last executing test programs: 5m45.999626748s ago: executing program 4 (id=285): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x6) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 5m44.932553395s ago: executing program 4 (id=290): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000380)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper={0x40086303}], 0x0, 0x1000000000000, 0x0}) 5m44.697873844s ago: executing program 4 (id=295): syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='.\x00', &(0x7f0000000080), 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r2) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=@delchain={0x24, 0x2e, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) 5m44.601357132s ago: executing program 4 (id=297): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="02c830750071000100020204000300f8"], 0x7a) 5m42.888526201s ago: executing program 4 (id=303): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) setpgid(0x0, r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x200443, 0x58) 5m42.682862578s ago: executing program 4 (id=307): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000280)={@flat=@binder={0x73622a85, 0x100, 0x1}, @flat=@weak_binder={0x77622a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x78, 0x0, &(0x7f0000000d80)="4ef5c0fd8a62ab89cc577d6a0a5afa762b3c986f8b5e97fdbcf39f9208af901018bf28aa1d7331a06b83ef2b1eab197947494ff34554c04f0dc21ad265a6ecd8b6797f3be59ddc068ade156c6e4838b894c921d885ccb51fcbcf4c3b57671b7dc81f9cc29ac310f74c0bf6c1330b2eae80b06f19ca024829"}) 5m27.348779936s ago: executing program 32 (id=307): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000280)={@flat=@binder={0x73622a85, 0x100, 0x1}, @flat=@weak_binder={0x77622a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x78, 0x0, &(0x7f0000000d80)="4ef5c0fd8a62ab89cc577d6a0a5afa762b3c986f8b5e97fdbcf39f9208af901018bf28aa1d7331a06b83ef2b1eab197947494ff34554c04f0dc21ad265a6ecd8b6797f3be59ddc068ade156c6e4838b894c921d885ccb51fcbcf4c3b57671b7dc81f9cc29ac310f74c0bf6c1330b2eae80b06f19ca024829"}) 5m6.798686529s ago: executing program 3 (id=427): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xdc}}, 0x0) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 5m6.279933431s ago: executing program 3 (id=431): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x4, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "4eff51afaef09474", "d373bc171d564dcd0b86123859d7f466", "e8b29a2c", "662e229672253891"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 5m5.951546148s ago: executing program 3 (id=433): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) 5m4.898133793s ago: executing program 3 (id=435): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fallocate(r3, 0x0, 0x0, 0x10fff9) lseek(r3, 0x0, 0x3) 5m3.989795877s ago: executing program 3 (id=441): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 5m2.016174988s ago: executing program 3 (id=444): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x5, 0xfff3}, {}, {0x10, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x11}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) 4m46.793662767s ago: executing program 33 (id=444): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x5, 0xfff3}, {}, {0x10, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x11}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) 4m11.900082727s ago: executing program 6 (id=479): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x8}, @hci_rp_read_stored_link_key={{}, {0x9, 0x40, 0x6}}}}, 0xb) ioctl$VT_RESIZEX(r1, 0x560a, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x3004000, &(0x7f0000000340), 0x2, 0x7ad, &(0x7f0000000380)="$eJzs3c9rHFUcAPDvbHaT9GdSUbCKGvDQgpgmseAPFFLwKCKoJy8NybaUbn/QRLAhQovYk8eC4EUEwYs3xYsgpSdFvPQi/Q+kUiQIrdJDZCaTzTbdTTfNbiZxPx+YzZt5s/ve7PKdNz9e5gXQs0bSl1LEwYi4lEQM5cuTiKhkqXLE5PJ6dxcXpv9ZXJhOYmnp3b+SbJ07iwvT0fCe1J78bYMRceN6Eo/1PVju7MX501O1WvVCPn9k7sz5I7MX5188dWbqZPVk9ezExMSrE0fHXx6b6Ni2fvLMr9/du/L2p5/vv3n1zxs/7E9iMvbmeY3b0SkjMVL/ThqVI+LNThdWkL58e0oNy5LympUGt7hStK3U8Bs+GUPRF6s/3lBc/77QygEAXbGUTgBAj0m0/wDQY1auA9xZXJhemYq9IgFsldvHlu/PpnF/N5+Wc8oxmf0dzPoB7P47icbbuslK34FNSj/j2w8qX6ZTdOk+PNDcpcvZjf8m7X+Sxf9w3nljbfz3ReT7h81Zuw8R/7B1NhP/73SgfPEPAAAAAAAAnXPtWES80uz+X6ne/yea3P8biIixDpT/8Pt/pVsdKAZo4vaxiNfzZ/vc3/+v/kSX4b58bl9EPBGV5MSpWnUs7mW9hw9HJd1NVMebf3y2y3j/yvhPrcpv7P+XTmn5K30B83rcKg/c/56ZqbmpzW43EHH7csRT5Wbxn9Tb/6RF/9/jbZbx48I3z7bKe3j8A92y9FXEoabt/+qT65L1n893JDseWH5tWsb88Tc+blV+W/G/+m9KQAel7f/u9eN/OGl8Xufsxsv47M7YF63yHvX4vz95L3uqaH++7KOpubkL4xH9yVsPLm/6CNGlgY1vCexsK/GwEi9p/B9+vvn5/3rH/5WION9mmV//XPm9Vd5IFqmO/6EIafzPbKj933ji39+ebrmraK/9P5q16YfzJa7/wfraDdCi6wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ1Uioi9kZRG6+lSaXQ0Yk9EPB67S7Vzs3MvnDj34dmZNC9iOCqlE6dq1bGIGFqeT9L58Sy9Oj+xZv6liDgQEVcHdmXzo9PnajNFbzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5Pa0GP8/9cdAw4qTRdUQAOiKwaIrAABsOe0/APQe7T8A9J4Nt/+/7OtORQCALeP8HwB6j/YfAAAAAAAAAAAAAAAAAAAAAAAAALrqwHPXbiYRcem1XdmU6s/zKoXWDOi2UtEVAArTV3QFgMKU21kpSernBMD/h3N8IHlIfushQlxBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgdxw62O74/22NFArsIEbvg95l/H/oXY7qoXcZ/x/o1vj/ux6xPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB3NXpw/PVWrVS9IdDpR3h7V2A6JgYjobhGDsT22tMBE+iXHWMc+sOg9EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO8F/AQAA///IXxBG") chdir(&(0x7f0000000140)='./file0\x00') socket$unix(0x1, 0x1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r2, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b5d520887f70e06d038e7ff7fc6e5539b3272298bf09b07081b4d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b39070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc825d8e524b2451138e495bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546850a27af9544ae15a7e454dea05918b4fd42513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cfe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2691491abf8ab9c015073014d9e08d4338b8780bdecd436cf0541e4505bc3a45237f104b962102de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd735892892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5407000000e3ad038f2211f1033195563c7f93cd54b9094f226e78b271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005008000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546def271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652770711935f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f42f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599af40005b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fd30d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb84d9a88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678458fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000bd700", 0x1000}}, 0x375) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) write$UHID_INPUT(r1, &(0x7f0000003140)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b500a75e70a9b334d959b669a240d5b0af3988f7ef31952010affe8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c477747abc3609aa24b7d520c829d095083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f19d684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455916e0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 4m10.669234267s ago: executing program 6 (id=560): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fallocate(r3, 0x0, 0x0, 0x10fff9) lseek(r3, 0x0, 0x3) 4m9.679795428s ago: executing program 6 (id=561): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 4m8.038730861s ago: executing program 6 (id=565): socket(0x10, 0x3, 0x0) syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='.\x02\x00', 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="636865636b3d7374726963742c756e686964652c63727566742c696f636861727365743d63a08033322c636865636b3d72656c617865642c6e6f6a6f6c6965742c636865636b3d72656c617865642c6e6f6a6f6c6965742c00"], 0x1, 0x55d, &(0x7f0000000b00)="$eJzs3VFv01YbwPHHpYWSV0LoZUKoKnAom1SkEhwXgiKuPOckPeDYke2g9gpVNEUVKUyUSWtvNm7YJm0fgtt9iH0jtI/AZDspzdo0HaUJ6v6/Co5jH/s8x4n86LTxsQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALG8qm2XLPFN0FpWg3nVKGx8fNnde98KudVXHNKuiJX+k+lpuZKvuvLVx82X0//mZDZ/NSvTaTEtO/+7fPHBpcmJ3v6HBDwSW9s7z1c7nfarcQdygq6eG7ytrgMTh6bh1rUycagq5bJ9Z6kWq5rxdbwSJ7qhvEi7SRipee+WKlUqi0oXV8JWUK+6vu6tvH/bse2yelhsajeKw+DOw2LsLRnfN0E9q5NuTuvcTz+Ij0yiEu02lFrf6LQXh3UgrVQ6SiVnWCXHdpxSyXFK5XuVe/dte3LfCvsfZF+N8X9oMV6f8eoNHM9EN/+LL0YCacmyqAN/PKlKJKE0Bmzv6uX/b+7oQ9vdm/97Wf7Kx80zkuX/a/mra4Py/4BYRvezJduyI89lVTrSkba8GntEo/2pi5ZAjMQSipGGuNka1V2jpCJlKYstT2RJahKLkpoY8UVLLCsSSyI6+0R5EokWVxIJJRIl8+LJLVFSkopUZFGUaCnKioTSkkDqUhU3O8q6bGTnfVGUNSjG3Uqlgd0o9D53bXEO6S35H8f3Wa/fwHF86OV/AAAAAABwalnZb9/T8f+UXM2WasbX9rjDAgAAAAAAn1H2l//ZtJhKl66KxfgfAAAAAIDTxsrusbNEpCDX86V1sbLbpfglAAAAAAAAp0T29/9raZHNgXJdrN3pUhj/AwAAAABwSvwydI79uHnO+vMviaIp601z+Wtr003ruZtn8v3O9I400S2T2ox1oXuQrCjnxeSkp2et6bzS7iSY77vF+rA4rIMC+GlvADIkgEuT8pvcyOvcWMvLtd6WvJVCzfi66IX+g5K47oWJRC8n37/Y+EGy7v8aNC5Ysr7RaRefvuysZbG8SY/yZrM7geK+eRQPieV1Nt9Cds/FgT2eym7E6LZbyNu19/Z/ov+8H6XNtzKX15nrznhb6O//dNpmqdjX+3TbbhTTstFpl47Z87dyM69zc/5mXhwQhVMc9B50z4WzN4pPOhf7o7D6ojgvIsOiWBwUhXW0KABgXNaHZCFrf+L/hGvtp2V3+ZfZ/a3M53XmZ7IL6+TMAXnFHnZFt4+Z3f7Y9wykQTk2bff33XbzrPou3eHdwHZj37HSU3jm9eZ3cnlre+f2xubqs/az9gvHWSzbd237niNTWTe6xZ5IP5wj9wAAcsOfsTO0hnU3H1VfFDl4VP3/3a8UFOWpvJSOrMlCdrdB9o2DA49a2PM1hIUho9ZClibzJ7wsHDK2PJvd5dA7rnNo3f4YFkfxVgAAMDJzQ/LwUfL/wpBxd38u7x8dn5VBdUsjPxcAAPxX6Oi9VUh+tqLINJ+UKpWSmyxpFYXeIxWZal0rEyQ68pbcoK5VMwqT0Av9dOGxqepYxa1mM4wSVQsj1Qxjs5w9+V11H/0e64YbJMaLm752Y628MEhcL1FVE59Xzda3vomXdJTtHDe1Z2rGcxMTBioOW5Gni0rFWu+paKo6SEzNpIuBakam4UYr6nHotxpaWWJJZJpJmB+w15YJamHUyA5bHPfJBgDgC7G1vfN8tdNpvzrBhXH3EQAA9CNLAwAAAAAAAAAAAAAAAAAAAADw5RvF/X8sjGPhbPcdHkFbvamgx93lE16wRtrBSREZZ5eHXjp+PNELE4AT93cAAAD//+IERnQ=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0xaf423, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000000f00)={0x2020}, 0x2020) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x4) 4m6.633099166s ago: executing program 6 (id=578): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) getpid() r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}}, 0x1c) listen(r0, 0x0) listen(r1, 0x0) 4m5.270992407s ago: executing program 6 (id=584): socket$key(0xf, 0x3, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x606001, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000000010104190000000000000001000080440001800c00028005000100000000002c0001808fff0300fc010000"], 0x58}}, 0x20000800) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002100)='./binderfs2/custom1\x00', 0x2, 0x0) syz_clone(0x8480, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x2, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 4m4.254242919s ago: executing program 34 (id=584): socket$key(0xf, 0x3, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x606001, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000000010104190000000000000001000080440001800c00028005000100000000002c0001808fff0300fc010000"], 0x58}}, 0x20000800) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002100)='./binderfs2/custom1\x00', 0x2, 0x0) syz_clone(0x8480, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x2, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 23.302625284s ago: executing program 7 (id=1209): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) r1 = socket$inet(0xa, 0x801, 0x84) listen(r1, 0x8) r2 = socket$inet(0xa, 0x801, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r3, 0x4) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r4, 0x100) listen(r2, 0x8) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x1) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r6) 23.204990522s ago: executing program 7 (id=1210): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x2040, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001580), 0x80000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x5359fa85130690a9, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x149000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001480), 0x880, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x28002, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 21.340125853s ago: executing program 7 (id=1214): socket$nl_route(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x20008005}, 0x0) 17.891745874s ago: executing program 7 (id=1222): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 16.595712269s ago: executing program 0 (id=1226): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c) 14.434402685s ago: executing program 0 (id=1229): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) 8.668224085s ago: executing program 5 (id=1242): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) add_key$user(&(0x7f0000002100), 0x0, &(0x7f00000021c0), 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000440), 0x0, &(0x7f0000000100), 0x0, 0xffffffffffffffff) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) 7.586466543s ago: executing program 5 (id=1245): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x281}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) unshare(0x22020600) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) 7.528453927s ago: executing program 7 (id=1246): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000004) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40000002) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00c9000201"], 0x22) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) r1 = fsopen(&(0x7f0000000140)='erofs\x00', 0x0) r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f00009fa000/0x2000)=nil, 0x2000, 0x1000006) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) close_range(r1, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) 5.699184476s ago: executing program 5 (id=1248): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x200000002) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448c9, 0x0) 5.433016368s ago: executing program 7 (id=1249): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) 5.358538374s ago: executing program 1 (id=1250): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) socket$inet6(0xa, 0x3, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f000049b000/0x2000)=nil, 0x2000, 0xb635773f06ebbeef, 0x8bacedea6f0fac5a, r0, 0x94bb7000) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x3, 0x7ffc1fff}]}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x38200, 0x0) 5.255791892s ago: executing program 0 (id=1252): socket$inet(0x2, 0x1, 0x0) pipe2(&(0x7f0000000040), 0x10000) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 5.189603768s ago: executing program 2 (id=1253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) connect$inet6(r3, &(0x7f0000000400)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000270001000000000000000000ac1e010100"/45, @ANYRES32=0x0, @ANYRES32], 0x50}}, 0x0) sendmsg$inet(r4, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4041) 5.169682959s ago: executing program 1 (id=1254): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socket(0x10, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd29, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0) 3.761868804s ago: executing program 5 (id=1255): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x2}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.607538576s ago: executing program 1 (id=1256): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0xb12}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.606160927s ago: executing program 0 (id=1257): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000004c0)='./file1\x00', 0x1804818, &(0x7f0000000180)=ANY=[], 0xfc, 0x6b7, &(0x7f0000000d80)="$eJzs3c1vHGcdB/DvrNd2Ni2pkyZtQJVqNRIgIhInVlrMhYAQyqGqqnLgbCVOY8VJi+OitELU4fXaQ/+AcsgFcULixCVS4cCF3npDPiIhcSkHwoVFMztr73rXGztpvI76+USzz+s888xvXvbFiibAF9al02neS5FLp1+9XZY37s6vbNydv9HJv9ZMMp1kPSmzjSTFf9rt9sfJxaTYHKbYlg74cHnhjU8/2/hHp9Ssl6p/Y9R629T91rdVr3frZpNM1Okj6Bvv8iOPV2zO/GKSU3UKYzeZpN3nx399erOlR2vY2of2ZY7A41V03jcHzCSH6wu9/BzQfedt7O/sdm+6rzS5Y7/tnyAAAADgSVN9B24OVPfVPHM/93O7OLKP0wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAn2vrW8/+Leml087Mpus//n6rrUucPlhf31v3e45oHAAAAAAAAADy0O6ObJwarXryf+7mdI91yu6j+5v9SVThevT6Vd3IrS1nNmdzOYtayltWcSzLTM9DU7cW1teluadSa54etuXr+AbvWHbr1gH4AAAAAAAAA8MX081za+vs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEUy0UlS3OmpnkmjmeRQkqmyYj35pJt/kt0b9wQAAABgH0wn95Mc6ZbbRY4nea76DeBQ3snNrGU5a1nJUq5Uvwt0vvU3Nu7Or2zcnb9RLoPjfvdfe5pGNWI6vz0M3/LJqkcrV7Nc1ZzJ5byVlVxJo1qzdLKeT3fUbfO6U86p+E7tld3N7Eqdlnv+QZ0OeH9PO7uTPf6YMlOnVUQmkrl6bmU0jnaPzPAjtMejM1ONOrkZ+3NpbE72+LYtTfXvTH/Mt4ZsjNre4Tot9+fXO8V8LDqR+F+7Yynne86+50bHPPnaH3//o7k6f3B2aXcm6rRdvbYGz4n5nkg8v5tIXFu5ef3a1Vunn5hITO9QP1dF4sRm+VJ+kB/mdGbzelaznJ9kMWtZymy+X+UW64Nf9FzyO0TqYl/p9QfNcKo+QzsHa29zeqla90iW81reypUs5eXq3/mcyyu5kAtZ6DnCJ0Yf4eqqbwxe9ZX2l4ZO/tTX60wryW/q9GAo43q0J65bZ/1cFe+jfTVbUTq2iygNuTeO0vxKnSm38YsH3Uj31fZInOuJxLOjI/Hb6rZya+Xm9dVri2/vbnPHPqgz5XX0q2T24NxIyvPlWHmwqtJ039lRtj272dYfr7Lt+GZbY6DtRP6UZrO7leWs73ilTtWf4QZHOl+1PT+0bb5qO9nTNuzzFgAH3uFvHJ5q/bP1t9ZHrV+2rrVePfS96W9NvzCVyT9Pfrs5N/HVxgvFH/JRfrb1/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4t9597/riysrS6rZMu91+/5PhTbvMdJ9Xs1kz+XDj1JnuU6GG93mmd3cy+/enUj2zbKDzRNrVM/seYb/2mvny08l+bevgZv7bbrfrmmKHPr/7y/ZATWdMoauf89cec+jKc35sWx/L7QjYR2fXbrx99ta7731z+cbim0tvLt1cuHBhYW7hwsvzZ68uryzNdV7HPUvgcdh60x/3TAAAAAAAAAAAAIDd+pz/z8D6sKZx7yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZLt0Os17KXJu7sxcWd64O79SLt38Vs9mkkaS4qdJ8XFyMZ0lMz3DFTtt58PlhTc+/Wzj3+2Oeryqf2PUeruzXi+ZTTLRSe98XuNdrtM+2ydcjNqFYnOFMmCnuoGDcft/AAAA//+/hwrZ") openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x90) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_clone(0x2001100, 0x0, 0x0, 0x0, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) accept4$alg(r1, 0x0, 0x0, 0x0) 3.592574777s ago: executing program 2 (id=1258): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 3.255823215s ago: executing program 0 (id=1259): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000300)={0x1d, r1, 0x0, {0x0, 0xf0, 0x2}, 0x1}, 0x18) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r7 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r7, &(0x7f0000000080)={0x1d, r6, 0xfffffffffffffffe, {0x3, 0x0, 0x4}}, 0x18) bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x100000, {0x0, 0x0, 0x74, r3, {0xfff3, 0x8}, {0x4, 0xfff3}, {0xffe0, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0x0) 2.46291693s ago: executing program 2 (id=1260): r0 = memfd_create(&(0x7f00000008c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1\xd7[\v<\x05~\xfd\x18\f\x1ae\xe0\x00\x00\x00\x80\x00\xff\xf5\xa5\xdf_G\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\xf0\xb2\x17\x95\xab%F\xfc\x8cH<\x9a\xb7\xc8\x026\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f\xc8\x96\x0e\x88\x81\xb4SD\xf5\x8a\xcb5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xac\xfd\xbdnC\xec\xafz\xc5\f\x1a\x8a\xaf', 0x0) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) socket$inet6(0xa, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0xa0, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x828f2, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x3813009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) unlinkat(0xffffffffffffff9c, 0x0, 0x200) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000b80)) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000280)={[{@nfs_export_on, 0x3a}], [], 0x2f}) 2.224921859s ago: executing program 2 (id=1261): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x281}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) unshare(0x22020600) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) 2.223652979s ago: executing program 1 (id=1271): sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x40004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNENABLEPIPE(r3, 0x89ed, 0x0) 455.589753ms ago: executing program 5 (id=1262): r0 = epoll_create1(0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r4, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 454.313063ms ago: executing program 1 (id=1263): r0 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x5c, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) unshare(0x400) accept4(r0, 0x0, 0x0, 0x0) 454.107773ms ago: executing program 2 (id=1264): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet6(0x10, 0x3, 0x0) sendmsg$inet(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000500eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSETLED(r3, 0x4b32, 0x3) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x5, 0x20}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r6, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 338.997432ms ago: executing program 0 (id=1265): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = mq_open(&(0x7f0000000040)='\a\x00\x00@/\x1cL\x18kc\x98\x1f\xbeC\xf4*1\x17\xd2\x00', 0xc0, 0xbc, 0x0) lseek(r3, 0x0, 0x3) 244.726191ms ago: executing program 1 (id=1266): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x115}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r6, 0x0, 0x0, 0x0, 0x40020100}) io_uring_enter(r3, 0x8aa, 0x0, 0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2}], 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 44.748667ms ago: executing program 5 (id=1267): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000640)="8d", &(0x7f00000007c0)=@tcp=r0, 0x2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 0s ago: executing program 2 (id=1268): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$alg(r5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x40010}, 0x14000012) kernel console output (not intermixed with test programs): for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 58.747252][ T4695] binder: 4695 RLIMIT_NICE not set [ 59.004126][ T7] binder: undelivered TRANSACTION_COMPLETE [ 59.462450][ T4702] loop3: detected capacity change from 0 to 512 [ 59.486982][ T4702] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.87: Invalid inode bitmap blk 4 in block_group 0 [ 59.490889][ T4702] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 59.507190][ T4702] netlink: 'syz.3.87': attribute type 4 has an invalid length. [ 59.584449][ T4710] netlink: 'syz.3.87': attribute type 4 has an invalid length. [ 59.736894][ T4313] EXT4-fs (loop3): unmounting filesystem. [ 59.857299][ T4722] tipc: Started in network mode [ 59.860151][ T4722] tipc: Node identity 7f000001, cluster identity 4711 [ 59.863366][ T4722] tipc: Enabling of bearer rejected, failed to enable media [ 59.937795][ T4722] tipc: Enabling of bearer rejected, failed to enable media [ 61.581196][ T4730] netlink: 'syz.3.96': attribute type 1 has an invalid length. [ 61.625716][ T4732] syz.0.95 uses old SIOCAX25GETINFO [ 62.708417][ T4745] loop2: detected capacity change from 0 to 16 [ 62.727796][ T4745] erofs: (device loop2): mounted with root inode @ nid 36. [ 62.790693][ T4308] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[9000] [ 62.795116][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[4096] [ 62.801484][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[4096] [ 62.856503][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[9000] [ 62.859971][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[9000] [ 62.863265][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[9000] [ 62.877047][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[9000] [ 62.900824][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[4096] [ 62.903980][ T4745] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -13 in[56, 4040] out[4096] [ 63.237362][ T4766] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 63.856994][ C1] af_packet: tpacket_rcv: packet too big, clamped from 56 to 4294967272. macoff=96 [ 64.052823][ T4774] 8021q: adding VLAN 0 to HW filter on device bond1 [ 64.082191][ T4774] device bond_slave_0 entered promiscuous mode [ 64.084444][ T4774] device bond_slave_1 entered promiscuous mode [ 64.087369][ T4774] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 64.091705][ T4774] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 64.179812][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 64.306556][ T4786] netlink: 'syz.1.115': attribute type 4 has an invalid length. [ 64.333968][ T4779] loop2: detected capacity change from 0 to 4096 [ 64.370557][ T4779] __ntfs_error: 32 callbacks suppressed [ 64.370572][ T4779] ntfs: (device loop2): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 64.375146][ T4779] ntfs: (device loop2): map_mft_record(): Failed with error code 5. [ 64.379679][ T4788] loop0: detected capacity change from 0 to 764 [ 64.381750][ T4779] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 64.431336][ T4779] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 64.434782][ T4779] ntfs: (device loop2): map_mft_record_page(): Mft record 0x4 is corrupt. Run chkdsk. [ 64.450460][ T4779] ntfs: (device loop2): map_mft_record(): Failed with error code 5. [ 64.452975][ T4779] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x4 as bad. Run chkdsk. [ 64.473495][ T4779] ntfs: (device loop2): load_and_init_attrdef(): Failed to initialize attribute definition table. [ 64.481130][ T4779] ntfs: (device loop2): ntfs_fill_super(): Failed to load system files. [ 64.536500][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.538603][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.759475][ T4798] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 64.976243][ T4802] overlayfs: failed to get inode (-116) [ 64.981041][ T4802] overlayfs: failed to look up (file2) for ino (-116) [ 65.171354][ T4806] lo speed is unknown, defaulting to 1000 [ 65.173427][ T4806] lo speed is unknown, defaulting to 1000 [ 65.206157][ T4806] lo speed is unknown, defaulting to 1000 [ 65.212924][ T4806] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 65.218836][ T4806] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 65.255760][ T4806] lo speed is unknown, defaulting to 1000 [ 65.258194][ T4806] lo speed is unknown, defaulting to 1000 [ 65.260358][ T4806] lo speed is unknown, defaulting to 1000 [ 66.648050][ T4806] lo speed is unknown, defaulting to 1000 [ 66.650431][ T4806] lo speed is unknown, defaulting to 1000 [ 66.692940][ T4810] netlink: 6 bytes leftover after parsing attributes in process `syz.2.124'. [ 66.741770][ T4810] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 66.787210][ T4817] binder: 4816:4817 tried to acquire reference to desc 0, got 1 instead [ 66.816376][ T4817] binder: 4816:4817 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 66.827537][ T4817] binder: 4817 RLIMIT_NICE not set [ 66.829107][ T4817] binder: undelivered transaction 33, put_user failed [ 66.853493][ T4817] binder: 4816:4817 ioctl c0306201 20000180 returned -14 [ 66.865862][ T1962] binder: undelivered TRANSACTION_COMPLETE [ 67.074162][ T4822] netlink: 104 bytes leftover after parsing attributes in process `syz.1.128'. [ 67.221367][ T4798] loop0: detected capacity change from 0 to 32768 [ 67.226885][ T4798] gfs2: Bad value for 'statfs_percent' [ 68.324469][ T4836] binder: 4835:4836 tried to acquire reference to desc 0, got 1 instead [ 68.341173][ T1962] binder: undelivered TRANSACTION_COMPLETE [ 68.344984][ T4840] device batadv_slave_1 entered promiscuous mode [ 68.366701][ T4840] device batadv_slave_1 left promiscuous mode [ 68.388383][ T1962] binder: undelivered transaction 38, process died. [ 69.013660][ T4867] 8021q: adding VLAN 0 to HW filter on device bond1 [ 69.041628][ T4867] device bond_slave_0 entered promiscuous mode [ 69.043612][ T4867] device bond_slave_1 entered promiscuous mode [ 69.046279][ T4867] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 69.050015][ T4867] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 69.052945][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 69.224064][ T4874] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 69.232018][ T4874] overlayfs: failed to set xattr on upper [ 69.243143][ T4874] overlayfs: ...falling back to index=off,metacopy=off. [ 69.692823][ T4890] loop0: detected capacity change from 0 to 2048 [ 69.734210][ T113] cfg80211: failed to load regulatory.db [ 70.230682][ T4890] loop0: p1 < > p3 [ 70.234283][ T4890] loop0: p3 size 134217728 extends beyond EOD, truncated [ 70.475905][ T4299] udevd[4299]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 70.489819][ T4299] udevd[4299]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 70.516577][ T4900] netlink: 'syz.0.160': attribute type 10 has an invalid length. [ 71.440072][ T4900] team0: Port device dummy0 added [ 71.442161][ T4906] netlink: 'syz.0.160': attribute type 10 has an invalid length. [ 71.458169][ T4906] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 71.529938][ T4906] team0: Failed to send options change via netlink (err -105) [ 71.532350][ T4906] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 71.572072][ T4906] team0: Port device dummy0 removed [ 71.599389][ T4906] device dummy0 entered promiscuous mode [ 71.625798][ T4906] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 71.673745][ T4922] device gtp0 entered promiscuous mode [ 71.688983][ T4923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.166'. [ 71.721450][ T4923] device bond1 entered promiscuous mode [ 71.723533][ T4923] 8021q: adding VLAN 0 to HW filter on device bond1 [ 71.818312][ T4928] siw: device registration error -23 [ 71.830004][ T4926] 8021q: adding VLAN 0 to HW filter on device bond1 [ 71.832374][ T4926] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 71.847256][ T4926] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 71.883410][ T4928] netlink: 6 bytes leftover after parsing attributes in process `syz.4.168'. [ 71.886278][ T4928] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 71.890742][ T4923] netlink: 28 bytes leftover after parsing attributes in process `syz.3.166'. [ 71.893907][ T4923] 8021q: adding VLAN 0 to HW filter on device bond1 [ 72.013444][ T4935] 8021q: adding VLAN 0 to HW filter on device bond1 [ 72.044110][ T4935] device bond_slave_0 entered promiscuous mode [ 72.046166][ T4935] device bond_slave_1 entered promiscuous mode [ 72.080501][ T4935] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 72.098121][ T4935] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 72.118206][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 72.238017][ T4939] loop2: detected capacity change from 0 to 1024 [ 72.335606][ T4939] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.348943][ T4939] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.376247][ T4939] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.379551][ T4939] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 72.460318][ T4939] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 72.551755][ T4950] loop3: detected capacity change from 0 to 8 [ 73.605285][ T4309] EXT4-fs (loop2): unmounting filesystem. [ 74.469719][ T4962] netlink: 16 bytes leftover after parsing attributes in process `syz.2.176'. [ 74.538340][ T4967] Set syz1 is full, maxelem 9 reached [ 74.564309][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.181'. [ 74.978659][ T4982] binder: 4979:4982 tried to acquire reference to desc 0, got 1 instead [ 74.982465][ T4982] binder_alloc: 4979: binder_alloc_buf size 8 failed, no address space [ 74.987021][ T4982] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 0 (num: 0 largest: 0) [ 74.989655][ T4982] binder: cannot allocate buffer: no space left [ 74.989694][ T4982] binder: 4979:4982 transaction async to 4979:0 failed 44/29201/-28, size 0-0 line 3239 [ 75.000988][ T4538] binder: release 4979:4982 transaction 43 out, still active [ 75.003323][ T4538] binder: undelivered TRANSACTION_COMPLETE [ 75.005102][ T4538] binder: undelivered TRANSACTION_ERROR: 29201 [ 75.023655][ T4983] loop1: detected capacity change from 0 to 764 [ 75.034461][ T4538] binder: send failed reply for transaction 43, target dead [ 75.210595][ T4983] rock: directory entry would overflow storage [ 75.227340][ T4983] rock: sig=0x5850, size=36, remaining=22 [ 75.899230][ T4987] loop4: detected capacity change from 0 to 128 [ 75.950391][ T4987] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 76.081272][ T4992] binder: 4991:4992 tried to acquire reference to desc 0, got 1 instead [ 76.114069][ T4992] binder: 4991:4992 got transaction with invalid data ptr [ 76.133691][ T4992] binder: 4991:4992 transaction call to 4991:0 failed 50/29201/-14, size 0-12280 line 3342 [ 76.265268][ T1962] binder: undelivered TRANSACTION_COMPLETE [ 76.267246][ T1962] binder: undelivered TRANSACTION_ERROR: 29201 [ 77.017102][ T4538] binder: undelivered transaction 49, process died. [ 77.070728][ T5010] device batadv_slave_1 entered promiscuous mode [ 77.073786][ T5010] device batadv_slave_1 left promiscuous mode [ 77.228748][ T4317] EXT4-fs (loop4): unmounting filesystem. [ 77.367189][ T5020] binder: 5019:5020 tried to acquire reference to desc 0, got 1 instead [ 77.388907][ T5020] binder: 5019:5020 got transaction with invalid offset (0, min 0 max 112) or object. [ 77.621220][ T5028] loop4: detected capacity change from 0 to 512 [ 77.636849][ T5028] ext4: Unknown parameter 'smackfsfloor' [ 77.647390][ T5030] Set syz0 is full, maxelem 0 reached [ 78.171870][ T5039] netlink: 24 bytes leftover after parsing attributes in process `syz.3.202'. [ 78.311472][ T5045] loop1: detected capacity change from 0 to 2048 [ 81.031996][ T5038] loop2: detected capacity change from 0 to 32768 [ 81.217815][ T5077] device batadv_slave_1 entered promiscuous mode [ 81.222572][ T5077] device batadv_slave_1 left promiscuous mode [ 82.843679][ T5085] loop1: detected capacity change from 0 to 32768 [ 82.908421][ T5085] XFS (loop1): Mounting V5 Filesystem [ 83.022166][ T5085] XFS (loop1): Ending clean mount [ 83.066607][ T5085] XFS (loop1): Quotacheck needed: Please wait. [ 83.112108][ T5102] loop2: detected capacity change from 0 to 32768 [ 83.117168][ T5102] XFS: noikeep mount option is deprecated. [ 83.128389][ T5085] XFS (loop1): Quotacheck: Done. [ 83.187245][ T5085] XFS (loop1): User initiated shutdown received. [ 83.190834][ T5085] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x80/0x15c (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 83.211874][ T5102] XFS (loop2): Mounting V5 Filesystem [ 83.217947][ T5085] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 83.261742][ T4315] XFS (loop1): Unmounting Filesystem [ 83.330106][ T5121] netlink: 44 bytes leftover after parsing attributes in process `syz.4.226'. [ 83.349259][ T5102] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 83.364146][ T5102] XFS (loop2): Starting recovery (logdev: internal) [ 83.389627][ T5102] XFS (loop2): Ending recovery (logdev: internal) [ 83.530815][ T5102] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3ac/0x590, xfs_bnobt block 0x8 [ 83.534312][ T5102] XFS (loop2): Unmount and run xfs_repair [ 83.615592][ T5102] XFS (loop2): Internal error i != 1 at line 497 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x578/0x7c8 [ 83.619806][ T5102] CPU: 0 PID: 5102 Comm: syz.2.223 Not tainted 6.1.147-syzkaller #0 [ 83.622145][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.624936][ T5102] Call trace: [ 83.625844][ T5102] dump_backtrace+0x1c8/0x1f4 [ 83.627137][ T5102] show_stack+0x2c/0x3c [ 83.628346][ T5102] __dump_stack+0x30/0x40 [ 83.629562][ T5102] dump_stack_lvl+0xf8/0x160 [ 83.630797][ T5102] dump_stack+0x1c/0x5c [ 83.632024][ T5102] xfs_corruption_error+0x12c/0x188 [ 83.633540][ T5102] xfs_alloc_fixup_trees+0x5e8/0x7c8 [ 83.635041][ T5102] xfs_alloc_cur_finish+0xc0/0x548 [ 83.636432][ T5102] xfs_alloc_ag_vextent_near+0xbf8/0x1214 [ 83.638113][ T5102] xfs_alloc_ag_vextent+0xac/0x7d0 [ 83.639710][ T5102] xfs_alloc_vextent+0x11e8/0x1bcc [ 83.641208][ T5102] xfs_bmap_btalloc+0xa90/0x17c0 [ 83.642596][ T5102] xfs_bmapi_allocate+0x558/0xbcc [ 83.643977][ T5102] xfs_bmapi_convert_delalloc+0x668/0x1234 [ 83.645721][ T5102] xfs_map_blocks+0x78c/0x127c [ 83.647056][ T5102] iomap_do_writepage+0x7b0/0x21f8 [ 83.648521][ T5102] write_cache_pages+0x73c/0xdd4 [ 83.649913][ T5102] iomap_writepages+0x6c/0x1f4 [ 83.651704][ T5102] xfs_vm_writepages+0x130/0x194 [ 83.653284][ T5102] do_writepages+0x2c0/0x4fc [ 83.654732][ T5102] filemap_fdatawrite_wbc+0x124/0x174 [ 83.656201][ T5102] filemap_write_and_wait_range+0xf0/0x1b4 [ 83.657995][ T5102] xfs_flush_unmap_range+0x8c/0xd8 [ 83.659520][ T5102] xfs_file_fallocate+0x1d8/0x97c [ 83.660990][ T5102] vfs_fallocate+0x4a4/0x5f4 [ 83.662229][ T5102] __arm64_sys_fallocate+0xc0/0x110 [ 83.663792][ T5102] invoke_syscall+0x98/0x2bc [ 83.665295][ T5102] el0_svc_common+0x138/0x258 [ 83.666640][ T5102] do_el0_svc+0x58/0x13c [ 83.667871][ T5102] el0_svc+0x58/0x138 [ 83.668988][ T5102] el0t_64_sync_handler+0x84/0xf0 [ 83.670536][ T5102] el0t_64_sync+0x18c/0x190 [ 83.682137][ T5102] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 83.685025][ T5102] XFS (loop2): page discard on page 00000000c1a7fd2f, inode 0x1146, pos 20480. [ 83.704817][ T5124] loop3: detected capacity change from 0 to 32768 [ 83.712133][ T5124] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.225 (5124) [ 83.721330][ T4618] XFS (loop2): Internal error i != 1 at line 497 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x578/0x7c8 [ 83.726517][ T4618] CPU: 0 PID: 4618 Comm: kworker/u4:13 Not tainted 6.1.147-syzkaller #0 [ 83.728976][ T4618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.731711][ T4618] Workqueue: writeback wb_workfn (flush-7:2) [ 83.733339][ T4618] Call trace: [ 83.734239][ T4618] dump_backtrace+0x1c8/0x1f4 [ 83.735564][ T4618] show_stack+0x2c/0x3c [ 83.736683][ T4618] __dump_stack+0x30/0x40 [ 83.737910][ T4618] dump_stack_lvl+0xf8/0x160 [ 83.739338][ T4618] dump_stack+0x1c/0x5c [ 83.740459][ T4618] xfs_corruption_error+0x12c/0x188 [ 83.741940][ T4618] xfs_alloc_fixup_trees+0x5e8/0x7c8 [ 83.743450][ T4618] xfs_alloc_cur_finish+0xc0/0x548 [ 83.744924][ T4618] xfs_alloc_ag_vextent_near+0xbf8/0x1214 [ 83.746523][ T4618] xfs_alloc_ag_vextent+0xac/0x7d0 [ 83.748110][ T4618] xfs_alloc_vextent+0x11e8/0x1bcc [ 83.749746][ T4618] xfs_bmap_btalloc+0xa90/0x17c0 [ 83.751168][ T4618] xfs_bmapi_allocate+0x558/0xbcc [ 83.752554][ T4618] xfs_bmapi_convert_delalloc+0x668/0x1234 [ 83.754177][ T4618] xfs_map_blocks+0x78c/0x127c [ 83.755505][ T4618] iomap_do_writepage+0x7b0/0x21f8 [ 83.756981][ T4618] write_cache_pages+0x73c/0xdd4 [ 83.758400][ T4618] iomap_writepages+0x6c/0x1f4 [ 83.759751][ T4618] xfs_vm_writepages+0x130/0x194 [ 83.761154][ T4618] do_writepages+0x2c0/0x4fc [ 83.762496][ T4618] __writeback_single_inode+0x164/0x157c [ 83.764134][ T4618] writeback_sb_inodes+0x824/0x1404 [ 83.765574][ T4618] wb_writeback+0x400/0xfb0 [ 83.766982][ T4618] wb_workfn+0x34c/0xd98 [ 83.768239][ T4618] process_one_work+0x7f4/0x13a8 [ 83.769710][ T4618] worker_thread+0x8c8/0xfbc [ 83.771076][ T4618] kthread+0x250/0x2d8 [ 83.772233][ T4618] ret_from_fork+0x10/0x20 [ 83.788517][ T5124] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 83.791578][ T5124] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 83.794821][ T5124] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 83.798136][ T4618] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 83.800930][ T4618] XFS (loop2): page discard on page 0000000056563255, inode 0x1146, pos 0. [ 83.818998][ T5124] BTRFS info (device loop3): use zstd compression, level 3 [ 83.821316][ T5124] BTRFS info (device loop3): using free space tree [ 83.831843][ T4309] XFS (loop2): Unmounting Filesystem [ 83.999599][ T5124] BTRFS info (device loop3): enabling ssd optimizations [ 84.902161][ T4313] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 85.057067][ T9] wlan1: Trigger new scan to find an IBSS to join [ 85.823447][ T5157] syz.2.238 uses obsolete (PF_INET,SOCK_PACKET) [ 85.826128][ T5155] device batadv_slave_1 entered promiscuous mode [ 85.830910][ T5156] loop1: detected capacity change from 0 to 512 [ 85.842200][ T5155] device batadv_slave_1 left promiscuous mode [ 85.859423][ T5156] EXT2-fs (loop1): warning: mounting ext3 filesystem as ext2 [ 86.210755][ T4308] Bluetooth: hci0: link tx timeout [ 86.213443][ T4308] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 87.210276][ T5187] loop1: detected capacity change from 0 to 512 [ 87.795608][ T5198] netlink: 36 bytes leftover after parsing attributes in process `syz.2.244'. [ 88.454107][ T4308] Bluetooth: hci0: command 0x0406 tx timeout [ 88.514593][ T5197] overlayfs: failed to clone upperpath [ 88.626711][ T5200] capability: warning: `syz.0.246' uses deprecated v2 capabilities in a way that may be insecure [ 89.764141][ T4604] wlan1: Trigger new scan to find an IBSS to join [ 90.145382][ C0] sched: RT throttling activated [ 90.827519][ T4464] wlan1: Creating new IBSS network, BSSID 86:48:8d:6f:80:47 [ 92.405870][ T47] Bluetooth: hci3: link tx timeout [ 92.407966][ T47] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 92.526691][ T5266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.530173][ T5266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.752056][ T5276] netlink: 'syz.0.272': attribute type 1 has an invalid length. [ 92.765780][ T5276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.272'. [ 94.103454][ T5276] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 94.133128][ T5276] bond2: (slave batadv1): Enslaving as a backup interface with an up link [ 94.316812][ T5281] bond2 (unregistering): (slave batadv1): Releasing backup interface [ 94.645722][ T4308] Bluetooth: hci3: link tx timeout [ 94.648817][ T4308] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 95.116715][ T4308] Bluetooth: hci3: command 0x0406 tx timeout [ 95.176569][ T5281] bond2 (unregistering): Released all slaves [ 96.816658][ T5304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.279'. [ 97.991363][ T5308] loop3: detected capacity change from 0 to 4096 [ 98.038138][ T5308] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 98.040563][ T5308] UDF-fs: Scanning with blocksize 512 failed [ 98.053377][ T5308] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 98: 0xda != 0xd9 [ 98.331005][ T5308] UDF-fs: warning (device loop3): udf_fill_super: No fileset found [ 98.369625][ T47] Bluetooth: hci0: link tx timeout [ 98.371468][ T47] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.014450][ T5324] netlink: 24 bytes leftover after parsing attributes in process `syz.4.285'. [ 99.206067][ T5335] binder: 5334:5335 tried to acquire reference to desc 0, got 1 instead [ 99.212666][ T5337] fuse: Bad value for 'fd' [ 99.220994][ T5335] binder: 5334:5335 got transaction with invalid data ptr [ 99.223049][ T5335] binder_debug: 2 callbacks suppressed [ 99.223059][ T5335] binder: 5334:5335 transaction async to 5334:0 failed 61/29201/-14, size 0-24 line 3342 [ 99.252773][ T1962] binder: undelivered TRANSACTION_COMPLETE [ 99.254562][ T1962] binder: undelivered TRANSACTION_ERROR: 29201 [ 99.262700][ T5339] binder: BINDER_SET_CONTEXT_MGR already set [ 99.264755][ T5339] binder: 5338:5339 ioctl 4018620d 200002c0 returned -16 [ 99.276934][ T5339] binder: tried to use weak ref as strong ref [ 99.279070][ T5339] binder: 5338:5339 Acquire 1 refcount change on invalid ref 0 ret -22 [ 99.281752][ T5339] binder: 5338:5339 got transaction to invalid handle, 1 [ 99.283955][ T5339] binder: 5339:5338 cannot find target node [ 99.285472][ T5148] binder: undelivered transaction 60, process died. [ 99.286192][ T5339] binder: 5338:5339 transaction async to 0:0 failed 64/29201/-22, size 0-0 line 3054 [ 99.291722][ T5339] binder: 5338:5339 BC_FREE_BUFFER u0000000000000000 no match [ 99.304673][ T1962] binder: undelivered TRANSACTION_ERROR: 29201 [ 99.385648][ T5345] binder: 5344:5345 tried to acquire reference to desc 0, got 1 instead [ 99.453438][ T5349] netlink: 24 bytes leftover after parsing attributes in process `syz.4.295'. [ 99.484070][ T1962] binder: undelivered transaction 69, process died. [ 99.506276][ T1962] binder: undelivered TRANSACTION_COMPLETE [ 100.497363][ T4308] Bluetooth: hci4: link tx timeout [ 100.500606][ T4308] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 101.273275][ T5373] binder: 5370:5373 tried to acquire reference to desc 0, got 1 instead [ 101.284137][ T5373] binder_alloc: 5370: binder_alloc_buf, no vma [ 101.298974][ T5373] binder: cannot allocate buffer: vma cleared, target dead or dying [ 101.319140][ T5376] binder: 5375:5376 tried to acquire reference to desc 0, got 1 instead [ 101.335759][ T5376] binder: 5375:5376 got reply transaction with bad transaction stack, transaction 88 has target 5375:0 [ 101.411243][ T5378] binder: 5377:5378 ioctl c0306201 200008c0 returned -14 [ 101.555557][ T5369] loop1: detected capacity change from 0 to 32768 [ 101.628087][ T5369] XFS (loop1): Mounting V5 Filesystem [ 101.652538][ T5393] netlink: 'syz.3.309': attribute type 4 has an invalid length. [ 101.660235][ T5393] netlink: 'syz.3.309': attribute type 4 has an invalid length. [ 101.703793][ T5369] XFS (loop1): Ending clean mount [ 101.714917][ T5369] XFS (loop1): Quotacheck needed: Please wait. [ 101.799489][ T5369] XFS (loop1): Quotacheck: Done. [ 101.904246][ T5369] XFS (loop1): Unmounting Filesystem [ 102.264397][ T4308] Bluetooth: hci1: link tx timeout [ 102.271435][ T4308] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 102.585597][ T47] Bluetooth: hci4: command 0x0406 tx timeout [ 103.257204][ T5418] ptrace attach of "./syz-executor exec"[4309] was attempted by ""[5418] [ 104.513515][ T47] Bluetooth: hci0: link tx timeout [ 104.515036][ T47] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.789954][ T4308] Bluetooth: hci1: command 0x0406 tx timeout [ 104.954468][ T5445] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.998432][ T5445] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.598089][ T47] Bluetooth: hci1: link tx timeout [ 107.599996][ T47] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 107.603104][ T47] Bluetooth: hci1: link tx timeout [ 107.604816][ T47] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.279173][ T5482] netlink: 'syz.0.346': attribute type 1 has an invalid length. [ 108.396919][ T5482] 8021q: adding VLAN 0 to HW filter on device bond2 [ 108.405917][ T5483] bond2: (slave vlan2): making interface the new active one [ 108.410472][ T5483] bond2: (slave vlan2): Enslaving as an active interface with an up link [ 108.413337][ T4814] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 109.736978][ T47] Bluetooth: hci1: command 0x0406 tx timeout [ 110.285527][ T27] audit: type=1326 audit(110.260:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.341682][ T27] audit: type=1326 audit(110.270:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.482095][ T27] audit: type=1326 audit(110.280:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.599384][ T27] audit: type=1326 audit(110.290:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.708763][ T27] audit: type=1326 audit(110.300:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.778827][ T27] audit: type=1326 audit(110.310:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.784916][ T27] audit: type=1326 audit(110.320:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.799165][ T27] audit: type=1326 audit(110.360:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.812738][ T27] audit: type=1326 audit(110.370:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 110.835478][ T27] audit: type=1326 audit(110.390:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5496 comm="syz.2.342" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7fc00000 [ 113.414227][ T5544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.358'. [ 113.492020][ T5548] bridge1: port 1(vlan3) entered blocking state [ 113.494211][ T5548] bridge1: port 1(vlan3) entered disabled state [ 113.497431][ T5548] device vlan3 entered promiscuous mode [ 113.498984][ T5548] device bridge0 entered promiscuous mode [ 115.363374][ T5558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.359'. [ 116.812258][ C1] vcan0: j1939_tp_rxtimer: 0x00000000294f3690: rx timeout, send abort [ 116.857603][ T47] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 116.861729][ T47] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 116.864847][ T47] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 116.869736][ T47] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 116.873139][ T47] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 116.875801][ T47] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 117.020640][ T5584] trusted_key: encrypted_key: master key parameter '' is invalid [ 117.315894][ C1] vcan0: j1939_tp_rxtimer: 0x00000000294f3690: abort rx timeout. Force session deactivation [ 118.094976][ T5603] binder_user_error: 1 callbacks suppressed [ 118.094989][ T5603] binder: 5602:5603 tried to acquire reference to desc 0, got 1 instead [ 118.117323][ T5603] binder: 5602:5603 got transaction with invalid data ptr [ 118.119506][ T5603] binder_debug: 11 callbacks suppressed [ 118.119516][ T5603] binder: 5602:5603 transaction call to 5602:0 failed 110/29201/-14, size 0-4088 line 3342 [ 118.145511][ T4537] binder: undelivered TRANSACTION_COMPLETE [ 118.147296][ T4537] binder: undelivered TRANSACTION_ERROR: 29201 [ 118.149195][ T4537] binder: undelivered transaction 109, process died. [ 119.101480][ T47] Bluetooth: hci5: command 0x0409 tx timeout [ 119.159337][ T4528] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.171007][ T5577] lo speed is unknown, defaulting to 1000 [ 120.870097][ T4528] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.146166][ T47] Bluetooth: hci5: command 0x041b tx timeout [ 121.218570][ T5626] binder: 5625:5626 tried to acquire reference to desc 0, got 1 instead [ 121.226765][ T5626] binder: 5625:5626 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 121.230348][ T5626] binder: 5626 RLIMIT_NICE not set [ 121.281520][ T5626] binder: send failed reply for transaction 115 to 5625:5629 [ 121.299200][ T4344] binder: undelivered TRANSACTION_COMPLETE [ 121.301030][ T4344] binder: undelivered TRANSACTION_ERROR: 29189 [ 121.410282][ T4528] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.424289][ T5634] overlayfs: failed to clone upperpath [ 121.494961][ T5615] loop3: detected capacity change from 0 to 32768 [ 121.557366][ T5615] XFS (loop3): Mounting V5 Filesystem [ 121.568712][ T4528] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.591170][ T5637] netlink: 24 bytes leftover after parsing attributes in process `syz.2.386'. [ 122.352827][ T5615] XFS (loop3): AIL initialisation failed: error -12 [ 122.954965][ T5577] chnl_net:caif_netlink_parms(): no params data found [ 122.978933][ T5615] XFS (loop3): log mount failed [ 123.211023][ T5577] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.213550][ T5577] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.218678][ T5577] device bridge_slave_0 entered promiscuous mode [ 123.246214][ T4308] Bluetooth: hci5: command 0x040f tx timeout [ 123.268646][ T5577] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.273271][ T5577] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.299194][ T5577] device bridge_slave_1 entered promiscuous mode [ 124.145001][ T5577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.238215][ T5577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.276511][ T5680] batman_adv: batadv0: Adding interface: macsec1 [ 124.278705][ T5680] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.324660][ T5680] batman_adv: batadv0: Interface activated: macsec1 [ 125.316206][ T5577] team0: Port device team_slave_0 added [ 125.326070][ T47] Bluetooth: hci5: command 0x0419 tx timeout [ 126.034942][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.037617][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.072135][ T5577] team0: Port device team_slave_1 added [ 126.313307][ T5577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.322347][ T5577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.344501][ T5577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.986923][ T5577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.988880][ T5577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.125544][ T47] Bluetooth: hci0: link tx timeout [ 128.127161][ T47] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 128.130204][ T5577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.316750][ T5742] loop2: detected capacity change from 0 to 22 [ 128.319326][ T5742] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 128.333326][ T5742] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 129.420185][ T5753] Invalid ELF header magic: != ELF [ 130.386918][ T5577] device hsr_slave_0 entered promiscuous mode [ 130.605948][ T5577] device hsr_slave_1 entered promiscuous mode [ 130.645941][ T5577] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.650917][ T5577] Cannot create hsr debugfs directory [ 133.606564][ T5795] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 135.317128][ T5813] loop3: detected capacity change from 0 to 64 [ 135.350219][ T5577] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 135.595677][ T5817] process 'syz.2.422' launched './file1' with NULL argv: empty string added [ 137.240483][ T5577] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 137.307414][ T5577] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 137.422692][ T5577] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 138.036032][ T5844] netlink: 'syz.2.428': attribute type 13 has an invalid length. [ 138.228027][ T5844] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 139.265258][ T4344] lo speed is unknown, defaulting to 1000 [ 140.437810][ T5577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.052215][ T4308] Bluetooth: hci3: command 0x0406 tx timeout [ 144.116239][ T5577] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.139877][ T5577] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 144.142824][ T5577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 144.217356][ T5941] overlayfs: failed to clone upperpath [ 144.236202][ T4528] device hsr_slave_0 left promiscuous mode [ 144.397917][ T4528] device hsr_slave_1 left promiscuous mode [ 145.187542][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.190560][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.281462][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.326832][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.461410][ T4528] device bridge_slave_1 left promiscuous mode [ 145.529369][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.987396][ T4528] device bridge_slave_0 left promiscuous mode [ 145.989284][ T4528] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.072324][ T4528] device bond_slave_0 left promiscuous mode [ 146.074292][ T4528] device bond_slave_1 left promiscuous mode [ 146.206010][ T4528] device veth1_macvtap left promiscuous mode [ 146.361514][ T4528] device veth0_macvtap left promiscuous mode [ 146.386352][ T4528] device veth1_vlan left promiscuous mode [ 146.442225][ T4528] device veth0_vlan left promiscuous mode [ 147.079109][ T5979] loop2: detected capacity change from 0 to 512 [ 147.092524][ T5979] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 147.128019][ T5979] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 147.149236][ T5979] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.457: invalid indirect mapped block 2683928664 (level 1) [ 147.182871][ T5979] EXT4-fs (loop2): Remounting filesystem read-only [ 147.188747][ T5979] EXT4-fs (loop2): 1 truncate cleaned up [ 147.190451][ T5979] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 147.345881][ T4309] EXT4-fs (loop2): unmounting filesystem. [ 147.431949][ T4528] bond1 (unregistering): (slave macvlan2): Removing an active aggregator [ 148.146742][ T4528] bond1 (unregistering): (slave macvlan2): Releasing backup interface [ 150.606102][ T4528] bond1 (unregistering): Released all slaves [ 151.562972][ T6010] loop2: detected capacity change from 0 to 16 [ 151.575066][ T6010] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 153.821122][ T6031] binder: 6030:6031 tried to acquire reference to desc 0, got 1 instead [ 153.824870][ T6031] binder: 6030:6031 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 153.828707][ T6031] binder: 6031 RLIMIT_NICE not set [ 153.830168][ T6031] binder: 6031 RLIMIT_NICE not set [ 153.832436][ T6031] binder: 6031 RLIMIT_NICE not set [ 153.833874][ T6031] binder_alloc: 6030: binder_alloc_buf, no vma [ 153.842828][ T6031] binder: cannot allocate buffer: vma cleared, target dead or dying [ 153.842865][ T6031] binder: 6030:6031 transaction reply to 6030:6031 failed 121/29189/-3, size 0-0 line 3239 [ 153.848358][ T6031] binder: send failed reply for transaction 120 to 6030:6031 [ 153.851817][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 153.853552][ T4372] binder: undelivered TRANSACTION_ERROR: 29189 [ 153.868167][ T4372] binder: undelivered TRANSACTION_ERROR: 29190 [ 154.711927][ T4528] team0 (unregistering): Port device team_slave_1 removed [ 154.968386][ T4528] team0 (unregistering): Port device team_slave_0 removed [ 155.060942][ T6039] capability: warning: `syz.2.477' uses 32-bit capabilities (legacy support in use) [ 155.320785][ T4528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 155.807122][ T4528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 157.392873][ T4308] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 157.397398][ T4308] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 157.401760][ T4308] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 157.405900][ T4308] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 157.409743][ T4308] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 157.412210][ T4308] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 158.214219][ T4528] bond0 (unregistering): Released all slaves [ 158.473367][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.476347][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.479282][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.482203][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.484986][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.487117][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.490143][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.493215][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.497069][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.499205][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.501668][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.504854][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.513578][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.524097][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.531849][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.535031][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.538724][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.541678][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.544739][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.548917][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.551911][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.554770][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.558308][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.609019][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:0c) already exists on: macsec1 [ 158.612101][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.691786][ T6014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.470'. [ 158.719631][ T6014] device team1 entered promiscuous mode [ 158.721687][ T6041] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 158.724131][ T6041] IPv6: NLM_F_CREATE should be set when creating new route [ 159.013499][ T6064] overlayfs: failed to clone upperpath [ 159.110125][ T6066] fuse: Bad value for 'fd' [ 159.144022][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.146442][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.166963][ T6042] device bond_slave_0 left promiscuous mode [ 159.168893][ T6042] device bond_slave_1 left promiscuous mode [ 159.185861][ T6068] fuse: Bad value for 'fd' [ 159.465561][ T4308] Bluetooth: hci4: command 0x0409 tx timeout [ 161.545574][ T4308] Bluetooth: hci4: command 0x041b tx timeout [ 161.652783][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.431136][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.625605][ T4308] Bluetooth: hci4: command 0x040f tx timeout [ 165.718770][ T47] Bluetooth: hci4: command 0x0419 tx timeout [ 165.902775][ T6110] xt_CT: You must specify a L4 protocol and not use inversions on it [ 166.596049][ T6042] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.598663][ T6042] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.601374][ T6042] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.603877][ T6042] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.036236][ T113] lo speed is unknown, defaulting to 1000 [ 167.729066][ T11] bond2: (slave vlan2): link status definitely down, disabling slave [ 168.152924][ T11] bond2: now running without any active interface! [ 168.179002][ T6044] lo speed is unknown, defaulting to 1000 [ 168.215141][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 168.218116][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 168.240905][ T5577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.484626][ T6044] chnl_net:caif_netlink_parms(): no params data found [ 168.671159][ T6044] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.675813][ T6044] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.684666][ T6152] loop2: detected capacity change from 0 to 1024 [ 168.700922][ T6044] device bridge_slave_0 entered promiscuous mode [ 168.740978][ T6044] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.760397][ T6044] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.807312][ T6044] device bridge_slave_1 entered promiscuous mode [ 169.762699][ T6044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.800771][ T6044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.826727][ T6155] mmap: syz.0.505 (6155) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 169.916694][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 169.919903][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 169.932054][ T6044] team0: Port device team_slave_0 added [ 169.981348][ T6044] team0: Port device team_slave_1 added [ 170.034126][ T6044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.040956][ T6044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.061118][ T6044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.089242][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 170.106234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.113884][ T6044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.116764][ T6044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.124040][ T6044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.132693][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 170.135989][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 170.144676][ T5577] device veth0_vlan entered promiscuous mode [ 170.162752][ T5577] device veth1_vlan entered promiscuous mode [ 170.533078][ T4528] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.708037][ T6044] device hsr_slave_0 entered promiscuous mode [ 170.776019][ T6044] device hsr_slave_1 entered promiscuous mode [ 170.802989][ T6044] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.805325][ T6044] Cannot create hsr debugfs directory [ 170.825835][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 170.835189][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 170.942325][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 171.107324][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 171.537432][ T4528] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.634773][ T5577] device veth0_macvtap entered promiscuous mode [ 171.697372][ T4528] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.717515][ T5577] device veth1_macvtap entered promiscuous mode [ 171.785673][ T6193] binder: 6192:6193 tried to acquire reference to desc 0, got 1 instead [ 171.797452][ T4528] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.807462][ T6193] binder: 6192:6193 got transaction with invalid data ptr [ 171.809461][ T6193] binder: 6192:6193 transaction async to 6192:0 failed 126/29201/-14, size 0-24 line 3342 [ 171.829654][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.851753][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.865344][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.868943][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.871746][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.874581][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.888540][ T5577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.893100][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 171.897054][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 171.900171][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.951316][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.954669][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.970819][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.974007][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.995708][ T5577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.004830][ T5577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.015146][ T5577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.048654][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 172.051798][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 172.137978][ T5577] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.140521][ T5577] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.142930][ T5577] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.145331][ T5577] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.445205][ T4528] tipc: Left network mode [ 173.120202][ T4464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.122816][ T4464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.141584][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 173.224471][ T4357] binder: undelivered TRANSACTION_ERROR: 29201 [ 174.120053][ T6193] syz.2.515 (6193): drop_caches: 2 [ 174.356090][ T47] Bluetooth: hci0: command 0x0406 tx timeout [ 174.828409][ T6044] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 175.027581][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.031606][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.127159][ T6044] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 175.804425][ T6237] overlayfs: failed to clone upperpath [ 175.809300][ T6237] overlayfs: failed to clone upperpath [ 175.826911][ T6044] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 175.889205][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 176.038592][ T6250] 9pnet_fd: Insufficient options for proto=fd [ 176.156298][ T6044] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 177.109036][ T6266] netlink: 16 bytes leftover after parsing attributes in process `syz.0.530'. [ 177.112627][ T6255] binder: 6253 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 177.112648][ T6255] binder: 6253:6255 ioctl c018620c 20000000 returned -22 [ 177.163537][ T47] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 177.178876][ T47] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 177.181859][ T4312] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 177.184675][ T47] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 177.187499][ T47] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 177.190918][ T47] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 177.567300][ T6290] netlink: 165 bytes leftover after parsing attributes in process `syz.2.534'. [ 177.739595][ T6044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.822931][ T47] Bluetooth: hci3: hardware error 0x09 [ 177.845933][ T6273] lo speed is unknown, defaulting to 1000 [ 177.851248][ T6044] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.853556][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.866238][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.002646][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.012965][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.016782][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.018848][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.021355][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.036015][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.041537][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.043589][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.055837][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.066401][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.076426][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.080682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.090155][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.093892][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.097983][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.101056][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.104072][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.107985][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.113130][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.116698][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.351219][ T6321] loop2: detected capacity change from 0 to 4096 [ 178.360662][ T6321] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 178.428867][ T6321] ntfs3: loop2: Failed to load $Secure. [ 178.460953][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.480846][ T6321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.539'. [ 179.296938][ T4308] Bluetooth: hci2: command 0x0409 tx timeout [ 179.499306][ T6340] netlink: 'syz.1.543': attribute type 4 has an invalid length. [ 179.504498][ T6273] chnl_net:caif_netlink_parms(): no params data found [ 179.759997][ T4528] device hsr_slave_0 left promiscuous mode [ 179.785808][ T4528] device hsr_slave_1 left promiscuous mode [ 179.797048][ T6357] netlink: 165 bytes leftover after parsing attributes in process `syz.1.548'. [ 179.926196][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.931879][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.936984][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.947763][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.958191][ T4528] device bridge_slave_1 left promiscuous mode [ 179.964253][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.017809][ T4528] device bridge_slave_0 left promiscuous mode [ 180.019870][ T4528] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.025638][ T47] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 180.832154][ T47] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 180.835353][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 6.1.147-syzkaller #0 [ 180.837667][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.840605][ T47] Workqueue: hci0 hci_rx_work [ 180.841923][ T47] Call trace: [ 180.842829][ T47] dump_backtrace+0x1c8/0x1f4 [ 180.844110][ T47] show_stack+0x2c/0x3c [ 180.845195][ T47] __dump_stack+0x30/0x40 [ 180.846363][ T47] dump_stack_lvl+0xf8/0x160 [ 180.847633][ T47] dump_stack+0x1c/0x5c [ 180.848828][ T47] sysfs_create_dir_ns+0x22c/0x24c [ 180.850180][ T47] kobject_add_internal+0x5a8/0xb30 [ 180.851639][ T47] kobject_add+0x134/0x1f8 [ 180.852894][ T47] device_add+0x3f0/0xf94 [ 180.854014][ T47] hci_conn_add_sysfs+0xbc/0x1cc [ 180.855451][ T47] le_conn_complete_evt+0xa24/0xf8c [ 180.856957][ T47] hci_le_conn_complete_evt+0x114/0x3f8 [ 180.858550][ T47] hci_le_meta_evt+0x2c0/0x4a4 [ 180.859843][ T47] hci_event_packet+0x6ac/0xf08 [ 180.861213][ T47] hci_rx_work+0x324/0xaa0 [ 180.862405][ T47] process_one_work+0x7f4/0x13a8 [ 180.863715][ T47] worker_thread+0x8c8/0xfbc [ 180.864952][ T47] kthread+0x250/0x2d8 [ 180.866047][ T47] ret_from_fork+0x10/0x20 [ 180.867386][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.875920][ T47] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 180.879648][ T47] Bluetooth: hci0: failed to register connection device [ 180.884626][ T47] Bluetooth: hci0: link tx timeout [ 180.886468][ T47] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 180.888691][ T47] Bluetooth: hci0: link tx timeout [ 180.890149][ T47] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 180.987871][ T6371] fuse: Bad value for 'fd' [ 181.025758][ T4528] device veth1_macvtap left promiscuous mode [ 181.027534][ T4528] device veth0_macvtap left promiscuous mode [ 181.029335][ T4528] device veth1_vlan left promiscuous mode [ 181.031020][ T4528] device veth0_vlan left promiscuous mode [ 181.595564][ T47] Bluetooth: hci2: command 0x041b tx timeout [ 181.780323][ T6374] overlayfs: failed to clone upperpath [ 183.408385][ T4528] bond1 (unregistering): Released all slaves [ 183.615820][ T4312] Bluetooth: hci2: command 0x040f tx timeout [ 185.695581][ T47] Bluetooth: hci2: command 0x0419 tx timeout [ 186.103243][ T4528] team0 (unregistering): Port device team_slave_1 removed [ 186.297828][ T4528] team0 (unregistering): Port device team_slave_0 removed [ 186.547077][ T4528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 186.816962][ T4528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.377988][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.379870][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 189.422092][ T4528] bond0 (unregistering): Released all slaves [ 189.667691][ T6370] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.676248][ T6370] device batadv_slave_0 entered promiscuous mode [ 189.688486][ T6385] netlink: 'syz.0.556': attribute type 4 has an invalid length. [ 189.756359][ T6044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.764177][ T6273] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.766694][ T6273] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.769425][ T6273] device bridge_slave_0 entered promiscuous mode [ 189.801018][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 189.803383][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 189.826495][ T6273] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.828633][ T6273] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.831418][ T6273] device bridge_slave_1 entered promiscuous mode [ 189.894718][ T6273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.911411][ T6273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.966020][ T6273] team0: Port device team_slave_0 added [ 189.970851][ T6273] team0: Port device team_slave_1 added [ 190.014148][ T6273] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.016420][ T6273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.023496][ T6273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.847673][ T6273] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.849563][ T6273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.868095][ T6273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.013559][ T6273] device hsr_slave_0 entered promiscuous mode [ 191.046144][ T6273] device hsr_slave_1 entered promiscuous mode [ 191.115820][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 191.118889][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.121834][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 191.124614][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 191.129822][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 191.132558][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 191.139154][ T6044] device veth0_vlan entered promiscuous mode [ 191.177260][ T6044] device veth1_vlan entered promiscuous mode [ 191.245240][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 191.251593][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 191.254347][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 191.259747][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 191.264520][ T6044] device veth0_macvtap entered promiscuous mode [ 191.273569][ T6044] device veth1_macvtap entered promiscuous mode [ 191.360622][ T6273] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.413322][ T6044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.419291][ T6044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.422062][ T6044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.424959][ T6044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.429574][ T6044] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.432325][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 191.435226][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 191.439657][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 191.442531][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.508859][ T6273] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.525265][ T6044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.528531][ T6044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.531311][ T6044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.534151][ T6044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.540405][ T6044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.543356][ T6044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.547848][ T6044] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.550101][ T4465] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.553048][ T4465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 191.561391][ T6044] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.564193][ T6044] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.567046][ T6044] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.569564][ T6044] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.637506][ T6273] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.747602][ T6273] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.025077][ T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.028463][ T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.034489][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 192.077313][ T5765] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.080127][ T5765] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.089268][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 192.371870][ T6454] loop6: detected capacity change from 0 to 2048 [ 192.439764][ T6454] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 193.378566][ T6273] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 193.418032][ T6273] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 193.431749][ T6044] EXT4-fs (loop6): unmounting filesystem. [ 193.467441][ T6273] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 194.137475][ T6273] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 194.237181][ T6474] tipc: Started in network mode [ 194.238800][ T6474] tipc: Node identity ac1414aa, cluster identity 4711 [ 194.244233][ T6474] tipc: Enabled bearer , priority 10 [ 194.331688][ T6486] tipc: Enabled bearer , priority 0 [ 194.735684][ T6501] netlink: 165 bytes leftover after parsing attributes in process `syz.6.561'. [ 196.236749][ T6516] loop6: detected capacity change from 0 to 164 [ 196.269083][ T4344] tipc: Node number set to 2886997162 [ 196.358678][ T6513] netlink: 'syz.2.564': attribute type 5 has an invalid length. [ 196.427896][ T4312] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 196.431712][ T4312] Bluetooth: hci4: Injecting HCI hardware error event [ 196.436459][ T47] Bluetooth: hci4: hardware error 0x00 [ 196.494703][ T6524] netlink: 'syz.0.566': attribute type 10 has an invalid length. [ 196.497872][ T6524] netlink: 40 bytes leftover after parsing attributes in process `syz.0.566'. [ 196.510952][ T6524] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.513816][ T6524] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.528216][ T6524] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.544309][ T6524] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.646487][ T6524] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.676037][ T6524] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.678837][ T6524] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.681637][ T6524] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.466427][ T6044] Unsupported NM flag settings (8) [ 197.487842][ T6044] Unsupported NM flag settings (8) [ 197.502326][ T6044] Unsupported NM flag settings (8) [ 197.552855][ T6524] team0: Port device geneve0 added [ 197.997476][ T6547] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 198.004980][ T6547] CIFS mount error: No usable UNC path provided in device string! [ 198.004980][ T6547] [ 198.008486][ T6547] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 198.962359][ T6273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.978509][ T6273] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.981608][ T4452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.984602][ T4452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.186904][ T4312] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 200.191297][ T4312] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 200.195308][ T4312] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 200.200351][ T4312] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 200.203039][ T4312] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 200.205673][ T4312] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 200.617018][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.651846][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.707661][ T4903] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.709884][ T4903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.126748][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.129650][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.132878][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.156565][ T4903] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.158629][ T4903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.161078][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.167006][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.172225][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.184225][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.197909][ T6579] binder: 6578:6579 tried to acquire reference to desc 0, got 1 instead [ 201.198671][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.210035][ T6579] binder: 6578:6579 got transaction with invalid data ptr [ 201.217676][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.222428][ T6579] binder: 6578:6579 transaction async to 6578:0 failed 131/29201/-14, size 0-24 line 3342 [ 201.223487][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.235186][ T4362] binder: undelivered TRANSACTION_ERROR: 29201 [ 201.243918][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.247272][ T4903] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.251000][ T6575] netlink: 'syz.1.591': attribute type 1 has an invalid length. [ 201.282560][ T6575] 8021q: adding VLAN 0 to HW filter on device bond1 [ 201.436809][ T6273] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.450748][ T6273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.256371][ T4312] Bluetooth: hci4: command 0x0409 tx timeout [ 202.266483][ T6577] bond1: (slave veth3): Enslaving as an active interface with a down link [ 203.904099][ T6582] device veth1 entered promiscuous mode [ 203.906221][ T6582] device veth1 left promiscuous mode [ 203.943077][ T6582] bond1: (slave vlan2): making interface the new active one [ 203.953247][ T6582] device veth1 entered promiscuous mode [ 203.963489][ T6582] device vlan2 entered promiscuous mode [ 203.968451][ T6582] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 203.971588][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 203.974539][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.982009][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.211705][ T4528] device hsr_slave_0 left promiscuous mode [ 204.236218][ T4528] device hsr_slave_1 left promiscuous mode [ 204.306551][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.308870][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.314478][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.316958][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.319772][ T4528] device bridge_slave_1 left promiscuous mode [ 204.322959][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.335489][ T47] Bluetooth: hci4: command 0x041b tx timeout [ 204.377866][ T4528] device bridge_slave_0 left promiscuous mode [ 204.379942][ T4528] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.545696][ T4528] device veth1_macvtap left promiscuous mode [ 204.547527][ T4528] device veth0_macvtap left promiscuous mode [ 204.549328][ T4528] device veth1_vlan left promiscuous mode [ 204.551025][ T4528] device veth0_vlan left promiscuous mode [ 206.415565][ T47] Bluetooth: hci4: command 0x040f tx timeout [ 206.532841][ T4528] team0 (unregistering): Port device team_slave_1 removed [ 206.748087][ T4528] team0 (unregistering): Port device team_slave_0 removed [ 206.926264][ T4528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.176424][ T4528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.505477][ T47] Bluetooth: hci4: command 0x0419 tx timeout [ 209.750293][ T4528] bond0 (unregistering): Released all slaves [ 209.980815][ T6624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 210.037678][ T6569] lo speed is unknown, defaulting to 1000 [ 211.517711][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.520077][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.553449][ T6273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.572173][ T6569] chnl_net:caif_netlink_parms(): no params data found [ 211.884721][ T6569] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.886890][ T6569] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.889669][ T6569] device bridge_slave_0 entered promiscuous mode [ 211.893675][ T6569] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.896007][ T6569] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.898813][ T6569] device bridge_slave_1 entered promiscuous mode [ 212.707931][ T6569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.738054][ T6569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.814973][ T6569] team0: Port device team_slave_0 added [ 212.828242][ T6569] team0: Port device team_slave_1 added [ 212.902877][ T6569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.904865][ T6569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.929220][ T6569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.786113][ T6569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.818055][ T6569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.828156][ T6569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.940073][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.943149][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 215.060364][ T6569] device hsr_slave_0 entered promiscuous mode [ 215.110603][ T6569] device hsr_slave_1 entered promiscuous mode [ 215.165567][ T6569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.167749][ T6569] Cannot create hsr debugfs directory [ 215.169556][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.172316][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.176093][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.178811][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.191107][ T6273] device veth0_vlan entered promiscuous mode [ 215.406096][ T6713] ptrace attach of "./syz-executor exec"[4305] was attempted by " [ 215.487790][ T6710] loop2: detected capacity change from 0 to 32768 [ 215.541984][ T6710] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.618 (6710) [ 215.548859][ T6273] device veth1_vlan entered promiscuous mode [ 215.564113][ T6710] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 215.567933][ T6710] BTRFS info (device loop2): using sha256 (sha256-ce) checksum algorithm [ 215.570718][ T6710] BTRFS info (device loop2): using free space tree [ 215.652627][ T4528] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.692923][ T6710] BTRFS info (device loop2): enabling ssd optimizations [ 215.820325][ T4528] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.835201][ T4309] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 215.892879][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.896049][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 216.038971][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.042429][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.048166][ T6273] device veth0_macvtap entered promiscuous mode [ 216.053815][ T6273] device veth1_macvtap entered promiscuous mode [ 216.117440][ T4528] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.356656][ T4528] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.895749][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 217.653722][ T6273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.682362][ T6273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.685224][ T6273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.711442][ T6273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.742067][ T6273] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.771184][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.774316][ T5765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 218.104888][ T6273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.272875][ T6273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.286657][ T6273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.296766][ T6273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.299564][ T6273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.550736][ T6273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.071795][ T6273] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.118428][ T6569] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 219.180016][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.185059][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 219.193589][ T6273] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.204841][ T6273] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.208056][ T6273] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.210746][ T6273] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.215162][ T6786] netlink: 'syz.0.629': attribute type 3 has an invalid length. [ 219.219596][ T6786] netlink: 'syz.0.629': attribute type 3 has an invalid length. [ 219.236553][ T6569] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 221.558473][ T6569] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 222.059496][ T6821] overlayfs: failed to clone upperpath [ 222.339941][ T6569] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 224.854077][ T4618] device vlan2 left promiscuous mode [ 224.950376][ T4604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.953121][ T4604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.972370][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 225.090257][ T4618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.093004][ T4618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.105610][ T4618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 225.202757][ T6569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.348650][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.351501][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.391694][ T6569] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.465317][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.468481][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.475631][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.477670][ T4604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.486051][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.496405][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.505743][ T4604] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.507799][ T4604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.536501][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.544152][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.571636][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.656261][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.877161][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.880362][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 226.966604][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.969764][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.972716][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 226.994392][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 227.055291][ T4312] Bluetooth: hci2: Malformed Event: 0x48 [ 227.092897][ T6907] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 227.101263][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 227.104361][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 227.134324][ T6907] FAT-fs (loop5): unable to read boot sector [ 227.143638][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 227.143650][ T27] audit: type=1326 audit(227.120:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.154919][ T27] audit: type=1326 audit(227.130:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=448 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.173533][ T27] audit: type=1326 audit(227.130:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.179995][ T27] audit: type=1326 audit(227.130:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3f5b154 code=0x7ffc0000 [ 227.186490][ T27] audit: type=1326 audit(227.130:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.193015][ T6905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.649'. [ 227.193402][ T27] audit: type=1326 audit(227.130:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.211698][ T27] audit: type=1326 audit(227.130:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6906 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 227.248142][ T6569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.542860][ T6957] loop5: detected capacity change from 0 to 1024 [ 229.560666][ T6957] ext4: Unknown parameter 'inode_readahe' [ 231.063240][ T4528] device hsr_slave_0 left promiscuous mode [ 231.222422][ T4528] device hsr_slave_1 left promiscuous mode [ 231.352387][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.354867][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.358331][ T4528] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.362948][ T4528] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.373438][ T4528] device bridge_slave_1 left promiscuous mode [ 231.381127][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.451600][ T4528] device bridge_slave_0 left promiscuous mode [ 231.453701][ T4528] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.645783][ T4528] device veth1_macvtap left promiscuous mode [ 231.647530][ T4528] device veth0_macvtap left promiscuous mode [ 231.649180][ T4528] device veth1_vlan left promiscuous mode [ 231.650733][ T4528] device veth0_vlan left promiscuous mode [ 238.150243][ T4528] team0 (unregistering): Port device team_slave_1 removed [ 238.348721][ T4528] team0 (unregistering): Port device team_slave_0 removed [ 238.557986][ T4528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.806940][ T4528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.419816][ T4528] bond0 (unregistering): Released all slaves [ 241.685017][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 241.687767][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 241.707497][ T7018] netlink: 60 bytes leftover after parsing attributes in process `syz.2.683'. [ 241.809703][ T6569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.508840][ T7057] tipc: Failed to remove unknown binding: 66,1,1/2886997162:838452882/838452884 [ 243.570613][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 243.573650][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 243.583848][ T7057] tipc: Failed to remove unknown binding: 66,1,1/2886997162:838452882/838452884 [ 243.597937][ T7057] tipc: Failed to remove unknown binding: 66,1,1/2886997162:838452882/838452884 [ 244.381542][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 244.384930][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 244.389313][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 244.406075][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 245.134049][ T6569] device veth0_vlan entered promiscuous mode [ 245.215125][ T6569] device veth1_vlan entered promiscuous mode [ 247.009059][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 247.012276][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 247.807548][ T6569] device veth0_macvtap entered promiscuous mode [ 247.812325][ T6569] device veth1_macvtap entered promiscuous mode [ 247.880506][ T6569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.883535][ T6569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.886596][ T6569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.890092][ T6569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.894357][ T6569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.898794][ T6569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.901681][ T6569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.904446][ T6569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.909216][ T6569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.912145][ T6569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.915059][ T6569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.919616][ T6569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.263257][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 248.593582][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 249.141065][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.143030][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.205542][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 249.227351][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 249.236717][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 249.295957][ T7098] netlink: 60 bytes leftover after parsing attributes in process `syz.5.697'. [ 249.299970][ T6569] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.302572][ T6569] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.305200][ T6569] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.322426][ T6569] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.648210][ T4604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.650724][ T4604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.656795][ T4814] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 253.637432][ T4604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.640101][ T4604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 253.690759][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 257.363996][ T7159] netlink: 24 bytes leftover after parsing attributes in process `syz.7.586'. [ 257.408738][ T7159] netlink: 4 bytes leftover after parsing attributes in process `syz.7.586'. [ 258.172678][ T7186] netlink: 4 bytes leftover after parsing attributes in process `syz.5.721'. [ 258.229170][ T7186] netlink: 12 bytes leftover after parsing attributes in process `syz.5.721'. [ 258.493626][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.721'. [ 260.988963][ T7289] loop5: detected capacity change from 0 to 8192 [ 261.082163][ T7287] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 261.155321][ T7287] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 261.166837][ T7287] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 263.280352][ T7298] netlink: 20 bytes leftover after parsing attributes in process `syz.2.732'. [ 263.418362][ T7305] device batadv0 entered promiscuous mode [ 263.420466][ T7305] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 263.423847][ T7305] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 263.707647][ T7319] tipc: Failed to remove unknown binding: 66,1,1/0:2207493111/2207493113 [ 264.409669][ T7319] tipc: Failed to remove unknown binding: 66,1,1/0:2207493111/2207493113 [ 264.455603][ T7319] tipc: Failed to remove unknown binding: 66,1,1/0:2207493111/2207493113 [ 264.773465][ T7368] tipc: Enabling of bearer rejected, failed to enable media [ 266.403859][ T7403] loop7: detected capacity change from 0 to 256 [ 266.647010][ T7119] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 267.201731][ T7410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.750'. [ 267.218817][ T7410] bridge1: port 1(ip6gretap1) entered blocking state [ 267.220882][ T7410] bridge1: port 1(ip6gretap1) entered disabled state [ 267.224416][ T7410] device ip6gretap1 entered promiscuous mode [ 267.348315][ T7409] device veth5 entered promiscuous mode [ 267.350037][ T7409] bridge1: port 2(veth5) entered blocking state [ 267.351740][ T7409] bridge1: port 2(veth5) entered disabled state [ 268.243232][ T7420] loop7: detected capacity change from 0 to 512 [ 268.328420][ T7420] EXT4-fs warning (device loop7): ext4_expand_extra_isize_ea:2818: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 268.332565][ T7420] EXT4-fs (loop7): 1 truncate cleaned up [ 268.344232][ T7420] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 270.508897][ T6569] EXT4-fs (loop7): unmounting filesystem. [ 270.520251][ T7496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'. [ 270.557620][ T7498] loop5: detected capacity change from 0 to 64 [ 270.573840][ T7498] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 270.666507][ T7498] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop5 [ 270.734601][ T7498] netlink: 'syz.5.762': attribute type 2 has an invalid length. [ 272.426147][ T7521] netlink: 96 bytes leftover after parsing attributes in process `syz.1.768'. [ 277.000039][ T7617] netlink: 20 bytes leftover after parsing attributes in process `syz.7.781'. [ 284.239778][ T7702] netlink: 'syz.5.803': attribute type 3 has an invalid length. [ 284.242553][ T7702] netlink: 'syz.5.803': attribute type 3 has an invalid length. [ 284.524054][ T7713] netlink: 8 bytes leftover after parsing attributes in process `syz.5.807'. [ 287.802833][ T7757] tipc: Started in network mode [ 287.804352][ T7757] tipc: Node identity ac1414aa, cluster identity 4711 [ 287.809059][ T7757] tipc: Enabled bearer , priority 10 [ 287.821409][ T7757] tipc: Enabled bearer , priority 0 [ 288.929052][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.821'. [ 288.984525][ T6756] tipc: Node number set to 2886997162 [ 289.936031][ T7794] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 290.629889][ T7798] xt_bpf: check failed: parse error [ 291.965964][ T7801] loop5: detected capacity change from 0 to 8192 [ 291.971269][ T7801] FAT-fs (loop5): Unrecognized mount option "./file0" or missing value [ 293.740133][ T7841] tipc: Enabling of bearer rejected, failed to enable media [ 293.761530][ T7842] dccp_close: ABORT with 32 bytes unread [ 298.838532][ T7889] netlink: 8 bytes leftover after parsing attributes in process `syz.7.845'. [ 300.331844][ T7902] tipc: Started in network mode [ 300.333322][ T7902] tipc: Node identity 3ab329bf9446, cluster identity 4711 [ 300.348373][ T7902] tipc: Enabled bearer , priority 0 [ 300.381673][ T7902] device syzkaller0 entered promiscuous mode [ 300.456278][ T7902] tipc: Resetting bearer [ 300.545716][ T7901] tipc: Resetting bearer [ 300.616790][ T7906] 9pnet_fd: Insufficient options for proto=fd [ 300.666562][ T7901] tipc: Disabling bearer [ 301.791891][ T7925] syz.1.852 sent an empty control message without MSG_MORE. [ 302.115591][ T4312] Bluetooth: hci2: command 0x0406 tx timeout [ 303.405728][ T27] audit: type=1326 audit(303.370:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7931 comm="syz.0.857" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8815cc28 code=0x0 [ 303.875637][ T7970] tipc: Started in network mode [ 303.877079][ T7970] tipc: Node identity ac1414aa, cluster identity 4711 [ 303.890715][ T7970] tipc: Enabled bearer , priority 10 [ 303.894790][ T7965] tipc: Enabled bearer , priority 0 [ 303.903203][ T7965] device syzkaller0 entered promiscuous mode [ 303.914689][ T7970] tipc: Enabled bearer , priority 0 [ 303.944762][ T7965] tipc: Resetting bearer [ 303.983179][ T7964] tipc: Resetting bearer [ 304.025938][ T7978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.868'. [ 304.057649][ T7964] tipc: Disabling bearer [ 304.078750][ T7978] netlink: 48 bytes leftover after parsing attributes in process `syz.0.868'. [ 304.215311][ T7987] loop5: detected capacity change from 0 to 4096 [ 304.264579][ T7987] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 305.271190][ T4350] tipc: Node number set to 2886997162 [ 306.796489][ T8012] netlink: 'syz.0.878': attribute type 8 has an invalid length. [ 306.826006][ T8015] netlink: 24 bytes leftover after parsing attributes in process `syz.1.879'. [ 306.970700][ T6273] EXT4-fs (loop5): unmounting filesystem. [ 307.067207][ T8023] overlayfs: failed to clone upperpath [ 307.088093][ T8024] loop7: detected capacity change from 0 to 64 [ 308.232462][ T8045] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.234948][ T8045] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.272601][ T8045] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.305491][ T8045] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.148898][ T8056] netlink: 'syz.7.887': attribute type 4 has an invalid length. [ 309.218804][ T8056] netlink: 'syz.7.887': attribute type 4 has an invalid length. [ 311.808997][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 311.810840][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 312.212246][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.7.902'. [ 320.277603][ T8182] binder: 8181:8182 tried to acquire reference to desc 0, got 1 instead [ 320.319319][ T6756] binder: release 8181:8182 transaction 137 out, still active [ 320.321739][ T6756] binder: undelivered TRANSACTION_COMPLETE [ 320.324357][ T6756] binder: undelivered TRANSACTION_COMPLETE [ 320.395765][ T6756] binder: undelivered transaction 136, process died. [ 320.397747][ T6756] binder: send failed reply for transaction 137, target dead [ 322.678135][ T4312] Bluetooth: hci4: command 0x0406 tx timeout [ 322.680210][ T47] Bluetooth: hci2: command 0x0409 tx timeout [ 323.574382][ T8218] loop5: detected capacity change from 0 to 1024 [ 323.604786][ T8220] loop7: detected capacity change from 0 to 512 [ 323.641053][ T8218] EXT4-fs: Ignoring removed nobh option [ 323.642741][ T8218] EXT4-fs: Ignoring removed oldalloc option [ 323.683714][ T8218] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 323.701558][ T8220] EXT2-fs (loop7): error: revision level too high, forcing read-only mode [ 323.718040][ T8220] EXT2-fs (loop7): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=a00a8] [ 323.774786][ T8224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 323.800951][ T8224] netlink: 'syz.2.931': attribute type 5 has an invalid length. [ 323.803902][ T8218] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 323.835247][ T8224] netlink: 28 bytes leftover after parsing attributes in process `syz.2.931'. [ 323.956182][ T8224] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 323.958931][ T8224] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 323.965508][ T8224] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 324.030509][ T8224] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 324.035833][ T8224] device geneve3 entered promiscuous mode [ 324.256877][ T4308] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 324.260141][ T4308] Bluetooth: hci2: Injecting HCI hardware error event [ 324.266272][ T4312] Bluetooth: hci2: hardware error 0x00 [ 324.903452][ T6273] EXT4-fs (loop5): unmounting filesystem. [ 327.212002][ T4312] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 328.155692][ T8284] loop5: detected capacity change from 0 to 512 [ 328.159548][ T8284] EXT2-fs (loop5): error: revision level too high, forcing read-only mode [ 328.162078][ T8284] EXT2-fs (loop5): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=a00a8] [ 329.979488][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.948'. [ 330.810812][ T8305] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 330.820770][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.948'. [ 330.885543][ T8311] netlink: 48 bytes leftover after parsing attributes in process `syz.2.952'. [ 330.888215][ T8311] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 330.890187][ T8311] IPv6: NLM_F_CREATE should be set when creating new route [ 336.275146][ T8372] netlink: 12 bytes leftover after parsing attributes in process `syz.0.965'. [ 338.821371][ T8396] netlink: 8 bytes leftover after parsing attributes in process `syz.7.972'. [ 338.847786][ T8396] netlink: 'syz.7.972': attribute type 5 has an invalid length. [ 338.850186][ T8396] netlink: 28 bytes leftover after parsing attributes in process `syz.7.972'. [ 338.859446][ T8396] netdevsim netdevsim7 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 338.862107][ T8396] netdevsim netdevsim7 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 338.875605][ T8396] netdevsim netdevsim7 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 338.878215][ T8396] netdevsim netdevsim7 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 339.110605][ T8396] device geneve2 entered promiscuous mode [ 340.520716][ T8404] netlink: 'syz.5.974': attribute type 11 has an invalid length. [ 340.774071][ T8416] loop5: detected capacity change from 0 to 1024 [ 340.777864][ T8416] EXT4-fs: Ignoring removed oldalloc option [ 340.779595][ T8416] EXT4-fs: Ignoring removed nobh option [ 340.781230][ T8416] EXT4-fs: Ignoring removed bh option [ 340.796121][ T8416] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 341.600833][ T8416] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 342.792622][ T6273] EXT4-fs (loop5): unmounting filesystem. [ 347.801241][ T8490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.991'. [ 350.561687][ T8528] netlink: 'syz.0.1000': attribute type 1 has an invalid length. [ 351.488995][ T8534] bond3: (slave ip6gretap2): making interface the new active one [ 351.492146][ T8534] bond3: (slave ip6gretap2): Enslaving as an active interface with an up link [ 351.935307][ T8556] lo speed is unknown, defaulting to 1000 [ 355.068434][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1009'. [ 355.080488][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1009'. [ 356.026235][ T8579] Cannot find set identified by id 0 to match [ 358.474930][ T8610] netlink: 'syz.2.1017': attribute type 1 has an invalid length. [ 358.618155][ T8617] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 358.642809][ T8617] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 358.672124][ T8617] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 358.689657][ T8617] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 358.711636][ T8617] bond2: (slave geneve4): making interface the new active one [ 358.716808][ T8617] bond2: (slave geneve4): Enslaving as an active interface with an up link [ 358.730758][ T8619] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1017'. [ 358.742139][ T8619] 8021q: adding VLAN 0 to HW filter on device bond2 [ 358.745701][ T8622] netlink: 'syz.5.1020': attribute type 1 has an invalid length. [ 358.766718][ T8627] bond1: (slave ip6gretap2): Enslaving as a backup interface with an up link [ 359.146426][ T8622] device veth3 entered promiscuous mode [ 359.183075][ T8622] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 360.236929][ T8648] loop5: detected capacity change from 0 to 128 [ 360.244357][ T8648] EXT4-fs (loop5): Test dummy encryption mode enabled [ 360.276929][ T8648] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 360.285046][ T8648] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1024'. [ 360.301641][ T8648] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1024'. [ 360.477099][ T6273] EXT4-fs (loop5): unmounting filesystem. [ 361.293318][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1031'. [ 367.838219][ T8751] loop5: detected capacity change from 0 to 64 [ 367.841255][ T8751] hfs: type requires a 4 character value [ 367.855769][ T8751] hfs: unable to parse mount options [ 368.642509][ T8578] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 368.703651][ T8759] netlink: 'syz.2.1047': attribute type 4 has an invalid length. [ 369.167491][ T8766] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1045'. [ 369.315784][ T8760] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1048'. [ 369.435544][ T8760] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1048'. [ 369.481742][ T8769] netlink: 'syz.7.1048': attribute type 10 has an invalid length. [ 369.484144][ T8769] bridge0: port 3(team0) entered blocking state [ 369.495125][ T8769] bridge0: port 3(team0) entered disabled state [ 369.498237][ T8769] device team0 entered promiscuous mode [ 369.499791][ T8769] device team_slave_0 entered promiscuous mode [ 369.501749][ T8769] device team_slave_1 entered promiscuous mode [ 369.504127][ T8769] bridge0: port 3(team0) entered blocking state [ 369.505976][ T8769] bridge0: port 3(team0) entered forwarding state [ 369.606216][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.642688][ T8776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1052'. [ 371.760337][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.770360][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 371.927444][ T8798] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 371.929819][ T8798] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 371.935290][ T8798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.943781][ T8798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 373.216960][ T8821] loop7: detected capacity change from 0 to 64 [ 373.221234][ T8821] hfs: type requires a 4 character value [ 373.222916][ T8821] hfs: unable to parse mount options [ 374.939138][ T8833] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1066'. [ 375.133229][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1066'. [ 375.679713][ T8837] netlink: 'syz.1.1065': attribute type 1 has an invalid length. [ 376.597802][ T8842] netlink: 'syz.2.1066': attribute type 10 has an invalid length. [ 376.600780][ T8842] bridge0: port 3(team0) entered blocking state [ 376.602661][ T8842] bridge0: port 3(team0) entered disabled state [ 376.621861][ T8842] device team0 entered promiscuous mode [ 376.623593][ T8842] device team_slave_0 entered promiscuous mode [ 376.638499][ T8842] device team_slave_1 entered promiscuous mode [ 376.661655][ T8843] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 376.664194][ T8843] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 376.668953][ T8843] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 376.671713][ T8843] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 376.676240][ T8843] bond2: (slave geneve2): making interface the new active one [ 376.679126][ T8843] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 376.849289][ T8837] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1065'. [ 376.884801][ T8837] 8021q: adding VLAN 0 to HW filter on device bond2 [ 376.891124][ T8866] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 376.894170][ T8866] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 376.897026][ T8866] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 376.899415][ T8866] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 376.934978][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1072'. [ 376.944359][ T8866] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 376.946763][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1072'. [ 377.213884][ T27] audit: type=1326 audit(633.184:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 377.283287][ T27] audit: type=1326 audit(633.254:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.675646][ T27] audit: type=1326 audit(633.834:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.681464][ T27] audit: type=1326 audit(633.834:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.785639][ T27] audit: type=1326 audit(633.834:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.791657][ T27] audit: type=1326 audit(634.654:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa3f5b154 code=0x7ffc0000 [ 378.861145][ T27] audit: type=1326 audit(634.654:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.916914][ T27] audit: type=1326 audit(634.654:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.923054][ T27] audit: type=1326 audit(634.654:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 378.929802][ T27] audit: type=1326 audit(634.654:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8876 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa3f5cc28 code=0x7ffc0000 [ 379.067482][ T8895] loop7: detected capacity change from 0 to 1024 [ 379.102875][ T8895] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 379.971970][ T8895] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 382.771356][ T6569] EXT4-fs (loop7): unmounting filesystem. [ 384.890073][ T8938] netlink: 'syz.7.1086': attribute type 1 has an invalid length. [ 384.946174][ T8938] netdevsim netdevsim7 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 384.949098][ T8938] netdevsim netdevsim7 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 384.951749][ T8938] netdevsim netdevsim7 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 384.959240][ T8938] netdevsim netdevsim7 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 384.968958][ T8938] bond1: (slave geneve4): making interface the new active one [ 384.972597][ T8938] bond1: (slave geneve4): Enslaving as an active interface with an up link [ 386.082408][ T8938] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1086'. [ 386.104501][ T8938] 8021q: adding VLAN 0 to HW filter on device bond1 [ 386.165505][ T7267] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 388.633044][ T8978] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1093'. [ 388.876496][ T9016] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1107'. [ 388.942690][ T27] kauditd_printk_skb: 25 callbacks suppressed [ 388.942702][ T27] audit: type=1326 audit(644.914:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9011 comm="syz.1.1105" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x0 [ 390.773853][ T9029] netlink: 'syz.0.1108': attribute type 1 has an invalid length. [ 392.215277][ T9035] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 392.248015][ T9035] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 392.250471][ T9035] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 392.252924][ T9035] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 392.304089][ T9048] binder: 9043:9048 ioctl c00c620f 0 returned -14 [ 392.319557][ T9034] loop7: detected capacity change from 0 to 16 [ 392.349843][ T9034] erofs: (device loop7): mounted with root inode @ nid 36. [ 392.361163][ T9035] bond4: (slave geneve2): making interface the new active one [ 392.364217][ T9035] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 392.645861][ T9035] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1108'. [ 397.381257][ T9091] serio: Serial port pts0 [ 397.519936][ T9108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1126'. [ 397.525150][ T9108] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 397.535352][ T9108] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1126'. [ 397.538583][ T9108] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 399.133271][ T9136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.141424][ T9136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.278678][ T9139] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1131'. [ 400.031636][ T9133] could not allocate digest TFM handle sha1-ssse3 [ 400.044157][ T9153] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 403.281197][ T9202] netlink: 'syz.0.1149': attribute type 1 has an invalid length. [ 404.301563][ T9217] overlayfs: failed to clone upperpath [ 404.365863][ T9202] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1149'. [ 405.642922][ T27] audit: type=1326 audit(661.614:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.1.1167" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x0 [ 405.920460][ T9234] lo speed is unknown, defaulting to 1000 [ 406.291498][ T9262] lo speed is unknown, defaulting to 1000 [ 407.371091][ T9280] binder: 9277:9280 tried to acquire reference to desc 0, got 1 instead [ 407.378341][ T9280] binder: 9277:9280 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 407.382118][ T9280] binder: 9280 RLIMIT_NICE not set [ 407.384144][ T9280] binder: 9280 RLIMIT_NICE not set [ 407.390780][ T9280] binder: 9280 RLIMIT_NICE not set [ 407.464839][ T6753] binder: undelivered TRANSACTION_COMPLETE [ 408.450403][ T9278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 408.541288][ T9281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1163'. [ 408.556395][ T9281] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 408.704617][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1170'. [ 408.726777][ T9281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1163'. [ 409.797135][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1170'. [ 411.386354][ T9319] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 411.391197][ T9319] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 411.393612][ T9319] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 411.413045][ T9307] lo speed is unknown, defaulting to 1000 [ 411.742533][ T9338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.756185][ T9338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.760443][ T9338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.762738][ T9338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.769450][ T9338] batman_adv: batadv0: Interface deactivated: macsec1 [ 411.771442][ T9338] batman_adv: batadv0: Removing interface: macsec1 [ 412.042652][ T9355] netlink: 'syz.1.1184': attribute type 1 has an invalid length. [ 412.082923][ T9355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1184'. [ 412.095731][ T9355] 8021q: adding VLAN 0 to HW filter on device bond3 [ 414.818451][ T9395] xt_CT: You must specify a L4 protocol and not use inversions on it [ 418.630031][ T9428] xt_bpf: check failed: parse error [ 418.640502][ T9421] lo speed is unknown, defaulting to 1000 [ 418.770326][ T9432] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 418.788096][ T9432] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 418.792611][ T9432] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 419.541653][ T9435] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1197'. [ 423.548248][ T9488] lo speed is unknown, defaulting to 1000 [ 423.656524][ T9482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 424.672610][ T9482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.324682][ T9568] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 430.329393][ T9568] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 430.331619][ T9568] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 431.441116][ T9575] loop5: detected capacity change from 0 to 1024 [ 431.648238][ T9581] tipc: Enabling of bearer rejected, failed to enable media [ 432.386748][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 432.389647][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 432.571788][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 432.577026][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 432.668177][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 432.670342][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 433.679054][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.681163][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 433.685749][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 433.687869][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 433.728916][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 433.731099][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.054549][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.059739][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.078671][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.081007][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.100985][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.103200][ T9587] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.115819][ T9609] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.118281][ T9609] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.128911][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.131316][ T9589] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.146395][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.148725][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.173675][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 434.181008][ T9575] hfsplus: request for non-existent node 33423360 in B*Tree [ 436.715985][ T4312] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 436.719411][ T4312] CPU: 1 PID: 4312 Comm: kworker/u5:4 Not tainted 6.1.147-syzkaller #0 [ 436.721861][ T4312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 436.724774][ T4312] Workqueue: hci4 hci_rx_work [ 436.726134][ T4312] Call trace: [ 436.727085][ T4312] dump_backtrace+0x1c8/0x1f4 [ 436.728462][ T4312] show_stack+0x2c/0x3c [ 436.729701][ T4312] __dump_stack+0x30/0x40 [ 436.730960][ T4312] dump_stack_lvl+0xf8/0x160 [ 436.732288][ T4312] dump_stack+0x1c/0x5c [ 436.733484][ T4312] sysfs_create_dir_ns+0x22c/0x24c [ 436.734998][ T4312] kobject_add_internal+0x5a8/0xb30 [ 436.736601][ T4312] kobject_add+0x134/0x1f8 [ 436.737939][ T4312] device_add+0x3f0/0xf94 [ 436.739195][ T4312] hci_conn_add_sysfs+0xbc/0x1cc [ 436.740646][ T4312] le_conn_complete_evt+0xa24/0xf8c [ 436.742096][ T4312] hci_le_enh_conn_complete_evt+0x114/0x3f8 [ 436.743768][ T4312] hci_le_meta_evt+0x2c0/0x4a4 [ 436.745151][ T4312] hci_event_packet+0x6ac/0xf08 [ 436.746687][ T4312] hci_rx_work+0x324/0xaa0 [ 436.748077][ T4312] process_one_work+0x7f4/0x13a8 [ 436.749470][ T4312] worker_thread+0x8c8/0xfbc [ 436.750803][ T4312] kthread+0x250/0x2d8 [ 436.751973][ T4312] ret_from_fork+0x10/0x20 [ 436.755961][ T4312] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 436.760098][ T4312] Bluetooth: hci4: failed to register connection device [ 438.828349][ T27] audit: type=1326 audit(694.804:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9662 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x7ffc0000 [ 438.834374][ T27] audit: type=1326 audit(694.804:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9662 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x7ffc0000 [ 438.876941][ T27] audit: type=1326 audit(694.824:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9662 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff96d5cc28 code=0x7ffc0000 [ 438.883009][ T27] audit: type=1326 audit(694.824:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9662 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x7ffc0000 [ 439.052295][ T9677] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1253'. [ 439.174046][ T27] audit: type=1326 audit(694.824:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9662 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff96d5cc28 code=0x7ffc0000 [ 440.592582][ T9690] tipc: Started in network mode [ 440.594192][ T9690] tipc: Node identity 080211, cluster identity 4711 [ 440.766613][ T9690] tipc: Enabled bearer , priority 0 [ 440.921945][ T9684] tipc: Enabled bearer , priority 0 [ 441.567264][ T9691] device syzkaller0 entered promiscuous mode [ 441.736756][ T9700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1259'. [ 441.768607][ T9702] overlayfs: missing 'lowerdir' [ 441.812255][ T9702] overlayfs: unrecognized mount option "nfs_export=on:/" or missing value [ 441.862187][ T9683] tipc: Resetting bearer [ 441.891264][ T1962] tipc: Node number set to 134353152 [ 442.720928][ T9683] tipc: Disabling bearer [ 443.762429][ T9732] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1264'. [ 444.716899][ T9750] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 444.719999][ T9750] Mem abort info: [ 444.721162][ T9750] ESR = 0x0000000086000006 [ 444.722496][ T9750] EC = 0x21: IABT (current EL), IL = 32 bits [ 444.724357][ T9750] SET = 0, FnV = 0 [ 444.725500][ T9750] EA = 0, S1PTW = 0 [ 444.726621][ T9750] FSC = 0x06: level 2 translation fault [ 444.728289][ T9750] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000109c84000 [ 444.730414][ T9750] [0000000000000000] pgd=0800000113f59003, p4d=0800000113f59003, pud=0800000110474003, pmd=0000000000000000 [ 444.733937][ T9750] Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP [ 444.735987][ T9750] Modules linked in: [ 444.737074][ T9750] CPU: 0 PID: 9750 Comm: syz.5.1267 Not tainted 6.1.147-syzkaller #0 [ 444.739397][ T9750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 444.742201][ T9750] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 444.744528][ T9750] pc : 0x0 [ 444.745373][ T9750] lr : bond_xdp_xmit+0x27c/0x45c [ 444.746773][ T9750] sp : ffff800021fe7220 [ 444.748053][ T9750] x29: ffff800021fe72e0 x28: 000000000000000f x27: ffff800021fe7248 [ 444.750483][ T9750] x26: dfff800000000000 x25: ffff800012b56b98 x24: ffff000105c60000 [ 444.752791][ T9750] x23: fffffbffeff01210 x22: ffff0000f9428000 x21: fffffbffeff01210 [ 444.755179][ T9750] x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000 [ 444.757474][ T9750] x17: 0000000000000000 x16: ffff8000082d0ec4 x15: 0000000000000002 [ 444.759908][ T9750] x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000 [ 444.762262][ T9750] x11: 0000000000004f91 x10: ffff800026909000 x9 : ffff800021fe7280 [ 444.764691][ T9750] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 444.767149][ T9750] x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000001 [ 444.769563][ T9750] x2 : ffff800021fe72a0 x1 : 0000000000000001 x0 : ffff000105c60000 [ 444.772058][ T9750] Call trace: [ 444.773091][ T9750] 0x0 [ 444.773863][ T9750] bq_xmit_all+0xab0/0xf10 [ 444.775186][ T9750] __dev_flush+0xc4/0x18c [ 444.776467][ T9750] xdp_do_flush+0x14/0x28 [ 444.777845][ T9750] bpf_test_run_xdp_live+0x10e0/0x1544 [ 444.779421][ T9750] bpf_prog_test_run_xdp+0x560/0xb88 [ 444.780934][ T9750] bpf_prog_test_run+0x2dc/0x364 [ 444.782343][ T9750] __sys_bpf+0x4ec/0x634 [ 444.783516][ T9750] __arm64_sys_bpf+0x80/0x98 [ 444.784971][ T9750] invoke_syscall+0x98/0x2bc [ 444.786412][ T9750] el0_svc_common+0x138/0x258 [ 444.787783][ T9750] do_el0_svc+0x58/0x13c [ 444.788968][ T9750] el0_svc+0x58/0x138 [ 444.790194][ T9750] el0t_64_sync_handler+0x84/0xf0 [ 444.791616][ T9750] el0t_64_sync+0x18c/0x190 [ 444.792955][ T9750] Code: bad PC value [ 444.794135][ T9750] ---[ end trace 0000000000000000 ]--- [ 445.403668][ T9750] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 445.405920][ T9750] SMP: stopping secondary CPUs [ 445.407266][ T9750] Kernel Offset: disabled [ 445.408563][ T9750] CPU features: 0x080000,02070084,26017203 [ 445.410215][ T9750] Memory Limit: none [ 445.963776][ T9750] Rebooting in 86400 seconds..