] audit: type=1326 audit(1763530300.965:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14470 comm="syz.3.4052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc43263c6c9 code=0x7ffc0000 [ 754.312413][T14491] EXT4-fs (loop0): Ignoring removed bh option [ 754.318555][T14491] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 754.453712][T14491] EXT4-fs (loop0): orphan cleanup on readonly fs [ 754.478321][T14491] EXT4-fs (loop0): 1 truncate cleaned up [ 754.484180][T14491] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,resgid=0x000000000000ee00,bh,noload,data_err=ignore,abort,,errors=continue. Quota mode: writeback. [ 754.780204][T14506] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4073'. [ 756.316910][T14547] loop3: detected capacity change from 0 to 512 [ 756.388487][T14549] loop4: detected capacity change from 0 to 512 [ 756.455785][T14549] EXT4-fs (loop4): Ignoring removed nobh option [ 756.466278][T14547] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 756.562517][T14549] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 756.571958][T14547] EXT4-fs (loop3): 1 truncate cleaned up [ 756.577647][T14547] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 756.641684][T14549] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.4092: attempt to clear invalid blocks 1 len 1 [ 756.681674][T14549] EXT4-fs (loop4): Remounting filesystem read-only [ 756.688378][T14549] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 756.747379][T14549] EXT4-fs (loop4): Remounting filesystem read-only [ 756.771682][T14549] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.4092: invalid indirect mapped block 1819239214 (level 0) [ 756.796658][T14549] EXT4-fs (loop4): Remounting filesystem read-only [ 756.830025][T14549] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.4092: invalid indirect mapped block 1819239214 (level 1) [ 756.849984][T14549] EXT4-fs (loop4): Remounting filesystem read-only [ 756.858431][T14549] EXT4-fs (loop4): 1 truncate cleaned up [ 756.875663][T14549] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 756.941474][ C0] [ 756.943843][ C0] ====================================================== [ 756.950855][ C0] WARNING: possible circular locking dependency detected [ 756.957878][ C0] syzkaller #0 Not tainted [ 756.962279][ C0] ------------------------------------------------------ [ 756.969291][ C0] udevd/3561 is trying to acquire lock: [ 756.974829][ C0] ffff888078fe1238 (&trie->lock){..-.}-{2:2}, at: trie_delete_elem+0x90/0x710 [ 756.983786][ C0] [ 756.983786][ C0] but task is already holding lock: [ 756.991167][ C0] ffff8880b90280d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 757.000047][ C0] [ 757.000047][ C0] which lock already depends on the new lock. [ 757.000047][ C0] [ 757.010444][ C0] [ 757.010444][ C0] the existing dependency chain (in reverse order) is: [ 757.019444][ C0] [ 757.019444][ C0] -> #2 (&base->lock){-.-.}-{2:2}: [ 757.026726][ C0] _raw_spin_lock_irqsave+0xa4/0xf0 [ 757.032440][ C0] lock_timer_base+0x123/0x270 [ 757.037715][ C0] __mod_timer+0x117/0xd20 [ 757.042641][ C0] queue_delayed_work_on+0x126/0x1e0 [ 757.048437][ C0] kvfree_call_rcu+0x4a9/0x7c0 [ 757.053711][ C0] rtnl_register_internal+0x489/0x590 [ 757.059592][ C0] rtnl_register+0x2e/0x70 [ 757.064522][ C0] ip_rt_init+0x2e0/0x3a0 [ 757.069360][ C0] ip_init+0xa/0x20 [ 757.073677][ C0] inet_init+0x28b/0x3a0 [ 757.078427][ C0] do_one_initcall+0x1ee/0x680 [ 757.083703][ C0] do_initcall_level+0x137/0x1f0 [ 757.089156][ C0] do_initcalls+0x4b/0x90 [ 757.093995][ C0] kernel_init_freeable+0x3ce/0x560 [ 757.099708][ C0] kernel_init+0x19/0x1b0 [ 757.104547][ C0] ret_from_fork+0x1f/0x30 [ 757.109500][ C0] [ 757.109500][ C0] -> #1 (krc.lock){..-.}-{2:2}: [ 757.116523][ C0] _raw_spin_lock+0x2a/0x40 [ 757.121711][ C0] kvfree_call_rcu+0x186/0x7c0 [ 757.126982][ C0] trie_delete_elem+0x58c/0x710 [ 757.132360][ C0] bpf_prog_c0188993c79ab9c8+0x65a/0xb88 [ 757.138504][ C0] bpf_trace_run2+0x15b/0x2d0 [ 757.143692][ C0] __bpf_trace_sys_enter+0x60/0x70 [ 757.149314][ C0] trace_sys_enter+0x65/0x80 [ 757.154416][ C0] syscall_trace_enter+0x115/0x180 [ 757.160039][ C0] do_syscall_64+0x24/0xa0 [ 757.164978][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 757.171382][ C0] [ 757.171382][ C0] -> #0 (&trie->lock){..-.}-{2:2}: [ 757.178666][ C0] __lock_acquire+0x2c33/0x7c60 [ 757.184029][ C0] lock_acquire+0x197/0x3f0 [ 757.189041][ C0] _raw_spin_lock_irqsave+0xa4/0xf0 [ 757.194745][ C0] trie_delete_elem+0x90/0x710 [ 757.200016][ C0] bpf_prog_c0188993c79ab9c8+0x3d/0xc2c [ 757.206073][ C0] bpf_trace_run3+0x17e/0x320 [ 757.211256][ C0] enqueue_timer+0x394/0x520 [ 757.216355][ C0] __mod_timer+0x8e1/0xd20 [ 757.221281][ C0] call_timer_fn+0x16c/0x530 [ 757.226383][ C0] __run_timers+0x525/0x7c0 [ 757.231396][ C0] run_timer_softirq+0x63/0xf0 [ 757.236669][ C0] handle_softirqs+0x328/0x820 [ 757.241953][ C0] __irq_exit_rcu+0x12f/0x220 [ 757.247140][ C0] irq_exit_rcu+0x5/0x20 [ 757.251889][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 757.258030][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 757.264518][ C0] debug_lockdep_rcu_enabled+0x28/0x30 [ 757.270489][ C0] dput+0x3a/0x1a0 [ 757.274722][ C0] step_into+0x31d/0xd00 [ 757.279477][ C0] link_path_walk+0x662/0xd40 [ 757.284665][ C0] path_lookupat+0x9d/0x440 [ 757.289675][ C0] filename_lookup+0x1e2/0x4f0 [ 757.294945][ C0] user_path_at_empty+0x40/0x190 [ 757.300391][ C0] vfs_statx+0x102/0x4d0 [ 757.305145][ C0] __x64_sys_newfstatat+0x12c/0x1b0 [ 757.310856][ C0] do_syscall_64+0x4c/0xa0 [ 757.315783][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 757.322186][ C0] [ 757.322186][ C0] other info that might help us debug this: [ 757.322186][ C0] [ 757.332398][ C0] Chain exists of: [ 757.332398][ C0] &trie->lock --> krc.lock --> &base->lock [ 757.332398][ C0] [ 757.344109][ C0] Possible unsafe locking scenario: [ 757.344109][ C0] [ 757.351541][ C0] CPU0 CPU1 [ 757.356896][ C0] ---- ---- [ 757.362244][ C0] lock(&base->lock); [ 757.366302][ C0] lock(krc.lock); [ 757.372624][ C0] lock(&base->lock); [ 757.379198][ C0] lock(&trie->lock); [ 757.383253][ C0] [ 757.383253][ C0] *** DEADLOCK *** [ 757.383253][ C0] [ 757.391466][ C0] 4 locks held by udevd/3561: [ 757.396125][ C0] #0: ffffffff8c11c760 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 757.405424][ C0] #1: ffffc90000007be0 ((&app->join_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbb/0x530 [ 757.415066][ C0] #2: ffff8880b90280d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 757.424375][ C0] #3: ffffffff8c11c760 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 757.433674][ C0] [ 757.433674][ C0] stack backtrace: [ 757.439551][ C0] CPU: 0 PID: 3561 Comm: udevd Not tainted syzkaller #0 [ 757.446473][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 757.456514][ C0] Call Trace: [ 757.459784][ C0] [ 757.462619][ C0] dump_stack_lvl+0x168/0x230 [ 757.467394][ C0] ? load_image+0x3b0/0x3b0 [ 757.471888][ C0] ? show_regs_print_info+0x20/0x20 [ 757.477088][ C0] ? print_circular_bug+0x12b/0x1a0 [ 757.482291][ C0] check_noncircular+0x274/0x310 [ 757.487222][ C0] ? add_chain_block+0x940/0x940 [ 757.492146][ C0] ? lockdep_lock+0xdc/0x1e0 [ 757.496733][ C0] ? mark_lock+0x94/0x320 [ 757.501053][ C0] ? _find_first_zero_bit+0xce/0xf0 [ 757.506243][ C0] __lock_acquire+0x2c33/0x7c60 [ 757.511093][ C0] ? __lock_acquire+0x12d9/0x7c60 [ 757.516112][ C0] ? verify_lock_unused+0x140/0x140 [ 757.521323][ C0] ? __lock_acquire+0x13ad/0x7c60 [ 757.526344][ C0] lock_acquire+0x197/0x3f0 [ 757.530844][ C0] ? trie_delete_elem+0x90/0x710 [ 757.535770][ C0] ? verify_lock_unused+0x140/0x140 [ 757.540959][ C0] ? __lock_acquire+0x13ad/0x7c60 [ 757.545972][ C0] ? read_lock_is_recursive+0x10/0x10 [ 757.551335][ C0] ? verify_lock_unused+0x140/0x140 [ 757.556530][ C0] _raw_spin_lock_irqsave+0xa4/0xf0 [ 757.561731][ C0] ? trie_delete_elem+0x90/0x710 [ 757.566662][ C0] ? _raw_spin_lock+0x40/0x40 [ 757.571356][ C0] trie_delete_elem+0x90/0x710 [ 757.576111][ C0] ? do_raw_spin_lock+0x11d/0x280 [ 757.581125][ C0] ? __rwlock_init+0x140/0x140 [ 757.585882][ C0] bpf_prog_c0188993c79ab9c8+0x3d/0xc2c [ 757.591418][ C0] bpf_trace_run3+0x17e/0x320 [ 757.596102][ C0] ? bpf_trace_run2+0x2d0/0x2d0 [ 757.600953][ C0] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 757.606323][ C0] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 757.611684][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 757.617563][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 757.622762][ C0] enqueue_timer+0x394/0x520 [ 757.627344][ C0] __mod_timer+0x8e1/0xd20 [ 757.631757][ C0] ? garp_init_applicant+0x450/0x450 [ 757.637031][ C0] call_timer_fn+0x16c/0x530 [ 757.641629][ C0] ? garp_init_applicant+0x450/0x450 [ 757.646905][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 757.652876][ C0] ? __run_timers+0x7c0/0x7c0 [ 757.657565][ C0] ? rcu_is_watching+0x11/0xa0 [ 757.662317][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 757.667506][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 757.672710][ C0] ? garp_init_applicant+0x450/0x450 [ 757.677989][ C0] __run_timers+0x525/0x7c0 [ 757.682489][ C0] ? detach_timer+0x2b0/0x2b0 [ 757.687154][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 757.693131][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 757.697977][ C0] ? ktime_get_real_ts64+0x420/0x420 [ 757.703256][ C0] run_timer_softirq+0x63/0xf0 [ 757.708015][ C0] handle_softirqs+0x328/0x820 [ 757.712772][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 757.717613][ C0] ? do_softirq+0x200/0x200 [ 757.722112][ C0] __irq_exit_rcu+0x12f/0x220 [ 757.726777][ C0] ? irq_exit_rcu+0x20/0x20 [ 757.731276][ C0] irq_exit_rcu+0x5/0x20 [ 757.735512][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 757.741146][ C0] [ 757.744065][ C0] [ 757.746989][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 757.752961][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x28/0x30 [ 757.759195][ C0] Code: cc 00 31 c0 83 3d ab 2a c0 03 00 74 1d 83 3d 22 5d c0 03 00 74 14 65 48 8b 0d 14 fc 58 76 31 c0 83 b9 ec 0a 00 00 00 0f 94 c0 00 00 cc cc 00 00 cc 41 56 53 89 fb e8 16 0a 00 00 41 89 c6 83 [ 757.778794][ C0] RSP: 0018:ffffc90002e3f7a0 EFLAGS: 00000246 [ 757.784850][ C0] RAX: 0000000000000001 RBX: ffff888016eb9be8 RCX: ffff88807dadd940 [ 757.793009][ C0] RDX: 0000000000000000 RSI: ffffffff8a0b2f00 RDI: ffffffff8a59e580 [ 757.800972][ C0] RBP: ffffc90002e3f8d0 R08: dffffc0000000000 R09: fffffbfff1ff7c19 [ 757.808932][ C0] R10: fffffbfff1ff7c19 R11: 1ffffffff1ff7c18 R12: dffffc0000000000 [ 757.816891][ C0] R13: 1ffff920005c7f63 R14: 0000000000000000 R15: 0000000000200000 [ 757.824858][ C0] dput+0x3a/0x1a0 [ 757.828569][ C0] step_into+0x31d/0xd00 [ 757.832808][ C0] ? set_root+0x3a0/0x3a0 [ 757.837138][ C0] ? walk_component+0x1b7/0x460 [ 757.841997][ C0] link_path_walk+0x662/0xd40 [ 757.846684][ C0] ? handle_lookup_down+0x130/0x130 [ 757.851878][ C0] path_lookupat+0x9d/0x440 [ 757.856378][ C0] filename_lookup+0x1e2/0x4f0 [ 757.861136][ C0] ? hashlen_string+0x110/0x110 [ 757.865997][ C0] ? strncpy_from_user+0x1fb/0x360 [ 757.871104][ C0] ? getname_flags+0x1fe/0x500 [ 757.875865][ C0] user_path_at_empty+0x40/0x190 [ 757.880793][ C0] vfs_statx+0x102/0x4d0 [ 757.885028][ C0] ? vfs_fstatat+0x40/0x40 [ 757.889441][ C0] __x64_sys_newfstatat+0x12c/0x1b0 [ 757.894631][ C0] ? __ia32_sys_newlstat+0x160/0x160 [ 757.899915][ C0] ? lock_chain_count+0x20/0x20 [ 757.904761][ C0] ? vtime_user_exit+0x2dc/0x400 [ 757.909694][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 757.914883][ C0] do_syscall_64+0x4c/0xa0 [ 757.919289][ C0] ? clear_bhb_loop+0x30/0x80 [ 757.923957][ C0] ? clear_bhb_loop+0x30/0x80 [ 757.928626][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 757.934515][ C0] RIP: 0033:0x7f9665a5fb0a [ 757.938923][ C0] Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7 [ 757.958519][ C0] RSP: 002b:00007fff999771a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 757.966926][ C0] RAX: ffffffffffffffda RBX: 00007fff99977640 RCX: 00007f9665a5fb0a [ 757.974888][ C0] RDX: 00007fff999771b0 RSI: 00007fff99977640 RDI: 00000000ffffff9c [ 757.982850][ C0] RBP: 0000559bff71e910 R08: 0000000000000000 R09: 0000000000000000 [ 757.990809][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff99977240 [ 757.998770][ C0] R13: 0000559bd54bf100 R14: 0000559bff73ec90 R15: 00007fff99977c60 [ 758.006739][ C0] [ 758.042743][T14549] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.4092: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 758.100611][T14549] EXT4-fs (loop4): Remounting filesystem read-only