last executing test programs: 4m55.460181515s ago: executing program 2 (id=563): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x4000) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0) 4m53.598817102s ago: executing program 2 (id=565): openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x100) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2100b066eeb9e00a00000f"], 0x56}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4m53.07892223s ago: executing program 2 (id=569): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) mkdir(&(0x7f0000001c00)='./file0\x00', 0x20) r2 = open(&(0x7f0000000300)='.\x00', 0xa000, 0x124) mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x145) r4 = fanotify_init(0xf00, 0x0) r5 = open$dir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x90000, 0x101) fanotify_mark(r4, 0x1, 0x5000003a, r5, 0x0) mkdirat(r3, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r6, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r6, &(0x7f00000002c0)='./file0\x00', 0x2) 4m52.735321265s ago: executing program 2 (id=570): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000000)={[{@errors_continue}]}, 0x1, 0x4c5, &(0x7f0000000ec0)="$eJzs3c9vE1ceAPCvbRKSkF1+7B4WDgtakNhdRAyJSKIVF04rVaKt4NAjShMT0ThxFDuURDkEqYf2XrVIPVU98AdU7bWceuTacmrPlVCbhkaViuTKY5v8NHXbEKPM5yMNfjNv8Pe9WN+nmTceTwCpdar2TyaiPyIeRsTh+urmHU7VX9ZWlsZrSyaq1evfR66+w9J4c9fm/zsUEcsR0RMR1/4f8WZme9zywuLUWLFYmGus5yvTs/nywuL5W9Njk4XJwszQyODI6PDwyOilXevrO3euvPbBT1fe/eSr+9+8lfnsTK1Z/Y261ZX1fuymete74uiGbQci4vKLCNYBuUZ/ejvdEP6Q2uf3t4g4neT/4cglnyaQBtVqtfq0erBV9XIV2LeyyTFwJjsQEfVyNjswUD+G/3v0ZYulcuXczdL8zET9WPlIdGVv3ioWLjTOFY5EV6a2fjEpr68PblkfikiOgd/P9SbrA+Ol4sTeDnXAFoe25P+TXD3/gZRwyg/pJf8hveQ/pJf8h/SS/5Be8h/SS/5Desl/SC/5D+kl/yG95D+k0utXr9aW6lrj/veJ2wvzU6Xb5ycK5amB6fnxgfHS3OzAZKk0mdyzM/1b71cslWaHYmb+Tr5SKFfy5YXFG9Ol+ZnKjeS+/huFrj3pFdCOoycfPMpExPL/epOlprtRJ1dhf6tWM9Hpe5CBzsh1egACOsbUH6SXc3xgh5/o3aSnVcXs7rcF2BvZ9WLLFAf2p7PHXf+DtDL/D+ll/h/SyzE+YP4f0ifb6QYAHdPf4vlff9nw7K4LEfHXiPg613Ww+awvYD/IfpdpNQ94JqI783NyiaA7It7+6PqHd8YqlbmLte0/PNteudfYPth+1O5daz/QrmaeNvMYAEiv1ZWl8eayl3EfX6mffNTirjWWes2BxtxkT3KNsm81s+kcpeU5y++0fDci/hHxZGVpvLk0I9Sfd16/8tG3mtsW/1jjNVN/i6S9B5LnpkfbX6f+M/GPb4j/zw3xT+zC3wXS4EFt/Lmwffw72MjpeJZ/m8ef/l367kRz/FvbNv5ln41/uRbj38k2Y1zOv7HaMv7diBM7xm/G60libY1fa9vZNuN/+d6PD1vVVT+uv89O8ZtqpXxlejZfXlg8n/yO3GRhZmhkcGR0eHhk9FI+maPON2eqt3v0r6dfPK//fS3i79T/7g1t+k+b/f/l3ufnTj0n/r9P7/z5H9shflNvRPy3zfivfPrttVZ1tfgTLfqfbRE/E7Fc2zbUZvzr9x+/2uauAMAeKC8sTo0Vi4U5BYU0FTLxUjTj5S10emQCXrT1pO90SwAAAAAAAAAAAIB27cXXiTvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/eDXAAAA//9p8tW2") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) waitid$P_PIDFD(0x2, r1, 0x0, 0x8, 0x0) fremovexattr(r0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file2\x00', 0xa00008, &(0x7f0000000100), 0x1, 0x7c8, &(0x7f0000001280)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JrsQ2JQeSqGBQHtOYmTFpJatYMkhNoYklEIvPbT0UGguOTdtesuhl/64tpf+DT2UhLR1QlN6KC4jjRL5hxw7seQ0/nxgrPdmRnrvO2/mzfPMIAWwZw2nf3IRByN60uRgNj+JbEZ0R5yor/dgeamQTkmsrLz6Q1Jb5/7yUiGa3pPan2X+GhFfvBlxKLe+3MrC4vREqVScy/Kj1ZkLo5WFxcPnZyamilPF2aNj4+NHjv3n2NGdi/WnrxcP3HnnpX9+fOKXN/5y8+0vkzgRB7JlzXHslOEYzrZJT7oJV3lxpwvbZcluV4Ankh6aXfWjPA7GYHRt0pL/72jNAIB2uRwRKwDAHpM4/wPAHtO4DnB/eanQmKJ+P+fK464dHG/3xYkOuPtCRPTX42/c36wv6a7fs/umv3YfdOB+UrtH0pBExNAOlD8cEddunb6RTtGm+5AAG7lyNSLODg2v7f/THm7tMwvb9a8trDPcSHxaf9H/Qed8lo5//rt+/BeRy47//trfteOfvuZj9yms/Yz1x3/u9qpszw4U2iQd/x1verbtQVP8maGuLPeH2pivJzl3vlRM+7Y/RsRI9PSl+bFNyhi59+u9Vsuax38/vvv6h2n56eujNXK3u/tWv2dyojrxNDE3u3s14m/dG8WfPGz/pMX499QWy3j5f2990GpZGn8ab2NaH397rVyP+MeG7f/oOahk0+cTR2u7w2hjp9hg//zk2/cHWpXf3P7XbqUlLRUa/wt0Qtr+A5vHP5Q0P69Z2X4ZX10f/LzVstXxn76Rlr86/o33/97ktVq6N5t3aaJanRuL6E1eWT//yKP3NvKN9dP4R/6+Kv6sBXOb7v/pSmez9MpjHn7svvP9R08ef3ul8U+m7Z9kQTy2/befuPlguqtV+Vtr//FaaiSbs77/6173uVut4FNtPAAAAAAAAAAAAAAAAAAAAAAAAADYolxEHIgkl3+YzuXy+fpveP85BnKlcqV66Fx5fnYyar+VPRQ9ucZXXQ42fR/qWPZ9+I38kTX5f0fEnyLivb59tXy+UC5N7nbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDZ3+L3/1Pf9e127QCAtunf7QoAAB23rfO/wQIAPBdanNJ7N569r611AQA6o3b+T7p3uxoAQAe5pA8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG126uTJdFr5eXmpkOYnLy7MT5cvHp4sVqbzM/OFfKE8dyE/VS5PlYr5Qnmm5Qddqb+UyuUL4zE7f2m0WqxURysLi2dmyvOz1TPnZyamimeKPR2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2rrKwOD1RKhXnJDZPXH4mqnE1a7bd3hrPU+Jstk2flfpsI9EXEe0qormX2Nf5jgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgd+K3AAAA//+aBB1p") creat(&(0x7f0000000340)='./bus\x00', 0x11a) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000003c0)='./bus\x00', 0x0, 0x41800, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x84) syz_emit_ethernet(0x72, &(0x7f00000002c0)={@broadcast, @empty, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x38, 0x3a, 0x1, @empty, @local, {[], @time_exceed={0x3, 0x1, 0x0, 0x2, '\x00', {0x3, 0x6, "39afb8", 0xf648, 0x0, 0x0, @rand_addr=' \x01\x00', @private1={0xfc, 0x1, '\x00', 0x1}, [@srh={0x29, 0x0, 0x4, 0x0, 0xb9, 0x40, 0x5}]}}}}}}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000003, 0x28011, r2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 4m51.192382648s ago: executing program 2 (id=577): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r2, 0x0) sendmsg$OSF_MSG_REMOVE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000003fc0)=ANY=[], 0x1060}, 0x1, 0x0, 0x0, 0x4805}, 0x20000000) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001f00)=""/4106, 0xfffffffffffffccb, 0x0, 0x0}, &(0x7f0000000080)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x48}, &(0x7f00000004c0)=0x40) 4m50.673592286s ago: executing program 2 (id=580): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc) 4m49.841873188s ago: executing program 32 (id=580): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc) 15.539486004s ago: executing program 3 (id=1453): openat(0xffffffffffffff9c, 0x0, 0x101142, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r3, 0x1, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xd, 0x4, 0x4, 0xa8, 0x0, r4, 0x0, '\x00', 0x0, r3, 0x0, 0x5}, 0x48) 10.754781744s ago: executing program 0 (id=1470): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, [@call={0x85, 0x0, 0x0, 0x29}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0x28, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 10.631381085s ago: executing program 3 (id=1471): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r4], 0x40}}, 0x8080) 9.447244983s ago: executing program 1 (id=1472): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x6cfe}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe9) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r3, r2, 0x0, 0x20000023893) 8.9360892s ago: executing program 3 (id=1473): socket$nl_generic(0x10, 0x3, 0x10) openat$sysfs(0xffffffffffffff9c, 0x0, 0x121a02, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cffb93b201}, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r5, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0) 8.135403182s ago: executing program 0 (id=1474): openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x140, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) listen(r1, 0x5) recvfrom$inet(r1, 0x0, 0x0, 0x40014062, 0x0, 0x0) 8.000990093s ago: executing program 4 (id=1476): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe}) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) 7.785163207s ago: executing program 3 (id=1477): socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x9e74, 0x0, 0x1}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 7.784569797s ago: executing program 0 (id=1478): r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r0, 0x0, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) read$rfkill(r3, &(0x7f0000000080), 0xffffff1c) 7.007386878s ago: executing program 4 (id=1479): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000022c0)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000001705000008004ef02d3501000000000095003200000000006916000000000000bf67000000000000350605000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d39d25991b085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e5671c888fb126a163f16f920ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e17417a249a2cd8ff62aa6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a122822bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c6310121ecb9029e7f835420f8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000000000bc12b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35349fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a511007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d3743a0be77b64961753faba6131c136fb14b1963960f2f7f118bc451a18b216bf26c3cec2575a059da60baede629711a5f11c347fcbca73440d27b1147b44fb15106c00669da23964fd9de079d1a9077848100f6e75d29b2d60016abc6ef1542bd3062f599676bb04e64decb6c843a407f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 6.971362889s ago: executing program 5 (id=1480): bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="08f272f808af"}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x1, 0x8, 0x8}, 0xa1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r2}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast}) 6.814772911s ago: executing program 3 (id=1481): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x4) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r5 = socket(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x2, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x21d, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x400c8b4) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x10) 5.807591106s ago: executing program 4 (id=1482): syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r3 = socket(0x2b, 0x80801, 0x1) connect$inet6(r3, 0x0, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000040)=0x9, 0x4) 4.924328308s ago: executing program 4 (id=1483): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000081400002d0301000000000095000000000000006916600000000000bf67000000000000260300000fff0748670600000f000000170300000ee60020bf050000000000001d360000000000006507f9ff01000000070700004c000000cc75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ff7f5be95e09b67754bb12feffffff8ecf264e0f84f9f17d3c51e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be5b369289aa6812b8e007e733b9a4f16d0abbd5ad9381806ef08513e3d3778a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad5b803306b17cf4ef3f1d45f65727546e7c955ccefa1f6ab689fde4de4e63edf10271a5144ddc8da3aa5b0ab733a1b901627b562ed04ae76002d4519af619e3a2a4d69e0dee5eb106774a8f3e6916dfec88b5634ef79b02d2ca8ff54c158f0200000000eafb735fd552bdc206004aeb0743eb2dc819c75c8ac86d8a297dff0445a13d006723888fb126a163f16fb2ad9bc1162ba7cbebe174cecac4d03723f1c932b3faffffffffffffff5fc998e13b670e373e3e5897f7ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2a0700000096649a462e7ee4bcf8b07a101c879730beb4000000000000000000000000000000bc00f674629709e7e78f4ddc3d1bc3ebf0bd9d42ca019dd5d022cf7468659fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd313f3bea788ea2bcdc340ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f3767ce603c9d4867b63d20a268bb9f15a0a6e66ce4660fbee91629ab028acfc1d9260e9659a0f6a5480a55c22fe3ae5f562d0ae520c38d2bab6528000000596fb73a96b33c81cdbbd421a27f7f1db054cc7a0a4d372849c99a98822103b9851d924b85b1ca4b21b187db00000000000000066dead3b9670a7604a5ddd0fd2e4fb8a5749a8a8ad78454ba1eebeff1b528da294247d294d2487babb176fdfafeb3d492a325671e6b91afb41f87feda4ce2f468a3758750c0b8f151d4d8574bbbe027687a0e12311cdf3384a26ee3f6f2424ba1e5be98ef1f8f2db9a4991e234f9f447e1730ceaf54cf25c0e3ad7cbb0de06d55db89d154c9d3fcd01c551b0ef58034c252629aefbfd5305845b9a8763b264e8f0bcd0f606fe92e511f122325ebc5fef1b68f2e2ec7bebe423d4baae0e27845d0eb8b8a4f97f83424221e94a5c4623feb8496ccdbc55b27773bf1b3e6a91a20e0c27fc80262647f88d8d1123d199b2c7729bb7700e887ea963f00004a1d0851dbfb9308d16cadcc7b477c9a9586571182526898735552a203c4797228533b1a73ab44aa115136353964648abcc4adbe765556643842290a92eafea0ec2c000000000000000000000000000000e1f3518dc3fc2bbefe043804ac1b6b1c8b7e3afed045a3a808700bca61a39d5bfa83877803013e2d145e642253632f3a283c6eee0e22cb69fe7f94786220c31e9b2a82a9856e947bace74923e4740bf1c17cb41ef19161c3d417655517c28bd08dee32d77a40b834ba7a12223354e9321b8300f7d5d63fa0e8f074adc176285a8f41609ce040cec99943792f5443ca5292447b0f0f240743c4b2b8142ce0b43d4d1731ce11533f61ef241c83557f5aae58a848b5ccce86b8b0fb21fe369c90f06e2d9680003df72f3f0060e6c3415cc1026d342003bece09fbfd062efdd9b48377335903f3b4e87386915e3ac429a4db646da1cc6e29ad8650f4da326cbfdce12c8d5deba32549d6aefe422e0d665d62325c737fe76ec1f3c3670ed96f86738a2cf1c59b5f9b84ffd068f7b4509f53617910a41b811a3f7cd6251f8100008133af11a4db2d00c0ad86ce9f40f3e06b41b45f72b1598a12abddf58ac778bff2f1e49306a1d2f80b2a7d7a28f3997ee60793c62ffee96535e47adac9f367395cf26056a4b76d646f7682f21beafcdb7a9c07acfd145487426f1a009327b8ec6e695e6a7ddcc2c9151cc9c4efa413fa1e521b398151247104bc47748199441cf298e925ef2e3374f4ec0193b38a355c35ee44962fceb3f418510742c93a442f857733b74b6d9197cd62784d7f2afa6a4bc5cae18e33435665250241a7ffd96fc0790000009c17c570096bb75de737107e029b18ec0e61ab3761366452a1c6e3e3c912170f874555aaefc9644cffa768eb2b47c6b040698746df86026730db64859c46cdfb775b86214cfd1932d5ad87c56ea4f38bca780000000000000000000000003bf179c894590cb06b546082451bb735e7152afd5340683663e8effbfb49855ec98703a1e141ab7510fc0e3b081e72d25bfa4e52bedadd11e152bb1dcfcfe942b97b813cf4cdd8626ecfb630425db071c1bfdb03fee96f80b1a96f9427e17edfdc902749ccbab746e26a3a46527b3a32c49dab9608ab1dca3982590c1e78ff5c87d10eef5c3707974981c01c00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf000000}, 0x48) 4.696072932s ago: executing program 0 (id=1484): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000240)=ANY=[], 0x8) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440), 0x1000a) r3 = socket$netlink(0x10, 0x3, 0x0) getpid() sendmsg$netlink(r3, &(0x7f0000006780)={0x0, 0x0, &(0x7f0000006600)=[{&(0x7f0000000080)={0x28, 0x2a, 0x1, 0x0, 0x0, "", [@nested={0x15, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0xeb, 0x0, 0x0, @fd}, @generic='Z']}]}, 0x28}], 0x1}, 0x0) sendfile(r1, r2, &(0x7f0000000000)=0xa00, 0x1001) capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r4, 0x10e, 0x8, 0x0, 0x0) preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000bc0)=""/80, 0x50}], 0x1, 0x4000ffe, 0x102) 3.690642976s ago: executing program 4 (id=1485): openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0), 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiMwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7g0Dw8GozxMZGJcz7mdiYJgZtnMPsr/KG6CRwcDMwMCgwsDAwMTAwpCWmZNq4MHAyMAM5RiyQFXBVDMxcIAl9JLzc1LaGRjBSQCsbTkDC9wMw8cMrHCOETLH2KIBahJDO5RWgdIeUHo5lH4MpeXRkg0L2IR+KE+jgYGBjaEisaSkyJCNgQHKgosZwcWMBOA2M0FtncuE6rnjTAyjYBSMglEwCkbBKBgFo2AUjIJRMJIBIAAA///ZbLn7") socket$inet6_tcp(0xa, 0x1, 0x0) 3.587403588s ago: executing program 5 (id=1486): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000ec0), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 3.484814059s ago: executing program 5 (id=1487): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000040)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xffffffe0}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x801) sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r3, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}}, 0x28}}, 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000"], 0x11, 0x17e, &(0x7f0000000200)="$eJzsmL9PwkAUx793RYjGRGcXTSQBBktb1MjgwOygib/iJpFK0CIGOgibf4Wzf4EzcSHxz9BBnVxwc3KoaXvQB/4c1MT4PsO77zse17vX5NvkwDDMv+X+7un2IpW80gCMI4mEmn/QohpJ6tsTz5nryurlmfF40+6s5IfXEwA87+vPjwHoFDS4Kve8wX8n1bgB2debkMgovQ0BXeldSGwpbUNgR+kDomt+va7vVxxb36s5JV8YfjD9YPkhN7y/7qlAiexPkN8bzdZh0XHs+g+Kz/rXLUgsk/3R99XrjUH6Z0LCVDoHgXWll5Do9SZsCTn/VCxaX/vl87NgweKvicifvHOBFPGnGPGPrFs9zjaarblKtVi2y/aRZeUWjXnDWLCygRGF8QP/Gw38aYysP/JObVzEcVJ03boZxn5uhfEtx40H/ieRng1zoeYowfdgUsz4Q1pTOcMwDMMwDMMwDMMwDMMwzDcR3UlOQwS3oAPkX01Za0H1SwAAAP//eg52cw==") r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r5, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000240)=ANY=[]) 3.376656161s ago: executing program 1 (id=1488): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() socket$inet_sctp(0x2, 0x1, 0x84) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 3.331236112s ago: executing program 3 (id=1489): socket$inet6(0xa, 0x2, 0x0) socket(0x10, 0x803, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xffffffff}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1400000000000000290000000b00000000010000000000005800000000000000290000003900"], 0x70}, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12011101000d002043558107000000000001090224000100004009090402040203000200092107008401220700090581030002055105"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000001740)={'syz1\x00', {}, 0x45, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffffffd, 0xfffffc5d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}, @IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0x80503}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) syz_usb_control_io$hid(r1, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220700000092"], 0x0}, 0x0) 2.587480102s ago: executing program 5 (id=1490): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) setrlimit(0x1, &(0x7f00000001c0)={0x7, 0x8f}) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r4, 0x0, 0x0, 0x1001f0) 2.586745053s ago: executing program 0 (id=1491): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000406, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000680), r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ff00"}) r3 = syz_open_pts(r0, 0x0) r4 = dup3(r3, r0, 0x0) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x12) 2.536756793s ago: executing program 4 (id=1492): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x210, 0x9403, 0x0, 0x210, 0x2c0, 0x300, 0x3d8, 0x3d8, 0x300, 0x3d8, 0x3, 0x0, {[{{@ipv6={@private2, @private0, [], [0xffffffff], 'veth0_to_batadv\x00', 'batadv0\x00'}, 0x0, 0x1d0, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x4, 0x0, 'syz0\x00'}}, @common=@srh={{0x30}, {0x33, 0x2, 0x8, 0x1, 0x5, 0x21}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8, 0x1, {0x2}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) 2.363377926s ago: executing program 1 (id=1493): sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x4000004) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) getdents(r3, &(0x7f0000000280)=""/4096, 0x9005) sendmsg$NFT_MSG_GETFLOWTABLE(r3, 0x0, 0x24000000) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$sock_int(r0, 0x1, 0x9, 0x0, 0x0) 2.051774191s ago: executing program 1 (id=1494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x1000002, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) 1.589708387s ago: executing program 0 (id=1495): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x52, &(0x7f0000000080)={0x0, 0x8b45, 0x4, 0x0, 0x3d8}, &(0x7f0000ff0000), 0x0) iopl(0x3) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.560905317s ago: executing program 5 (id=1496): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={r4, 0xfffffff4, 0x6, 0x9, 0x9, 0x9, 0x7fff, 0x1d20, {r4, @in6={{0xa, 0x4e20, 0x3c, @mcast1, 0x75cb}}, 0x3, 0x2, 0x6, 0x9, 0x8}}, &(0x7f0000000040)=0xb0) 743.441429ms ago: executing program 1 (id=1497): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) personality(0x400000) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000009, 0x2172, 0xffffffffffffffff, 0x60f4b000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) msgget(0x3, 0x601) msgget(0x2, 0x624) msgget(0x0, 0x200) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x48000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 74.045149ms ago: executing program 5 (id=1498): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000714010000000000000000000800", @ANYRES32=r1], 0x30}}, 0x94) 0s ago: executing program 1 (id=1499): ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9f) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x7, 0x400, 0x8, 0xbcc7, 0x1, 0x6eca17b7, 0x88c, 0x3ff}}}}]}, 0x58}}, 0x44080) r4 = socket(0x10, 0x3, 0x0) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xfff2, 0xa}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) kernel console output (not intermixed with test programs): port 2(bridge_slave_1) entered disabled state [ 98.982035][ T4819] device bridge_slave_0 left promiscuous mode [ 99.012251][ T4819] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.155690][ T4833] process 'syz.0.128' launched './file2' with NULL argv: empty string added [ 99.825064][ T4846] random: crng reseeded on system resumption [ 100.397524][ T4856] loop2: detected capacity change from 0 to 256 [ 100.687825][ T4856] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 100.700888][ T4856] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 101.084456][ T4846] Restarting kernel threads ... done. [ 101.323771][ T4861] loop3: detected capacity change from 0 to 256 [ 101.384718][ T4861] FAT-fs (loop3): bogus number of FAT sectors [ 101.436892][ T4861] FAT-fs (loop3): Can't find a valid FAT filesystem [ 101.909782][ T126] kernel write not supported for file bpf-prog (pid: 126 comm: kworker/1:2) [ 102.290744][ T4876] kAFS: unable to lookup cell ' [ 102.290744][ T4876] >.€·?](<â›' [ 102.290744][ T4876] Ø¡—§P!×0Ä^O¹œ[àÆZéøvMTölÆAèÉß/H=9.äÜb>9ðF9ºÙ*‰ŒmªTS¶û' [ 103.443997][ T4884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.144'. [ 104.816098][ T4900] loop0: detected capacity change from 0 to 256 [ 104.888450][ T4900] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 105.142280][ T4900] syz.0.148: attempt to access beyond end of device [ 105.142280][ T4900] loop0: rw=524288, sector=34359738488, nr_sectors = 8 limit=256 [ 105.167084][ T4900] syz.0.148: attempt to access beyond end of device [ 105.167084][ T4900] loop0: rw=0, sector=34359738488, nr_sectors = 8 limit=256 [ 105.183027][ T26] audit: type=1800 audit(2000000035.770:2): pid=4900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.148" name="file1" dev="loop0" ino=1048596 res=0 errno=0 [ 106.737727][ T4887] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.778783][ T4887] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 107.082582][ T4887] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.091835][ T4887] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.100683][ T4887] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.109649][ T4887] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.253968][ T4887] syz.1.145 (4887) used greatest stack depth: 20448 bytes left [ 107.561575][ T4923] syz.1.153 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 108.757765][ T4932] loop1: detected capacity change from 0 to 8 [ 108.835921][ T4932] SQUASHFS error: lzo decompression failed, data probably corrupt [ 108.870165][ T4932] SQUASHFS error: Failed to read block 0x91: -5 [ 108.895071][ T4932] SQUASHFS error: Unable to read metadata cache entry [8f] [ 108.919587][ T4936] netlink: 44 bytes leftover after parsing attributes in process `syz.3.159'. [ 108.929207][ T4932] SQUASHFS error: Unable to read inode 0x11f [ 108.936970][ T4936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.159'. [ 108.946553][ T4936] netlink: 16 bytes leftover after parsing attributes in process `syz.3.159'. [ 109.063990][ T4939] loop1: detected capacity change from 0 to 128 [ 109.173282][ T4939] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 110.166015][ T4949] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 110.173729][ T4949] IPv6: NLM_F_CREATE should be set when creating new route [ 110.183144][ T4932] capability: warning: `syz.1.158' uses deprecated v2 capabilities in a way that may be insecure [ 110.455288][ T26] audit: type=1804 audit(2000000041.040:3): pid=4954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.163" name="/newroot/40/file1" dev="fuse" ino=1 res=1 errno=0 [ 110.519634][ T4960] loop0: detected capacity change from 0 to 256 [ 110.530159][ T26] audit: type=1800 audit(2000000041.040:4): pid=4954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.163" name="/" dev="fuse" ino=1 res=0 errno=0 [ 110.638141][ T4960] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 110.669030][ T26] audit: type=1804 audit(2000000041.040:5): pid=4954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.163" name="/newroot/40/file1" dev="fuse" ino=1 res=1 errno=0 [ 110.777879][ T26] audit: type=1800 audit(2000000041.040:6): pid=4954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.163" name="/" dev="fuse" ino=1 res=0 errno=0 [ 110.974178][ T26] audit: type=1800 audit(2000000041.560:7): pid=4960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.165" name="file1" dev="loop0" ino=1048599 res=0 errno=0 [ 112.273910][ T4960] syz.0.165: attempt to access beyond end of device [ 112.273910][ T4960] loop0: rw=0, sector=34359738488, nr_sectors = 8 limit=256 [ 114.444694][ T5012] Zero length message leads to an empty skb [ 115.056706][ T5024] netlink: 24 bytes leftover after parsing attributes in process `syz.0.185'. [ 115.078547][ T5012] syz.3.182 (5012) used greatest stack depth: 17808 bytes left [ 115.136788][ T5026] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 117.840593][ T5054] loop2: detected capacity change from 0 to 64 [ 117.848681][ T5054] hfs: unable to parse mount options [ 117.904285][ T4259] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 117.939199][ T5060] tipc: Started in network mode [ 117.944528][ T5060] tipc: Node identity ac1414aa, cluster identity 4711 [ 117.968798][ T5060] tipc: Enabled bearer , priority 10 [ 119.083001][ T7] tipc: Node number set to 2886997162 [ 119.189415][ T5068] loop1: detected capacity change from 0 to 16 [ 119.203216][ T5068] erofs: (device loop1): mounted with root inode @ nid 36. [ 119.697390][ T5071] Bluetooth: MGMT ver 1.22 [ 120.501489][ T5091] netlink: 'syz.3.200': attribute type 4 has an invalid length. [ 120.572102][ T5094] loop2: detected capacity change from 0 to 512 [ 120.708568][ T5094] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 120.743275][ T5094] EXT4-fs (loop2): orphan cleanup on readonly fs [ 120.757177][ T5094] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 120.784594][ T5094] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 120.803137][ T5094] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #16: comm syz.2.204: iget: immutable or append flags not allowed on symlinks [ 120.863079][ T5094] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.204: couldn't read orphan inode 16 (err -117) [ 120.911861][ T5094] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 121.178776][ T4271] EXT4-fs (loop2): unmounting filesystem. [ 121.870284][ T5129] loop0: detected capacity change from 0 to 512 [ 121.941999][ T4259] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.126532][ T5195] loop0: detected capacity change from 0 to 512 [ 125.143731][ T5195] EXT4-fs: Ignoring removed mblk_io_submit option [ 125.150172][ T5195] EXT4-fs: Ignoring removed bh option [ 125.287685][ T5195] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 125.305416][ T5195] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 125.336728][ T5195] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 125.432190][ T5195] EXT4-fs (loop0): 1 truncate cleaned up [ 125.449876][ T5195] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 125.721180][ T7] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 126.337953][ T5206] syz.3.222 uses obsolete (PF_INET,SOCK_PACKET) [ 126.363382][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 126.610968][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 126.625723][ T7] usb 3-1: config 0 has no interfaces? [ 127.667765][ T7] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 127.731107][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.795376][ T5219] netlink: 156 bytes leftover after parsing attributes in process `syz.0.225'. [ 127.840428][ T7] usb 3-1: Product: syz [ 127.846603][ T7] usb 3-1: Manufacturer: syz [ 127.853542][ T7] usb 3-1: SerialNumber: syz [ 127.869787][ T7] usb 3-1: config 0 descriptor?? [ 128.200149][ T5229] netlink: 'syz.0.229': attribute type 1 has an invalid length. [ 129.110215][ T5232] bond1: (slave gretap1): making interface the new active one [ 129.144939][ T5232] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 129.199165][ T7] usb 3-1: USB disconnect, device number 3 [ 129.203534][ T5234] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 132.182060][ T5256] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.288290][ T5265] loop4: detected capacity change from 0 to 2048 [ 132.387152][ T5256] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.557537][ T5256] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.623156][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.629552][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.674791][ T5256] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.827329][ T5256] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.842155][ T5256] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.856749][ T5256] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.899104][ T5256] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.432766][ T4317] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 133.678567][ T4317] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 777 [ 133.777044][ T4317] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 133.821265][ T4317] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 133.853665][ T4317] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99 [ 133.881221][ T4317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.913748][ T5276] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.405538][ T4317] snd-usb-audio: probe of 1-1:27.0 failed with error -12 [ 134.611889][ T4317] usb 1-1: USB disconnect, device number 2 [ 134.828735][ T4640] udevd[4640]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 139.360977][ T5324] netlink: 'syz.4.257': attribute type 39 has an invalid length. [ 139.922468][ T5322] loop2: detected capacity change from 0 to 2048 [ 139.922689][ T5333] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 139.936156][ T5333] IPv6: NLM_F_CREATE should be set when creating new route [ 140.123138][ T5322] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 140.341554][ T4331] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 140.368830][ T4271] EXT4-fs (loop2): unmounting filesystem. [ 140.549407][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.570841][ T4331] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 140.580118][ T4331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.673223][ T4331] usb 1-1: config 0 descriptor?? [ 140.735347][ T5333] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.742861][ T5333] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.677839][ T4331] usbhid 1-1:0.0: can't add hid device: -71 [ 141.693025][ T4331] usbhid: probe of 1-1:0.0 failed with error -71 [ 141.722495][ T4331] usb 1-1: USB disconnect, device number 3 [ 141.856811][ T5333] batman_adv: batadv0: Interface deactivated: dummy0 [ 142.265564][ T4331] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.612749][ T4331] usb 1-1: Using ep0 maxpacket: 32 [ 143.442849][ T4331] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 143.450467][ T4331] usb 1-1: can't read configurations, error -71 [ 143.589812][ T5369] loop4: detected capacity change from 0 to 512 [ 143.638296][ T5333] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.698544][ T5333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.725397][ T5369] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 143.781355][ T5369] ext4 filesystem being mounted at /56/bus/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 144.115387][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 144.389567][ T5333] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.405740][ T5333] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.429761][ T5333] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.456807][ T5333] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.839007][ T5384] loop3: detected capacity change from 0 to 512 [ 144.859334][ T5384] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4558: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 144.888868][ T5384] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 144.902572][ T5339] udevd[5339]: incorrect ext4 checksum on /dev/loop3 [ 144.934090][ T4380] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 145.138167][ T4380] usb 5-1: Using ep0 maxpacket: 8 [ 145.150915][ T4380] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 145.172928][ T4380] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 145.200527][ T4380] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 145.227280][ T4380] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 145.270187][ T4380] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.298398][ T4380] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 145.317925][ T4380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.664199][ T4380] usb 5-1: GET_CAPABILITIES returned 0 [ 145.673670][ T4380] usbtmc 5-1:16.0: can't read capabilities [ 146.168667][ T4380] usb 5-1: USB disconnect, device number 3 [ 148.064952][ T5433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.287'. [ 149.212694][ T5452] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 149.939649][ T5454] loop1: detected capacity change from 0 to 2048 [ 150.025099][ T5454] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 150.061034][ T5454] UDF-fs: Scanning with blocksize 512 failed [ 150.135001][ T5454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 150.410615][ T5440] loop4: detected capacity change from 0 to 1024 [ 150.436019][ T5461] netlink: 24 bytes leftover after parsing attributes in process `syz.3.294'. [ 150.461814][ T5440] EXT4-fs: Ignoring removed nobh option [ 150.485429][ T5440] EXT4-fs: Ignoring removed orlov option [ 150.517527][ T5440] EXT4-fs: Ignoring removed bh option [ 150.543157][ T5464] sctp: [Deprecated]: syz.2.295 (pid 5464) Use of int in max_burst socket option. [ 150.543157][ T5464] Use struct sctp_assoc_value instead [ 150.577028][ T5440] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 150.610675][ T5461] netlink: 12 bytes leftover after parsing attributes in process `syz.3.294'. [ 150.652185][ T5440] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 150.726788][ T4273] UDF-fs: warning (device loop1): udf_evict_inode: Inode 830 (mode 100000) has inode size 49530 different from extent length 52602. Filesystem need not be standards compliant. [ 150.779293][ T5440] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.289: Allocating blocks 385-513 which overlap fs metadata [ 150.852403][ T5439] EXT4-fs (loop4): pa ffff88807431f700: logic 16, phys. 129, len 24 [ 150.860914][ T5439] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 151.878960][ T5481] loop2: detected capacity change from 0 to 512 [ 151.929441][ T5481] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4558: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 151.962911][ T5339] udevd[5339]: incorrect ext4 checksum on /dev/loop2 [ 152.008043][ T5481] EXT4-fs (loop2): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 152.044877][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 152.073500][ T5339] udevd[5339]: incorrect ext4 checksum on /dev/loop2 [ 152.846709][ T5504] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 154.894802][ T5537] loop2: detected capacity change from 0 to 32768 [ 155.639819][ T5537] batman_adv: batadv0: Adding interface: dummy0 [ 155.646157][ T5537] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.671711][ T5537] batman_adv: batadv0: Interface activated: dummy0 [ 155.683485][ T5537] net_ratelimit: 11 callbacks suppressed [ 155.683496][ T5537] batadv0: mtu less than device minimum [ 155.695852][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.707187][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.718628][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.729925][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.741456][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.752780][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.764292][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.775645][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 155.787057][ T5537] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 156.681644][ T7] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 157.591006][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.631301][ T7] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 158.418761][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.442793][ T7] usb 2-1: config 0 descriptor?? [ 158.672490][ T4317] kernel read not supported for file [userfaultfd] (pid: 4317 comm: kworker/0:5) [ 158.750686][ T7] usbhid 2-1:0.0: can't add hid device: -71 [ 158.756831][ T7] usbhid: probe of 2-1:0.0 failed with error -71 [ 158.808222][ T7] usb 2-1: USB disconnect, device number 2 [ 159.032496][ T5565] netlink: 'syz.1.322': attribute type 1 has an invalid length. [ 159.129472][ T5568] bond1: (slave gretap1): making interface the new active one [ 159.138617][ T5568] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 159.292650][ T5565] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 159.724118][ T5576] netlink: 'syz.4.324': attribute type 2 has an invalid length. [ 162.356161][ T5598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.328'. [ 162.510908][ T5605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.334'. [ 164.471236][ T5647] netlink: 'syz.4.341': attribute type 12 has an invalid length. [ 165.820622][ T5662] loop1: detected capacity change from 0 to 1024 [ 169.381261][ T4331] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 169.601181][ T4331] usb 3-1: Using ep0 maxpacket: 8 [ 169.608132][ T4331] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 169.785352][ T4331] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 170.321497][ T4331] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 171.008064][ T4331] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 171.021254][ T4331] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 171.035220][ T4331] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 171.045320][ T4331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.265629][ T4331] usb 3-1: GET_CAPABILITIES returned 0 [ 171.271694][ T4331] usbtmc 3-1:16.0: can't read capabilities [ 172.196020][ T4309] usb 3-1: USB disconnect, device number 4 [ 174.154438][ T5748] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.419281][ T5748] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.459004][ T5752] netlink: 'syz.3.363': attribute type 12 has an invalid length. [ 174.557537][ T5748] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.675311][ T5748] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.752656][ T5759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.365'. [ 175.963036][ T5748] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.992767][ T5766] loop0: detected capacity change from 0 to 2048 [ 176.023747][ T5748] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.047608][ T5766] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 176.069710][ T5766] UDF-fs: Scanning with blocksize 512 failed [ 176.096171][ T5748] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.117016][ T5766] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.163463][ T5748] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.731438][ T126] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 176.948964][ T126] usb 4-1: config 0 has an invalid interface number: 101 but max is 0 [ 176.958887][ T126] usb 4-1: config 0 has no interface number 0 [ 176.975796][ T126] usb 4-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14 [ 177.001276][ T126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.029891][ T126] usb 4-1: Product: syz [ 177.043167][ T126] usb 4-1: Manufacturer: syz [ 177.062458][ T126] usb 4-1: SerialNumber: syz [ 177.109256][ T126] usb 4-1: config 0 descriptor?? [ 177.118787][ T126] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 177.140457][ T4265] UDF-fs: warning (device loop0): udf_evict_inode: Inode 830 (mode 100000) has inode size 49530 different from extent length 52602. Filesystem need not be standards compliant. [ 177.882268][ T126] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 178.112878][ T126] gspca_pac7302: probe of 4-1:0.101 failed with error -110 [ 178.202144][ T126] usb 4-1: USB disconnect, device number 2 [ 178.531418][ T4380] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 178.721372][ T4380] usb 1-1: Using ep0 maxpacket: 8 [ 178.736606][ T4380] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 178.746647][ T4380] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 178.757640][ T4380] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 178.768064][ T4380] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 178.778728][ T4380] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 178.798097][ T4380] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 178.841194][ T4380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.076247][ T4380] usb 1-1: GET_CAPABILITIES returned 0 [ 179.081936][ T4380] usbtmc 1-1:16.0: can't read capabilities [ 179.092726][ T5788] device batadv_slave_1 entered promiscuous mode [ 179.128670][ T5788] device veth1_virt_wifi entered promiscuous mode [ 179.156710][ T5787] device veth1_virt_wifi left promiscuous mode [ 179.171495][ T5787] device batadv_slave_1 left promiscuous mode [ 179.727658][ T4309] usb 1-1: USB disconnect, device number 6 [ 182.625827][ T5818] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.244530][ T5818] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.529221][ T5818] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.761929][ T5818] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.955195][ T5818] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.977144][ T5818] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.004823][ T5818] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.026973][ T5818] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.191223][ T4380] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 185.383264][ T4380] usb 5-1: config 0 has an invalid interface number: 101 but max is 0 [ 185.400406][ T4380] usb 5-1: config 0 has no interface number 0 [ 185.422049][ T4380] usb 5-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14 [ 185.446112][ T4380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.476109][ T4380] usb 5-1: Product: syz [ 185.490583][ T4380] usb 5-1: Manufacturer: syz [ 185.506154][ T4380] usb 5-1: SerialNumber: syz [ 185.518528][ T4380] usb 5-1: config 0 descriptor?? [ 185.566752][ T4380] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 185.991240][ T4272] Bluetooth: hci1: command 0x0406 tx timeout [ 185.998077][ T4272] Bluetooth: hci0: command 0x0406 tx timeout [ 186.006540][ T4272] Bluetooth: hci3: command 0x0406 tx timeout [ 186.151479][ T4380] gspca_pac7302: reg_w() failed i: ff v: 01 error -110 [ 186.173596][ T4380] gspca_pac7302: probe of 5-1:0.101 failed with error -110 [ 186.374908][ T4309] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 186.571143][ T4309] usb 4-1: Using ep0 maxpacket: 8 [ 186.582751][ T4309] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 186.636728][ T4309] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 186.661136][ T4309] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 186.684208][ T4309] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 186.704749][ T4309] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 186.821777][ T4309] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 186.830862][ T4309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.630812][ T4309] usb 4-1: GET_CAPABILITIES returned 0 [ 187.636395][ T4309] usbtmc 4-1:16.0: can't read capabilities [ 188.533453][ T4309] usb 5-1: USB disconnect, device number 4 [ 188.653855][ T3598] usb 4-1: USB disconnect, device number 3 [ 190.170409][ T5894] loop4: detected capacity change from 0 to 1024 [ 190.207441][ T5894] EXT4-fs: Ignoring removed orlov option [ 190.421147][ T5894] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 190.503055][ T5905] netlink: 24 bytes leftover after parsing attributes in process `syz.4.405'. [ 190.537858][ T5894] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2748: inode #12: comm syz.4.405: corrupted in-inode xattr [ 190.605041][ T5894] EXT4-fs (loop4): Remounting filesystem read-only [ 190.652479][ T5894] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2818: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 191.431160][ T4272] Bluetooth: hci4: command 0x0406 tx timeout [ 192.543108][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 193.298568][ T5934] netlink: 'syz.1.415': attribute type 1 has an invalid length. [ 193.338749][ T5934] 8021q: adding VLAN 0 to HW filter on device bond2 [ 193.379418][ T5937] 8021q: adding VLAN 0 to HW filter on device bond2 [ 193.400319][ T5937] bond2: (slave vti0): The slave device specified does not support setting the MAC address [ 193.421173][ T4319] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 193.442161][ T5937] bond2: (slave vti0): Error -95 calling set_mac_address [ 193.494467][ T5934] bond2: (slave gretap2): making interface the new active one [ 193.506366][ T5934] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 193.612660][ T4319] usb 1-1: config 0 has an invalid interface number: 101 but max is 0 [ 193.624257][ T4319] usb 1-1: config 0 has no interface number 0 [ 193.639921][ T4319] usb 1-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14 [ 193.662502][ T4319] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.678294][ T4319] usb 1-1: Product: syz [ 193.713947][ T4319] usb 1-1: Manufacturer: syz [ 193.733290][ T4319] usb 1-1: SerialNumber: syz [ 193.765411][ T4319] usb 1-1: config 0 descriptor?? [ 193.789406][ T4319] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 194.117928][ T4316] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 194.511618][ T4319] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 194.658265][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.664639][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.749949][ T4316] usb 2-1: Using ep0 maxpacket: 8 [ 194.755363][ T4319] gspca_pac7302: probe of 1-1:0.101 failed with error -110 [ 194.766964][ T4316] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 194.799400][ T4319] usb 1-1: USB disconnect, device number 7 [ 194.835958][ T4316] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.984756][ T4316] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 195.007840][ T4316] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 195.036354][ T4316] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 195.771294][ T4316] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 195.818537][ T4316] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.853257][ T5961] loop2: detected capacity change from 0 to 1024 [ 196.447232][ T4316] usb 2-1: GET_CAPABILITIES returned 0 [ 196.632231][ T4316] usbtmc 2-1:16.0: can't read capabilities [ 197.065277][ T4316] usb 2-1: USB disconnect, device number 3 [ 197.481146][ T126] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 197.682728][ T126] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.693092][ T126] usb 5-1: config 0 has no interfaces? [ 197.698569][ T126] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 197.707649][ T126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.717435][ T126] usb 5-1: config 0 descriptor?? [ 197.941011][ T126] usb 5-1: USB disconnect, device number 5 [ 198.440842][ T5985] loop2: detected capacity change from 0 to 256 [ 198.470748][ T5985] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 198.487698][ T5985] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 198.518784][ T5985] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 198.603835][ T5991] netlink: 'syz.0.436': attribute type 10 has an invalid length. [ 198.750613][ T5991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.618581][ T26] audit: type=1326 audit(2000000130.200:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.4.430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9d58e929 code=0x7fc00000 [ 199.708146][ T5991] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 200.574314][ T6001] loop3: detected capacity change from 0 to 512 [ 200.660057][ T6001] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 200.936641][ T6001] EXT4-fs (loop3): 1 truncate cleaned up [ 200.977879][ T6001] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 202.964927][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 203.176312][ T4309] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 203.571279][ T4309] usb 5-1: Using ep0 maxpacket: 8 [ 203.578501][ T4309] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 203.598417][ T4309] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.750505][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.760853][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.777594][ T4309] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.790963][ T4309] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.806602][ T4309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.024955][ T4309] usb 5-1: GET_CAPABILITIES returned 0 [ 205.030531][ T4309] usbtmc 5-1:16.0: can't read capabilities [ 205.118525][ T6048] loop2: detected capacity change from 0 to 164 [ 205.847476][ T4309] usb 5-1: USB disconnect, device number 6 [ 207.369350][ T6068] netlink: 'syz.2.449': attribute type 2 has an invalid length. [ 208.156575][ T6073] tipc: Started in network mode [ 208.171274][ T6073] tipc: Node identity ce27527f5a73, cluster identity 4711 [ 208.213199][ T6073] tipc: Enabled bearer , priority 0 [ 208.361472][ T6076] device syzkaller0 entered promiscuous mode [ 208.362254][ T6070] ptrace attach of ""[6072] was attempted by "./syz-executor exec"[6070] [ 208.754629][ T6071] tipc: Resetting bearer [ 209.031931][ T6071] tipc: Disabling bearer [ 209.741374][ T22] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 209.821703][ T4316] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 209.941290][ T22] usb 3-1: Using ep0 maxpacket: 16 [ 209.957312][ T22] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.036267][ T4316] usb 2-1: config 0 has an invalid interface number: 101 but max is 0 [ 210.070152][ T4316] usb 2-1: config 0 has no interface number 0 [ 210.083979][ T22] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.157220][ T4316] usb 2-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14 [ 210.197428][ T22] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 210.263043][ T4316] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.333466][ T22] usb 3-1: config 0 interface 0 has no altsetting 0 [ 210.351548][ T4316] usb 2-1: Product: syz [ 210.392120][ T4316] usb 2-1: Manufacturer: syz [ 210.409156][ T22] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 210.448754][ T4316] usb 2-1: SerialNumber: syz [ 210.504066][ T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.576872][ T4316] usb 2-1: config 0 descriptor?? [ 210.688630][ T22] usb 3-1: config 0 descriptor?? [ 210.713333][ T4316] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 211.195011][ T6108] loop4: detected capacity change from 0 to 2048 [ 211.224643][ T4316] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 211.234084][ T4316] gspca_pac7302: probe of 2-1:0.101 failed with error -71 [ 211.282532][ T4316] usb 2-1: USB disconnect, device number 4 [ 211.290211][ T6108] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 211.356837][ T22] hid (null): nested delimiters [ 211.367204][ T22] hid (null): nested delimiters [ 211.378826][ T22] hid (null): nested delimiters [ 211.409423][ T22] hid (null): global environment stack underflow [ 211.416694][ T22] hid (null): unknown global tag 0xe [ 212.563945][ T5160] Bluetooth: hci5: Frame reassembly failed (-84) [ 212.655557][ T4527] Bluetooth: hci5: Frame reassembly failed (-84) [ 212.839688][ T3598] usb 3-1: USB disconnect, device number 5 [ 214.541786][ T4272] Bluetooth: hci5: command 0x1003 tx timeout [ 214.548257][ T4279] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 214.558890][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 215.408789][ T6150] loop0: detected capacity change from 0 to 8192 [ 216.823942][ T6175] netlink: 132 bytes leftover after parsing attributes in process `syz.4.484'. [ 219.720927][ T6215] binder_alloc: 6208: binder_alloc_buf, no vma [ 220.983721][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880302fa000: rx timeout, send abort [ 221.334592][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880571fcc00: rx timeout, send abort [ 221.345685][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880571fcc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 221.493327][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880302fa000: abort rx timeout. Force session deactivation [ 221.538936][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.546571][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.654181][ T6239] genirq: Flags mismatch irq 9. 00000000 (pcmmio) vs. 00000080 (acpi) [ 221.671348][ T3598] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 221.862857][ T3598] usb 2-1: unable to get BOS descriptor or descriptor too short [ 221.874557][ T3598] usb 2-1: config 129 has an invalid interface number: 135 but max is 0 [ 221.884674][ T3598] usb 2-1: config 129 has an invalid interface number: 5 but max is 0 [ 221.893344][ T3598] usb 2-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 221.904072][ T3598] usb 2-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 221.913340][ T3598] usb 2-1: config 129 has no interface number 0 [ 221.919743][ T3598] usb 2-1: config 129 has no interface number 1 [ 221.926425][ T3598] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 221.939745][ T3598] usb 2-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 221.956621][ T3598] usb 2-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 221.969951][ T3598] usb 2-1: config 129 interface 135 has no altsetting 0 [ 221.982899][ T3598] usb 2-1: config 129 interface 5 has no altsetting 0 [ 221.993165][ T3598] usb 2-1: string descriptor 0 read error: -22 [ 221.999430][ T3598] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 222.014074][ T3598] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.031290][ T126] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 222.047047][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.062332][ T3598] usb 2-1: MIDIStreaming interface descriptor not found [ 222.102376][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.243096][ T126] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.256187][ T126] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.266522][ T126] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 222.276375][ T126] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.296010][ T126] usb 3-1: config 0 descriptor?? [ 222.475490][ T6232] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.484145][ T6232] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.514205][ T6232] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.522711][ T6232] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.656127][ T6235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.501'. [ 222.664677][ T6254] loop0: detected capacity change from 0 to 512 [ 222.690589][ T6235] device vxcan3 entered promiscuous mode [ 222.739236][ T6254] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 222.748914][ T6254] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.760262][ T4309] usb 2-1: USB disconnect, device number 5 [ 222.945418][ T126] usbhid 3-1:0.0: can't add hid device: -71 [ 222.952130][ T126] usbhid: probe of 3-1:0.0 failed with error -71 [ 222.960809][ T126] usb 3-1: USB disconnect, device number 6 [ 223.003840][ T6254] overlayfs: failed to resolve './file0': -2 [ 223.812672][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 224.964840][ T6266] loop4: detected capacity change from 0 to 4096 [ 225.439383][ T6290] loop0: detected capacity change from 0 to 256 [ 225.450389][ T6290] exfat: Unknown parameter '00000000000000000000' [ 226.071267][ T5311] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 226.363333][ T6296] loop3: detected capacity change from 0 to 128 [ 226.572161][ T6296] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 227.751265][ T6296] ext4 filesystem being mounted at /104/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 229.480843][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 230.922339][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880758c6000: rx timeout, send abort [ 230.930927][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880758c6800: rx timeout, send abort [ 231.080347][ T6365] netlink: 28 bytes leftover after parsing attributes in process `syz.0.533'. [ 231.104130][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.533'. [ 231.871557][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880758c6000: abort rx timeout. Force session deactivation [ 231.881791][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880758c6800: abort rx timeout. Force session deactivation [ 232.136085][ T6372] loop3: detected capacity change from 0 to 256 [ 232.205318][ T6374] loop1: detected capacity change from 0 to 64 [ 232.230034][ T6372] FAT-fs (loop3): Directory bread(block 64) failed [ 232.287505][ T6372] FAT-fs (loop3): Directory bread(block 65) failed [ 232.357688][ T6372] FAT-fs (loop3): Directory bread(block 66) failed [ 232.418013][ T6372] FAT-fs (loop3): Directory bread(block 67) failed [ 232.912557][ T6372] FAT-fs (loop3): Directory bread(block 68) failed [ 232.965166][ T6372] FAT-fs (loop3): Directory bread(block 69) failed [ 233.013652][ T6383] hfs: hfs: Invalid key length: 94 [ 233.264609][ T6372] FAT-fs (loop3): Directory bread(block 70) failed [ 233.281156][ T6372] FAT-fs (loop3): Directory bread(block 71) failed [ 233.462780][ T6372] FAT-fs (loop3): Directory bread(block 72) failed [ 233.471482][ T6372] FAT-fs (loop3): Directory bread(block 73) failed [ 234.659553][ T6397] loop2: detected capacity change from 0 to 16 [ 234.839020][ T6397] erofs: (device loop2): mounted with root inode @ nid 36. [ 236.006155][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.546'. [ 236.272519][ T6409] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 236.512733][ T26] audit: type=1326 audit(2000000167.100:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 236.549658][ T26] audit: type=1326 audit(2000000167.130:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 236.595974][ T26] audit: type=1326 audit(2000000167.130:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 237.178854][ T26] audit: type=1326 audit(2000000167.130:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 237.201303][ T26] audit: type=1326 audit(2000000167.130:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 237.260944][ T26] audit: type=1326 audit(2000000167.130:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 237.384970][ T26] audit: type=1326 audit(2000000167.130:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f23dc1858e7 code=0x7ffc0000 [ 237.427802][ T26] audit: type=1326 audit(2000000167.130:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f23dc12ab19 code=0x7ffc0000 [ 238.250137][ T26] audit: type=1326 audit(2000000167.130:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 238.348351][ T26] audit: type=1326 audit(2000000167.130:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f23dc18e929 code=0x7ffc0000 [ 238.570463][ T6439] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.729695][ T6439] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.829857][ T6439] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.897900][ T6445] netlink: 'syz.0.557': attribute type 4 has an invalid length. [ 239.002873][ T6439] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.357356][ T6448] netlink: 'syz.0.557': attribute type 4 has an invalid length. [ 239.683305][ T6439] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.716120][ T6439] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.727747][ T6462] tmpfs: Bad value for 'uid' [ 239.746215][ T6439] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.760395][ T6439] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.816651][ T6462] loop1: detected capacity change from 0 to 512 [ 239.899903][ T6462] EXT4-fs (loop1): invalid journal inode [ 241.821296][ T4316] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 242.051136][ T4316] usb 2-1: device descriptor read/64, error -71 [ 242.079637][ T6483] lo speed is unknown, defaulting to 1000 [ 242.144418][ T6483] lo speed is unknown, defaulting to 1000 [ 242.171035][ T6483] lo speed is unknown, defaulting to 1000 [ 242.218754][ T6487] loop0: detected capacity change from 0 to 2048 [ 242.301487][ T6487] loop0: p1 < > p3 [ 242.326042][ T6487] loop0: p3 size 134217728 extends beyond EOD, truncated [ 242.333408][ T4316] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 242.491203][ T4316] usb 2-1: device descriptor read/64, error -71 [ 242.504962][ T6491] kvm: emulating exchange as write [ 242.611796][ T4316] usb usb2-port1: attempt power cycle [ 242.622777][ T7] lo speed is unknown, defaulting to 1000 [ 242.658117][ T6483] infiniband syz0: set down [ 242.685445][ T6493] loop2: detected capacity change from 0 to 512 [ 242.696413][ T6483] infiniband syz0: added lo [ 242.762024][ T6493] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 242.893498][ T6493] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 242.911269][ T6493] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.036449][ T6483] RDS/IB: syz0: added [ 243.167362][ T6483] smc: adding ib device syz0 with port count 1 [ 243.182525][ T5311] udevd[5311]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 243.182579][ T6110] udevd[6110]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 243.237306][ T6483] smc: ib device syz0 port 1 has pnetid [ 243.399714][ T4331] lo speed is unknown, defaulting to 1000 [ 243.525811][ T6483] lo speed is unknown, defaulting to 1000 [ 243.725609][ T6493] EXT4-fs error (device loop2): ext4_validate_block_bitmap:420: comm syz.2.570: bg 0: bad block bitmap checksum [ 243.769487][ T6493] EXT4-fs warning (device loop2): ext4_dirblock_csum_set:427: inode #2: comm syz.2.570: No space for directory leaf checksum. Please run e2fsck -D. [ 243.951925][ T6493] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2934: inode #15: comm syz.2.570: corrupted xattr block 32 [ 243.997756][ T6493] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 244.035990][ T6483] lo speed is unknown, defaulting to 1000 [ 244.044678][ T6513] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 244.089909][ T4271] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 244.147914][ T4271] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 244.296169][ T4271] EXT4-fs (loop2): unmounting filesystem. [ 244.868317][ T4527] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.148390][ T4527] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.196094][ T6483] lo speed is unknown, defaulting to 1000 [ 245.247794][ T4527] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.331126][ T6483] lo speed is unknown, defaulting to 1000 [ 245.380454][ T4527] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.530886][ T6483] lo speed is unknown, defaulting to 1000 [ 246.664637][ T6541] netlink: 'syz.1.588': attribute type 4 has an invalid length. [ 246.676431][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 246.690737][ T4272] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 246.717914][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 246.725996][ T4272] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 246.769648][ T4272] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 246.777007][ T4272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 246.827072][ T6544] tipc: Enabled bearer , priority 0 [ 246.827598][ T6544] device syzkaller0 entered promiscuous mode [ 246.860360][ T6533] lo speed is unknown, defaulting to 1000 [ 246.871788][ T6544] tipc: Resetting bearer [ 246.882292][ T6543] tipc: Resetting bearer [ 246.957996][ T6543] tipc: Disabling bearer [ 248.862596][ T4279] Bluetooth: hci2: command 0x0409 tx timeout [ 249.591722][ T6560] binder: 6557:6560 ioctl c0306201 0 returned -14 [ 250.198572][ T6572] binder: 6557:6572 ioctl c0306201 0 returned -14 [ 250.338956][ T4527] tipc: Left network mode [ 250.574459][ T6533] chnl_net:caif_netlink_parms(): no params data found [ 250.951487][ T4279] Bluetooth: hci2: command 0x041b tx timeout [ 251.279901][ T6591] input: syz1 as /devices/virtual/input/input6 [ 251.675445][ T6601] loop1: detected capacity change from 0 to 512 [ 251.702063][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.730986][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.800653][ T6533] device bridge_slave_0 entered promiscuous mode [ 251.983982][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.006713][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.014907][ T6533] device bridge_slave_1 entered promiscuous mode [ 252.108641][ T6533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.184388][ T6533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.283100][ T6533] team0: Port device team_slave_0 added [ 252.362605][ T6533] team0: Port device team_slave_1 added [ 252.450931][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 252.461237][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.531108][ T6533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 252.615325][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 252.632769][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.709636][ T6533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 252.811218][ T4319] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 253.017001][ T4319] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 253.028158][ T4279] Bluetooth: hci2: command 0x040f tx timeout [ 253.046096][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.058409][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.068399][ T4319] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 253.082715][ T4319] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 253.104488][ T6533] device hsr_slave_0 entered promiscuous mode [ 253.107127][ T4319] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 253.119435][ T6533] device hsr_slave_1 entered promiscuous mode [ 253.126026][ T4319] usb 2-1: Manufacturer: syz [ 253.130763][ T6533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 253.145184][ T6533] Cannot create hsr debugfs directory [ 253.148181][ T4319] usb 2-1: config 0 descriptor?? [ 253.706160][ T4319] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 253.893408][ T4319] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 254.276771][ T4319] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 254.500490][ T4527] device hsr_slave_0 left promiscuous mode [ 254.531497][ T4527] device hsr_slave_1 left promiscuous mode [ 254.743487][ T4527] batman_adv: batadv0: Interface deactivated: dummy0 [ 254.805562][ T4527] batman_adv: batadv0: Removing interface: dummy0 [ 254.960744][ T4527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.099927][ T4527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.148765][ T4527] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.156443][ T4279] Bluetooth: hci2: command 0x0419 tx timeout [ 255.163899][ T4527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.204502][ T4527] device bridge_slave_1 left promiscuous mode [ 255.234240][ T4527] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.292401][ T4527] device bridge_slave_0 left promiscuous mode [ 255.298670][ T4527] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.467031][ T4527] device veth1_macvtap left promiscuous mode [ 255.479902][ T4527] device veth0_macvtap left promiscuous mode [ 255.486688][ T4527] device veth1_vlan left promiscuous mode [ 255.507638][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.514100][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.529325][ T4527] device veth0_vlan left promiscuous mode [ 255.614509][ T4331] usb 2-1: USB disconnect, device number 9 [ 257.055018][ T6679] loop0: detected capacity change from 0 to 256 [ 257.067075][ T6679] exfat: Deprecated parameter 'namecase' [ 257.073753][ T6679] exfat: Unknown parameter 'eprors' [ 257.257704][ T6679] xt_HMARK: proto mask must be zero with L3 mode [ 257.665003][ T4527] team0 (unregistering): Port device team_slave_1 removed [ 258.369175][ T4527] team0 (unregistering): Port device team_slave_0 removed [ 258.438066][ T4527] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 258.884156][ T6698] xt_nat: multiple ranges no longer supported [ 259.214349][ T4527] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.028802][ T4527] bond0 (unregistering): Released all slaves [ 261.213759][ T6533] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 261.253477][ T6533] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 261.293876][ T6533] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 261.354225][ T6533] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 262.385370][ T6742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 262.392676][ T6742] IPv6: NLM_F_CREATE should be set when creating new route [ 263.367603][ T6533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.826739][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 263.960872][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 264.067963][ T6533] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.194112][ T6770] syz.4.638[6770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.194214][ T6770] syz.4.638[6770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.252340][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.332000][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.371485][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.378650][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.436546][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.464082][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.490148][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.497343][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.519885][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 264.558788][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.569161][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 264.586387][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.617932][ T6778] netlink: 'syz.4.638': attribute type 4 has an invalid length. [ 264.748474][ T6788] loop3: detected capacity change from 0 to 1024 [ 264.784817][ T6533] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 264.808118][ T6788] hfsplus: unable to parse mount options [ 264.850702][ T6533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 264.910322][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.935394][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 264.995039][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.056683][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.085324][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 265.115604][ T6796] loop3: detected capacity change from 0 to 256 [ 265.130464][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 265.152093][ T6796] exfat: Deprecated parameter 'namecase' [ 265.176253][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 265.186114][ T6796] exfat: Unknown parameter 'eprors' [ 265.237936][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 265.382686][ T6798] xt_HMARK: proto mask must be zero with L3 mode [ 265.688864][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 267.335457][ T6814] loop0: detected capacity change from 0 to 512 [ 267.432894][ T6816] loop3: detected capacity change from 0 to 2048 [ 267.591939][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 267.599379][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 267.622559][ T6816] loop3: p1 < > p3 [ 267.636826][ T6816] loop3: p3 size 134217728 extends beyond EOD, truncated [ 267.652773][ T6533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.694705][ T6814] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 267.708380][ T6814] ext4 filesystem being mounted at /136/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 268.100547][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 269.463809][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 269.686689][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 269.702639][ T6533] device veth0_vlan entered promiscuous mode [ 269.709402][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 269.718566][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 270.136024][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 270.159742][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 270.195874][ T6533] device veth1_vlan entered promiscuous mode [ 270.230707][ T5162] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 270.248009][ T5162] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 270.256384][ T5162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 270.272053][ T5162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 270.438856][ T6533] device veth0_macvtap entered promiscuous mode [ 270.448825][ T6533] device veth1_macvtap entered promiscuous mode [ 270.477056][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 270.508393][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 270.612134][ T6533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.639186][ T6533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.661591][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.683478][ T6533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.745906][ T6533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.490599][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.529444][ T6533] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.550694][ T6533] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.570948][ T6533] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.601261][ T6533] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.858877][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 271.875097][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 272.561176][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 272.569939][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 272.591490][ T6878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.666'. [ 272.642895][ T6882] netlink: 'syz.0.658': attribute type 39 has an invalid length. [ 273.060319][ T6892] MPTCP: kernel_bind error, err=-99 [ 273.100760][ T4564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.122758][ T4564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.269045][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 273.295041][ T5171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.331038][ T5171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.445280][ T5173] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 273.644410][ T6898] loop1: detected capacity change from 0 to 512 [ 274.619075][ T6904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.665'. [ 274.713341][ T6898] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 274.725920][ T6913] loop5: detected capacity change from 0 to 1024 [ 274.781391][ T6898] ext4 filesystem being mounted at /136/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 274.811989][ T6913] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 274.868846][ T6913] capability: warning: `syz.5.581' uses 32-bit capabilities (legacy support in use) [ 275.005068][ T6919] netlink: 'syz.0.669': attribute type 5 has an invalid length. [ 275.948048][ T4273] EXT4-fs (loop1): unmounting filesystem. [ 278.881181][ T4319] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 279.072439][ T4319] usb 4-1: Using ep0 maxpacket: 32 [ 279.085264][ T4319] usb 4-1: unable to get BOS descriptor or descriptor too short [ 279.124700][ T4319] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 279.165811][ T4319] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.195607][ T6966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'. [ 279.253306][ T6969] syz.5.681 sent an empty control message without MSG_MORE. [ 279.307965][ T4319] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 279.592031][ T4319] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 279.678808][ T4319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.722982][ T4319] usb 4-1: Product: syz [ 279.727220][ T4319] usb 4-1: Manufacturer: syz [ 279.824153][ T4319] usb 4-1: SerialNumber: syz [ 280.285698][ T6988] loop1: detected capacity change from 0 to 2048 [ 280.304759][ T6988] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=3932051, location=3932051 [ 280.779570][ T6988] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 282.886486][ T4319] usb 4-1: 0:2 : does not exist [ 282.905908][ T4319] usb 4-1: USB disconnect, device number 4 [ 283.323780][ T5311] udevd[5311]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 283.950666][ T4331] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 285.412323][ T4331] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 285.492521][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.557981][ T4331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.570037][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.5.693'. [ 285.618350][ T7020] device veth0_to_bridge entered promiscuous mode [ 285.740649][ T7023] netlink: 8 bytes leftover after parsing attributes in process `syz.4.694'. [ 285.867507][ T5160] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.423617][ T4331] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 288.429144][ T4331] usb 1-1: string descriptor 0 read error: -71 [ 288.639040][ T4331] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 288.655905][ T4331] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 288.677201][ T4331] usb 1-1: config 0 descriptor?? [ 289.366196][ T4331] usb 1-1: can't set config #0, error -71 [ 289.373117][ T4331] usb 1-1: USB disconnect, device number 8 [ 290.761067][ C0] sched: RT throttling activated [ 291.492631][ T7067] loop5: detected capacity change from 0 to 4096 [ 291.599577][ T7067] __ntfs_error: 59 callbacks suppressed [ 291.599594][ T7067] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 291.628035][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'. [ 291.650827][ T7067] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 291.693566][ T7067] ntfs: (device loop5): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 291.719230][ T7078] device macvtap1 entered promiscuous mode [ 291.759976][ T7078] device syz_tun entered promiscuous mode [ 291.786538][ T7067] ntfs: (device loop5): map_mft_record(): Failed with error code 5. [ 291.822168][ T7067] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 291.837143][ T7079] device syz_tun left promiscuous mode [ 291.860059][ T7067] ntfs: (device loop5): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 291.887835][ T7067] ntfs: volume version 3.1. [ 291.896303][ T7067] ntfs: (device loop5): ntfs_read_locked_inode(): Found compressed data but compression is disabled due to cluster size (65536) > 4kiB. [ 291.969368][ T7067] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 292.015958][ T7067] ntfs: (device loop5): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 292.602123][ T7096] loop0: detected capacity change from 0 to 2048 [ 292.616657][ T7096] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 293.151118][ T7096] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 295.193794][ T7130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.722'. [ 296.850622][ T26] audit: type=1326 audit(2000000227.430:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 296.931385][ T26] audit: type=1326 audit(2000000227.470:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.051250][ T26] audit: type=1326 audit(2000000227.470:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.164398][ T26] audit: type=1326 audit(2000000227.470:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.231804][ T26] audit: type=1326 audit(2000000227.470:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.271160][ T4331] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 297.289914][ T7153] netlink: 'syz.0.739': attribute type 1 has an invalid length. [ 297.290841][ T26] audit: type=1326 audit(2000000227.470:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.360174][ T26] audit: type=1326 audit(2000000227.470:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.424061][ T7153] 8021q: adding VLAN 0 to HW filter on device bond2 [ 297.470977][ T26] audit: type=1326 audit(2000000227.470:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.493679][ T26] audit: type=1326 audit(2000000227.480:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.505468][ T4331] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 297.516109][ T26] audit: type=1326 audit(2000000227.480:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 297.569669][ T4331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.598762][ T4331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.616273][ T4331] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 297.642953][ T7157] bond2: (slave veth5): Enslaving as an active interface with a down link [ 297.652557][ T4331] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 297.662156][ T4331] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 297.672511][ T4331] usb 4-1: Manufacturer: syz [ 297.808609][ T7158] bond2: (slave vlan2): Opening slave failed [ 298.431521][ T4331] usb 4-1: config 0 descriptor?? [ 298.592425][ T7170] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 298.800455][ T7175] loop0: detected capacity change from 0 to 512 [ 298.866050][ T7175] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 298.969032][ T7175] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 299.530977][ T4331] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 299.540149][ T4331] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 299.593188][ T7175] EXT4-fs (loop0): 1 truncate cleaned up [ 299.599024][ T7175] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 299.624249][ T4331] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 301.144242][ T14] usb 4-1: USB disconnect, device number 5 [ 301.262853][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 301.425469][ T7203] fido_id[7203]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 301.834180][ T7225] Cannot find add_set index 0 as target [ 303.621204][ T4316] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 304.595237][ T4316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.376960][ T4316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.387984][ T4316] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 305.398277][ T4316] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.418990][ T4316] usb 2-1: config 0 descriptor?? [ 306.325085][ T4316] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 306.337099][ T4316] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 306.636063][ T4316] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE [ 307.050824][ T4316] cp2112 0003:10C4:EA90.0004: error setting SMBus config [ 307.074211][ T4316] cp2112: probe of 0003:10C4:EA90.0004 failed with error -71 [ 307.176492][ T7263] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 307.194712][ T4316] usb 2-1: USB disconnect, device number 10 [ 307.451479][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 307.451495][ T26] audit: type=1326 audit(2000000238.040:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.304210][ T26] audit: type=1326 audit(2000000238.040:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.373091][ T7280] fido_id[7280]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 308.384903][ T26] audit: type=1326 audit(2000000238.040:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.546965][ T26] audit: type=1326 audit(2000000238.040:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.610995][ T26] audit: type=1326 audit(2000000238.040:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.729098][ T26] audit: type=1326 audit(2000000238.040:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.757539][ T26] audit: type=1326 audit(2000000238.040:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.785736][ T26] audit: type=1326 audit(2000000238.040:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 308.884914][ T7310] loop3: detected capacity change from 0 to 64 [ 308.930483][ T7310] hfs: unable to parse mount options [ 308.942299][ T26] audit: type=1326 audit(2000000238.040:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 309.879223][ T26] audit: type=1326 audit(2000000238.040:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.0.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 310.140246][ T7325] netlink: 44 bytes leftover after parsing attributes in process `syz.5.771'. [ 310.303568][ T7325] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.826810][ T7338] loop1: detected capacity change from 0 to 4096 [ 312.233368][ T7338] ntfs: volume version 3.1. [ 313.814451][ T7377] binder_alloc: 7375: binder_alloc_buf, no vma [ 313.837863][ T7378] netlink: 24 bytes leftover after parsing attributes in process `syz.5.795'. [ 314.242920][ T7392] netlink: 'syz.4.789': attribute type 1 has an invalid length. [ 314.350344][ T7392] 8021q: adding VLAN 0 to HW filter on device bond1 [ 315.034406][ T7394] 8021q: adding VLAN 0 to HW filter on device bond1 [ 315.106781][ T7394] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 315.148340][ T7394] bond1: (slave vti0): Error -95 calling set_mac_address [ 315.185343][ T7410] Cannot find add_set index 0 as target [ 315.579487][ T7423] device wlan1 entered promiscuous mode [ 315.764223][ T7420] loop0: detected capacity change from 0 to 4096 [ 315.777418][ T7428] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 315.796865][ T7428] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 315.838346][ T7428] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 315.848098][ T7420] __ntfs_error: 20 callbacks suppressed [ 315.848117][ T7420] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 315.875815][ T7428] device bridge_slave_0 left promiscuous mode [ 315.903073][ T7428] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.922256][ T7420] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 316.042110][ T7420] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 316.119155][ T7420] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 316.251258][ T7420] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 316.306881][ T7420] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 316.357029][ T7420] ntfs: volume version 3.1. [ 316.395583][ T7420] ntfs: (device loop0): ntfs_read_locked_inode(): Found compressed data but compression is disabled due to cluster size (65536) > 4kiB. [ 316.526960][ T7420] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 317.287214][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.293605][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.296464][ T7420] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 317.576616][ T7428] device bridge_slave_1 left promiscuous mode [ 317.601539][ T7428] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.247454][ T7428] bond0: (slave bond_slave_0): Releasing backup interface [ 318.345060][ T7428] bond0: (slave bond_slave_1): Releasing backup interface [ 318.497014][ T7428] team0: Port device team_slave_0 removed [ 318.645630][ T7428] team0: Port device team_slave_1 removed [ 318.668442][ T7428] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.054651][ T7428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 319.578811][ T7428] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.647630][ T7428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.903288][ T7433] team0: Mode changed to "activebackup" [ 320.641970][ T7434] device vlan0 entered promiscuous mode [ 320.688226][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.5.799'. [ 321.244047][ T7506] netlink: 24 bytes leftover after parsing attributes in process `syz.4.813'. [ 322.583573][ T7532] batman_adv: batadv0: Adding interface: ip6gretap1 [ 322.590204][ T7532] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.617075][ T7532] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 322.872466][ T7535] batman_adv: batadv0: Removing interface: ip6gretap1 [ 323.521302][ T7541] netlink: 28 bytes leftover after parsing attributes in process `syz.4.824'. [ 323.584548][ T7541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.824'. [ 323.762326][ T7551] netlink: 'syz.0.823': attribute type 10 has an invalid length. [ 327.157429][ T7583] lo speed is unknown, defaulting to 1000 [ 327.247969][ T7607] xt_nat: multiple ranges no longer supported [ 329.421945][ T26] audit: type=1326 audit(2000000260.000:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.5.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7fc00000 [ 329.870118][ T7635] xt_nfacct: accounting object `syz1' does not exists [ 330.678505][ T26] audit: type=1326 audit(2000000260.000:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.5.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f2f1678e929 code=0x7fc00000 [ 330.751227][ T26] audit: type=1326 audit(2000000260.010:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.5.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7fc00000 [ 331.969394][ T7644] netlink: 'syz.1.848': attribute type 1 has an invalid length. [ 332.034356][ T7644] 8021q: adding VLAN 0 to HW filter on device bond3 [ 332.058005][ T26] audit: type=1326 audit(2000000262.640:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.129862][ T7654] bond3: (slave veth3): Enslaving as an active interface with a down link [ 332.144601][ T26] audit: type=1326 audit(2000000262.640:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.205096][ T26] audit: type=1326 audit(2000000262.640:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.227899][ T7658] tipc: Enabling of bearer rejected, failed to enable media [ 332.254319][ T26] audit: type=1326 audit(2000000262.640:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.305276][ T26] audit: type=1326 audit(2000000262.640:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.456120][ T7660] xt_nat: multiple ranges no longer supported [ 332.598087][ T26] audit: type=1326 audit(2000000262.640:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7d9d58e929 code=0x7ffc0000 [ 332.639468][ T7644] bond3: (slave vlan2): Opening slave failed [ 332.666348][ T26] audit: type=1326 audit(2000000262.640:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.4.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d9d5858e7 code=0x7ffc0000 [ 334.117633][ T7682] loop3: detected capacity change from 0 to 2048 [ 334.242329][ T7687] net_ratelimit: 10 callbacks suppressed [ 334.242340][ T7687] wlan1: mtu greater than device maximum [ 334.300421][ T7682] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 338.685111][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 338.891925][ T7757] loop3: detected capacity change from 0 to 512 [ 340.096362][ C0] vcan0: j1939_tp_rxtimer: 0xffff888026427000: rx timeout, send abort [ 340.154418][ C0] vcan0: j1939_tp_rxtimer: 0xffff888023ab4000: rx timeout, send abort [ 340.165626][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888023ab4000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 340.604634][ C0] vcan0: j1939_tp_rxtimer: 0xffff888026427000: abort rx timeout. Force session deactivation [ 340.720520][ T7757] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 340.779126][ T7757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 340.826230][ T7757] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 340.840924][ T7778] lo speed is unknown, defaulting to 1000 [ 340.868678][ T7781] netlink: 8 bytes leftover after parsing attributes in process `syz.5.882'. [ 341.133070][ T7757] EXT4-fs error (device loop3): ext4_validate_block_bitmap:420: comm syz.3.875: bg 0: bad block bitmap checksum [ 341.211613][ T7757] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:427: inode #2: comm syz.3.875: No space for directory leaf checksum. Please run e2fsck -D. [ 341.246894][ T7757] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2934: inode #15: comm syz.3.875: corrupted xattr block 32 [ 341.273314][ T7757] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 341.479931][ T4266] EXT4-fs error (device loop3): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 342.280919][ T4266] EXT4-fs error (device loop3): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 344.026492][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 345.915763][ T7851] device vxcan3 left promiscuous mode [ 348.762506][ T4272] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 348.776438][ T4272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 348.784580][ T4272] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 348.792665][ T4272] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 348.800228][ T4272] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 348.810011][ T4272] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 348.865408][ T7887] lo speed is unknown, defaulting to 1000 [ 349.873978][ T7887] chnl_net:caif_netlink_parms(): no params data found [ 350.703389][ T7887] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.726165][ T7887] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.746654][ T7887] device bridge_slave_0 entered promiscuous mode [ 350.790976][ T7887] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.798650][ T7887] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.807296][ T7887] device bridge_slave_1 entered promiscuous mode [ 350.842809][ T7887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.861997][ T4272] Bluetooth: hci1: command 0x0409 tx timeout [ 351.521391][ T7887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.698753][ T7887] team0: Port device team_slave_0 added [ 351.825172][ T7887] team0: Port device team_slave_1 added [ 351.916818][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.929'. [ 351.940850][ T7944] overlayfs: failed to clone upperpath [ 351.990328][ T7937] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 352.700128][ T7887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.723366][ T7887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.753571][ T7887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.797038][ T7887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.816260][ T7887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.007195][ T7887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.019693][ T4279] Bluetooth: hci1: command 0x041b tx timeout [ 354.283203][ T7887] device hsr_slave_0 entered promiscuous mode [ 354.298541][ T7887] device hsr_slave_1 entered promiscuous mode [ 354.308707][ T7887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 355.438743][ T7887] Cannot create hsr debugfs directory [ 355.469241][ T4279] Bluetooth: hci1: command 0x040f tx timeout [ 357.368022][ T7887] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 357.390717][ T7887] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 357.427000][ T7887] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 357.462354][ T7887] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 357.501143][ T4279] Bluetooth: hci1: command 0x0419 tx timeout [ 357.559561][ T8022] tipc: Enabling of bearer rejected, failed to enable media [ 359.046430][ T7887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.068881][ T7887] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.160934][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 359.168966][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 359.177234][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 359.186383][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 360.196026][ T4451] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.203232][ T4451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.267551][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 360.519934][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 360.560196][ T4451] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.567365][ T4451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.623314][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 360.667251][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 360.759091][ T8056] netlink: 'syz.4.945': attribute type 4 has an invalid length. [ 360.791614][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 360.800696][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 360.813471][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 360.823224][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 360.864746][ T7887] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 360.875240][ T7887] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 360.899226][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 360.910533][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 360.919703][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 360.928254][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 360.936745][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 360.946511][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 360.964967][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 361.212831][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 361.220496][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 361.233097][ T7887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.249693][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 361.258986][ T5171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 361.279209][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 361.287497][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 361.297793][ T7887] device veth0_vlan entered promiscuous mode [ 361.305165][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 361.313203][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 361.325650][ T7887] device veth1_vlan entered promiscuous mode [ 361.346758][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 361.355573][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 361.363846][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 361.372593][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 361.383515][ T7887] device veth0_macvtap entered promiscuous mode [ 361.393017][ T7887] device veth1_macvtap entered promiscuous mode [ 361.406754][ T7887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.417284][ T7887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.428842][ T7887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 361.437159][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 361.448292][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 361.457686][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 361.467256][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 361.478541][ T7887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.489464][ T7887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.500616][ T7887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 361.508287][ T5158] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 361.517401][ T5158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 361.529179][ T7887] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.538456][ T7887] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.547438][ T7887] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.556372][ T7887] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.630666][ T5171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.661188][ T5171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.685724][ T4448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.697670][ T5158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 361.698037][ T4448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.719011][ T5158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 362.478065][ T8079] batman_adv: batadv0: Adding interface: ip6gretap1 [ 362.645025][ T8079] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.762691][ T8079] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 363.276990][ T8085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.289266][ T8085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.311664][ T8085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.319250][ T8085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.329457][ T8085] batman_adv: batadv0: Removing interface: ip6gretap1 [ 366.576147][ T8130] lo speed is unknown, defaulting to 1000 [ 366.588598][ T8135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.964'. [ 369.853543][ T8170] loop3: detected capacity change from 0 to 512 [ 369.911685][ T8170] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 369.920754][ T8170] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 370.231222][ T4279] Bluetooth: hci2: command 0x0406 tx timeout [ 371.687782][ T7887] EXT4-fs (loop3): unmounting filesystem. [ 375.302411][ T8230] xt_nfacct: accounting object `syz1' does not exists [ 378.386520][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.392949][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.318759][ T8282] loop3: detected capacity change from 0 to 512 [ 382.814149][ T26] kauditd_printk_skb: 105 callbacks suppressed [ 382.814236][ T26] audit: type=1326 audit(2000000313.390:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 383.380823][ T26] audit: type=1326 audit(2000000313.390:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 383.412700][ T26] audit: type=1326 audit(2000000313.400:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 383.436585][ T26] audit: type=1326 audit(2000000313.400:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3064b8e929 code=0x7ffc0000 [ 384.567813][ T8318] overlayfs: failed to clone upperpath [ 385.653939][ T8328] batman_adv: batadv0: Adding interface: ip6gretap1 [ 385.681163][ T8328] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.707425][ T8328] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 386.183251][ T8332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.325296][ T8332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.388273][ T8332] batman_adv: batadv0: Removing interface: ip6gretap1 [ 386.558373][ T8332] bond0: (slave batadv0): Releasing backup interface [ 387.647292][ T8362] xt_nfacct: accounting object `syz1' does not exists [ 394.874611][ T26] audit: type=1326 audit(2000000325.440:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.3.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 394.927280][ T26] audit: type=1326 audit(2000000325.440:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.3.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 394.955558][ T26] audit: type=1326 audit(2000000325.460:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.3.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 395.079611][ T26] audit: type=1326 audit(2000000325.460:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.3.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 395.182106][ T26] audit: type=1326 audit(2000000325.460:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.3.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 397.532343][ T8479] netlink: 'syz.3.1071': attribute type 1 has an invalid length. [ 398.379226][ T8488] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 398.425917][ T8489] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 398.478566][ T8489] bond1 (unregistering): Released all slaves [ 398.752955][ T8498] lo speed is unknown, defaulting to 1000 [ 400.561838][ T8529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1076'. [ 400.649764][ T8529] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 402.665909][ T8531] lo speed is unknown, defaulting to 1000 [ 405.393897][ T8576] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 406.469441][ T8576] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 406.471387][ T8578] batman_adv: batadv0: Adding interface: ip6gretap1 [ 406.701619][ T8578] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.459543][ T8578] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 407.474212][ T8583] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.510061][ T8583] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.552001][ T8583] batman_adv: batadv0: Removing interface: ip6gretap1 [ 407.624152][ T8590] md2: error: bitmap file must be a regular file [ 407.640447][ T8595] block device autoloading is deprecated and will be removed. [ 408.076827][ T8611] I/O error, dev loop11, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 408.106909][ T8611] EXT4-fs (loop11): unable to read superblock [ 408.816474][ T8631] 9pnet_fd: p9_fd_create_unix (8631): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 410.131909][ T8650] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1111'. [ 411.972559][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1123'. [ 412.192695][ T4279] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 412.202709][ T4279] Bluetooth: hci2: Injecting HCI hardware error event [ 412.213600][ T4279] Bluetooth: hci2: hardware error 0x00 [ 412.720196][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 412.727680][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 412.736565][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 412.744102][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 412.751636][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 412.759110][ T8685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 412.925768][ T8687] tipc: Failed to remove unknown binding: 66,1,1/0:3138690501/3138690503 [ 412.964258][ T8687] tipc: Failed to remove unknown binding: 66,1,1/0:3138690501/3138690503 [ 412.994479][ T8687] tipc: Failed to remove unknown binding: 66,1,1/0:3138690501/3138690503 [ 413.264999][ T8699] loop3: detected capacity change from 0 to 2048 [ 413.326427][ T8699] loop3: p1 < > p3 [ 413.385752][ T8706] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1132'. [ 413.413501][ T8699] loop3: p3 size 134217728 extends beyond EOD, truncated [ 414.360317][ T8719] unsupported nla_type 36 [ 414.645894][ T8723] netlink: 'syz.0.1138': attribute type 6 has an invalid length. [ 415.793022][ T4279] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 417.247499][ T8742] loop3: detected capacity change from 0 to 4096 [ 417.322792][ T8742] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 420.197753][ T8771] device vlan2 entered promiscuous mode [ 420.244392][ T8771] device bond0 entered promiscuous mode [ 420.284477][ T8771] device bond_slave_0 entered promiscuous mode [ 420.316484][ T8771] device bond_slave_1 entered promiscuous mode [ 422.293430][ T8787] fuse: Bad value for 'fd' [ 425.596726][ T8827] netlink: 'syz.5.1163': attribute type 8 has an invalid length. [ 426.166362][ T8833] netlink: 'syz.3.1164': attribute type 1 has an invalid length. [ 426.594835][ T8833] 8021q: adding VLAN 0 to HW filter on device bond1 [ 427.023177][ T8836] bond1: (slave bridge1): making interface the new active one [ 427.075319][ T8836] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 427.094960][ T8838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1164'. [ 427.125857][ T5163] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 427.200573][ T8848] netlink: 'syz.1.1180': attribute type 1 has an invalid length. [ 427.285523][ T8848] bond4: (slave veth5): Enslaving as an active interface with a down link [ 427.442379][ T8852] bond4: (slave veth7): Enslaving as an active interface with a down link [ 427.451474][ T8848] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1180'. [ 427.465775][ T8848] 8021q: adding VLAN 0 to HW filter on device bond4 [ 431.422347][ T8887] netlink: 'syz.4.1181': attribute type 10 has an invalid length. [ 431.434753][ T8887] bridge0: port 3(team0) entered blocking state [ 431.450986][ T8887] bridge0: port 3(team0) entered disabled state [ 431.467032][ T8887] device team0 entered promiscuous mode [ 431.481265][ T8887] device team_slave_0 entered promiscuous mode [ 431.496053][ T8887] device team_slave_1 entered promiscuous mode [ 431.521310][ T8887] bridge0: port 3(team0) entered blocking state [ 431.527777][ T8887] bridge0: port 3(team0) entered forwarding state [ 432.387352][ T8904] 9pnet_fd: p9_fd_create_unix (8904): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 433.980125][ T8923] tipc: Failed to remove unknown binding: 66,1,1/0:3015222947/3015222949 [ 434.223649][ T8923] tipc: Failed to remove unknown binding: 66,1,1/0:3015222947/3015222949 [ 434.247081][ T8923] tipc: Failed to remove unknown binding: 66,1,1/0:3015222947/3015222949 [ 436.306453][ T8951] MPTCP: kernel_bind error, err=-99 [ 437.407283][ T8964] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1203'. [ 437.896021][ T8970] tipc: Failed to remove unknown binding: 66,1,1/0:1586146002/1586146004 [ 437.923354][ T8970] tipc: Failed to remove unknown binding: 66,1,1/0:1586146002/1586146004 [ 438.580513][ T8978] xt_CT: You must specify a L4 protocol and not use inversions on it [ 439.066993][ T8970] tipc: Failed to remove unknown binding: 66,1,1/0:1586146002/1586146004 [ 439.242463][ T8983] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1219'. [ 439.305647][ T8983] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1219'. [ 440.025915][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.401128][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.549283][ T9013] netlink: 'syz.3.1215': attribute type 1 has an invalid length. [ 440.774503][ T9015] bond2: (slave veth3): Enslaving as an active interface with a down link [ 440.868603][ T9019] bond2: (slave veth5): Enslaving as an active interface with a down link [ 440.905145][ T9013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1215'. [ 441.661305][ T9013] 8021q: adding VLAN 0 to HW filter on device bond2 [ 441.940929][ T9037] loop3: detected capacity change from 0 to 1024 [ 442.021949][ T9037] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 442.881362][ T26] audit: type=1326 audit(2000000373.470:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9036 comm="syz.3.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 443.077835][ T26] audit: type=1326 audit(2000000373.500:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9036 comm="syz.3.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 443.117757][ T26] audit: type=1326 audit(2000000373.500:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9036 comm="syz.3.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 443.140442][ T26] audit: type=1326 audit(2000000373.500:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9036 comm="syz.3.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f003378e929 code=0x7ffc0000 [ 445.313223][ T7887] EXT4-fs (loop3): unmounting filesystem. [ 445.887468][ T9071] lo speed is unknown, defaulting to 1000 [ 446.048045][ T9074] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1229'. [ 447.021430][ T4279] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 447.863842][ T4279] Bluetooth: hci1: Injecting HCI hardware error event [ 447.873372][ T4279] Bluetooth: hci1: hardware error 0x00 [ 450.787231][ T4279] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 451.934087][ T9116] loop3: detected capacity change from 0 to 128 [ 458.817456][ T9162] netlink: 'syz.3.1263': attribute type 1 has an invalid length. [ 458.958727][ T9165] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 459.036404][ T9165] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 459.048122][ T9165] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 459.057094][ T9165] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 459.079645][ T9165] bond3: (slave geneve2): making interface the new active one [ 459.090237][ T9165] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 459.227013][ T9162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1263'. [ 462.573809][ T9202] netlink: 'syz.4.1265': attribute type 1 has an invalid length. [ 463.996046][ T9202] bond2: (slave ip6gretap2): Enslaving as a backup interface with an up link [ 464.312429][ T9224] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1271'. [ 464.677659][ T9216] device veth7 entered promiscuous mode [ 464.700740][ T9216] bond2: (slave veth7): Enslaving as a backup interface with a down link [ 467.182808][ T9238] lo speed is unknown, defaulting to 1000 [ 468.328897][ T9269] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 468.493808][ T9274] loop3: detected capacity change from 0 to 2048 [ 468.673532][ T9274] NILFS (loop3): invalid segment: Inconsistency found [ 468.680782][ T9274] NILFS (loop3): trying rollback from an earlier position [ 469.131728][ T9274] NILFS (loop3): recovery complete [ 469.244688][ T9288] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 470.008888][ T9298] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1290'. [ 470.018097][ T9298] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1290'. [ 470.492319][ T9299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1291'. [ 470.760281][ T9299] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1291'. [ 472.513649][ T9319] xt_recent: hitcount (692) is larger than allowed maximum (255) [ 473.615697][ T9334] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 473.624621][ T9334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 473.632398][ T9334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 474.616467][ T9354] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1305'. [ 474.972816][ T9354] sch_tbf: burst 511 is lower than device veth7 mtu (1514) ! [ 479.750374][ T9417] 9pnet: Could not find request transport: f [ 482.660827][ T9445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1325'. [ 482.706824][ T9445] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1325'. [ 484.956327][ T9496] IPVS: set_ctl: invalid protocol: 22 127.0.0.1:20001 [ 485.128060][ T9492] lo speed is unknown, defaulting to 1000 [ 485.204651][ T9504] 9pnet_virtio: no channels available for device [ 487.021260][ T4279] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 487.030263][ T4279] Bluetooth: hci3: Injecting HCI hardware error event [ 487.039750][ T4279] Bluetooth: hci3: hardware error 0x00 [ 488.958766][ T9531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1351'. [ 489.641476][ T4279] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 490.260125][ T9546] loop3: detected capacity change from 0 to 8192 [ 490.468392][ T9562] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 490.586947][ T9562] FAT-fs (loop3): Filesystem has been set read-only [ 495.391661][ T9610] Cannot find set identified by id 0 to match [ 499.118911][ T9649] kernel read not supported for file / œ7³ÏüâW)ës“§Ç!Qöì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 9649 comm: syz.1.1381) [ 499.133924][ T26] audit: type=1800 audit(2000000429.730:257): pid=9649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1381" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=50335 res=0 errno=0 [ 499.222228][ T9650] ip6t_srh: unknown srh invflags 6BE9 [ 499.707700][ T9649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1381'. [ 499.870838][ T9655] Cannot find add_set index 0 as target [ 500.005786][ T4564] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.034141][ T9659] netlink: 'syz.1.1396': attribute type 1 has an invalid length. [ 500.070918][ T9659] 8021q: adding VLAN 0 to HW filter on device bond5 [ 500.107017][ T9665] 8021q: adding VLAN 0 to HW filter on device bond5 [ 500.114506][ T9665] bond5: (slave vxcan5): The slave device specified does not support setting the MAC address [ 500.126925][ T9665] bond5: (slave vxcan5): Error -95 calling set_mac_address [ 501.273223][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.279553][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.437641][ T9697] device sit0 entered promiscuous mode [ 504.211895][ T9713] xt_recent: hitcount (692) is larger than allowed maximum (255) [ 512.302188][ T9791] netlink: 'syz.0.1426': attribute type 10 has an invalid length. [ 512.431394][ T9791] device lo entered promiscuous mode [ 512.438166][ T9791] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 512.501259][ T9792] netlink: 'syz.0.1426': attribute type 10 has an invalid length. [ 513.416835][ T9792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.538399][ T9792] team0: Port device bond0 added [ 514.942549][ T9831] loop3: detected capacity change from 0 to 64 [ 517.981299][ T4279] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 517.990208][ T4279] Bluetooth: hci4: Injecting HCI hardware error event [ 517.999965][ T4279] Bluetooth: hci4: hardware error 0x00 [ 518.135489][ T9867] loop3: detected capacity change from 0 to 256 [ 518.997491][ T9867] FAT-fs (loop3): Directory bread(block 64) failed [ 519.015603][ T9867] FAT-fs (loop3): Directory bread(block 65) failed [ 519.043454][ T9867] FAT-fs (loop3): Directory bread(block 66) failed [ 519.049998][ T9867] FAT-fs (loop3): Directory bread(block 67) failed [ 519.068726][ T9867] FAT-fs (loop3): Directory bread(block 68) failed [ 519.076114][ T9867] FAT-fs (loop3): Directory bread(block 69) failed [ 519.083958][ T9867] FAT-fs (loop3): Directory bread(block 70) failed [ 519.091320][ T9867] FAT-fs (loop3): Directory bread(block 71) failed [ 519.102198][ T9867] FAT-fs (loop3): Directory bread(block 72) failed [ 519.108914][ T9867] FAT-fs (loop3): Directory bread(block 73) failed [ 520.202298][ T4279] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 523.410759][ T9913] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1461'. [ 525.233023][ T9950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1471'. [ 525.297639][ T9950] device gtp0 entered promiscuous mode [ 526.234700][ T9939] netlink: 'syz.4.1469': attribute type 1 has an invalid length. [ 526.472206][ T9939] 8021q: adding VLAN 0 to HW filter on device bond3 [ 526.501631][ T9957] netlink: 'syz.5.1468': attribute type 4 has an invalid length. [ 526.799257][ T9942] bond3: (slave veth9): Enslaving as an active interface with a down link [ 526.829860][ T9939] device veth1 entered promiscuous mode [ 527.092877][ T9939] device veth1 left promiscuous mode [ 527.136246][ T9939] bond3: (slave vlan2): making interface the new active one [ 527.157106][ T9939] device veth1 entered promiscuous mode [ 527.167008][ T9939] device vlan2 entered promiscuous mode [ 527.174358][ T9939] bond3: (slave vlan2): Enslaving as an active interface with an up link [ 527.188485][ T9396] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 527.455108][ T26] audit: type=1326 audit(2000000458.040:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 527.580309][ T26] audit: type=1326 audit(2000000458.080:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 528.209465][ T26] audit: type=1326 audit(2000000458.080:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 528.246670][ T26] audit: type=1326 audit(2000000458.080:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 528.313637][ T26] audit: type=1326 audit(2000000458.090:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 528.462191][ T26] audit: type=1326 audit(2000000458.110:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 529.168161][ T26] audit: type=1326 audit(2000000458.130:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 529.340756][ T26] audit: type=1326 audit(2000000458.130:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 529.511179][ T26] audit: type=1326 audit(2000000458.150:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 530.290268][ T9991] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1481'. [ 530.301782][ T26] audit: type=1326 audit(2000000458.700:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.5.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1678e929 code=0x7ffc0000 [ 530.336122][ T9991] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 530.384450][ T9986] ÿÿÿÿÿÿ: renamed from vlan1 [ 530.593060][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1481'. [ 531.835309][T10005] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1484'. [ 532.030338][T10008] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1487'. [ 533.011347][ T4331] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 533.322295][ T4331] usb 4-1: Using ep0 maxpacket: 32 [ 533.336519][ T4331] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 533.446509][ T4331] usb 4-1: config 0 has no interface number 0 [ 533.538045][ T4331] usb 4-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 533.613235][ T4331] usb 4-1: config 0 interface 2 has no altsetting 0 [ 533.620197][ T4331] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 533.748101][ T4331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.167281][ T4331] usb 4-1: config 0 descriptor?? [ 534.817264][ T4331] uclogic 0003:5543:0781.0005: unknown main item tag 0x0 [ 534.922734][ T4331] uclogic 0003:5543:0781.0005: unknown main item tag 0x0 [ 535.123818][ T4331] uclogic 0003:5543:0781.0005: unknown main item tag 0x0 [ 535.130995][ T4331] uclogic 0003:5543:0781.0005: item fetching failed at offset 6/7 [ 535.153633][ T4331] uclogic 0003:5543:0781.0005: parse failed [ 535.159582][ T4331] uclogic: probe of 0003:5543:0781.0005 failed with error -22 [ 535.170393][ T4331] usb 4-1: USB disconnect, device number 6 [ 535.336098][T10050] general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN [ 535.347854][T10050] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 535.356288][T10050] CPU: 1 PID: 10050 Comm: syz.1.1499 Not tainted 6.1.145-syzkaller #0 [ 535.364455][T10050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 535.374521][T10050] RIP: 0010:__list_del_entry_valid+0x1f/0x120 [ 535.380603][T10050] Code: de 4c 89 f1 e8 42 9d 00 06 0f 0b 41 57 41 56 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 b5 2a c6 fd 4c 8b 7b 08 48 89 d8 48 c1 e8 [ 535.400232][T10050] RSP: 0018:ffffc90004deee68 EFLAGS: 00010202 [ 535.406316][T10050] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000 [ 535.414302][T10050] RDX: ffffc9000c8b9000 RSI: 0000000000000bae RDI: 0000000000000058 [ 535.422289][T10050] RBP: dffffc0000000000 R08: ffff888030419dc0 R09: 0000000000000002 [ 535.430276][T10050] R10: 00000000ffffffff R11: 0000000000000002 R12: dffffc0000000000 [ 535.438260][T10050] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff88807399c800 [ 535.446243][T10050] FS: 00007f7b8f9616c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 535.455186][T10050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 535.461780][T10050] CR2: 000000110c2df571 CR3: 0000000030b06000 CR4: 00000000003506e0 [ 535.469767][T10050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 535.477748][T10050] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 535.485726][T10050] Call Trace: [ 535.489011][T10050] [ 535.491949][T10050] drr_qlen_notify+0x28/0xf0 [ 535.496560][T10050] qdisc_tree_reduce_backlog+0x287/0x470 [ 535.502212][T10050] ? qdisc_tree_reduce_backlog+0x38/0x470 [ 535.507950][T10050] codel_change+0x970/0xdb0 [ 535.512476][T10050] ? memset+0x1e/0x40 [ 535.516469][T10050] ? qdisc_alloc+0x75d/0xa50 [ 535.521075][T10050] ? qdisc_create+0x16a/0x1090 [ 535.525853][T10050] ? rtnetlink_rcv_msg+0x79b/0xed0 [ 535.530979][T10050] ? netlink_rcv_skb+0x1de/0x420 [ 535.535929][T10050] ? netlink_unicast+0x74c/0x8c0 [ 535.540882][T10050] ? netlink_sendmsg+0x89e/0xbc0 [ 535.545832][T10050] ? ____sys_sendmsg+0x59b/0x970 [ 535.550763][T10050] ? ___sys_sendmsg+0x21c/0x290 [ 535.555603][T10050] ? __se_sys_sendmsg+0x19e/0x270 [ 535.560619][T10050] ? do_syscall_64+0x4c/0xa0 [ 535.565205][T10050] ? codel_reset+0x150/0x150 [ 535.569796][T10050] codel_init+0x1d4/0x3a0 [ 535.574120][T10050] ? qdisc_peek_dequeued+0x1f0/0x1f0 [ 535.579394][T10050] qdisc_create+0x7cb/0x1090 [ 535.583977][T10050] ? qdisc_notify+0x370/0x370 [ 535.588647][T10050] ? lockdep_rtnl_is_held+0x22/0x30 [ 535.593834][T10050] ? qdisc_lookup+0x175/0x6c0 [ 535.598501][T10050] tc_modify_qdisc+0xb0f/0x1be0 [ 535.603350][T10050] ? qdisc_offload_query_caps+0x140/0x140 [ 535.609070][T10050] ? qdisc_offload_query_caps+0x140/0x140 [ 535.614865][T10050] ? rtnetlink_rcv_msg+0x1d8/0xed0 [ 535.619965][T10050] rtnetlink_rcv_msg+0x79b/0xed0 [ 535.624951][T10050] ? rtnetlink_bind+0x80/0x80 [ 535.629632][T10050] ? mark_lock+0x94/0x320 [ 535.633963][T10050] ? __lock_acquire+0x12e5/0x7c50 [ 535.638986][T10050] ? netlink_sendmsg+0x645/0xbc0 [ 535.643918][T10050] ? verify_lock_unused+0x140/0x140 [ 535.649122][T10050] netlink_rcv_skb+0x1de/0x420 [ 535.653882][T10050] ? rtnetlink_bind+0x80/0x80 [ 535.658652][T10050] ? netlink_ack+0x1100/0x1100 [ 535.663423][T10050] ? netlink_deliver_tap+0x2e/0x1b0 [ 535.668621][T10050] netlink_unicast+0x74c/0x8c0 [ 535.673381][T10050] netlink_sendmsg+0x89e/0xbc0 [ 535.678141][T10050] ? netlink_getsockopt+0x540/0x540 [ 535.683375][T10050] ? aa_sock_msg_perm+0x94/0x150 [ 535.688313][T10050] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 535.693765][T10050] ? security_socket_sendmsg+0x7c/0xa0 [ 535.699218][T10050] ? netlink_getsockopt+0x540/0x540 [ 535.704421][T10050] ____sys_sendmsg+0x59b/0x970 [ 535.709188][T10050] ? __sys_sendmsg_sock+0x30/0x30 [ 535.714206][T10050] ? __import_iovec+0x315/0x500 [ 535.719047][T10050] ? import_iovec+0x6f/0xa0 [ 535.723554][T10050] ___sys_sendmsg+0x21c/0x290 [ 535.728234][T10050] ? __sys_sendmsg+0x270/0x270 [ 535.732997][T10050] ? put_user_ifreq+0x81/0xb0 [ 535.737686][T10050] ? __fdget+0x17c/0x200 [ 535.742073][T10050] __se_sys_sendmsg+0x19e/0x270 [ 535.746938][T10050] ? __se_sys_futex+0x14a/0x440 [ 535.751792][T10050] ? __x64_sys_sendmsg+0x80/0x80 [ 535.756734][T10050] ? lockdep_hardirqs_on+0x94/0x140 [ 535.761937][T10050] do_syscall_64+0x4c/0xa0 [ 535.766351][T10050] ? clear_bhb_loop+0x60/0xb0 [ 535.771019][T10050] ? clear_bhb_loop+0x60/0xb0 [ 535.775700][T10050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 535.781581][T10050] RIP: 0033:0x7f7b8eb8e929 [ 535.785994][T10050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.805603][T10050] RSP: 002b:00007f7b8f961038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 535.814010][T10050] RAX: ffffffffffffffda RBX: 00007f7b8edb5fa0 RCX: 00007f7b8eb8e929 [ 535.822009][T10050] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000007 [ 535.829968][T10050] RBP: 00007f7b8ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 535.837927][T10050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 535.845907][T10050] R13: 0000000000000000 R14: 00007f7b8edb5fa0 R15: 00007ffc01f7b1e8 [ 535.853884][T10050] [ 535.856900][T10050] Modules linked in: [ 535.860871][T10050] ---[ end trace 0000000000000000 ]--- [ 535.866367][T10050] RIP: 0010:__list_del_entry_valid+0x1f/0x120 [ 535.872482][T10050] Code: de 4c 89 f1 e8 42 9d 00 06 0f 0b 41 57 41 56 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 48 83 c7 08 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 b5 2a c6 fd 4c 8b 7b 08 48 89 d8 48 c1 e8 [ 535.892142][T10050] RSP: 0018:ffffc90004deee68 EFLAGS: 00010202 [ 535.898225][T10050] RAX: 000000000000000b RBX: 0000000000000050 RCX: 0000000000080000 [ 535.906235][T10050] RDX: ffffc9000c8b9000 RSI: 0000000000000bae RDI: 0000000000000058 [ 535.914243][T10050] RBP: dffffc0000000000 R08: ffff888030419dc0 R09: 0000000000000002 [ 535.922248][T10050] R10: 00000000ffffffff R11: 0000000000000002 R12: dffffc0000000000 [ 535.930231][T10050] R13: dffffc0000000000 R14: 0000000000000050 R15: ffff88807399c800 [ 535.938241][T10050] FS: 00007f7b8f9616c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 535.947207][T10050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 535.953824][T10050] CR2: 000000110c2df571 CR3: 0000000030b06000 CR4: 00000000003506e0 [ 535.961836][T10050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 535.969811][T10050] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 535.977830][T10050] Kernel panic - not syncing: Fatal exception in interrupt [ 535.985239][T10050] Kernel Offset: disabled [ 535.989549][T10050] Rebooting in 86400 seconds..