last executing test programs: 3.416306241s ago: executing program 1 (id=438): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000100001002dbd7000000000", @ANYRES32=0x0, @ANYBLOB="8123010000000000140003006e657464657673696d3000000000000034001680300001802c000c801400010007000000ed0c00008100000088a80000140001"], 0x70}}, 0x4040000) 3.175503475s ago: executing program 1 (id=447): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000004000000280012800900010076657468000000001800028014000100", @ANYRES32=0x0, @ANYBLOB="000302000200050008001b0006000000050011"], 0x58}, 0x1, 0x0, 0x0, 0x4000844}, 0x4000904) 2.93135736s ago: executing program 1 (id=443): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000021c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x800) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002200)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x810) 2.609931488s ago: executing program 2 (id=448): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000100001002dbd7000000000", @ANYRES32=0x0, @ANYBLOB="8123010000000000140003006e657464657673696d3000000000000034001680300001802c000c801400010007000000ed0c00008100000088a80000140001"], 0x70}}, 0x4040000) 2.571051461s ago: executing program 1 (id=449): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7e9, &(0x7f00000017c0)="$eJzs3c1rHG8dAPDvbF42SauJIGh7CggaKN2YGlsFDxEPIlgo6Nk2bLahZpMt2U1pQqDpQfAiqHgQ9NKzL/UgePXlqv+EeJAW0TRYT7oys7t53d0kbXa3/fXzgck8M/PMPPPN88yzz+4MuwF8sKbTP7mIKxHxwyRisrk+iYiRLDUcsdDI93p3u5hOSdTr3/pnkuX57aWDYyXN+aXmwqcj4o/fi7iWO17qeHNeLq03U7O11Yez1c2t6w9WF5dLy6W1m3Pz8zduffHWzZN7val//2Xr8ssfff1zv14Yjk89/8GfkliIy81te7vbxbc8/AnTMd38n4yk/8IjvnbRhQ1YMugT4I2kl+ZQ4yqPKzEZQ1mqg7e9AAGAd8KTiKgDAB+Y5LTX/yFDBAD4aGl9DrC3u11sTYP9RKK//vHViBhrxN+6v9nYMty8ZzeW3Qed2EuO3BlJImLqAsqfjoif/+47v0yn6NF9SIB2dp425nu7+WP9f5L2f6OnHyHfccvnu+1Wb+w3fWy1/g/65/fp+OdLJ8d/V/cf6BnL/h4b/4zl21y7b+L06z/3osOuZ+ibTpeO/75y6Nm2g/Hf/kNrU0PNpY9lY76R5P6Dcint2z4eETMxkk+X57Ks7Z+Cmnn131edyj88/vvXj7/7i7T8dH6QI/diOB/1xnN5/8vG60uLtcWLiD2L/2nE1eF28Sf749/kSP0v7Ed6p+NRj1bNN778/Z91ypnGn8bbmk7G31v1ZxGfbVv/B3WZdH0+cTZrDrOtRtHGb/7204lO5R/Ufz6bp+W33gv0Q1r/E93jn0pT1c2tlcVyubRePX8Zf342+YdO2w63//bxZ+3/iLT9jybfztKtlvZ4sVZbn4sYTb55cv2Ng31by638afwzn2l//bdv/42+IH1PeG9/qbvhl6O/ah6qbfyZnU7x91Ya/9K56r9Lot7c59im569XhjqVf7b6n89SM801Z+n/TjnTt2jNAAAAAAAAAAAAAAAAAAAAAAAAAHB+uYi4HEmusJ/O5QqFxm94fzImcuVKtXbtfmVjbSmy38qeipFc66suJw99H+pc8/vwW8s3ji1/ISI+ERE/yY9ny4Vipbw06OABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOnS0d//f5LOCoXGtr/nB312AEDPjA36BACAvvP6DwAfnvO9/o/37DwAgP459/v/etKbEwEA+ubMr//3enseAED/uP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAj925fTud6v/Z3S6my0uPNjdWKo+uL5WqK4XVjWKhWFl/WFiuVJbLpUKxstrxQDuNWblSeTgfaxuPZ2ulam22url1d7WysVa7+2B1cbl0tzTSt8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oyqm1sri+VyaV2iS2K8NN45TxIRAz/D0xJpXV/kAYff0ZB3/jqSteuumWPqvWn8o13yJBdZ1vjxNYd7ifFBdE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA74X/BwAA///YTBJy") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) 2.435871278s ago: executing program 2 (id=451): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x100, 0x0) 1.467214425s ago: executing program 2 (id=458): r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f00000014c0)=""/208, 0xd0}], 0x1, 0x3ff, 0xfffff25a) 1.362654461s ago: executing program 0 (id=459): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0026}]}) openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0xbaf, &(0x7f0000000040)={0x0, 0xb45d, 0xc000, 0x20000a, 0x20002f5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000a000}, 0x5) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.189600891s ago: executing program 2 (id=460): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000100001002dbd7000000000000000", @ANYRES32=0x0, @ANYBLOB="8123010000000000140003006e657464657673696d3000000000000034001680300001802c000c801400010007000000ed0c00008100000088a80000140001"], 0x70}}, 0x4040000) 1.147519954s ago: executing program 3 (id=468): bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf89", 0x0, 0x0, 0x0}, 0x38) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000060000000000000100000a0900010073797a31000000000900030073797a3000000000a4000300"], 0x118}, 0x1, 0x0, 0x0, 0x240401d4}, 0x240408d0) 1.134004094s ago: executing program 0 (id=461): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010025bd7000f9dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="158804000300000008001b000000000008000d0003"], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r1 = socket$nl_route(0x10, 0x3, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x60707}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x10000}]}, 0x30}, 0x1, 0x0, 0x0, 0x46801}, 0x24040040) 1.103371266s ago: executing program 1 (id=462): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffe, 0x0, 0x2, @scatter={0x0, 0x40000, 0x0}, 0x0, 0x0, 0x800004, 0x10030, 0x3, 0x0}) 1.088395287s ago: executing program 2 (id=463): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000004000000280012800900010076657468000000001800028014000100", @ANYRES32=0x0, @ANYBLOB="000302000200050008001b0006000000050011"], 0x58}, 0x1, 0x0, 0x0, 0x4000844}, 0x4000904) 955.419615ms ago: executing program 3 (id=464): socket$netlink(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xfffc}, {0xffff, 0xffff}, {0x4, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) close(0x4) 733.255668ms ago: executing program 2 (id=465): futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 623.794004ms ago: executing program 3 (id=466): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x89, 0x0, &(0x7f00000000c0)) 583.192927ms ago: executing program 0 (id=467): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="140100002f00010000000000fbdbdd2501"], 0x114}], 0x1, 0x0, 0x0, 0x41}, 0x4008080) 479.367663ms ago: executing program 3 (id=469): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002200)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x810) 352.22912ms ago: executing program 0 (id=470): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0026}]}) openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0xbaf, &(0x7f0000000040)={0x0, 0xb45d, 0xc000, 0x20000a, 0x20002f5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000a000}, 0x5) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 332.512801ms ago: executing program 1 (id=471): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x49) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0xae8, 0x863, 0x200000000000000) 263.282705ms ago: executing program 3 (id=472): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000100001002dbd7000000000000000", @ANYRES32=0x0, @ANYBLOB="8123010000000000140003006e657464657673696d3000000000000034001680300001802c000c801400010007000000ed0c00008100000088a80000140001"], 0x70}}, 0x4040000) 142.862873ms ago: executing program 0 (id=473): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000007b00)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000007b40)="fb9f", 0x2}], 0x1}}], 0x1, 0x40810) 23.468079ms ago: executing program 0 (id=474): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x2a081c6, &(0x7f0000000b80)=ANY=[], 0x4, 0x2ae, &(0x7f0000000a00)="$eJzs3U9rI2UYAPBn8q9ZPaSIF0VwQA+eytarl0ZZQexJiaAeNLi7IElY2IWAFczuaT+BR7+HH8GLF7+B4FXw1h4qIzOT6aRpYkuNKWx/v9PTed/nfZ+ZtySnPPP1G5PR/UdJPDv+PbrdJBoHcRAnSexGIypPoxUAwIvjJMvir+w6mXcam68GANiG8vu/dNO1AADb8ennX3zcPzy890maduO13vPpIImIyfPpoBzvP4xvYxwP4m704jQiO1PG7XxSK83txtuT2XSQZ06++nW+fv/PiCJ/P3qxezH/w48O7+2npbP8l6rq0ug/bFd/9OLV1fnvLufHZBaDTrzz1kL9e9GL376JRzGO+5Hn1vk/7KfpB9mPx99/mW+T5yeNGOwU82pZczsnAgAAAAAAAAAAAAAAAAAAAADAbbCXpknZvqfo35NfKvrnTAfN02J8L60s9veZVf2Bkmqhsj9QFvMWPbMsfqr669xN0zSbT6zzW/F6y4sFAAAAAAAAAAAAAAAAAAAAIPfku6PRcDx+8HgjQdUNoPpZ/3XXOVi48mYcjYbN9QvuXH2v1tP6xvNa/3VytFqxocdyWXAnr2fjK+/Uh/tZlEF1MBvd65X3y0WPRsN0PlQ95NEwuWyvbnVwPy8OdeK/FpYV/xKn2fkz7Z6Vej6rs6Gn0Xl55dDfWZZdbZ33/ijPaH4lKVpsXG339jxYeYN50L14Fr+sX3DtR0ZzM588AAAAAAAAAAAAAAAAAADAsvpHvysGn61JKq83/tfCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCL6vf/V0F34dX+S0NF0K6Tl4dWBJ14/OSm7g0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDb458AAAD//6wtSQs=") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) chroot(&(0x7f0000000100)='./file0\x00') pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0/../file0\x00') 0s ago: executing program 3 (id=475): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000040000002800128009000100766574680000000018000280140001000000", @ANYRES32=0x0, @ANYBLOB="000302000200050008001b0006000000050011"], 0x58}, 0x1, 0x0, 0x0, 0x4000844}, 0x4000904) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.33' (ED25519) to the list of known hosts. [ 73.513855][ T5757] cgroup: Unknown subsys name 'net' [ 73.654471][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.268134][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.906207][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.914136][ T5779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.922186][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.930420][ T5779] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.937929][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.946293][ T5779] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.953799][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.962253][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.970868][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.971541][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.978585][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.996864][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.004441][ T5782] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.008062][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.030842][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.038167][ T5782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.049151][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.059794][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.068423][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.076738][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.085032][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.092401][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.111706][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.119350][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.533172][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 77.600401][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 77.709194][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.717272][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.724562][ T5769] bridge_slave_0: entered allmulticast mode [ 77.732008][ T5769] bridge_slave_0: entered promiscuous mode [ 77.745166][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.752388][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.759720][ T5769] bridge_slave_1: entered allmulticast mode [ 77.767012][ T5769] bridge_slave_1: entered promiscuous mode [ 77.780640][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 77.802016][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 77.867382][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.879595][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.916912][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.924119][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.931591][ T5770] bridge_slave_0: entered allmulticast mode [ 77.938953][ T5770] bridge_slave_0: entered promiscuous mode [ 77.978974][ T5769] team0: Port device team_slave_0 added [ 77.987529][ T5769] team0: Port device team_slave_1 added [ 77.993701][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.001371][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.008783][ T5770] bridge_slave_1: entered allmulticast mode [ 78.015671][ T5770] bridge_slave_1: entered promiscuous mode [ 78.087161][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.099501][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.109576][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.117053][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.144149][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.159551][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.166606][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.192784][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.270725][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.277960][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.285252][ T5771] bridge_slave_0: entered allmulticast mode [ 78.292915][ T5771] bridge_slave_0: entered promiscuous mode [ 78.301243][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.308453][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.315846][ T5771] bridge_slave_1: entered allmulticast mode [ 78.323114][ T5771] bridge_slave_1: entered promiscuous mode [ 78.332903][ T5770] team0: Port device team_slave_0 added [ 78.351341][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.358808][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.366466][ T5768] bridge_slave_0: entered allmulticast mode [ 78.373419][ T5768] bridge_slave_0: entered promiscuous mode [ 78.394602][ T5770] team0: Port device team_slave_1 added [ 78.411152][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.418399][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.425512][ T5768] bridge_slave_1: entered allmulticast mode [ 78.435431][ T5768] bridge_slave_1: entered promiscuous mode [ 78.465144][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.528095][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.552842][ T5769] hsr_slave_0: entered promiscuous mode [ 78.559650][ T5769] hsr_slave_1: entered promiscuous mode [ 78.569196][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.578330][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.605952][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.619340][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.626407][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.652503][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.667584][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.679590][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.703610][ T5771] team0: Port device team_slave_0 added [ 78.749284][ T5771] team0: Port device team_slave_1 added [ 78.758631][ T5768] team0: Port device team_slave_0 added [ 78.783926][ T5768] team0: Port device team_slave_1 added [ 78.853141][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.860277][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.886615][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.899660][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.906729][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.932820][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.966294][ T5770] hsr_slave_0: entered promiscuous mode [ 78.972916][ T5770] hsr_slave_1: entered promiscuous mode [ 78.979421][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.987946][ T5770] Cannot create hsr debugfs directory [ 78.994128][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.003168][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.031558][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.049618][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.056690][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.082921][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.094366][ T5085] Bluetooth: hci2: command tx timeout [ 79.165969][ T5085] Bluetooth: hci0: command tx timeout [ 79.166219][ T5781] Bluetooth: hci1: command tx timeout [ 79.176708][ T5085] Bluetooth: hci3: command tx timeout [ 79.205276][ T5771] hsr_slave_0: entered promiscuous mode [ 79.211831][ T5771] hsr_slave_1: entered promiscuous mode [ 79.218551][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.226209][ T5771] Cannot create hsr debugfs directory [ 79.281448][ T5768] hsr_slave_0: entered promiscuous mode [ 79.287808][ T5768] hsr_slave_1: entered promiscuous mode [ 79.293878][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.301701][ T5768] Cannot create hsr debugfs directory [ 79.568588][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.587428][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.624867][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.639233][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.745514][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.771585][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.782922][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.807940][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.870002][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.895158][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.913415][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.944879][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.015434][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.025253][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.035712][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.049150][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.059088][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.120113][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.133689][ T2930] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.140980][ T2930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.172548][ T2930] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.179767][ T2930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.273775][ T5769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.306804][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.360678][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.389469][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.396726][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.419441][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.426660][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.457583][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.550138][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.571276][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.614620][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.621814][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.648557][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.669270][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.676587][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.708849][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.716152][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.749452][ T3004] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.756743][ T3004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.819521][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.972466][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.043669][ T5769] veth0_vlan: entered promiscuous mode [ 81.101461][ T5769] veth1_vlan: entered promiscuous mode [ 81.154233][ T5768] veth0_vlan: entered promiscuous mode [ 81.176130][ T5781] Bluetooth: hci2: command tx timeout [ 81.192192][ T5768] veth1_vlan: entered promiscuous mode [ 81.248933][ T5781] Bluetooth: hci3: command tx timeout [ 81.253922][ T5085] Bluetooth: hci0: command tx timeout [ 81.254612][ T5781] Bluetooth: hci1: command tx timeout [ 81.284345][ T5769] veth0_macvtap: entered promiscuous mode [ 81.314987][ T5769] veth1_macvtap: entered promiscuous mode [ 81.347778][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.363910][ T5768] veth0_macvtap: entered promiscuous mode [ 81.379310][ T5768] veth1_macvtap: entered promiscuous mode [ 81.392777][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.407491][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.433625][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.444844][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.457422][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.473407][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.484611][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.497514][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.511948][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.521342][ T5769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.530493][ T5769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.539468][ T5769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.551469][ T5769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.580468][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.592567][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.603363][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.613455][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.679798][ T5771] veth0_vlan: entered promiscuous mode [ 81.745685][ T5771] veth1_vlan: entered promiscuous mode [ 81.785768][ T5770] veth0_vlan: entered promiscuous mode [ 81.815449][ T2922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.839554][ T2922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.896421][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.904307][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.923279][ T5771] veth0_macvtap: entered promiscuous mode [ 81.931957][ T5770] veth1_vlan: entered promiscuous mode [ 81.951963][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.965499][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.975694][ T5771] veth1_macvtap: entered promiscuous mode [ 82.011295][ T1118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.043814][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.055496][ T1118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.064626][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.074732][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.085439][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.099030][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.115733][ T5770] veth0_macvtap: entered promiscuous mode [ 82.141125][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.172917][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.183918][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.195914][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.208386][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.220396][ T5770] veth1_macvtap: entered promiscuous mode [ 82.258248][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.295931][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.304701][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.344721][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.369573][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.387947][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.397990][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.408670][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.418831][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.430469][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.440752][ T5855] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 82.459654][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.498240][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.511038][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.529265][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.543499][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.554825][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.568663][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.584854][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.642893][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.657069][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.669601][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.681162][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.044064][ T3004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.063867][ T3004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.179967][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.217665][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.266572][ T5781] Bluetooth: hci2: command tx timeout [ 83.286488][ T1118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.315705][ T1118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.326450][ T5781] Bluetooth: hci1: command tx timeout [ 83.332826][ T51] Bluetooth: hci0: command tx timeout [ 83.340025][ T51] Bluetooth: hci3: command tx timeout [ 84.097495][ T2930] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.112206][ T2930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.855448][ T5893] syz.3.15[5893]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 84.925469][ T5893] loop3: detected capacity change from 0 to 4096 [ 85.015407][ T5893] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.062250][ T5893] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #15: comm syz.3.15: corrupted inode contents [ 85.080004][ T5893] EXT4-fs error (device loop3): ext4_dirty_inode:6124: inode #15: comm syz.3.15: mark_inode_dirty error [ 85.146492][ T5893] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #15: comm syz.3.15: corrupted inode contents [ 85.194741][ T5893] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.15: mark_inode_dirty error [ 85.210568][ T5893] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #15: comm syz.3.15: corrupted inode contents [ 85.263442][ T5893] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.15: mark_inode_dirty error [ 85.320390][ T5893] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #15: comm syz.3.15: corrupted inode contents [ 85.328209][ T5085] Bluetooth: hci2: command tx timeout [ 85.406200][ T5781] Bluetooth: hci3: command tx timeout [ 85.412961][ T51] Bluetooth: hci0: command tx timeout [ 85.419015][ T5085] Bluetooth: hci1: command tx timeout [ 85.430613][ T5893] EXT4-fs error (device loop3): ext4_truncate:4294: inode #15: comm syz.3.15: mark_inode_dirty error [ 85.500320][ T5893] EXT4-fs error (device loop3) in ext4_setattr:5663: Corrupt filesystem [ 85.557302][ T5902] EXT4-fs error (device loop3): ext4_do_update_inode:5248: inode #15: comm syz.3.15: corrupted inode contents [ 85.733406][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.145538][ T5928] loop1: detected capacity change from 0 to 256 [ 86.227859][ T5928] FAT-fs (loop1): Directory bread(block 1285) failed [ 86.255436][ T5928] FAT-fs (loop1): Directory bread(block 1286) failed [ 86.281414][ T5928] FAT-fs (loop1): Directory bread(block 1287) failed [ 86.296182][ T5928] FAT-fs (loop1): Directory bread(block 1288) failed [ 86.348285][ T5928] FAT-fs (loop1): Directory bread(block 1285) failed [ 86.355253][ T5928] FAT-fs (loop1): Directory bread(block 1286) failed [ 86.363551][ T5928] FAT-fs (loop1): Directory bread(block 1287) failed [ 86.376026][ T5928] FAT-fs (loop1): Directory bread(block 1288) failed [ 86.383076][ T5928] FAT-fs (loop1): Directory bread(block 1285) failed [ 86.390055][ T5928] FAT-fs (loop1): Directory bread(block 1286) failed [ 87.347624][ T5963] loop2: detected capacity change from 0 to 512 [ 87.394915][ T5963] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.53: inode has both inline data and extents flags [ 87.458116][ T5963] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.53: couldn't read orphan inode 15 (err -117) [ 87.555386][ T5963] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.570554][ T5968] netlink: 80 bytes leftover after parsing attributes in process `syz.1.47'. [ 87.637446][ T28] audit: type=1800 audit(1769349377.637:2): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.53" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 87.721563][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.747497][ T5833] kernel write not supported for file bpf-prog (pid: 5833 comm: kworker/1:4) [ 87.905995][ T5976] netlink: 16 bytes leftover after parsing attributes in process `syz.1.52'. [ 88.369291][ T5993] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 88.572920][ T5999] netlink: 80 bytes leftover after parsing attributes in process `syz.2.61'. [ 88.786649][ T6009] netlink: 16 bytes leftover after parsing attributes in process `syz.0.67'. [ 89.121354][ T6021] Illegal XDP return value 4294967294 on prog (id 5) dev N/A, expect packet loss! [ 89.183448][ T6023] netlink: 80 bytes leftover after parsing attributes in process `syz.0.73'. [ 89.423777][ T6021] loop1: detected capacity change from 0 to 8192 [ 89.492741][ T6021] loop1: p4 < > [ 89.519796][ T6035] netlink: 16 bytes leftover after parsing attributes in process `syz.0.79'. [ 89.910566][ T5762] udevd[5762]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 89.987947][ T6050] netlink: 80 bytes leftover after parsing attributes in process `syz.1.86'. [ 90.412047][ T6064] netlink: 16 bytes leftover after parsing attributes in process `syz.3.92'. [ 90.846869][ T6068] 9pnet_fd: Insufficient options for proto=fd [ 90.876795][ T6076] netlink: 80 bytes leftover after parsing attributes in process `syz.2.96'. [ 91.202879][ T6088] netlink: 16 bytes leftover after parsing attributes in process `syz.1.102'. [ 91.632764][ T6101] loop3: detected capacity change from 0 to 512 [ 91.649554][ T6101] ======================================================= [ 91.649554][ T6101] WARNING: The mand mount option has been deprecated and [ 91.649554][ T6101] and is ignored by this kernel. Remove the mand [ 91.649554][ T6101] option from the mount to silence this warning. [ 91.649554][ T6101] ======================================================= [ 91.684444][ C1] vkms_vblank_simulate: vblank timer overrun [ 91.760869][ T6105] loop0: detected capacity change from 0 to 128 [ 91.857785][ T6105] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 91.897525][ T6105] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.061020][ T787] cfg80211: failed to load regulatory.db [ 92.486659][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.810418][ T6128] __nla_validate_parse: 3 callbacks suppressed [ 92.810432][ T6128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.118'. [ 92.843905][ T6128] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 92.910344][ T6131] tipc: Started in network mode [ 92.936825][ T6131] tipc: Node identity b67efb07f81a, cluster identity 4711 [ 92.944255][ T6131] tipc: Enabled bearer , priority 0 [ 92.968926][ T6131] syzkaller0: entered promiscuous mode [ 92.983580][ T6131] syzkaller0: entered allmulticast mode [ 93.006733][ T6131] tipc: Resetting bearer [ 93.020421][ T6130] tipc: Resetting bearer [ 93.070718][ T6130] tipc: Disabling bearer [ 93.090153][ T6138] loop3: detected capacity change from 0 to 256 [ 93.192121][ T6140] loop3: detected capacity change from 0 to 512 [ 93.216342][ T6140] EXT4-fs (loop3): can't read group descriptor 0 [ 93.268624][ T5762] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 93.283421][ T6140] netlink: 12 bytes leftover after parsing attributes in process `syz.3.124'. [ 93.424813][ T6144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.126'. [ 93.467532][ T6146] loop1: detected capacity change from 0 to 512 [ 93.521455][ T6146] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.127: bg 0: block 248: padding at end of block bitmap is not set [ 93.553413][ T6146] Quota error (device loop1): write_blk: dquota write failed [ 93.563451][ T6146] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 93.574022][ T6146] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.127: Failed to acquire dquot type 1 [ 93.592253][ T6146] EXT4-fs (loop1): 1 truncate cleaned up [ 93.601260][ T6146] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.614273][ T6146] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.676401][ T6146] syz.1.127 (6146) used greatest stack depth: 20840 bytes left [ 93.713701][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.827860][ T28] audit: type=1326 audit(1769349383.837:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 93.932836][ T28] audit: type=1326 audit(1769349383.837:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 93.977141][ T28] audit: type=1326 audit(1769349383.867:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.021481][ T28] audit: type=1326 audit(1769349383.867:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.101824][ T6159] netlink: 8 bytes leftover after parsing attributes in process `syz.0.131'. [ 94.111563][ T28] audit: type=1326 audit(1769349383.867:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.126781][ T6159] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 94.164746][ T6159] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 94.197658][ T28] audit: type=1326 audit(1769349383.867:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.250402][ T28] audit: type=1326 audit(1769349383.867:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.272415][ C1] vkms_vblank_simulate: vblank timer overrun [ 94.326009][ T28] audit: type=1326 audit(1769349383.867:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 94.677131][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'. [ 94.864489][ T6183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.145'. [ 95.187654][ T6197] loop2: detected capacity change from 0 to 128 [ 95.340238][ T6197] syz.2.151: attempt to access beyond end of device [ 95.340238][ T6197] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 95.470035][ T6205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.155'. [ 95.572055][ T6207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 95.594835][ T6207] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 95.616199][ T6207] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 95.695567][ T6212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'. [ 95.914757][ T6220] loop1: detected capacity change from 0 to 512 [ 95.945294][ T6220] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 96.004681][ T6220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.021467][ T6220] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 96.121462][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.169709][ T6229] loop3: detected capacity change from 0 to 1024 [ 96.188452][ T6229] EXT4-fs: Ignoring removed orlov option [ 96.223917][ T6229] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.484180][ T6229] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.165: Allocating blocks 497-513 which overlap fs metadata [ 96.534374][ T6237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.168'. [ 96.551295][ T6229] EXT4-fs (loop3): pa ffff888076815740: logic 256, phys. 385, len 8 [ 96.559819][ T6229] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 1 [ 96.713837][ T2930] Trying to write to read-only block-device loop3 [ 96.759296][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.809870][ T6241] loop2: detected capacity change from 0 to 512 [ 96.890628][ T6241] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.171: inode has both inline data and extents flags [ 97.002149][ T6241] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.171: couldn't read orphan inode 15 (err -117) [ 97.077619][ T6241] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.309338][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.989368][ T6267] __nla_validate_parse: 1 callbacks suppressed [ 97.989383][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.180'. [ 98.016520][ T6267] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 98.023888][ T6267] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 98.032122][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.181'. [ 98.400722][ T6281] loop1: detected capacity change from 0 to 128 [ 98.519746][ T6283] netlink: 108 bytes leftover after parsing attributes in process `syz.3.188'. [ 98.533075][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.540657][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.550702][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.586813][ T6283] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 98.645357][ T6283] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 98.666444][ T6285] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.697077][ T6285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.189'. [ 98.792267][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.809096][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.191'. [ 98.842567][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.921325][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 98.921356][ T6291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.192'. [ 98.980749][ T6283] geneve0 speed is unknown, defaulting to 1000 [ 99.520066][ T6308] loop3: detected capacity change from 0 to 512 [ 99.588373][ T5762] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.723189][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.202'. [ 100.080792][ T6325] tmpfs: Bad value for 'mpol' [ 100.085084][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 100.085122][ T28] audit: type=1326 audit(1769349390.087:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.122932][ T28] audit: type=1326 audit(1769349390.127:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.145362][ T28] audit: type=1326 audit(1769349390.127:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.185875][ T28] audit: type=1326 audit(1769349390.127:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.247219][ T28] audit: type=1326 audit(1769349390.137:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.334891][ T28] audit: type=1326 audit(1769349390.137:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.374502][ T28] audit: type=1326 audit(1769349390.137:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.402823][ T28] audit: type=1326 audit(1769349390.137:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.432507][ T28] audit: type=1326 audit(1769349390.157:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6321 comm="syz.1.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 100.463451][ T6332] loop0: detected capacity change from 0 to 512 [ 100.526123][ T6332] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 100.592515][ T6332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.671456][ T6332] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 100.898795][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.971939][ T6348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.217'. [ 101.210174][ T28] audit: type=1326 audit(1769349391.217:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 101.345483][ T6360] loop2: detected capacity change from 0 to 128 [ 101.484088][ T6363] syz.2.224: attempt to access beyond end of device [ 101.484088][ T6363] loop2: rw=2049, sector=145, nr_sectors = 536 limit=128 [ 101.832706][ T6374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'. [ 102.342946][ T6395] netlink: 'syz.1.238': attribute type 8 has an invalid length. [ 102.690049][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.242'. [ 103.292593][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.253'. [ 103.749345][ T6440] loop1: detected capacity change from 0 to 128 [ 103.939518][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.262'. [ 104.043616][ T6451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.263'. [ 104.764753][ T6471] atomic_op ffff88805a0fe998 conn xmit_atomic 0000000000000000 [ 104.895043][ T6475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.274'. [ 104.922437][ T6473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'. [ 105.491173][ T6494] loop1: detected capacity change from 0 to 256 [ 105.634601][ T6497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.284'. [ 105.704175][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.0.285'. [ 105.975318][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 105.975333][ T28] audit: type=1326 audit(1769349395.977:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6509 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 106.010969][ T28] audit: type=1326 audit(1769349395.977:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6509 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 106.036957][ T28] audit: type=1326 audit(1769349395.977:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6509 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 106.063871][ T28] audit: type=1326 audit(1769349395.977:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6509 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0c439acb9 code=0x7ffc0000 [ 106.390845][ T6524] netlink: 80 bytes leftover after parsing attributes in process `syz.0.295'. [ 106.576178][ T6528] netlink: 56 bytes leftover after parsing attributes in process `syz.1.297'. [ 106.973675][ T6546] netlink: 80 bytes leftover after parsing attributes in process `syz.0.304'. [ 107.566596][ T6567] loop2: detected capacity change from 0 to 512 [ 107.633307][ T6567] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.993767][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.379205][ T6590] __nla_validate_parse: 2 callbacks suppressed [ 108.379222][ T6590] netlink: 56 bytes leftover after parsing attributes in process `syz.2.318'. [ 109.167369][ T6624] netlink: 56 bytes leftover after parsing attributes in process `syz.2.331'. [ 109.336233][ T6627] capability: warning: `syz.2.333' uses 32-bit capabilities (legacy support in use) [ 109.699408][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.339'. [ 109.740974][ T6644] Zero length message leads to an empty skb [ 109.946244][ T6653] netlink: 56 bytes leftover after parsing attributes in process `syz.1.344'. [ 110.576247][ T6678] netlink: 56 bytes leftover after parsing attributes in process `syz.2.356'. [ 111.401308][ T6712] netlink: 16 bytes leftover after parsing attributes in process `syz.2.370'. [ 111.420810][ T6712] netlink: 24 bytes leftover after parsing attributes in process `syz.2.370'. [ 112.244772][ T6742] netlink: 16 bytes leftover after parsing attributes in process `syz.2.384'. [ 112.280490][ T6742] netlink: 24 bytes leftover after parsing attributes in process `syz.2.384'. [ 112.700051][ T6759] netlink: 80 bytes leftover after parsing attributes in process `syz.2.392'. [ 112.829271][ T28] audit: type=1326 audit(1769349402.837:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 112.896418][ T28] audit: type=1326 audit(1769349402.867:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 112.980350][ T28] audit: type=1326 audit(1769349402.877:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 113.056233][ T28] audit: type=1326 audit(1769349402.877:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 113.146396][ T28] audit: type=1326 audit(1769349402.877:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f476d19acb9 code=0x7ffc0000 [ 113.490312][ T6784] __nla_validate_parse: 2 callbacks suppressed [ 113.490329][ T6784] netlink: 80 bytes leftover after parsing attributes in process `syz.1.404'. [ 113.660486][ T6792] loop1: detected capacity change from 0 to 512 [ 113.760744][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.407: iget: bad extra_isize 90 (inode size 256) [ 113.783428][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.407: error while reading EA inode 11 err=-117 [ 113.802433][ T6792] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 113.831870][ T6798] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'. [ 113.844108][ T6798] netlink: 20 bytes leftover after parsing attributes in process `syz.3.410'. [ 113.853957][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.407: iget: bad extra_isize 90 (inode size 256) [ 113.871601][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.407: error while reading EA inode 11 err=-117 [ 113.897880][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #18: comm syz.1.407: iget: bad extra_isize 90 (inode size 256) [ 113.922349][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.407: error while reading EA inode 18 err=-117 [ 113.935695][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #18: comm syz.1.407: iget: bad extra_isize 90 (inode size 256) [ 113.974353][ T6792] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.407: error while reading EA inode 18 err=-117 [ 114.012620][ T6792] EXT4-fs (loop1): 1 orphan inode deleted [ 114.020700][ T6792] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.052645][ T6792] 9pnet_fd: Insufficient options for proto=fd [ 114.114433][ T6803] loop3: detected capacity change from 0 to 164 [ 114.182056][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.384812][ T6810] netlink: 80 bytes leftover after parsing attributes in process `syz.3.416'. [ 114.386616][ T6808] loop2: detected capacity change from 0 to 2048 [ 114.475728][ T6808] Alternate GPT is invalid, using primary GPT. [ 114.496763][ T6808] loop2: p2 p3 p7 [ 114.832668][ T6819] netlink: 16 bytes leftover after parsing attributes in process `syz.3.421'. [ 114.855972][ T6819] netlink: 20 bytes leftover after parsing attributes in process `syz.3.421'. [ 114.901516][ T5761] udevd[5761]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 114.913704][ T5759] udevd[5759]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 114.952929][ T5762] udevd[5762]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 115.107724][ T6820] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 115.171819][ T6833] loop1: detected capacity change from 0 to 164 [ 115.245984][ T6837] netlink: 80 bytes leftover after parsing attributes in process `syz.0.426'. [ 115.855087][ T6860] netlink: 16 bytes leftover after parsing attributes in process `syz.1.435'. [ 115.886771][ T6860] netlink: 20 bytes leftover after parsing attributes in process `syz.1.435'. [ 115.927130][ T6862] loop2: detected capacity change from 0 to 256 [ 115.961717][ T6864] loop0: detected capacity change from 0 to 512 [ 116.002596][ T6862] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 116.003125][ T6864] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 116.041259][ T6862] FAT-fs (loop2): Filesystem has been set read-only [ 116.128315][ T6866] netlink: 80 bytes leftover after parsing attributes in process `syz.1.438'. [ 116.138378][ T28] audit: type=1800 audit(1769349406.147:66): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.437" name="bus" dev="loop0" ino=1048597 res=0 errno=0 [ 116.365484][ T6873] loop2: detected capacity change from 0 to 164 [ 116.899524][ T6890] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 117.025077][ T6895] loop1: detected capacity change from 0 to 2048 [ 117.068177][ T6891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 117.101294][ T6895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 117.211935][ T28] audit: type=1326 audit(1769349407.217:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6903 comm="syz.3.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 117.281776][ T28] audit: type=1326 audit(1769349407.217:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6903 comm="syz.3.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 117.344370][ T28] audit: type=1326 audit(1769349407.217:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6903 comm="syz.3.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 117.367141][ T28] audit: type=1326 audit(1769349407.217:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6903 comm="syz.3.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394859acb9 code=0x7ffc0000 [ 117.839212][ T6895] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 117.859416][ T6895] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 117.900298][ T6895] EXT4-fs (loop1): This should not happen!! Data will be lost [ 117.900298][ T6895] [ 117.923412][ T6895] EXT4-fs (loop1): Total free blocks count 0 [ 117.939537][ T6895] EXT4-fs (loop1): Free/Dirty block details [ 117.950318][ T6915] loop0: detected capacity change from 0 to 164 [ 117.958640][ T6895] EXT4-fs (loop1): free_blocks=2415919104 [ 117.964565][ T6895] EXT4-fs (loop1): dirty_blocks=5488 [ 117.998250][ T6895] EXT4-fs (loop1): Block reservation details [ 118.004349][ T6895] EXT4-fs (loop1): i_reserved_data_blocks=343 [ 118.374538][ T990] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 118.489655][ T6927] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 118.521380][ T6929] __nla_validate_parse: 4 callbacks suppressed [ 118.521397][ T6929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.463'. [ 118.721217][ T6930] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 118.993967][ T6943] netlink: 256 bytes leftover after parsing attributes in process `syz.0.467'. [ 119.182642][ T6949] loop1: detected capacity change from 0 to 512 [ 119.218658][ T6949] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.471: invalid indirect mapped block 256 (level 2) [ 119.259001][ T6949] EXT4-fs (loop1): 2 truncates cleaned up [ 119.283214][ T6949] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.302743][ T6955] netlink: 80 bytes leftover after parsing attributes in process `syz.3.472'. [ 119.420612][ T6959] loop0: detected capacity change from 0 to 256 [ 119.452410][ T6960] [ 119.454809][ T6960] ====================================================== [ 119.461951][ T6960] WARNING: possible circular locking dependency detected [ 119.469019][ T6960] syzkaller #0 Not tainted [ 119.473483][ T6960] ------------------------------------------------------ [ 119.480542][ T6960] syz.1.471/6960 is trying to acquire lock: [ 119.486475][ T6960] ffff888076b080c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x28/0xe0 [ 119.496314][ T6960] [ 119.496314][ T6960] but task is already holding lock: [ 119.503709][ T6960] ffff88801db48bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 119.513759][ T6960] [ 119.513759][ T6960] which lock already depends on the new lock. [ 119.513759][ T6960] [ 119.524222][ T6960] [ 119.524222][ T6960] the existing dependency chain (in reverse order) is: [ 119.533259][ T6960] [ 119.533259][ T6960] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 119.541710][ T6960] percpu_down_read+0x44/0x1a0 [ 119.547118][ T6960] ext4_writepages+0x1a4/0x350 [ 119.552436][ T6960] do_writepages+0x3b3/0x630 [ 119.557572][ T6960] __writeback_single_inode+0x153/0xec0 [ 119.563688][ T6960] writeback_single_inode+0x21f/0x760 [ 119.569650][ T6960] write_inode_now+0x183/0x210 [ 119.574970][ T6960] iput+0x5ae/0x920 [ 119.579333][ T6960] ext4_xattr_block_set+0x273f/0x32b0 [ 119.585265][ T6960] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 119.591711][ T6960] __ext4_expand_extra_isize+0x306/0x400 [ 119.597905][ T6960] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 119.603917][ T6960] ext4_evict_inode+0x7f3/0xea0 [ 119.609328][ T6960] evict+0x4ca/0x8d0 [ 119.613767][ T6960] ext4_orphan_cleanup+0xbec/0x1420 [ 119.619502][ T6960] ext4_fill_super+0x5ed3/0x6790 [ 119.625004][ T6960] get_tree_bdev+0x3f3/0x520 [ 119.630141][ T6960] vfs_get_tree+0x8c/0x280 [ 119.635121][ T6960] do_new_mount+0x24b/0xa40 [ 119.640183][ T6960] __se_sys_mount+0x2e7/0x3d0 [ 119.645405][ T6960] do_syscall_64+0x55/0xa0 [ 119.650379][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.656818][ T6960] [ 119.656818][ T6960] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 119.664408][ T6960] __lock_acquire+0x2df1/0x7d40 [ 119.669807][ T6960] lock_acquire+0x19e/0x420 [ 119.674871][ T6960] down_write+0x97/0x200 [ 119.679669][ T6960] ext4_destroy_inline_data+0x28/0xe0 [ 119.685583][ T6960] ext4_do_writepages+0x4f0/0x3990 [ 119.691245][ T6960] ext4_writepages+0x1dd/0x350 [ 119.696647][ T6960] do_writepages+0x3b3/0x630 [ 119.701797][ T6960] filemap_fdatawrite_wbc+0x122/0x180 [ 119.707720][ T6960] file_write_and_wait_range+0x197/0x280 [ 119.713894][ T6960] generic_buffers_fsync_noflush+0x6f/0x160 [ 119.720366][ T6960] ext4_sync_file+0x454/0xc00 [ 119.725595][ T6960] ext4_buffered_write_iter+0x2c0/0x350 [ 119.731680][ T6960] ext4_file_write_iter+0x1d9/0x1880 [ 119.737503][ T6960] do_iter_write+0x738/0xc30 [ 119.742636][ T6960] iter_file_splice_write+0x6a3/0xcb0 [ 119.748555][ T6960] direct_splice_actor+0xe8/0x130 [ 119.754130][ T6960] splice_direct_to_actor+0x304/0x8c0 [ 119.760058][ T6960] do_splice_direct+0x1d5/0x2f0 [ 119.765462][ T6960] vfs_copy_file_range+0xa98/0x15c0 [ 119.771212][ T6960] __se_sys_copy_file_range+0x324/0x470 [ 119.777320][ T6960] do_syscall_64+0x55/0xa0 [ 119.782286][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.788753][ T6960] [ 119.788753][ T6960] other info that might help us debug this: [ 119.788753][ T6960] [ 119.798996][ T6960] Possible unsafe locking scenario: [ 119.798996][ T6960] [ 119.806460][ T6960] CPU0 CPU1 [ 119.811839][ T6960] ---- ---- [ 119.817224][ T6960] rlock(&sbi->s_writepages_rwsem); [ 119.822531][ T6960] lock(&ei->xattr_sem); [ 119.829408][ T6960] lock(&sbi->s_writepages_rwsem); [ 119.837142][ T6960] lock(&ei->xattr_sem); [ 119.841498][ T6960] [ 119.841498][ T6960] *** DEADLOCK *** [ 119.841498][ T6960] [ 119.849651][ T6960] 2 locks held by syz.1.471/6960: [ 119.854701][ T6960] #0: ffff88801db4a418 (sb_writers#4){.+.+}-{0:0}, at: vfs_copy_file_range+0x8ee/0x15c0 [ 119.864583][ T6960] #1: ffff88801db48bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 119.875072][ T6960] [ 119.875072][ T6960] stack backtrace: [ 119.880999][ T6960] CPU: 0 PID: 6960 Comm: syz.1.471 Not tainted syzkaller #0 [ 119.888300][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 119.898390][ T6960] Call Trace: [ 119.901710][ T6960] [ 119.904661][ T6960] dump_stack_lvl+0x18c/0x250 [ 119.909369][ T6960] ? load_image+0x400/0x400 [ 119.913932][ T6960] ? show_regs_print_info+0x20/0x20 [ 119.919163][ T6960] ? print_circular_bug+0x12b/0x1a0 [ 119.924383][ T6960] check_noncircular+0x2fc/0x400 [ 119.929358][ T6960] ? print_deadlock_bug+0x5d0/0x5d0 [ 119.934582][ T6960] ? lockdep_lock+0xf5/0x230 [ 119.939197][ T6960] ? _find_first_zero_bit+0xd3/0x100 [ 119.944501][ T6960] __lock_acquire+0x2df1/0x7d40 [ 119.949386][ T6960] ? verify_lock_unused+0x140/0x140 [ 119.954627][ T6960] lock_acquire+0x19e/0x420 [ 119.959156][ T6960] ? ext4_destroy_inline_data+0x28/0xe0 [ 119.964729][ T6960] ? __might_sleep+0xe0/0xe0 [ 119.969345][ T6960] ? read_lock_is_recursive+0x20/0x20 [ 119.974771][ T6960] ? check_noncircular+0x18a/0x400 [ 119.979905][ T6960] ? __might_sleep+0xe0/0xe0 [ 119.984521][ T6960] down_write+0x97/0x200 [ 119.988806][ T6960] ? ext4_destroy_inline_data+0x28/0xe0 [ 119.994380][ T6960] ? down_read_killable+0x340/0x340 [ 119.999612][ T6960] ? lockdep_unlock+0x146/0x2e0 [ 120.004515][ T6960] ? ext4_journal_check_start+0x178/0x250 [ 120.010443][ T6960] ext4_destroy_inline_data+0x28/0xe0 [ 120.015858][ T6960] ext4_do_writepages+0x4f0/0x3990 [ 120.021007][ T6960] ? verify_lock_unused+0x140/0x140 [ 120.026233][ T6960] ? ext4_normal_submit_inode_data_buffers+0x240/0x240 [ 120.033114][ T6960] ? rcu_read_lock_any_held+0xb4/0x140 [ 120.038596][ T6960] ext4_writepages+0x1dd/0x350 [ 120.043392][ T6960] ? ext4_read_folio+0x2f0/0x2f0 [ 120.048365][ T6960] ? filemap_get_entry+0xce/0x3f0 [ 120.053422][ T6960] ? ext4_read_folio+0x2f0/0x2f0 [ 120.058566][ T6960] do_writepages+0x3b3/0x630 [ 120.063198][ T6960] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 120.068966][ T6960] ? __lock_acquire+0x7d40/0x7d40 [ 120.074038][ T6960] ? __rwlock_init+0x150/0x150 [ 120.078838][ T6960] ? do_raw_spin_unlock+0x121/0x230 [ 120.084069][ T6960] filemap_fdatawrite_wbc+0x122/0x180 [ 120.089494][ T6960] file_write_and_wait_range+0x197/0x280 [ 120.095146][ T6960] ? __filemap_set_wb_err+0x1b0/0x1b0 [ 120.100537][ T6960] ? ext4_buffered_write_iter+0xd7/0x350 [ 120.106189][ T6960] ? __lock_acquire+0x7d40/0x7d40 [ 120.111265][ T6960] generic_buffers_fsync_noflush+0x6f/0x160 [ 120.117204][ T6960] ext4_sync_file+0x454/0xc00 [ 120.121906][ T6960] ext4_buffered_write_iter+0x2c0/0x350 [ 120.127475][ T6960] ext4_file_write_iter+0x1d9/0x1880 [ 120.132775][ T6960] ? __stack_depot_save+0x560/0x630 [ 120.137999][ T6960] ? kasan_set_track+0x5f/0x70 [ 120.142790][ T6960] ? aa_path_link+0xea0/0xea0 [ 120.147505][ T6960] ? direct_splice_actor+0xe8/0x130 [ 120.152738][ T6960] ? splice_direct_to_actor+0x304/0x8c0 [ 120.158317][ T6960] ? do_splice_direct+0x1d5/0x2f0 [ 120.163383][ T6960] ? __se_sys_copy_file_range+0x324/0x470 [ 120.169151][ T6960] ? do_syscall_64+0x55/0xa0 [ 120.173802][ T6960] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 120.179923][ T6960] ? ext4_file_read_iter+0x670/0x670 [ 120.185246][ T6960] ? common_file_perm+0x198/0x1f0 [ 120.190307][ T6960] do_iter_write+0x738/0xc30 [ 120.194943][ T6960] ? vfs_iter_write+0xa0/0xa0 [ 120.199659][ T6960] ? __asan_memset+0x22/0x40 [ 120.204282][ T6960] ? iov_iter_bvec+0xd4/0x1b0 [ 120.208990][ T6960] ? vfs_iter_write+0x6e/0xa0 [ 120.213699][ T6960] iter_file_splice_write+0x6a3/0xcb0 [ 120.219108][ T6960] ? splice_from_pipe+0x180/0x180 [ 120.224162][ T6960] ? splice_folio_into_pipe+0xb10/0xb10 [ 120.229828][ T6960] ? splice_from_pipe+0x180/0x180 [ 120.234884][ T6960] direct_splice_actor+0xe8/0x130 [ 120.239963][ T6960] splice_direct_to_actor+0x304/0x8c0 [ 120.245369][ T6960] ? direct_file_splice_eof+0xb0/0xb0 [ 120.250769][ T6960] ? warn_unsupported+0xc0/0xc0 [ 120.255647][ T6960] ? fsnotify_perm+0x5d/0x5e0 [ 120.260351][ T6960] ? security_file_permission+0x79/0xa0 [ 120.265932][ T6960] do_splice_direct+0x1d5/0x2f0 [ 120.270819][ T6960] ? splice_direct_to_actor+0x8c0/0x8c0 [ 120.276397][ T6960] ? rcu_read_lock_any_held+0xb4/0x140 [ 120.281878][ T6960] ? do_splice_direct+0x2f0/0x2f0 [ 120.286933][ T6960] vfs_copy_file_range+0xa98/0x15c0 [ 120.292167][ T6960] ? generic_copy_file_range+0x1e0/0x1e0 [ 120.297833][ T6960] ? __might_fault+0xaa/0x120 [ 120.302532][ T6960] ? __might_fault+0xc6/0x120 [ 120.307230][ T6960] ? __might_fault+0xaa/0x120 [ 120.311932][ T6960] __se_sys_copy_file_range+0x324/0x470 [ 120.317507][ T6960] ? __x64_sys_copy_file_range+0xf0/0xf0 [ 120.323169][ T6960] ? __x64_sys_copy_file_range+0x21/0xf0 [ 120.328829][ T6960] do_syscall_64+0x55/0xa0 [ 120.333267][ T6960] ? clear_bhb_loop+0x40/0x90 [ 120.337963][ T6960] ? clear_bhb_loop+0x40/0x90 [ 120.342664][ T6960] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 120.348584][ T6960] RIP: 0033:0x7fb0c439acb9 [ 120.353031][ T6960] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.372677][ T6960] RSP: 002b:00007fb0c51a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 120.381200][ T6960] RAX: ffffffffffffffda RBX: 00007fb0c4616090 RCX: 00007fb0c439acb9 [ 120.389193][ T6960] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000004 [ 120.397182][ T6960] RBP: 00007fb0c4408bf7 R08: 0000000000000863 R09: 0200000000000000 [ 120.405181][ T6960] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 120.413175][ T6960] R13: 00007fb0c4616128 R14: 00007fb0c4616090 R15: 00007ffea3669698 [ 120.421175][ T6960] [ 120.429071][ T6960] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.471: bg 0: block 5: invalid block bitmap [ 120.451192][ T6953] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 120.498260][ T6963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.475'. [ 120.530285][ T6960] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 120.567604][ T6960] EXT4-fs (loop1): This should not happen!! Data will be lost [ 120.567604][ T6960] [ 120.578461][ T6960] EXT4-fs (loop1): Total free blocks count 0 [ 120.584566][ T6960] EXT4-fs (loop1): Free/Dirty block details [ 120.592920][ T6960] EXT4-fs (loop1): free_blocks=0 [ 120.601597][ T6960] EXT4-fs (loop1): dirty_blocks=67 [ 120.607709][ T6960] EXT4-fs (loop1): Block reservation details [ 120.613837][ T6960] EXT4-fs (loop1): i_reserved_data_blocks=67 [ 120.647034][ T1118] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28