last executing test programs: 24.009062206s ago: executing program 0 (id=2342): r0 = creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x40, 0x0) mkdir(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) wait4(r1, &(0x7f0000000000), 0x2, &(0x7f0000000300)) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, 0x0, 0x0) open(0x0, 0x14da42, 0x0) r5 = open(&(0x7f0000002000)='./bus\x00', 0x143142, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x82402) ioctl$BLKDISCARD(r6, 0x1277, 0x0) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xa) sendfile(r5, 0xffffffffffffffff, 0x0, 0x1000000201005) socket(0x18, 0x0, 0x1) 22.692001485s ago: executing program 0 (id=2346): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 21.23073142s ago: executing program 0 (id=2347): socket(0x10, 0x803, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f00000002c0)=[{{&(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @rand_addr, @private}}}], 0x18}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) r3 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpuacct.stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x8001) 21.134035787s ago: executing program 0 (id=2348): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 20.063992308s ago: executing program 0 (id=2352): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@private1, 0x0, 0x0, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x20000001, 0x4) shutdown(r0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) 20.05332803s ago: executing program 2 (id=2353): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) msgget$private(0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b9085715"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00I'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000f00f88)) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f0000000280)) msgsnd(0x0, &(0x7f0000000940)={0x1}, 0x8, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket$kcm(0x10, 0x0, 0x4) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839}, 0x24}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) getegid() 19.887735975s ago: executing program 0 (id=2355): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x90800, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000280)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000400)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r1, 0x0, 0x80000}) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'broute\x00', 0x0, 0x0, 0x0, [0x800, 0xad, 0x37f, 0x7, 0x0, 0x5], 0x1, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x0, [{}]}, 0x88) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = fsopen(&(0x7f0000000540)='vxfs\x00', 0x0) readv(r9, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}, {&(0x7f0000000b00)=""/170, 0xaa}, {&(0x7f0000000880)=""/134, 0x86}, {&(0x7f0000000940)=""/182, 0xb6}, {&(0x7f0000000a00)=""/239, 0xef}], 0x5) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r8, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x40046207, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000500)='./binderfs2/custom0\x00', 0x404, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0xfffffffffffffe93, &(0x7f0000000380)={&(0x7f0000000bc0)=ANY=[@ANYRES16, @ANYRES16=r9, @ANYRES32=r9, @ANYRES32=r6], 0x58}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) syz_io_uring_setup(0x70e6, &(0x7f0000000300)={0x0, 0xfffffffe, 0x1000}, &(0x7f00000000c0), &(0x7f00000004c0)) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) dup3(r10, r7, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x400c630e, 0x0, 0xffffff7f00000000}], 0x64, 0x1000000000000, 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="2800000019000100060000000000003e08857c100011ff05000000000c008a5e79e280db0dafc538bd45f86c5751f9399356b0739e6c3f959aab3eaab379bd8b74b3af07af63964320908100f70a6d0994c91c399277a0914a7901000000dde124d6da4e47074bc8099b091184f5250ee6d2d4fc44cdefb84f954e8b0a3c3dae551856db312168df6ce7b9f4162733a476be4bfb3afd58b053", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0) 16.913755638s ago: executing program 2 (id=2369): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000001d00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001d40)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RATE={0x404}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0) 15.714514947s ago: executing program 2 (id=2375): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD") lstat(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) setresuid(0x0, 0x0, 0xee01) ioprio_get$uid(0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) quotactl$Q_SETQUOTA(0xffffffff80000900, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 14.093543414s ago: executing program 2 (id=2382): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 13.395266224s ago: executing program 2 (id=2385): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0xfffffffffffffe92}}}]}, 0x38}}, 0x0) 9.561679139s ago: executing program 3 (id=2387): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 9.533059267s ago: executing program 2 (id=2388): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff1f, 0x0, &(0x7f00000001c0)='{', 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@getchain={0x24, 0x66, 0x109, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f00000005c0)=ANY=[@ANYRES64=r4], 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x90) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000240)={0x0, 0x5, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x7, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x24}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000003c0)={{0xa, 0x4e20, 0xc1, @empty, 0x7f}, {0xa, 0x4e21, 0x5, @remote, 0xac8}, 0xffffffffffffffff, {[0x1d5, 0x7ff, 0x7, 0x0, 0x40000000, 0x9, 0x7, 0x7fff]}}, 0x5c) 9.464043836s ago: executing program 3 (id=2389): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file2\x00', 0x3004041, &(0x7f0000001200)=ANY=[@ANYBLOB='quiat,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d63703733372c636f6465706167653d6575632d6a702c747970653d0b9163a42c00"], 0x11, 0x2d8, &(0x7f00000013c0)="$eJzs3U1rE0Ecx/HfbNI2taVuH0TwIlQLehGtF/GSInkRnkRtIhRDRa34cKriSUTv3vsWPPoCvCi+gXry5AuoXlZm9iFPu5ttbLMGvx9omGRndv6TfZj5B8oKwH/rRmN/7+oP+2ekiirSm+uSJ6kmVSWd0unak+2drZ12q5m3o4prYf+MwpZmoM7mdiutqW3nWkR8+66q+e7PcDyCINj4XnYQKJ27+lN40kx0dbrtta5tM2OLLtvLEdvtHnEck8Yc6EDPtFB2HACAckXzvxfN8/PR+t3zpLVo2h+Y/ydCxkR/MO44xi7I3do1/7ssKzD2+J50mzr5nkvh7HYvzhKL9DzV935a4ZnVs8A0w7JKF4s3e2+r3bq0+aDd9PRK9UhXtRX32gxP3diQaFdTctMcBcZu0k+0OTeGKTuG9TD+p5J64l8esceRmc/mq7llfH1QM1n/VQNjD5M7Un7fkQrjv5y9RzdK39ZSdNuo1+teT5VF18mZqIfI/t4n5Yyylp6RKD6jFtX7A4E/LE7XaqmvVTi6K0NaLae2Wo/fZbRa6WllR5Oczdn9HaMN+2LemZtmVT/1UY2u9b9n41tT7pXZuWrMWjgVuG88HM90ep9Vt09/YOYYvFySbzEzr/yVf0/DIbzVXV3TwuPnL+5X2u3WI1u4k1J4OJ98MvVaSq1TckG7nU9mFDjJJ4qDj8ZdcM+/g779jFK4eKQjtfePoZXtVZZXZzb6Gv6JA/fXhfjuOu7eG18Kn0gTWyjpvoSx6hz0siNBSey6y4T5XydfqYaLPfvip2YjBX8IiPYY2DV2ksF12gbS2SVXOnGoDG4uO4MbzLkGckaXc527IJ0v3qOvpQLDnRimoW+6ze//AAAAAAAAAAAAAAAAAAAAk2Yc/05Q9hgBAAAAAAAAAAAAAAAAAAAAAJh0yfN/FT//V8We/9v/KJajfP7v+23x/F/g+P0JAAD///tdeos=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) getpgrp(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_PKEY_QUERY(0x18, r6, 0x0, &(0x7f0000000080)='\x00', 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x800000, 0x0, 0xfffffffc}}}, @TCA_IFE_SMAC={0xa, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x28884}, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_pktinfo(r8, 0x0, 0x19, 0x0, 0x0) 9.32966107s ago: executing program 4 (id=2391): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001800)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000980)="000000c8320100"/16, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000240)="d9dd858b042c74d8df75187f78de58", 0xf}, {&(0x7f0000000340)='S', 0x1}], 0x2}}], 0x2, 0x0) 9.266498965s ago: executing program 4 (id=2392): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fdatasync(r2) 9.149417862s ago: executing program 4 (id=2394): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getpgid(0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000021c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9046c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4e0664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa7666b5ded16ee7025f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b3a2327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4f4ab9e85bf8c6d71a2214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f4f5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51700eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6cd28cf28fe2ee593e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c191355391771f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18abde34ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310d69e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74df190c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f2708e09ae8268dcc15411483b8506386aa0ece2a94c320b002c77f82cb3cc96c34f7831844cc748e662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae4c697bfc674e03231c42f7eaaf5166bbc4653c71805f9448416e379cc1c40f8f866c9b319a849dd00ff9b84857436ed362c4632bfc3fa7357c24f15bbb07bd91893e61df7eb6dc5e071a9cc2faa7a32a91c4d982f5cfb725dca80b23874877a4980dbd70cda040b1ce527e7188159df77b493efbbd7bfe2680bf44e49eb68e5e33a0a5726072b2699d6244cd5c4a82bf18c668a3d43cec78c5fe1f12283d5dde6d0ea0b1b81ee7c065c938577e4ec93f22f1e6106f337625b7f7798011a60a75c35731fe44fa4fc6add59bac24d045a5780a0737b0f09e9127e9df798a1a58434b00d64ea6121afab030d1100905b6b5ecfd2991dd523098dbfaa85c0067884f987dde054a7ba1a95c1815c40a45878dd97a2721b28db7c52230dc999c4416b2af946ee708001cac72dd4ee55eae2d598cff47e4b929f3"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) getrlimit(0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000300)={0x0, 'ip6gre0\x00', {}, 0x2}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x10, &(0x7f0000000400), 0x0, 0x5fd, &(0x7f00000004c0)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIcZEuBOCP26eKi0EKZTQGi2SWBK8mBgvHkw8eRD/CyXx6sGrBy+eDAkxhoMYImtmO1Om293SX7tbup9PMnSeme48z5R++5199nlmAuhYI9k/acT+iLiaRAyV9nVHvnNk6fvu/3njXLYkUam8/UcSNz5JFsvHSvKvg/mL/xmK5Oc0Yl/X6nrnFq5fmpyZmb6Wl8fmL18dm1u4fvji5ckL0xemr0y8OnHi+LHjJ8aPbOn8ylWfvvX+h0OfnXn3268fJuPf/XomiZPxKP+G7LxqX9u3pZqzn9lIVJY8KG/Pfq4ntnjsneKvoeL35LGkdgM7Vpr/PvZExLMxFF2l/82h+PTNtjYOaKpKEkWOAjpOsqn479/+hgAtVlwHFO/t670PXi1t8lUJ0Ar3Ti11ACzFfk9EFPHfvdQ3GP3VvoGB+8mKfp4kIrbWM7ckq+OnH8/cypZo0A8HNMfizaKXuzb/J9XYHI7+amngfroi/tPSkm1/a5P1j9SUxT+0zuLNiHguz/+9saH4HynF/3ubrF/8AwAAAAAAwPa5cyoiXqk3/i9dHv/TW2f8z2BEnNyG+p/8+V96N19JtqE6oOTeqYjX647/XR7jO9yVl/5bHQ/Qk5y/ODN9JCL+FxGHoqcvK4/XHLc8Qvjw5/u+alR/efxftmT1F2MB8yPd7a6ZiDs1OT+51fMGIu7djHi+Ov73QL5l5fifLP8ndfJ/Ft9X11nHvpdun22078nxDzRL5ZuIg3Xz/+PL7WTt+3OMVa8HxoqrgtVe+PiL7xvVL/6hfbL8P7B2/Pcl5fv1zG3s+L0RcXShu9Jo/2av/3uTd7qK42c+mpyfvzYe0ZucXr19YmNtht2qiIciXrL4P/Ti2v1/y9f/pTjcExGL66zzmUeDvzXaJ/9D+2TxP7V2/h9emf83vjJxe/iHRvWfXVf+P1bN6YfyLfr/oGz1/TjWG6BtaS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOXSiPhPJOno8nqajo5GDEbE/2MgnZmdm3/5/OwHV6ayfdXn/6fFk36HlspJ8fz/4VJ5oqZ8NCL2RsSXXXuq5dFzszNT7T55AAAAAAAAAAAAAAAAAAAA2CEGq3P+K3218/8zv3e1u3VA03XnX8U7dJ7uTb+y0retDQFabvPxDzzt1h//PU1tB9B6jeP/wcNKVUubA7SQ63/oXJuMfx8XwC4g/0OnWmefXn+z2wG0g/wPAAAAAAC7yt4Dd35JImLxtT3VJdOb7zPYH3a3tN0NANrGGF7oXN2z7W4B0C7e4wPJ8trfdSf7Nx79nzSnQQAAAAAAAAAAAADAKgf3m/8PnWrt+f/G9sNutsb8/3rB73YBsIs0fvSH3A+7nff4wJOyvfn/AAAAAAAAAAAAALAD9F+/NDkzM31tbuHpW3ljZzRjYyuLkzuiGdu68qg5R+6JiJ1xgq1eKW7B0cZmtPnvEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOzfAAAA//+OZyca") 5.577251512s ago: executing program 4 (id=2395): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) syz_open_dev$usbmon(0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 5.242332763s ago: executing program 3 (id=2399): io_setup(0x0, 0x0) io_uring_setup(0x30d5, &(0x7f00000000c0)) clock_gettime(0x0, &(0x7f0000000140)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@remote, @in=@local}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000000000)=0xe8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x3c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @probe_request={{{}, {}, @broadcast}, @val={0x0, 0x1, @random='\''}, @void, @void, @void, @void}}]}, 0x3c}}, 0x0) chdir(&(0x7f0000000000)='./file0\x00') prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000351000/0x2000)=nil) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r4, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_SETUP(r4, 0x5501, 0x0) unshare(0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x41, &(0x7f0000000000)={'filter\x00', 0x2, [{}, {}]}, 0x48) readv(r4, &(0x7f0000001900)=[{0x0}, {&(0x7f0000000040)=""/65, 0x41}], 0x2) write$input_event(r4, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') read$FUSE(r6, &(0x7f0000010140)={0x2020}, 0x2036) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 4.788510963s ago: executing program 3 (id=2402): socket$kcm(0x11, 0x2, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) socket$kcm(0xa, 0x922000000003, 0x11) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0x36) 4.134666247s ago: executing program 1 (id=2404): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001cc0)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000002540), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={0x0}}, 0x0) 4.055605757s ago: executing program 1 (id=2405): mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000100)=0x1, 0x4) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0xf, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7f}) getpid() bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net\x00') getdents64(r4, 0xffffffffffffffff, 0x43) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.951036717s ago: executing program 4 (id=2406): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) msgget$private(0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b9085715"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00I'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000f00f88)) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f0000000280)) msgsnd(0x0, &(0x7f0000000940)={0x1}, 0x8, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket$kcm(0x10, 0x0, 0x4) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839}, 0x24}}, 0x0) getegid() 3.10770366s ago: executing program 1 (id=2407): unshare(0x10400) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x6}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xf, 0x4, 0x4, 0x3db7}, 0x48) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000040), 0x0}, 0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f00000003c0), &(0x7f0000000400)=@udp=r2, 0x1}, 0x20) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r1}, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800f6ff000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x26e1, 0x0) 2.984211347s ago: executing program 1 (id=2408): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file2\x00', 0x3004041, &(0x7f0000001200)=ANY=[@ANYBLOB='quiat,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d63703733372c636f6465706167653d6575632d6a702c747970653d0b9163a42c00"], 0x11, 0x2d8, &(0x7f00000013c0)="$eJzs3U1rE0Ecx/HfbNI2taVuH0TwIlQLehGtF/GSInkRnkRtIhRDRa34cKriSUTv3vsWPPoCvCi+gXry5AuoXlZm9iFPu5ttbLMGvx9omGRndv6TfZj5B8oKwH/rRmN/7+oP+2ekiirSm+uSJ6kmVSWd0unak+2drZ12q5m3o4prYf+MwpZmoM7mdiutqW3nWkR8+66q+e7PcDyCINj4XnYQKJ27+lN40kx0dbrtta5tM2OLLtvLEdvtHnEck8Yc6EDPtFB2HACAckXzvxfN8/PR+t3zpLVo2h+Y/ydCxkR/MO44xi7I3do1/7ssKzD2+J50mzr5nkvh7HYvzhKL9DzV935a4ZnVs8A0w7JKF4s3e2+r3bq0+aDd9PRK9UhXtRX32gxP3diQaFdTctMcBcZu0k+0OTeGKTuG9TD+p5J64l8esceRmc/mq7llfH1QM1n/VQNjD5M7Un7fkQrjv5y9RzdK39ZSdNuo1+teT5VF18mZqIfI/t4n5Yyylp6RKD6jFtX7A4E/LE7XaqmvVTi6K0NaLae2Wo/fZbRa6WllR5Oczdn9HaMN+2LemZtmVT/1UY2u9b9n41tT7pXZuWrMWjgVuG88HM90ep9Vt09/YOYYvFySbzEzr/yVf0/DIbzVXV3TwuPnL+5X2u3WI1u4k1J4OJ98MvVaSq1TckG7nU9mFDjJJ4qDj8ZdcM+/g779jFK4eKQjtfePoZXtVZZXZzb6Gv6JA/fXhfjuOu7eG18Kn0gTWyjpvoSx6hz0siNBSey6y4T5XydfqYaLPfvip2YjBX8IiPYY2DV2ksF12gbS2SVXOnGoDG4uO4MbzLkGckaXc527IJ0v3qOvpQLDnRimoW+6ze//AAAAAAAAAAAAAAAAAAAAk2Yc/05Q9hgBAAAAAAAAAAAAAAAAAAAAAJh0yfN/FT//V8We/9v/KJajfP7v+23x/F/g+P0JAAD///tdeos=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) getpgrp(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_PKEY_QUERY(0x18, r6, 0x0, &(0x7f0000000080)='\x00', 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x800000, 0x0, 0xfffffffc}}}, @TCA_IFE_SMAC={0xa, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x28884}, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_pktinfo(r8, 0x0, 0x19, 0x0, 0x0) 1.097326079s ago: executing program 3 (id=2409): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000507000000000007000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=@newtfilter={0x2c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@TCA_CHAIN={0x8, 0xb, 0x3ff}]}, 0x2c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 944.150378ms ago: executing program 1 (id=2410): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x5411, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0)) read$dsp(r4, &(0x7f00000011c0)=""/4117, 0x200021d5) syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x10000000, 0x80, 0x0, 0x1aa}, 0x0, 0x0) 923.719559ms ago: executing program 3 (id=2411): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000480)=""/213, 0xd5}, {&(0x7f0000000ec0)=""/252, 0xfc}, {&(0x7f0000002140)=""/4058, 0xfda}, {&(0x7f00000006c0)=""/229, 0xe5}, {&(0x7f00000007c0)=""/191, 0xbf}, {&(0x7f0000000340)=""/176, 0xb0}, {&(0x7f0000000b00)=""/226, 0xe2}, {&(0x7f0000000640)=""/21, 0x15}, {&(0x7f0000000400)=""/35, 0x23}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000280)=""/155, 0x9b}, {&(0x7f0000000240)=""/64, 0x40}, {&(0x7f00000008c0)=""/54, 0x36}, {&(0x7f0000001100)=""/228, 0xe4}, {&(0x7f0000000880)=""/26, 0x1a}, {&(0x7f0000000c00)=""/223, 0xdf}], 0x10}, 0x0) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x1a, 0x0}, 0x0) 51.287988ms ago: executing program 4 (id=2412): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@private0, @in=@local, 0x4e23, 0xfffd, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x6e6bb4, 0x1}, {{@in=@broadcast, 0x0, 0x3c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @private}, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f0000000100)=ANY=[], 0x1, 0x6a6, &(0x7f00000007c0)="$eJzs3c9vHGf9B/D3rNeON98qX6dNaISKsBKpIEUkTqwUwgWDEMqhQlU5cLYSp7GycSrHRW6FwAUEJyQO/QMKkm+ckLgHhXO59epjJSQuEYeol0UzO2uvvevYjn8GXq9o/DyzzzPPfPYzz8x411ltgP9Zty6n+ThFbl1+e7lcX1udbq+tTp+qm9tJynojaXaLFAtJ8SSZKduLviV95YBP5m+++/nTtS+6a816qfqPPG+7IYb0XamXTNbjTQ7dcnS3u1ipw8srSW7X5WZjux1rU8cyaZfqEo5dZ8DKXjbfy3kLnDC9u1PRvW8OmEhOJxmvfw9IfXVoHF2Eh2NPVzkAAAB4SX328LgjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJdP/f3/Rb006jKTKXrf/z/We6yun0Azu+75+FDjAAAAAAAAAICj8fVneZblnOmtd4rqb/4Xq5Vz+bKT/F8+yKPMZTFXspzZLGUpi7mWZKJvoLHl2aWlxWvrW5aGb3l96JbXj+oZAwAAAAAAAMB/pV+ltfH3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAmKZKRbVMu5usxEGs1stGUl+UeSseOOdw+KYQ8+Pvo4AAAAYF/GX2Cb/3+WZ1nOmd56p6he83+ler08ng+ykKXMZyntzOVO/Rq6fNXfWFudbq+tTj8ol8Fxv/+vPYVRjVi/vzB8zxeqHq3czXz1yJXcroK5k0a1ZS4lF3rxDI/r4zKm4nu1XUbWrNNa7uwP272LcCD2+lbERBlcsp6RqTq2Mhtnuxkoqjdqkq2Z2PHoNLfuKY2Mru/pWhrr7/ycO4Scn67L8vn89lBzvlfrmWikysT13uwrz5nnZyL5xl///NN77YX79+4+unxyntIORrZ5fOucmO7LxOsvdSaae+w/VWXi/Pr6rfwoP8nlTOadLGY+P8tsljKXTt0+W8/n8ufE8zM1s2ntnZ0iGauPS/eY7Samyfywqs3mYrXtmcynyMPcyVzeqv5dz7V8OzdyIzf7jvD5beOunlt11je2nvW9I/23ocFf+mZdaSX5XV0O5GCL7WbnQele+8u8nu3La3fWP13vdbbvPJjqy9KrveyMDh38Ra6Nza/WlXIfv67Lk2GizkR5AvXuEr3oXutmolndiwbn+R875XZpL9xfvDf7/jbjr2xZf7Muy2m1+rXdRjn8UByscr68mvH6SrJ5dpRtr61fZc5uuquO1X9x6bY1BtrOV21F0TtTf5yH1QQYPFPH6t/hBke6XrW9PrRtumq70Ne26fetPEw7d44gfwDs00ROj7X+2fqs9WnrN617rbfHf3DqO6feGMvo30e/25waebPxRvGXfJpfbLz+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtyjDz+6P9tuzy0OrzS2b9qhstPIWypF/YU+L7SvE1gZT7Lpkep7jo48jNbWMAYqnV8mR56f3pcIDu/z+7LSzG4GnNmpz8fHPhNOemUkwyfAMV+YgEN3denB+1cfffjRt+YfzL43997cwuiNGzenbt54a/rq3fn23FT353FHCRyGjZv+cUcCAAAAAAAAAAAA7NawDwZcfGWnD43s6jMe/mchAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCBuXU7zcYpcm7oyVa6vrU63y6VX3+jZTNJoJMXPk+JJMpPukom+4Yr86Uk6Q/bzyfzNdz9/uvbFxljNbv+kUZf7sFIvmUwyUpcHNd7tfY9X/Lv3DMuEfdnpdGb2Fx8cjP8EAAD//97S9ts=") creat(&(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x26e1, 0x0) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) write$binfmt_script(r0, &(0x7f0000000140), 0x9) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100ff030000000000030000850000007b00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00'}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ffff0000", @ANYRES16=r3, @ANYBLOB="01000000000000000000460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00030000000c008f00fdffffffffffffff0c0090000000000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'team_slave_0\x00', 0x0}) bind$packet(r4, &(0x7f00000000c0)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f00000003c0)=[{0x16, 0xfe}, {0x4, 0x0, 0xa8, 0x65}, {0x6, 0x0, 0x9, 0x8}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xe, &(0x7f00000001c0)={0x0, &(0x7f00000002c0)}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r4, 0x5}) pipe2$watch_queue(&(0x7f0000000240), 0x80) 0s ago: executing program 1 (id=2413): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x48, r0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}]}, 0x48}}, 0x0) kernel console output (not intermixed with test programs): IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.859887][ T2844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.942069][ T2844] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.959067][ T2844] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.970871][T11174] EXT4-fs (loop0): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 475.073030][T12418] loop1: detected capacity change from 0 to 64 [ 475.101524][T12418] hfs: unable to parse mount options [ 475.415260][ T29] audit: type=1326 audit(1719398356.620:4218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12419 comm="syz.0.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7fc00000 [ 476.069951][ T29] audit: type=1326 audit(1719398357.210:4219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12419 comm="syz.0.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fd6a1d75ae9 code=0x7fc00000 [ 476.238423][ T29] audit: type=1326 audit(1719398357.370:4220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12419 comm="syz.0.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7fc00000 [ 476.265670][ C1] vkms_vblank_simulate: vblank timer overrun [ 476.397402][T12434] loop3: detected capacity change from 0 to 64 [ 476.675992][ T5171] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 476.743386][T10445] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.902086][ T5171] usb 1-1: Using ep0 maxpacket: 32 [ 476.917386][ T5171] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 476.947727][ T5171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.980150][ T5171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.014084][ T5171] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 477.040579][ T5171] usb 1-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 477.057392][ T5171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.107457][ T5171] usb 1-1: config 0 descriptor?? [ 477.205574][T12422] loop4: detected capacity change from 0 to 32768 [ 477.257070][T12422] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1792 (12422) [ 477.285172][T12422] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 477.308299][T12422] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 477.351160][T12422] BTRFS info (device loop4): using free-space-tree [ 477.484462][ T29] audit: type=1800 audit(1719398358.690:4221): pid=12422 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1792" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 477.549495][ T5171] hid-generic 0003:1B96:9F0A.0027: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.0-1/input0 [ 477.604737][T11689] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 477.756867][ T5171] usb 1-1: USB disconnect, device number 17 [ 478.042206][ T29] audit: type=1326 audit(1719398359.250:4222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12469 comm="syz.4.1800" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe777175ae9 code=0x0 [ 478.292857][T12477] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1804'. [ 478.310890][T12477] netlink: 'syz.2.1804': attribute type 29 has an invalid length. [ 478.814809][ T29] audit: type=1804 audit(1719398359.980:4223): pid=12489 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1807" name="/root/syzkaller.GcPJOa/113/file0" dev="sda1" ino=2064 res=1 errno=0 [ 478.855197][ T29] audit: type=1326 audit(1719398359.990:4224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12491 comm="syz.3.1808" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 479.188006][T12481] loop0: detected capacity change from 0 to 32768 [ 479.394530][T12497] loop4: detected capacity change from 0 to 1024 [ 479.412301][T12497] hfsplus: unable to parse mount options [ 479.468118][T12481] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 479.526111][T12481] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 479.611199][T12481] bcachefs (loop0): alloc_read... done [ 479.645690][T12481] bcachefs (loop0): stripes_read... done [ 479.671861][T12481] bcachefs (loop0): snapshots_read... done [ 479.704947][T12481] bcachefs (loop0): journal_replay... done [ 479.723058][T12481] bcachefs (loop0): resume_logged_ops... done [ 479.747959][T12481] bcachefs (loop0): going read-write [ 479.786574][T12481] bcachefs (loop0): done starting filesystem [ 479.840603][T12527] loop3: detected capacity change from 0 to 2048 [ 479.903565][T12527] loop3: p1 < > p4 [ 479.916698][T12527] loop3: p4 size 8388608 extends beyond EOD, truncated [ 479.964790][T11174] bcachefs (loop0): shutting down [ 480.008794][T11174] bcachefs (loop0): going read-only [ 480.014069][T11174] bcachefs (loop0): finished waiting for writes to stop [ 480.077621][T11174] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 480.162604][T11174] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13 [ 480.183914][T12532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1817'. [ 480.217631][T12539] netlink: 'syz.1.1817': attribute type 29 has an invalid length. [ 480.284842][T11174] bcachefs (loop0): shutdown complete, journal seq 14 [ 480.293041][T11174] bcachefs (loop0): marking filesystem clean [ 480.338936][T11174] bcachefs (loop0): shutdown complete [ 480.714537][T12547] vivid-002: disconnect [ 480.758726][T12543] loop2: detected capacity change from 0 to 1024 [ 480.796065][ T5138] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 480.848312][T12549] loop4: detected capacity change from 0 to 256 [ 480.904801][T12549] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 480.974376][T12545] vivid-002: reconnect [ 481.013943][ T5138] usb 4-1: Using ep0 maxpacket: 32 [ 481.051349][ T5138] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.090764][ T5138] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.151849][ T5138] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.201735][ T5138] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 481.224719][ T29] audit: type=1326 audit(1719398362.430:4225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12553 comm="syz.1.1824" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9de8b75ae9 code=0x0 [ 481.258307][ T5138] usb 4-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 481.289092][ T5138] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.335426][ T5138] usb 4-1: config 0 descriptor?? [ 481.780520][ T5138] usbhid 4-1:0.0: can't add hid device: -71 [ 481.796074][ T5138] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 481.835562][ T5138] usb 4-1: USB disconnect, device number 16 [ 482.112111][T12563] netlink: 'syz.1.1826': attribute type 29 has an invalid length. [ 482.524294][T12561] loop0: detected capacity change from 0 to 32768 [ 482.642991][T12561] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 482.765223][T12561] XFS (loop0): Ending clean mount [ 483.083844][T12586] nfs: Unknown parameter '#^#+' [ 483.923723][T12596] loop3: detected capacity change from 0 to 16 [ 483.931955][T12596] erofs: (device loop3): mounted with root inode @ nid 36. [ 484.266570][T12600] vivid-006: disconnect [ 484.316033][T12598] vivid-006: reconnect [ 486.118038][T11174] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 486.911399][T12608] loop0: detected capacity change from 0 to 40427 [ 486.935876][T12608] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 486.943713][T12608] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 487.009648][T12608] F2FS-fs (loop0): Found nat_bits in checkpoint [ 487.063956][T12608] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 487.132540][T12608] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 487.144189][T12608] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 487.183278][T12563] netlink: 'syz.1.1826': attribute type 29 has an invalid length. [ 487.362013][T12578] macsec1: entered promiscuous mode [ 487.581479][ T29] audit: type=1326 audit(1719398368.790:4226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.645083][ T29] audit: type=1326 audit(1719398368.790:4227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.688165][ T29] audit: type=1326 audit(1719398368.790:4228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.712232][ T29] audit: type=1326 audit(1719398368.790:4229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.739464][ T29] audit: type=1326 audit(1719398368.790:4230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.764679][ T29] audit: type=1326 audit(1719398368.820:4231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.786962][ T29] audit: type=1326 audit(1719398368.820:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.811446][ T29] audit: type=1326 audit(1719398368.820:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd6a1d6cb67 code=0x7ffc0000 [ 487.843601][ T29] audit: type=1326 audit(1719398368.820:4234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd6a1d11539 code=0x7ffc0000 [ 487.866834][ C0] vkms_vblank_simulate: vblank timer overrun [ 487.877439][ T29] audit: type=1326 audit(1719398368.820:4235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6a1d75ae9 code=0x7ffc0000 [ 487.899152][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.093553][T12622] loop4: detected capacity change from 0 to 1024 [ 488.098444][T12626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1842'. [ 488.124405][T12626] netlink: 'syz.2.1842': attribute type 29 has an invalid length. [ 488.642137][T12633] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 488.648687][T12633] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 488.656571][T12633] vhci_hcd vhci_hcd.0: Device attached [ 488.681077][T12637] vhci_hcd: cannot find the pending unlink 0 [ 488.975662][ T5135] usb 14-1: SetAddress Request (10) to port 0 [ 489.032055][ T5135] usb 14-1: new SuperSpeed USB device number 10 using vhci_hcd [ 489.229183][T12637] vhci_hcd: connection reset by peer [ 489.267146][ T2844] vhci_hcd: stop threads [ 489.306097][ T2844] vhci_hcd: release socket [ 489.317323][ T2844] vhci_hcd: disconnect device [ 489.874922][ T5171] libceph: connect (1)[c::]:6789 error -101 [ 489.890681][ T5171] libceph: mon0 (1)[c::]:6789 connect error [ 489.925699][ T5171] libceph: connect (1)[c::]:6789 error -101 [ 489.936068][ T5171] libceph: mon0 (1)[c::]:6789 connect error [ 490.190922][T12641] loop3: detected capacity change from 0 to 32768 [ 490.217818][ T5171] libceph: connect (1)[c::]:6789 error -101 [ 490.246198][ T5171] libceph: mon0 (1)[c::]:6789 connect error [ 490.316179][T12641] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 490.407737][T12650] ceph: No mds server is up or the cluster is laggy [ 490.492378][T12641] XFS (loop3): Ending clean mount [ 490.794551][T12677] nfs: Unknown parameter '#^#+' [ 491.080022][T12682] loop1: detected capacity change from 0 to 4096 [ 491.108129][T12682] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 492.217411][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.242965][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.252184][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.288475][T12690] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.356824][T12690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.372039][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.389810][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.405455][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.416826][ T5137] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 492.540171][T12689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1853'. [ 492.617012][ T5137] usb 1-1: Using ep0 maxpacket: 32 [ 492.651355][ T5137] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 492.678518][ T5137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.691497][ T5137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.701581][ T5137] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 492.714831][ T5137] usb 1-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 492.724565][ T5137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.735366][ T5137] usb 1-1: config 0 descriptor?? [ 493.164713][ T5137] usbhid 1-1:0.0: can't add hid device: -71 [ 493.171037][ T5137] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 493.184253][ T5137] usb 1-1: USB disconnect, device number 18 [ 494.126519][ T5135] usb 14-1: device descriptor read/8, error -110 [ 494.193426][T12700] loop0: detected capacity change from 0 to 8 [ 494.344235][T12700] SQUASHFS error: lzo decompression failed, data probably corrupt [ 494.376470][T12700] SQUASHFS error: Failed to read block 0x28d: -5 [ 494.400642][T11817] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 494.413116][T12700] SQUASHFS error: Unable to read metadata cache entry [28b] [ 494.420830][T12700] SQUASHFS error: Unable to read inode 0x11f [ 494.592043][T12700] loop0: detected capacity change from 0 to 2048 [ 494.603266][T12700] udf: Unknown parameter 'xœì’?NAÆ¿Y–?ZM¬h ‘(ʲ¨16Zbï$°"qQa7QÅc(' [ 494.606843][ T5135] usb usb14-port1: attempt power cycle [ 494.713650][T12700] __nla_validate_parse: 2 callbacks suppressed [ 494.713709][T12700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1856'. [ 495.277876][ T5135] usb usb14-port1: unable to enumerate USB device [ 495.824524][T12663] macsec1: entered promiscuous mode [ 495.852976][T12704] loop3: detected capacity change from 0 to 512 [ 495.882775][T12701] lo speed is unknown, defaulting to 1000 [ 495.910075][T12704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 495.923606][T12701] lo speed is unknown, defaulting to 1000 [ 495.943049][T12701] lo speed is unknown, defaulting to 1000 [ 495.957529][T12704] ext4 filesystem being mounted at /root/syzkaller.QnHVjX/43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 496.230088][T11817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 496.247467][ T5135] lo speed is unknown, defaulting to 1000 [ 496.289208][T12701] infiniband syz1: set active [ 496.302505][T12701] infiniband syz1: added lo [ 496.328651][T12701] syz1: rxe_create_cq: returned err = -12 [ 496.343752][T12701] infiniband syz1: Couldn't create ib_mad CQ [ 496.366588][T12701] infiniband syz1: Couldn't open port 1 [ 496.452111][T12701] RDS/IB: syz1: added [ 496.487906][T12701] smc: adding ib device syz1 with port count 1 [ 496.527335][T12701] smc: ib device syz1 port 1 has pnetid [ 496.570176][ T5134] lo speed is unknown, defaulting to 1000 [ 496.600072][T12731] input: syz0 as /devices/virtual/input/input28 [ 496.618460][T12701] lo speed is unknown, defaulting to 1000 [ 496.735420][T12734] input: syz0 as /devices/virtual/input/input29 [ 496.877816][T12701] lo speed is unknown, defaulting to 1000 [ 497.087959][T12740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1867'. [ 497.121055][T12740] netlink: 'syz.4.1867': attribute type 29 has an invalid length. [ 497.180393][T12701] lo speed is unknown, defaulting to 1000 [ 497.317600][T12701] lo speed is unknown, defaulting to 1000 [ 498.035397][T12770] input: syz0 as /devices/virtual/input/input30 [ 501.609183][T12701] lo speed is unknown, defaulting to 1000 [ 501.619121][T12794] macsec1: entered promiscuous mode [ 501.860614][T12809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1888'. [ 501.897450][T12809] netlink: 'syz.2.1888': attribute type 29 has an invalid length. [ 501.972275][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.992994][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.453018][T12822] loop1: detected capacity change from 0 to 1024 [ 502.522546][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 502.522567][ T29] audit: type=1804 audit(1719398383.730:4297): pid=12824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1894" name="/root/syzkaller.pUktZ7/88/file0" dev="sda1" ino=2058 res=1 errno=0 [ 502.831217][T12814] loop4: detected capacity change from 0 to 32768 [ 503.910192][T12840] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1897'. [ 503.919961][T12840] unsupported nlmsg_type 40 [ 508.726502][T12814] workqueue: Failed to create a rescuer kthread for wq "bcachefs_journal": -EINTR [ 508.726894][T12814] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 509.348430][T12858] dccp_close: ABORT with 1 bytes unread [ 510.839203][ T29] audit: type=1804 audit(1719398392.050:4298): pid=12874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.1909" name="/root/syzkaller.FILI3a/31/file0" dev="sda1" ino=2057 res=1 errno=0 [ 511.444675][T12880] loop4: detected capacity change from 0 to 32768 [ 511.772190][T12880] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 511.797891][T12880] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 511.896431][T12880] bcachefs (loop4): alloc_read... done [ 511.902077][T12880] bcachefs (loop4): stripes_read... done [ 511.908268][T12880] bcachefs (loop4): snapshots_read... done [ 511.918157][T12880] bcachefs (loop4): journal_replay... done [ 511.927962][T12880] bcachefs (loop4): resume_logged_ops... done [ 511.937686][T12880] bcachefs (loop4): going read-write [ 511.971849][T12880] bcachefs (loop4): done starting filesystem [ 512.073929][T11689] bcachefs (loop4): shutting down [ 512.082606][T11689] bcachefs (loop4): going read-only [ 512.088094][T11689] bcachefs (loop4): finished waiting for writes to stop [ 512.124824][T11689] bcachefs (loop4): flushing journal and stopping allocators, journal seq 10 [ 512.142102][T11689] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 10 [ 512.175701][T11689] bcachefs (loop4): shutdown complete, journal seq 11 [ 512.183557][T11689] bcachefs (loop4): marking filesystem clean [ 512.228006][T11689] bcachefs (loop4): shutdown complete [ 512.703590][T12903] loop1: detected capacity change from 0 to 64 [ 513.383468][T12909] netlink: 212 bytes leftover after parsing attributes in process `syz.4.1913'. [ 516.372829][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 516.395471][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 516.430348][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 516.431527][T12916] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1917'. [ 516.476965][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 516.506581][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 516.527789][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 517.319590][T12913] lo speed is unknown, defaulting to 1000 [ 517.566599][ T5135] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 517.788437][ T5135] usb 4-1: config 0 has an invalid interface number: 25 but max is 0 [ 517.819030][ T5135] usb 4-1: config 0 has no interface number 0 [ 517.843174][ T5135] usb 4-1: config 0 interface 25 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 517.870431][ T5135] usb 4-1: config 0 interface 25 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 517.891009][ T5135] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 517.905410][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.916007][ T5135] usb 4-1: config 0 descriptor?? [ 517.978051][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.046098][ T5095] Bluetooth: hci1: command 0x0406 tx timeout [ 518.224264][T12937] loop4: detected capacity change from 0 to 1024 [ 518.278281][T12937] EXT4-fs: Ignoring removed orlov option [ 518.283996][T12937] EXT4-fs: Ignoring removed nomblk_io_submit option [ 518.306626][T12928] loop2: detected capacity change from 0 to 32768 [ 518.326936][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.354089][T12942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1928'. [ 518.381465][T12937] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 518.399032][ T5135] uclogic 0003:256C:006D.0028: interface is invalid, ignoring [ 518.459961][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.480051][T12928] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 518.498552][T12928] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 518.586178][T12928] bcachefs (loop2): alloc_read... done [ 518.587434][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.593969][T12928] bcachefs (loop2): stripes_read... done [ 518.607110][ T52] Bluetooth: hci3: command tx timeout [ 518.614795][T12928] bcachefs (loop2): snapshots_read... [ 518.620564][ T5134] usb 4-1: USB disconnect, device number 17 [ 518.626188][T12928] done [ 518.628224][T12928] bcachefs (loop2): journal_replay... [ 518.644859][T12913] chnl_net:caif_netlink_parms(): no params data found [ 518.649901][T12928] done [ 518.670456][T12928] bcachefs (loop2): resume_logged_ops... done [ 518.687741][ T56] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 518.699758][T12928] bcachefs (loop2): going read-write [ 518.729142][T12928] bcachefs (loop2): done starting filesystem [ 518.766536][T10445] bcachefs (loop2): shutting down [ 518.771896][T10445] bcachefs (loop2): going read-only [ 518.779915][T10445] bcachefs (loop2): finished waiting for writes to stop [ 518.796086][T10445] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [ 518.804933][T10445] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 518.838644][T10445] bcachefs (loop2): shutdown complete, journal seq 11 [ 518.864131][T10445] bcachefs (loop2): marking filesystem clean [ 518.886032][T12913] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.905321][ T56] usb 5-1: config 0 has an invalid interface number: 32 but max is 0 [ 518.923416][T12913] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.935333][ T56] usb 5-1: config 0 has no interface number 0 [ 518.948972][T10445] bcachefs (loop2): shutdown complete [ 518.958436][ T56] usb 5-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.961244][T12913] bridge_slave_0: entered allmulticast mode [ 518.978076][T12913] bridge_slave_0: entered promiscuous mode [ 518.998553][T12969] veth1_macvtap: left promiscuous mode [ 519.016148][ T56] usb 5-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.028429][T12969] macsec0: entered promiscuous mode [ 519.034157][T12969] macsec0: entered allmulticast mode [ 519.041358][ T56] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 519.065297][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.087482][ T56] usb 5-1: config 0 descriptor?? [ 519.098326][T12913] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.109355][T12913] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.119601][T12913] bridge_slave_1: entered allmulticast mode [ 519.127688][T12913] bridge_slave_1: entered promiscuous mode [ 519.135324][T12970] veth1_macvtap: entered promiscuous mode [ 519.141457][T12970] veth1_macvtap: entered allmulticast mode [ 519.147981][T12970] macsec0: left promiscuous mode [ 519.153221][T12970] macsec0: left allmulticast mode [ 519.165836][T12970] veth1_macvtap: left allmulticast mode [ 519.198832][ T12] bridge_slave_1: left allmulticast mode [ 519.204880][ T12] bridge_slave_1: left promiscuous mode [ 519.216043][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.255030][ T12] bridge_slave_0: left allmulticast mode [ 519.265926][ T12] bridge_slave_0: left promiscuous mode [ 519.274547][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.414486][T12977] input: syz0 as /devices/virtual/input/input31 [ 519.559525][ T56] logitech-djreceiver 0003:046D:C71B.0029: unexpected long global item [ 519.620298][ T56] logitech-djreceiver 0003:046D:C71B.0029: logi_dj_probe: parse failed [ 519.657884][ T56] logitech-djreceiver 0003:046D:C71B.0029: probe with driver logitech-djreceiver failed with error -22 [ 519.980845][ T56] usb 5-1: USB disconnect, device number 17 [ 520.096832][T12988] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1936'. [ 520.583916][T11689] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.686469][ T52] Bluetooth: hci3: command tx timeout [ 520.916874][ T29] audit: type=1326 audit(1719398402.130:4299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12999 comm="syz.3.1941" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 520.986417][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.998812][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 521.034451][ T12] bond0 (unregistering): Released all slaves [ 521.077325][T13004] loop1: detected capacity change from 0 to 256 [ 521.187371][T12913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.229332][T12913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 521.260698][T13004] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 521.419662][T12913] team0: Port device team_slave_0 added [ 521.468427][T12913] team0: Port device team_slave_1 added [ 521.659231][T12913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 521.685601][T12913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.752835][T12913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 521.804731][T12913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 521.828394][T12913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.886776][T13012] input: syz0 as /devices/virtual/input/input32 [ 521.935571][T12913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 521.956197][T13002] loop2: detected capacity change from 0 to 32768 [ 522.001009][T13002] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1942 (13002) [ 522.034676][T13016] loop3: detected capacity change from 0 to 512 [ 522.047896][T13002] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 522.072199][T13002] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 522.101647][T13016] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 522.139266][T13002] BTRFS info (device loop2): using free-space-tree [ 522.163317][T13016] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1945: invalid indirect mapped block 2683928664 (level 1) [ 522.231181][T13016] EXT4-fs (loop3): 1 truncate cleaned up [ 522.255646][T13016] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 522.461445][ T12] hsr_slave_0: left promiscuous mode [ 522.491168][ T12] hsr_slave_1: left promiscuous mode [ 522.500139][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 522.510859][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.536086][ T29] audit: type=1800 audit(1719398403.740:4300): pid=13002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1942" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 522.582157][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 522.612706][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 522.655447][T13038] EXT4-fs error (device loop3): ext4_find_dest_de:2111: inode #2: block 13: comm syz.3.1945: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 522.732512][T10445] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 522.803768][ T12] veth1_macvtap: left promiscuous mode [ 522.811882][ T52] Bluetooth: hci3: command tx timeout [ 522.841244][ T12] veth0_macvtap: left promiscuous mode [ 522.850437][ T12] veth1_vlan: left promiscuous mode [ 522.868901][ T12] veth0_vlan: left promiscuous mode [ 523.004702][T11817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.260157][ T12] infiniband syz1: set down [ 523.634560][T13050] loop2: detected capacity change from 0 to 40427 [ 523.656102][T13050] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 523.663892][T13050] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 523.727880][T13050] F2FS-fs (loop2): Found nat_bits in checkpoint [ 523.815894][T13050] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 523.851410][T13050] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 523.859125][T13050] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 524.334279][T13050] overlayfs: failed to resolve './file0': -2 [ 524.340845][ T29] audit: type=1326 audit(1719398405.540:4301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.463535][ T29] audit: type=1326 audit(1719398405.540:4302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.652678][ T29] audit: type=1326 audit(1719398405.540:4303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.697574][ T29] audit: type=1326 audit(1719398405.540:4304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.733177][ T29] audit: type=1326 audit(1719398405.540:4305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.785867][ T29] audit: type=1326 audit(1719398405.540:4306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.844060][ T29] audit: type=1326 audit(1719398405.540:4307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 524.869671][ T52] Bluetooth: hci3: command tx timeout [ 524.891338][ T29] audit: type=1326 audit(1719398405.540:4308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13049 comm="syz.2.1948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0124975ae9 code=0x7ffc0000 [ 525.107271][T13067] loop2: detected capacity change from 0 to 64 [ 526.363030][ T12] team0 (unregistering): Port device team_slave_1 removed [ 526.450621][ T12] team0 (unregistering): Port device team_slave_0 removed [ 526.673141][T13074] loop3: detected capacity change from 0 to 32768 [ 526.862209][T13074] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 526.879191][T13074] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 526.944339][T13074] bcachefs (loop3): alloc_read... done [ 526.950025][T13074] bcachefs (loop3): stripes_read... done [ 526.955754][T13074] bcachefs (loop3): snapshots_read... done [ 526.964079][T13074] bcachefs (loop3): journal_replay... done [ 526.984220][T13074] bcachefs (loop3): resume_logged_ops... done [ 526.991461][T13074] bcachefs (loop3): going read-write [ 527.007489][T13074] bcachefs (loop3): done starting filesystem [ 527.055411][T11817] bcachefs (loop3): shutting down [ 527.073158][T11817] bcachefs (loop3): going read-only [ 527.079240][T11817] bcachefs (loop3): finished waiting for writes to stop [ 527.113220][T11817] bcachefs (loop3): flushing journal and stopping allocators, journal seq 10 [ 527.126072][T11817] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 10 [ 527.206582][T11817] bcachefs (loop3): shutdown complete, journal seq 11 [ 527.228633][T11817] bcachefs (loop3): marking filesystem clean [ 527.267157][T11817] bcachefs (loop3): shutdown complete [ 527.540229][ T2407] smc: removing ib device syz1 [ 527.550975][T12913] hsr_slave_0: entered promiscuous mode [ 527.557836][T12913] hsr_slave_1: entered promiscuous mode [ 527.575897][T12913] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 527.629353][T12913] Cannot create hsr debugfs directory [ 528.335989][ T52] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 528.342522][ T5137] lo speed is unknown, defaulting to 1000 [ 529.662259][T13120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1956'. [ 529.671422][T13120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1956'. [ 529.680608][T13120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1956'. [ 530.624659][T13122] loop2: detected capacity change from 0 to 512 [ 530.946627][T13116] loop1: detected capacity change from 0 to 32768 [ 530.967185][T13122] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 531.006998][T13122] ext4 filesystem being mounted at /root/syzkaller.GcPJOa/144/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 531.633653][T13115] loop4: detected capacity change from 0 to 32768 [ 531.708957][T13116] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 531.726094][T13116] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 531.768269][T13116] bcachefs (loop1): alloc_read... done [ 531.783997][T13138] macsec1: entered promiscuous mode [ 531.789947][T13116] bcachefs (loop1): stripes_read... done [ 531.798612][T13116] bcachefs (loop1): snapshots_read... done [ 531.803408][T13115] find_entry called with index = 0 [ 531.807527][T13116] bcachefs (loop1): journal_replay... done [ 531.816867][T13116] bcachefs (loop1): resume_logged_ops... done [ 531.852709][T13116] bcachefs (loop1): going read-write [ 531.859645][T13115] read_mapping_page failed! [ 531.864686][T13115] ERROR: (device loop4): txCommit: [ 531.864686][T13115] [ 531.891400][T13116] bcachefs (loop1): done starting filesystem [ 531.909775][T12913] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 531.931577][T12913] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 531.988613][T12913] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 532.047849][T12913] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 532.082393][T12127] bcachefs (loop1): shutting down [ 532.120237][T12127] bcachefs (loop1): going read-only [ 532.126220][T12127] bcachefs (loop1): finished waiting for writes to stop [ 532.150337][T11689] ERROR: (device loop4): diFree: numfree > numinos [ 532.150337][T11689] [ 532.160763][T12127] bcachefs (loop1): flushing journal and stopping allocators, journal seq 13 [ 532.169917][T12913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 532.199113][T12127] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 14 [ 532.214230][T12127] bcachefs (loop1): shutdown complete, journal seq 15 [ 532.224272][T12127] bcachefs (loop1): marking filesystem clean [ 532.250387][T12913] 8021q: adding VLAN 0 to HW filter on device team0 [ 532.273588][T12127] bcachefs (loop1): shutdown complete [ 532.285914][ T5137] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 532.292294][ T7984] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.300763][ T7984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 532.359377][ T7984] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.366639][ T7984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 532.374293][ T52] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 532.396771][ T52] Bluetooth: hci1: Injecting HCI hardware error event [ 532.408550][ T5095] Bluetooth: hci1: hardware error 0x00 [ 532.500300][T13147] __quota_error: 3 callbacks suppressed [ 532.500323][T13147] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 532.520248][ T5137] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 532.543012][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.551328][T13147] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 532.551366][T13147] EXT4-fs error (device loop2): ext4_acquire_dquot:6860: comm syz.2.1967: Failed to acquire dquot type 0 [ 532.618243][ T5137] usb 4-1: config 0 descriptor?? [ 532.638378][ T5137] cp210x 4-1:0.0: cp210x converter detected [ 532.770959][T12913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 532.872889][T12913] veth0_vlan: entered promiscuous mode [ 532.914825][T12913] veth1_vlan: entered promiscuous mode [ 532.981306][T12913] veth0_macvtap: entered promiscuous mode [ 533.008947][T12913] veth1_macvtap: entered promiscuous mode [ 533.038234][T13145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.064228][T13145] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.087210][ T5137] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 533.150371][ T5137] usb 4-1: cp210x converter now attached to ttyUSB0 [ 533.161787][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.193738][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.214007][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.236231][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.269714][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 533.296799][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.319388][T12913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 533.333892][ T784] usb 4-1: USB disconnect, device number 18 [ 533.349606][ T784] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 533.405290][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.411464][ T784] cp210x 4-1:0.0: device disconnected [ 533.435966][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.470384][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.501550][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.521977][T12913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 533.551812][T12913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 533.596453][T12913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 533.652259][T12913] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.686211][T12913] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.709913][T12913] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.723265][T12913] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.797945][T10445] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.963332][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.983948][T13161] loop4: detected capacity change from 0 to 32768 [ 533.988555][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.455896][T13176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1977'. [ 535.465181][T13176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1977'. [ 535.477008][T13176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1977'. [ 535.491259][ T5095] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 535.767564][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 535.838098][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.007260][T13186] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.015524][T13186] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.031266][T13161] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 536.048505][T13161] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 536.068657][T13193] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.078610][T13186] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.089452][T13186] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.095521][T13161] bcachefs (loop4): alloc_read... [ 536.098198][T13186] netlink: 'syz.1.1980': attribute type 29 has an invalid length. [ 536.103384][T13161] done [ 536.131860][T13161] bcachefs (loop4): stripes_read... done [ 536.157326][T13161] bcachefs (loop4): snapshots_read... done [ 536.168472][ T29] audit: type=1326 audit(1719398417.380:4312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13188 comm="syz.0.1916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 536.178072][T13161] bcachefs (loop4): journal_replay... done [ 536.202564][T13161] bcachefs (loop4): resume_logged_ops... done [ 536.214071][ T29] audit: type=1326 audit(1719398417.380:4313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13188 comm="syz.0.1916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 536.236018][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.246832][T13161] bcachefs (loop4): going read-write [ 536.257258][T13161] bcachefs (loop4): bch2_rebalance_start(): error creating rebalance thread EINTR [ 536.267045][T13161] bcachefs (loop4): error starting rebalance thread [ 536.273848][T13161] bcachefs (loop4): going read-only [ 536.281886][T13161] bcachefs (loop4): finished waiting for writes to stop [ 536.315905][T13161] bcachefs (loop4): flushing journal and stopping allocators, journal seq 10 [ 536.338754][T13161] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 10 [ 536.364593][T13161] bcachefs (loop4): shutdown complete, journal seq 11 [ 536.374383][T13161] bcachefs (loop4): marking filesystem clean [ 536.384150][T13161] bcachefs (loop4): bch2_fs_start(): error starting filesystem EINTR [ 536.394418][T13161] bcachefs (loop4): shutting down [ 536.405188][ T29] audit: type=1326 audit(1719398417.610:4314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13201 comm="syz.1.1984" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9de8b75ae9 code=0x0 [ 536.420538][T13161] bcachefs (loop4): shutdown complete [ 536.776243][ T5095] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 536.787333][ T5095] Bluetooth: hci5: Injecting HCI hardware error event [ 536.805658][ T52] Bluetooth: hci5: hardware error 0x00 [ 536.871617][ T29] audit: type=1326 audit(1719398418.080:4315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13188 comm="syz.0.1916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 537.017114][T13210] loop3: detected capacity change from 0 to 512 [ 537.114276][T13210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 537.163079][T13218] loop0: detected capacity change from 0 to 64 [ 537.199450][T13210] ext4 filesystem being mounted at /root/syzkaller.QnHVjX/77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 537.726742][T13226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1989'. [ 537.736419][T13226] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 537.745983][T13226] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 538.707879][T13235] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1991'. [ 538.854905][T13238] netlink: 'syz.4.1992': attribute type 29 has an invalid length. [ 538.866343][T13238] netlink: 'syz.4.1992': attribute type 29 has an invalid length. [ 538.913727][T13238] netlink: 'syz.4.1992': attribute type 29 has an invalid length. [ 538.927987][ T52] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 538.937687][T13238] netlink: 'syz.4.1992': attribute type 29 has an invalid length. [ 539.135273][T13247] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 539.194667][T13247] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 539.231076][T13247] EXT4-fs error (device loop3): ext4_acquire_dquot:6860: comm syz.3.1986: Failed to acquire dquot type 0 [ 540.109058][ T29] audit: type=1326 audit(1719398421.320:4316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13257 comm="syz.0.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 540.180609][ T29] audit: type=1326 audit(1719398421.320:4317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13257 comm="syz.0.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 540.392956][ T29] audit: type=1804 audit(1719398421.600:4318): pid=13271 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2003" name="/root/syzkaller.GcPJOa/152/memory.events" dev="sda1" ino=2070 res=1 errno=0 [ 540.465695][ T29] audit: type=1804 audit(1719398421.630:4319): pid=13271 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.2003" name="/root/syzkaller.GcPJOa/152/memory.events" dev="sda1" ino=2070 res=1 errno=0 [ 540.668561][T11817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.861972][ T29] audit: type=1326 audit(1719398422.070:4320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13257 comm="syz.0.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x7fc00000 [ 540.982668][T13282] loop2: detected capacity change from 0 to 1024 [ 540.990680][T13282] udf: Unknown parameter '00000000000000000000004ÿÿÿÿ' [ 541.688263][ T29] audit: type=1326 audit(1719398422.900:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13289 comm="syz.3.2010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 541.740201][T13292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2011'. [ 542.273113][T13297] loop0: detected capacity change from 0 to 40427 [ 542.281813][T13297] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 542.290307][T13297] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 542.327232][T13297] F2FS-fs (loop0): Found nat_bits in checkpoint [ 542.366008][T13297] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 542.401860][T13297] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 542.409329][T13297] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 542.620953][T13312] validate_nla: 8 callbacks suppressed [ 542.620978][T13312] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 542.680682][T13312] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 542.691037][T13312] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 543.092499][T13297] overlayfs: failed to resolve './file0': -2 [ 543.103673][T13316] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 543.122459][T13312] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 543.264046][T13319] netlink: 'syz.2.2017': attribute type 29 has an invalid length. [ 543.324499][ T29] audit: type=1326 audit(1719398424.530:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13321 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x7fc00000 [ 543.400273][ T29] audit: type=1326 audit(1719398424.530:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13321 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f2d5ff75ae9 code=0x7fc00000 [ 544.255525][T13337] loop2: detected capacity change from 0 to 32768 [ 544.316885][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 544.316906][ T29] audit: type=1326 audit(1719398425.530:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13343 comm="syz.3.2028" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 544.320704][T13335] loop4: detected capacity change from 0 to 32768 [ 544.425557][T13337] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 544.436714][T13335] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 544.452475][T13337] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 544.464126][T13335] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 544.548700][T13335] bcachefs (loop4): alloc_read... done [ 544.564549][T13335] bcachefs (loop4): stripes_read... done [ 544.578915][T13335] bcachefs (loop4): snapshots_read... done [ 544.602747][T13335] bcachefs (loop4): journal_replay... done [ 544.622031][T13335] bcachefs (loop4): resume_logged_ops... done [ 544.651576][T13335] bcachefs (loop4): going read-write [ 544.690515][T13335] bcachefs (loop4): done starting filesystem [ 545.037034][T11689] bcachefs (loop4): shutting down [ 545.046071][T11689] bcachefs (loop4): going read-only [ 545.064636][T11689] bcachefs (loop4): finished waiting for writes to stop [ 545.112682][T11689] bcachefs (loop4): flushing journal and stopping allocators, journal seq 13 [ 545.165305][T13371] loop0: detected capacity change from 0 to 40427 [ 545.172247][T11689] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 14 [ 545.183063][T13371] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 545.191049][T13371] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 545.193461][T11689] bcachefs (loop4): shutdown complete, journal seq 15 [ 545.217089][T11689] bcachefs (loop4): marking filesystem clean [ 545.249241][T13371] F2FS-fs (loop0): Found nat_bits in checkpoint [ 545.290006][T13371] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 545.337702][T13371] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 545.344892][T13371] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 545.347260][T11689] bcachefs (loop4): shutdown complete [ 545.684969][T13371] overlayfs: failed to resolve './file0': -2 [ 545.803994][T13369] loop1: detected capacity change from 0 to 32768 [ 546.211562][T13369] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 546.266028][T13369] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 546.329217][T13369] bcachefs (loop1): alloc_read... done [ 546.331002][ T784] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 546.342850][T13369] bcachefs (loop1): stripes_read... done [ 546.355980][T13369] bcachefs (loop1): snapshots_read... done [ 546.371904][T13369] bcachefs (loop1): journal_replay... done [ 546.384945][T13369] bcachefs (loop1): resume_logged_ops... done [ 546.394582][T13369] bcachefs (loop1): going read-write [ 546.412913][T13369] bcachefs (loop1): done starting filesystem [ 546.555920][ T784] usb 4-1: Using ep0 maxpacket: 32 [ 546.564403][ T784] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 546.593747][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.613456][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.632350][ T784] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 546.678009][ T784] usb 4-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 546.713742][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.737383][ T784] usb 4-1: config 0 descriptor?? [ 547.122805][T13421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2046'. [ 547.168459][T13421] netlink: 'syz.4.2046': attribute type 29 has an invalid length. [ 547.368093][ T784] usbhid 4-1:0.0: can't add hid device: -71 [ 547.380599][ T784] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 547.392945][ T784] usb 4-1: USB disconnect, device number 19 [ 547.613744][T13418] loop0: detected capacity change from 0 to 32768 [ 547.775246][T13418] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 547.813191][T13418] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 548.108954][T12127] bcachefs (loop1): shutting down [ 548.114039][T12127] bcachefs (loop1): going read-only [ 548.124368][T12127] bcachefs (loop1): finished waiting for writes to stop [ 548.145735][T12127] bcachefs (loop1): flushing journal and stopping allocators, journal seq 12 [ 548.155034][T12127] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 12 [ 548.219137][T12127] bcachefs (loop1): shutdown complete, journal seq 13 [ 548.233253][T12127] bcachefs (loop1): marking filesystem clean [ 548.348561][T12127] bcachefs (loop1): shutdown complete [ 548.405549][T13442] loop3: detected capacity change from 0 to 2048 [ 548.470884][T13442] loop3: p3 < > p4 < > [ 548.476960][T13442] loop3: partition table partially beyond EOD, truncated [ 548.496315][T13442] loop3: p3 start 4284289 is beyond EOD, truncated [ 548.598911][T13448] input: syz0 as /devices/virtual/input/input33 [ 548.737609][T13442] loop3: detected capacity change from 0 to 512 [ 548.775541][T13442] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 549.070795][T13463] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2060'. [ 549.159883][T13456] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.515145][T13456] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.515558][T13472] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2052'. [ 549.575250][T13472] team0: entered promiscuous mode [ 549.592630][T13472] team_slave_0: entered promiscuous mode [ 549.611250][T13472] team_slave_1: entered promiscuous mode [ 549.689928][T13456] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.736284][T13471] team0: left promiscuous mode [ 549.746192][T13471] team_slave_0: left promiscuous mode [ 549.753002][T13471] team_slave_1: left promiscuous mode [ 549.900591][T13456] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.088321][T13469] loop4: detected capacity change from 0 to 32768 [ 550.125487][T13456] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.161909][T13456] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.181836][T13491] loop1: detected capacity change from 0 to 1024 [ 550.190143][T13456] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.237890][T13491] EXT4-fs: Ignoring removed orlov option [ 550.243698][T13491] EXT4-fs: Ignoring removed nomblk_io_submit option [ 550.251028][T13456] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.280265][T13469] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 550.304138][T13469] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 550.331685][T13498] syzkaller0: entered promiscuous mode [ 550.341222][T13498] syzkaller0: entered allmulticast mode [ 550.342977][T13491] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 550.356335][T13469] bcachefs (loop4): alloc_read... done [ 550.364647][T13469] bcachefs (loop4): stripes_read... done [ 550.370634][T13469] bcachefs (loop4): snapshots_read... done [ 550.379266][T13469] bcachefs (loop4): journal_replay... done [ 550.385271][T13469] bcachefs (loop4): resume_logged_ops... done [ 550.400634][T13469] bcachefs (loop4): going read-write [ 550.415059][T13469] bcachefs (loop4): done starting filesystem [ 550.660557][T13513] loop2: detected capacity change from 0 to 256 [ 550.676006][T12149] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 550.692026][T13513] FAT-fs (loop2): Unrecognized mount option "nOnumtail=0" or missing value [ 550.965440][T12149] usb 2-1: config 0 has an invalid interface number: 32 but max is 0 [ 550.973730][T12149] usb 2-1: config 0 has no interface number 0 [ 550.996989][T12149] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.014647][T12149] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.025353][T12149] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 551.072405][T12149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.125673][T12149] usb 2-1: config 0 descriptor?? [ 551.304410][T13518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2076'. [ 551.380411][T13519] netlink: 'syz.0.2076': attribute type 29 has an invalid length. [ 551.662789][T12149] logitech-djreceiver 0003:046D:C71B.002A: unexpected long global item [ 551.682797][T12149] logitech-djreceiver 0003:046D:C71B.002A: logi_dj_probe: parse failed [ 551.725678][T12149] logitech-djreceiver 0003:046D:C71B.002A: probe with driver logitech-djreceiver failed with error -22 [ 552.039028][ T784] usb 2-1: USB disconnect, device number 14 [ 552.219168][T11689] bcachefs (loop4): shutting down [ 552.226102][T11689] bcachefs (loop4): going read-only [ 552.233209][T11689] bcachefs (loop4): finished waiting for writes to stop [ 552.266059][T11689] bcachefs (loop4): flushing journal and stopping allocators, journal seq 12 [ 552.278988][T11689] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 12 [ 552.366783][T11689] bcachefs (loop4): shutdown complete, journal seq 13 [ 552.374538][T11689] bcachefs (loop4): marking filesystem clean [ 552.431742][T11689] bcachefs (loop4): shutdown complete [ 552.639569][T13513] loop2: detected capacity change from 0 to 32768 [ 552.641652][T12127] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.668259][T13513] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2074 (13513) [ 552.732991][T13513] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 552.757974][T13513] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 552.782139][T13513] BTRFS info (device loop2): using free-space-tree [ 552.832509][T13513] BTRFS info (device loop2): rebuilding free space tree [ 553.061466][T13538] loop1: detected capacity change from 0 to 2048 [ 553.167668][T13538] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 553.231506][T13538] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 553.296202][T13538] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 553.336767][T13538] System zones: 0-19 [ 553.399949][T13538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.498570][T10445] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 553.783715][T12127] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.138855][T13552] loop1: detected capacity change from 0 to 164 [ 556.756350][T13576] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2092'. [ 556.834440][T13583] loop1: detected capacity change from 0 to 1024 [ 556.843288][T13583] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 556.854431][T13583] EXT4-fs (loop1): group descriptors corrupted! [ 556.880352][ T5099] Bluetooth: hci3: SCO packet for unknown connection handle 1955 [ 556.884364][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 556.922734][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 556.961027][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 556.978919][T13589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2095'. [ 557.008956][T13594] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2097'. [ 557.095182][T13594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2097'. [ 557.153034][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 557.175370][T13603] input: syz0 as /devices/virtual/input/input34 [ 557.204576][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 557.235852][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2097'. [ 557.282170][T13609] netlink: 'syz.3.2101': attribute type 29 has an invalid length. [ 557.506422][T13611] syzkaller0: entered promiscuous mode [ 557.514299][T13611] syzkaller0: entered allmulticast mode [ 558.329532][T13625] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 558.339336][T13625] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 559.983999][T13631] loop1: detected capacity change from 0 to 32768 [ 560.010420][T13631] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2110 (13631) [ 560.047441][T13631] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 560.072108][T13631] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 560.082853][T13631] BTRFS info (device loop1): using free-space-tree [ 561.484290][ T29] audit: type=1804 audit(1719398442.620:4326): pid=13656 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.2110" name="/root/syzkaller.FILI3a/77/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 561.901657][T12127] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 562.779391][T13658] loop1: detected capacity change from 0 to 32768 [ 562.963061][T13658] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=ro,compression=lz4,nojournal_transaction_names,read_only [ 562.976005][T13658] bcachefs (loop1): recovering from clean shutdown, journal seq 7 [ 563.041513][T13658] bcachefs (loop1): alloc_read... done [ 563.047345][T13658] bcachefs (loop1): stripes_read... done [ 563.053073][T13658] bcachefs (loop1): snapshots_read... done [ 563.061129][T13658] bcachefs (loop1): journal_replay... done [ 563.067165][T13658] bcachefs (loop1): resume_logged_ops... done [ 563.073650][T13658] bcachefs (loop1): done starting filesystem [ 563.111296][T13658] bcachefs (loop1): going read-write [ 563.276327][T12127] bcachefs (loop1): shutting down [ 563.281407][T12127] bcachefs (loop1): going read-only [ 563.288732][T12127] bcachefs (loop1): finished waiting for writes to stop [ 563.301952][T12127] bcachefs (loop1): flushing journal and stopping allocators, journal seq 7 [ 563.312009][T12127] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 7 [ 563.347426][T12127] bcachefs (loop1): shutdown complete, journal seq 8 [ 563.355011][T12127] bcachefs (loop1): marking filesystem clean [ 563.397526][T12127] bcachefs (loop1): shutdown complete [ 563.410227][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.423862][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.905521][ T29] audit: type=1326 audit(1719398446.110:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13684 comm="syz.0.2118" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x0 [ 564.991145][T13689] __nla_validate_parse: 5 callbacks suppressed [ 564.991169][T13689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2119'. [ 565.048094][T13693] netlink: 'syz.2.2119': attribute type 29 has an invalid length. [ 565.510258][ T5095] Bluetooth: hci0: command 0x0406 tx timeout [ 567.559627][T13709] loop0: detected capacity change from 0 to 40427 [ 567.567706][T13709] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 567.575561][T13709] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 567.588897][T13709] F2FS-fs (loop0): invalid crc value [ 567.609417][T13709] F2FS-fs (loop0): Found nat_bits in checkpoint [ 567.705369][T13709] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 567.712817][T13709] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 568.381522][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.390629][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.399790][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.437334][T13722] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.486299][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.491138][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.495194][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.495218][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 568.599515][T13720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2127'. [ 569.937113][T13735] binder: 13728:13735 ioctl 40046210 0 returned -14 [ 570.673501][ T5095] Bluetooth: hci0: command 0x0406 tx timeout [ 571.115185][T13753] loop2: detected capacity change from 0 to 256 [ 571.168353][T13754] __nla_validate_parse: 3 callbacks suppressed [ 571.168376][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2138'. [ 571.207544][ T29] audit: type=1800 audit(1719398452.400:4328): pid=13753 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.2139" name="bus" dev="loop2" ino=1048669 res=0 errno=0 [ 571.234935][T13754] netlink: 'syz.1.2138': attribute type 29 has an invalid length. [ 571.259940][ T5095] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 571.274065][ T5095] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 571.285545][ T5095] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 571.295903][ T5095] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 571.306123][T13753] loop2: detected capacity change from 256 to 11 [ 571.316364][ T5095] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 571.323876][ T5095] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 571.341896][T13752] FAT-fs (loop2): unable to read inode block for updating (i_pos 202) [ 571.471672][T12845] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.673012][T12845] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.747483][T10445] FAT-fs (loop2): Directory bread(block 3) failed [ 571.759492][T13749] loop0: detected capacity change from 0 to 40427 [ 571.779962][T13749] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 571.788654][T13749] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 571.825728][T12845] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.843435][T13749] F2FS-fs (loop0): invalid crc value [ 571.906789][T13749] F2FS-fs (loop0): Found nat_bits in checkpoint [ 571.979000][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 571.988700][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 571.997683][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.019544][T13749] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 572.034859][T13766] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.045888][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.054997][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.074320][T13749] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 572.093537][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.117101][T13766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.136897][T12845] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.324150][T13763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2140'. [ 572.592898][T12845] bridge_slave_1: left allmulticast mode [ 572.609316][T12845] bridge_slave_1: left promiscuous mode [ 572.632973][T12845] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.649364][T12845] bridge_slave_0: left allmulticast mode [ 572.672518][T12845] bridge_slave_0: left promiscuous mode [ 572.686190][T12845] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.025934][T12149] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 573.208610][T12149] usb 4-1: Using ep0 maxpacket: 16 [ 573.229919][T12149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 573.252226][T12149] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 573.272333][ T5099] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 573.284147][T12149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.301927][ T5099] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 573.312521][ T5099] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 573.322070][T12149] usb 4-1: config 0 descriptor?? [ 573.365023][ T5099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 573.377802][ T5099] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 573.385426][ T5099] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 573.410764][ T5099] Bluetooth: hci2: command tx timeout [ 573.767341][T13778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.781377][ T5137] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 573.796237][T13778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.818990][T12149] hid (null): invalid report_size 29535 [ 573.840954][T12149] hid-generic 0003:0158:0100.002B: unknown main item tag 0x1 [ 573.866071][T12149] hid-generic 0003:0158:0100.002B: unexpected long global item [ 573.887874][T12149] hid-generic 0003:0158:0100.002B: probe with driver hid-generic failed with error -22 [ 573.923002][T12845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 573.938467][T12845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 573.955667][T12845] bond0 (unregistering): Released all slaves [ 573.980912][ T5137] usb 1-1: config 0 has an invalid interface number: 25 but max is 0 [ 573.991790][ T5137] usb 1-1: config 0 has no interface number 0 [ 574.026121][ T5137] usb 1-1: config 0 interface 25 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.043445][ T5137] usb 1-1: config 0 interface 25 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.053739][ T5137] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 574.068324][T13755] chnl_net:caif_netlink_parms(): no params data found [ 574.077335][ T5137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.117300][ T5137] usb 1-1: config 0 descriptor?? [ 574.404053][T13755] bridge0: port 1(bridge_slave_0) entered blocking state [ 574.413582][T13755] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.421311][T13755] bridge_slave_0: entered allmulticast mode [ 574.429893][T13755] bridge_slave_0: entered promiscuous mode [ 574.448292][T13755] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.455449][T13755] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.465268][T13755] bridge_slave_1: entered allmulticast mode [ 574.473536][T13755] bridge_slave_1: entered promiscuous mode [ 574.543945][ T5137] uclogic 0003:256C:006D.002C: interface is invalid, ignoring [ 574.601272][T13755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.653168][T13802] loop1: detected capacity change from 0 to 512 [ 574.661529][T13755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 574.680648][T13802] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 574.702202][T13802] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2152: invalid indirect mapped block 2683928664 (level 1) [ 574.718666][T13802] EXT4-fs (loop1): 1 truncate cleaned up [ 574.725641][T13802] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 574.739692][T12845] hsr_slave_0: left promiscuous mode [ 574.755730][T12845] hsr_slave_1: left promiscuous mode [ 574.756545][ T5137] usb 1-1: USB disconnect, device number 19 [ 574.772856][T12845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 574.780730][T12845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.789207][T12845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 574.797811][T12845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.822381][T12845] veth1_macvtap: left promiscuous mode [ 574.828123][T12845] veth0_macvtap: left promiscuous mode [ 574.833693][T12845] veth1_vlan: left promiscuous mode [ 574.839091][T12845] veth0_vlan: left promiscuous mode [ 574.864709][T13806] EXT4-fs error (device loop1): ext4_find_dest_de:2111: inode #2: block 13: comm syz.1.2152: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 575.160891][T12127] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.351625][ T5095] Bluetooth: hci3: SCO packet for unknown connection handle 1955 [ 575.486060][ T5099] Bluetooth: hci4: command tx timeout [ 575.499997][ T5095] Bluetooth: hci2: command tx timeout [ 575.688086][T13825] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 575.718826][T12149] usb 4-1: USB disconnect, device number 20 [ 575.863792][T12845] team0 (unregistering): Port device team_slave_1 removed [ 575.995050][T12845] team0 (unregistering): Port device team_slave_0 removed [ 576.678980][T13829] loop0: detected capacity change from 0 to 32768 [ 576.698556][T13829] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2158 (13829) [ 576.719031][T13829] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 576.729482][T13829] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 576.763961][T13829] BTRFS info (device loop0): using free-space-tree [ 577.295127][T13755] team0: Port device team_slave_0 added [ 577.318877][T13823] __nla_validate_parse: 3 callbacks suppressed [ 577.318903][T13823] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2156'. [ 577.984003][ T5099] Bluetooth: hci4: command tx timeout [ 578.111625][ T5095] Bluetooth: hci2: command tx timeout [ 578.240801][ T29] audit: type=1804 audit(1719398459.310:4329): pid=13857 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.2158" name="/root/syzkaller.e6eCJW/33/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 578.586231][T13755] team0: Port device team_slave_1 added [ 578.704634][T12913] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 578.788459][T13755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.795448][T13755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.822098][T13755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 578.867682][T13755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.867705][T13864] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 578.874658][T13755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.962945][T13755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.069733][T13785] chnl_net:caif_netlink_parms(): no params data found [ 579.101671][T13864] vhci_hcd: default hub control req: 0000 v0073 i0000 l0 [ 579.258153][T13755] hsr_slave_0: entered promiscuous mode [ 579.293533][T13755] hsr_slave_1: entered promiscuous mode [ 579.392166][T13755] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 579.396966][ T29] audit: type=1326 audit(1719398460.600:4330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13874 comm="syz.0.2169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x0 [ 579.426640][T13755] Cannot create hsr debugfs directory [ 579.784179][T12845] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.915247][T13785] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.923122][T13785] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.941246][T13785] bridge_slave_0: entered allmulticast mode [ 579.976498][T13785] bridge_slave_0: entered promiscuous mode [ 580.014208][T12845] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.036434][T13785] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.046095][T13785] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.053568][T13785] bridge_slave_1: entered allmulticast mode [ 580.067647][T13785] bridge_slave_1: entered promiscuous mode [ 580.100793][T12845] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.130672][ T5095] Bluetooth: hci2: command tx timeout [ 580.130683][ T5099] Bluetooth: hci4: command tx timeout [ 580.194178][T12845] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.282103][T13785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.298101][T13785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 580.304048][T13883] input: syz0 as /devices/virtual/input/input36 [ 580.403686][T13785] team0: Port device team_slave_0 added [ 580.418239][T13785] team0: Port device team_slave_1 added [ 580.451907][T13887] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2172'. [ 580.527617][T13785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 580.534796][T13785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.563364][T13785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 580.608459][T13785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 580.615625][T13785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.643028][T13785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.701936][T12845] bridge_slave_1: left allmulticast mode [ 580.712635][T12845] bridge_slave_1: left promiscuous mode [ 580.718603][T12845] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.738932][T12845] bridge_slave_0: left allmulticast mode [ 580.744626][T12845] bridge_slave_0: left promiscuous mode [ 580.750789][T12845] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.014586][ T5099] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 581.914058][T12845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 581.941713][ T29] audit: type=1326 audit(1719398463.150:4331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13903 comm="syz.3.2177" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 581.964570][T12845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 581.982591][T12845] bond0 (unregistering): Released all slaves [ 582.125164][T13785] hsr_slave_0: entered promiscuous mode [ 582.176846][T13785] hsr_slave_1: entered promiscuous mode [ 582.193616][T13785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 582.204952][T13785] Cannot create hsr debugfs directory [ 582.226909][ T5099] Bluetooth: hci4: command tx timeout [ 582.263225][ T29] audit: type=1326 audit(1719398463.470:4332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13911 comm="syz.1.2180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9de8b75ae9 code=0x0 [ 582.550289][T13755] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 582.598411][T13755] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 582.620276][T12845] hsr_slave_0: left promiscuous mode [ 582.629297][T12845] hsr_slave_1: left promiscuous mode [ 582.671331][T12845] veth1_macvtap: left promiscuous mode [ 582.677754][T12845] veth0_macvtap: left promiscuous mode [ 582.686411][T12845] veth1_vlan: left promiscuous mode [ 582.692050][T12845] veth0_vlan: left promiscuous mode [ 582.974823][T13914] loop3: detected capacity change from 0 to 512 [ 583.126842][T13914] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 583.163232][T13914] ext4 filesystem being mounted at /root/syzkaller.QnHVjX/117/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 583.624483][T13922] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 583.685980][T13922] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 583.713428][T13922] EXT4-fs error (device loop3): ext4_acquire_dquot:6860: comm syz.3.2181: Failed to acquire dquot type 0 [ 584.159070][T11817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.401212][T12845] team0 (unregistering): Port device team_slave_1 removed [ 584.514486][T12845] team0 (unregistering): Port device team_slave_0 removed [ 584.930956][T13947] loop3: detected capacity change from 0 to 164 [ 584.999539][ T29] audit: type=1326 audit(1719398466.210:4333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13945 comm="syz.1.2190" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9de8b75ae9 code=0x0 [ 585.710895][T13755] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 585.773124][T13755] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 586.031480][T13951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2191'. [ 586.041966][T13951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2191'. [ 586.054706][T13951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2191'. [ 587.262172][T13755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 587.433561][T13755] 8021q: adding VLAN 0 to HW filter on device team0 [ 587.472928][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.480143][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 587.529702][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.537081][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 587.710706][ T5099] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 587.740660][T13755] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 588.178681][T13785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 588.215205][T13785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 588.281074][T13785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 588.333681][T13785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 588.372211][T13755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 588.684533][T13785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 588.776882][T13785] 8021q: adding VLAN 0 to HW filter on device team0 [ 588.813007][ T29] audit: type=1326 audit(1719398470.020:4334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13994 comm="syz.0.2203" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9eb6b75ae9 code=0x0 [ 588.834223][ C0] vkms_vblank_simulate: vblank timer overrun [ 588.860610][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.867847][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.879370][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.886632][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.975607][T13785] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 589.000752][T13785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 589.151260][T13755] veth0_vlan: entered promiscuous mode [ 589.202609][T13755] veth1_vlan: entered promiscuous mode [ 589.331456][T13785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 589.342158][T14011] loop3: detected capacity change from 0 to 64 [ 589.401709][T13755] veth0_macvtap: entered promiscuous mode [ 589.413202][T13982] loop1: detected capacity change from 0 to 32768 [ 589.439078][T13755] veth1_macvtap: entered promiscuous mode [ 589.493450][T13982] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 589.513185][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.554624][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.581612][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.593077][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.603276][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.652213][T13982] XFS (loop1): Ending clean mount [ 589.683339][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.720710][T13755] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.805330][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.826024][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.836813][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.849436][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.859836][T13755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.871346][T13755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.903514][T13755] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.947725][T13755] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.964676][T13755] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.000699][T13755] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.037674][T13755] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.050514][T14023] nfs: Unknown parameter '#^#+' [ 590.317447][T13785] veth0_vlan: entered promiscuous mode [ 590.404186][T13785] veth1_vlan: entered promiscuous mode [ 590.547929][T13785] veth0_macvtap: entered promiscuous mode [ 590.565629][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.582253][T13785] veth1_macvtap: entered promiscuous mode [ 590.593055][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.705005][T12845] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.742704][T12845] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.752169][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.770617][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.784011][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.798176][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.811497][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.824956][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.846168][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.857907][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.900802][T13785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 590.954383][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 590.966575][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.988923][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 591.011066][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.041648][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 591.057666][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.074848][T13785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 591.085562][T13785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.115196][T13785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 591.140747][T13785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.154262][T13785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.165165][T13785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.189290][T13785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.424486][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.515990][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.598421][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.650624][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.726437][ T5099] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 591.737077][ T5099] Bluetooth: hci0: Injecting HCI hardware error event [ 591.747647][ T5099] Bluetooth: hci0: hardware error 0x00 [ 592.239009][T14052] input: syz0 as /devices/virtual/input/input37 [ 592.339477][T12127] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 593.145906][ T784] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 593.336088][ T784] usb 5-1: Using ep0 maxpacket: 16 [ 593.352882][ T784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 593.381819][ T784] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 593.399128][ T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.464542][ T784] usb 5-1: config 0 descriptor?? [ 593.788124][T14092] fuse: Unknown parameter '0x0000000000000004' [ 593.822316][ T5099] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 593.882848][T14069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 593.894454][T14069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 593.905488][ T784] hid (null): invalid report_size 29535 [ 593.919675][ T784] hid-generic 0003:0158:0100.002D: unknown main item tag 0x1 [ 593.927388][ T784] hid-generic 0003:0158:0100.002D: unexpected long global item [ 593.935550][ T784] hid-generic 0003:0158:0100.002D: probe with driver hid-generic failed with error -22 [ 596.070492][T12149] usb 5-1: USB disconnect, device number 18 [ 596.628142][T14169] netlink: 'syz.2.2250': attribute type 3 has an invalid length. [ 596.633610][T14170] loop1: detected capacity change from 0 to 256 [ 596.650243][T14170] FAT-fs (loop1): Unrecognized mount option "nOnumtail=0" or missing value [ 596.658928][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2250'. [ 596.730846][T14169] netlink: 'syz.2.2250': attribute type 3 has an invalid length. [ 596.748701][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2250'. [ 596.770022][T14169] netlink: 'syz.2.2250': attribute type 3 has an invalid length. [ 596.811952][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2250'. [ 596.843043][T14177] netlink: 212 bytes leftover after parsing attributes in process `syz.4.2252'. [ 597.037643][T14176] syzkaller0: entered promiscuous mode [ 597.070565][T14176] syzkaller0: entered allmulticast mode [ 597.115317][ T29] audit: type=1800 audit(1719398478.320:4335): pid=14188 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.2255" name="bus" dev="sda1" ino=2065 res=0 errno=0 [ 597.135147][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.722160][T14193] loop4: detected capacity change from 0 to 256 [ 597.749573][T14170] loop1: detected capacity change from 0 to 32768 [ 597.765226][ T29] audit: type=1800 audit(1719398478.970:4336): pid=14193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.2258" name="bus" dev="loop4" ino=1048677 res=0 errno=0 [ 597.814465][T14170] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2248 (14170) [ 597.846137][ T29] audit: type=1804 audit(1719398479.040:4337): pid=14193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2258" name="/root/syzkaller.dByOwk/7/file1/bus" dev="loop4" ino=1048677 res=1 errno=0 [ 597.868473][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.920472][T14170] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 597.953291][T14170] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 597.962776][T14170] BTRFS info (device loop1): using free-space-tree [ 598.158825][T14170] BTRFS info (device loop1): rebuilding free space tree [ 598.617970][T12127] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 598.812106][T14227] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 598.818670][T14227] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 598.846080][T14227] vhci_hcd vhci_hcd.0: Device attached [ 599.003309][T14230] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11) [ 599.009978][T14230] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 599.052351][ T5134] vhci_hcd: vhci_device speed not set [ 599.075113][T14230] vhci_hcd vhci_hcd.0: Device attached [ 599.149896][ T5134] usb 15-1: new full-speed USB device number 3 using vhci_hcd [ 599.170973][ T5099] Bluetooth: hci3: command 0x0406 tx timeout [ 599.281992][T14238] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2263'. [ 599.338248][T14239] netlink: 'syz.1.2263': attribute type 29 has an invalid length. [ 599.599217][T14231] vhci_hcd: connection closed [ 599.606264][ T2407] vhci_hcd: stop threads [ 599.612516][T14228] vhci_hcd: connection reset by peer [ 599.620413][ T2407] vhci_hcd: release socket [ 599.625209][ T2407] vhci_hcd: disconnect device [ 599.646999][ T2407] vhci_hcd: stop threads [ 599.651353][ T2407] vhci_hcd: release socket [ 599.656246][ T2407] vhci_hcd: disconnect device [ 600.159746][T14241] netlink: 'syz.3.2266': attribute type 3 has an invalid length. [ 600.167949][T14241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2266'. [ 600.190034][T14241] netlink: 'syz.3.2266': attribute type 3 has an invalid length. [ 600.200798][T14241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2266'. [ 600.209924][T14241] netlink: 'syz.3.2266': attribute type 3 has an invalid length. [ 600.218127][T14241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2266'. [ 602.301136][T14254] loop1: detected capacity change from 0 to 512 [ 602.392517][T14254] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 602.410268][T14262] loop0: detected capacity change from 0 to 256 [ 602.421589][T14254] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2273: invalid indirect mapped block 2683928664 (level 1) [ 602.424136][T14251] input: syz0 as /devices/virtual/input/input38 [ 602.447944][T14262] FAT-fs (loop0): Unrecognized mount option "nOnumtail=0" or missing value [ 602.483846][T14254] EXT4-fs (loop1): 1 truncate cleaned up [ 602.489883][T14265] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 602.496425][T14265] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 602.522301][T14265] vhci_hcd vhci_hcd.0: Device attached [ 602.543613][T14254] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 602.628454][T14269] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11) [ 602.635113][T14269] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 602.646070][T14269] vhci_hcd vhci_hcd.0: Device attached [ 602.710893][T14278] EXT4-fs error (device loop1): ext4_find_dest_de:2111: inode #2: block 13: comm syz.1.2273: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 602.904529][T14287] loop2: detected capacity change from 0 to 1024 [ 602.912628][T14287] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 602.923739][T14287] EXT4-fs (loop2): group descriptors corrupted! [ 603.049220][T12127] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.248937][T14297] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2284'. [ 603.269834][T14297] netlink: 'syz.4.2284': attribute type 29 has an invalid length. [ 603.309436][T14271] vhci_hcd: connection closed [ 603.310114][ T35] vhci_hcd: stop threads [ 603.321502][T14266] vhci_hcd: connection closed [ 603.324406][ T35] vhci_hcd: release socket [ 603.370511][ T35] vhci_hcd: disconnect device [ 603.390789][ T35] vhci_hcd: stop threads [ 603.395098][ T35] vhci_hcd: release socket [ 603.402955][ T35] vhci_hcd: disconnect device [ 603.788681][T14262] loop0: detected capacity change from 0 to 32768 [ 603.801607][T14262] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2274 (14262) [ 603.850011][T14262] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 603.861084][T14262] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 603.874695][T14262] BTRFS info (device loop0): using free-space-tree [ 603.940687][ T29] audit: type=1326 audit(1719398485.150:4338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14308 comm="syz.3.2288" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d5ff75ae9 code=0x0 [ 604.136965][T14262] BTRFS info (device loop0): rebuilding free space tree [ 604.286533][ T5134] vhci_hcd: vhci_device speed not set [ 604.387362][T14325] macsec0: entered promiscuous mode [ 604.411457][T14325] macsec1: entered promiscuous mode [ 604.450620][T14301] loop1: detected capacity change from 0 to 32768 [ 604.593131][T12913] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 604.620456][T14301] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 604.647316][T14301] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 604.731484][T14301] bcachefs (loop1): alloc_read... done [ 604.757245][T14301] bcachefs (loop1): stripes_read... done [ 604.791089][T14301] bcachefs (loop1): snapshots_read... done [ 604.824650][T14301] bcachefs (loop1): journal_replay... done [ 604.875861][T14301] bcachefs (loop1): resume_logged_ops... done [ 604.883130][T14301] bcachefs (loop1): going read-write [ 604.966510][T14301] bcachefs (loop1): done starting filesystem [ 604.968924][T14343] loop3: detected capacity change from 0 to 512 [ 605.059409][T14343] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 605.128592][T14343] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.2293: invalid indirect mapped block 2683928664 (level 1) [ 605.165190][T14343] EXT4-fs (loop3): 1 truncate cleaned up [ 605.218788][T14343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 605.237299][T14354] macsec1: entered promiscuous mode [ 605.464381][T14367] EXT4-fs error (device loop3): ext4_find_dest_de:2111: inode #2: block 13: comm syz.3.2293: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 605.474725][ T29] audit: type=1800 audit(1719398486.680:4339): pid=14368 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2297" name="bus" dev="sda1" ino=2077 res=0 errno=0 [ 605.831810][T14373] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 605.838377][T14373] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 605.889172][T14373] vhci_hcd vhci_hcd.0: Device attached [ 605.907169][T11817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.033890][T14373] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(8) [ 606.040451][T14373] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 606.106093][ T5134] vhci_hcd: vhci_device speed not set [ 606.151098][T14373] vhci_hcd vhci_hcd.0: Device attached [ 606.196300][ T5134] usb 17-1: new full-speed USB device number 3 using vhci_hcd [ 606.227657][T14382] loop3: detected capacity change from 0 to 256 [ 606.576127][T14378] vhci_hcd: connection closed [ 606.576984][T14375] vhci_hcd: connection reset by peer [ 606.589093][ T144] vhci_hcd: stop threads [ 606.615993][ T144] vhci_hcd: release socket [ 606.620929][ T144] vhci_hcd: disconnect device [ 606.630315][ T144] vhci_hcd: stop threads [ 606.634785][ T144] vhci_hcd: release socket [ 606.651042][ T144] vhci_hcd: disconnect device [ 606.822159][T12127] bcachefs (loop1): shutting down [ 606.835604][T12127] bcachefs (loop1): going read-only [ 606.845999][T12127] bcachefs (loop1): finished waiting for writes to stop [ 606.871286][T12127] bcachefs (loop1): flushing journal and stopping allocators, journal seq 12 [ 606.890060][T12127] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 12 [ 606.909464][ T5095] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 606.917403][ T5095] Bluetooth: hci3: SCO packet for unknown connection handle 1955 [ 606.937288][T12127] bcachefs (loop1): shutdown complete, journal seq 13 [ 606.959205][T12127] bcachefs (loop1): marking filesystem clean [ 607.034116][T12127] bcachefs (loop1): shutdown complete [ 607.183233][T14405] macsec1: entered promiscuous mode [ 607.486242][T12149] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 607.688097][T12149] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 607.713216][T12149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.759294][T12149] usb 5-1: config 0 descriptor?? [ 607.779573][T12149] cp210x 5-1:0.0: cp210x converter detected [ 607.850101][ T29] audit: type=1326 audit(1719398489.060:4340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14421 comm="syz.1.2304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9de8b75ae9 code=0x0 [ 608.191975][T14408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 608.201509][T14408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 608.210883][T12149] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 608.223241][T12149] usb 5-1: cp210x converter now attached to ttyUSB0 [ 608.310345][T14441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2321'. [ 608.387890][T14443] netlink: 'syz.2.2322': attribute type 10 has an invalid length. [ 608.470993][T14443] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 608.543061][T14448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2309'. [ 608.929687][ T29] audit: type=1804 audit(1719398490.130:4341): pid=14451 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2325" name="/root/syzkaller.NpVkIP/32/file0" dev="sda1" ino=2075 res=1 errno=0 [ 609.751368][T14478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2333'. [ 609.838675][T14482] macsec0: entered promiscuous mode [ 609.850010][T14482] macsec1: entered promiscuous mode [ 610.231199][T12149] usb 5-1: USB disconnect, device number 19 [ 610.317040][T12149] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 611.404863][T14506] loop4: detected capacity change from 0 to 256 [ 611.591671][ T5134] vhci_hcd: vhci_device speed not set [ 611.752469][T12149] cp210x 5-1:0.0: device disconnected [ 614.302413][T14539] loop4: detected capacity change from 0 to 512 [ 614.313072][T14534] macsec0: entered promiscuous mode [ 614.320778][T14534] macsec1: entered promiscuous mode [ 614.370563][T14539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 614.387753][T14539] ext4 filesystem being mounted at /root/syzkaller.dByOwk/22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.556103][ T5134] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 614.710205][T14549] loop1: detected capacity change from 0 to 4096 [ 614.722328][T14549] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 614.768047][ T5134] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 614.794219][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.815447][ T5134] usb 3-1: config 0 descriptor?? [ 614.825690][ T5134] cp210x 3-1:0.0: cp210x converter detected [ 614.947742][T14558] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 615.009851][T14558] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 615.020122][T14558] EXT4-fs error (device loop4): ext4_acquire_dquot:6860: comm syz.4.2354: Failed to acquire dquot type 0 [ 615.220796][ T29] audit: type=1804 audit(1719398496.340:4342): pid=14561 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2356" name="/root/syzkaller.FILI3a/123/file0/bus" dev="loop1" ino=33 res=1 errno=0 [ 615.327733][T14536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 615.444343][T14536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 615.696805][ T5134] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 615.716172][ T5134] usb 3-1: cp210x converter now attached to ttyUSB0 [ 616.105708][T14536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2353'. [ 616.223761][T14577] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 616.230342][T14577] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 616.246371][T14577] vhci_hcd vhci_hcd.0: Device attached [ 616.323022][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 616.332535][ T12] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.350192][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 616.355847][T14582] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(10) [ 616.363818][T14582] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 616.373378][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 616.385615][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 616.399004][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 616.409299][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 616.422111][T14582] vhci_hcd vhci_hcd.0: Device attached [ 616.474814][ T5134] vhci_hcd: vhci_device speed not set [ 616.543940][ T12] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.557264][ T5134] usb 15-1: new full-speed USB device number 4 using vhci_hcd [ 616.639133][ T12] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.710336][T13755] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.765451][ T12] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.789973][T14572] loop1: detected capacity change from 0 to 40427 [ 616.803260][T14572] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 616.811343][T14572] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 616.832506][T14572] F2FS-fs (loop1): invalid crc value [ 616.863389][T14572] F2FS-fs (loop1): Found nat_bits in checkpoint [ 616.935588][T14591] macsec1: entered promiscuous mode [ 616.945528][T14572] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 616.953531][T14572] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 617.048926][T14578] vhci_hcd: connection reset by peer [ 617.049157][T14583] vhci_hcd: connection closed [ 617.066638][ T50] vhci_hcd: stop threads [ 617.101387][T14580] chnl_net:caif_netlink_parms(): no params data found [ 617.101917][ T50] vhci_hcd: release socket [ 617.147517][ T50] vhci_hcd: disconnect device [ 617.172621][ T50] vhci_hcd: stop threads [ 617.185656][ T50] vhci_hcd: release socket [ 617.192529][ T50] vhci_hcd: disconnect device [ 617.224656][ T12] bridge_slave_1: left allmulticast mode [ 617.234998][ T12] bridge_slave_1: left promiscuous mode [ 617.252171][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.275839][ T784] usb 3-1: USB disconnect, device number 19 [ 617.283819][ T12] bridge_slave_0: left allmulticast mode [ 617.292767][ T12] bridge_slave_0: left promiscuous mode [ 617.299367][ T784] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 617.312755][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 617.322253][ T784] cp210x 3-1:0.0: device disconnected [ 617.884258][ T29] audit: type=1800 audit(1719398499.090:4343): pid=14615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2374" name="bus" dev="sda1" ino=2072 res=0 errno=0 [ 617.904038][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.338938][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 618.354482][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 618.383861][ T12] bond0 (unregistering): Released all slaves [ 618.406904][T14598] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2368'. [ 618.426091][T14598] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 618.448247][ T5095] Bluetooth: hci3: command tx timeout [ 618.706835][T14626] loop2: detected capacity change from 0 to 512 [ 618.811580][T14626] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 618.866002][T14626] ext4 filesystem being mounted at /root/syzkaller.NpVkIP/43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 618.976024][T14580] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.983211][T14580] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.999787][T14580] bridge_slave_0: entered allmulticast mode [ 619.011811][T14580] bridge_slave_0: entered promiscuous mode [ 619.078150][T14642] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 619.084720][T14642] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 619.113765][T14642] vhci_hcd vhci_hcd.0: Device attached [ 619.136270][T14580] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.152619][T14580] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.173655][T14580] bridge_slave_1: entered allmulticast mode [ 619.186479][T14645] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(10) [ 619.187818][T14580] bridge_slave_1: entered promiscuous mode [ 619.193109][T14645] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 619.203527][T14645] vhci_hcd vhci_hcd.0: Device attached [ 619.306201][ T5136] vhci_hcd: vhci_device speed not set [ 619.338974][T14633] syzkaller0: entered promiscuous mode [ 619.344568][T14633] syzkaller0: entered allmulticast mode [ 619.385071][ T12] hsr_slave_0: left promiscuous mode [ 619.394316][ T12] hsr_slave_1: left promiscuous mode [ 619.396140][ T5136] usb 17-1: new full-speed USB device number 4 using vhci_hcd [ 619.409947][T14654] input: syz0 as /devices/virtual/input/input39 [ 619.426146][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 619.448369][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 619.468016][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 619.483393][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 619.515290][T14655] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 619.518653][ T12] veth1_macvtap: left promiscuous mode [ 619.532160][ T12] veth0_macvtap: left promiscuous mode [ 619.539959][ T12] veth1_vlan: left promiscuous mode [ 619.545669][ T12] veth0_vlan: left promiscuous mode [ 619.551240][T14655] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 619.579951][T14655] EXT4-fs error (device loop2): ext4_acquire_dquot:6860: comm syz.2.2375: Failed to acquire dquot type 0 [ 619.874297][T14646] vhci_hcd: connection closed [ 619.874610][ T144] vhci_hcd: stop threads [ 619.874712][T14643] vhci_hcd: connection reset by peer [ 619.886002][ T144] vhci_hcd: release socket [ 619.898627][ T144] vhci_hcd: disconnect device [ 619.911583][ T2407] vhci_hcd: stop threads [ 619.918318][ T2407] vhci_hcd: release socket [ 619.935919][ T2407] vhci_hcd: disconnect device [ 620.134539][T13785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 620.525955][ T5095] Bluetooth: hci3: command tx timeout [ 620.554003][ T12] team0 (unregistering): Port device team_slave_1 removed [ 620.661706][ T12] team0 (unregistering): Port device team_slave_0 removed [ 621.736563][ T5134] vhci_hcd: vhci_device speed not set [ 622.611883][ T5095] Bluetooth: hci3: command tx timeout [ 624.538893][ T5136] vhci_hcd: vhci_device speed not set [ 624.593052][T14664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'. [ 624.602624][T14664] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 624.685948][ T5095] Bluetooth: hci3: command tx timeout [ 624.746840][T14580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 624.776512][T14580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 624.849292][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.857259][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.864302][T14677] loop3: detected capacity change from 0 to 64 [ 624.884112][T14677] hfs: unable to parse mount options [ 624.948557][T14580] team0: Port device team_slave_0 added [ 624.972060][T14580] team0: Port device team_slave_1 added [ 625.347289][T14580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 625.354284][T14580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 625.357388][T14690] loop4: detected capacity change from 0 to 1024 [ 625.400229][T14690] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 625.411432][T14690] EXT4-fs (loop4): group descriptors corrupted! [ 625.421891][T14580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 625.677717][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 625.694732][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 625.705157][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 625.729434][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 625.739099][ T52] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 625.747245][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 627.807692][ T52] Bluetooth: hci4: command tx timeout [ 628.662617][T14580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 628.669864][T14580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.698122][T14580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 628.830239][T14580] hsr_slave_0: entered promiscuous mode [ 628.852196][T14580] hsr_slave_1: entered promiscuous mode [ 628.869335][T14580] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 628.883448][T14580] Cannot create hsr debugfs directory [ 628.926211][T10738] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 629.130515][T10738] usb 5-1: Using ep0 maxpacket: 8 [ 629.165445][T10738] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 629.177223][T10738] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 629.185131][ T2407] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.187887][T10738] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 629.216664][T14713] input: syz0 as /devices/virtual/input/input40 [ 629.239394][T10738] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 629.258662][T10738] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 629.269969][T10738] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.364254][ T2407] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.489065][T10738] usb 5-1: GET_CAPABILITIES returned 0 [ 629.494708][T10738] usbtmc 5-1:16.0: can't read capabilities [ 629.497044][ T2407] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.632995][ T2407] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.650870][T14692] chnl_net:caif_netlink_parms(): no params data found [ 629.706222][T10738] usb 5-1: USB disconnect, device number 20 [ 629.885947][ T52] Bluetooth: hci4: command tx timeout [ 630.334476][T14726] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 630.354784][T14726] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 630.575965][ T5171] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 630.790155][ T5171] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 630.807053][ T5171] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.829943][ T5171] usb 5-1: config 0 descriptor?? [ 630.883411][ T5171] cp210x 5-1:0.0: cp210x converter detected [ 631.251177][T14734] loop1: detected capacity change from 0 to 64 [ 631.262398][T14734] hfs: unable to parse mount options [ 631.289530][T14730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.299828][T14730] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 631.318354][ T5171] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 631.354512][ T5171] usb 5-1: cp210x converter now attached to ttyUSB0 [ 631.976239][ T52] Bluetooth: hci4: command tx timeout [ 633.044879][T14736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2406'. [ 633.239393][T14692] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.247575][T14692] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.255708][T14692] bridge_slave_0: entered allmulticast mode [ 633.272323][T14692] bridge_slave_0: entered promiscuous mode [ 633.290396][T14692] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.308260][T14692] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.321946][T14692] bridge_slave_1: entered allmulticast mode [ 633.341747][T14692] bridge_slave_1: entered promiscuous mode [ 633.374983][T14751] netlink: 'syz.3.2411': attribute type 29 has an invalid length. [ 633.587456][ T2407] bridge_slave_1: left allmulticast mode [ 633.611343][ T2407] bridge_slave_1: left promiscuous mode [ 633.655466][ T2407] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.733336][ T2407] bridge_slave_0: left allmulticast mode [ 633.768741][ T2407] bridge_slave_0: left promiscuous mode [ 633.804547][ T2407] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.078311][ T52] Bluetooth: hci4: command tx timeout [ 634.142113][ T5171] usb 5-1: USB disconnect, device number 21 [ 634.208804][ T5171] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 634.251348][ T5171] cp210x 5-1:0.0: device disconnected [ 634.264604][T14761] loop4: detected capacity change from 0 to 1024 [ 634.277642][T14761] [ 634.280010][T14761] ====================================================== [ 634.287037][T14761] WARNING: possible circular locking dependency detected [ 634.294052][T14761] 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 Not tainted [ 634.301137][T14761] ------------------------------------------------------ [ 634.308132][T14761] syz.4.2412/14761 is trying to acquire lock: [ 634.314607][T14761] ffff88806b4273c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 634.325635][T14761] [ 634.325635][T14761] but task is already holding lock: [ 634.332994][T14761] ffff88802ef000b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 634.342512][T14761] [ 634.342512][T14761] which lock already depends on the new lock. [ 634.342512][T14761] [ 634.352927][T14761] [ 634.352927][T14761] the existing dependency chain (in reverse order) is: [ 634.361963][T14761] [ 634.361963][T14761] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 634.369723][T14761] lock_acquire+0x1ed/0x550 [ 634.374962][T14761] __mutex_lock+0x136/0xd70 [ 634.380443][T14761] hfsplus_file_truncate+0x811/0xb50 [ 634.386272][T14761] hfsplus_delete_inode+0x174/0x220 [ 634.392020][T14761] hfsplus_unlink+0x512/0x790 [ 634.397241][T14761] vfs_unlink+0x365/0x650 [ 634.402087][T14761] do_unlinkat+0x4ae/0x830 [ 634.407013][T14761] __x64_sys_unlink+0x49/0x60 [ 634.412217][T14761] do_syscall_64+0xf3/0x230 [ 634.417272][T14761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.423721][T14761] [ 634.423721][T14761] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 634.432788][T14761] validate_chain+0x18e0/0x5900 [ 634.438211][T14761] __lock_acquire+0x1346/0x1fd0 [ 634.443608][T14761] lock_acquire+0x1ed/0x550 [ 634.448913][T14761] __mutex_lock+0x136/0xd70 [ 634.453936][T14761] hfsplus_file_extend+0x21b/0x1b70 [ 634.459660][T14761] hfsplus_bmap_reserve+0x105/0x4e0 [ 634.465377][T14761] hfsplus_create_cat+0x1b0/0x1b60 [ 634.470991][T14761] hfsplus_fill_super+0x13ee/0x1ca0 [ 634.476695][T14761] mount_bdev+0x20a/0x2d0 [ 634.481524][T14761] legacy_get_tree+0xee/0x190 [ 634.486710][T14761] vfs_get_tree+0x90/0x2a0 [ 634.491651][T14761] do_new_mount+0x2be/0xb40 [ 634.496655][T14761] __se_sys_mount+0x2d9/0x3c0 [ 634.501833][T14761] do_syscall_64+0xf3/0x230 [ 634.506844][T14761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.513252][T14761] [ 634.513252][T14761] other info that might help us debug this: [ 634.513252][T14761] [ 634.523460][T14761] Possible unsafe locking scenario: [ 634.523460][T14761] [ 634.530889][T14761] CPU0 CPU1 [ 634.536330][T14761] ---- ---- [ 634.541699][T14761] lock(&tree->tree_lock); [ 634.546184][T14761] lock(&HFSPLUS_I(inode)->extents_lock); [ 634.554486][T14761] lock(&tree->tree_lock); [ 634.561746][T14761] lock(&HFSPLUS_I(inode)->extents_lock); [ 634.567534][T14761] [ 634.567534][T14761] *** DEADLOCK *** [ 634.567534][T14761] [ 634.575836][T14761] 3 locks held by syz.4.2412/14761: [ 634.581041][T14761] #0: ffff88801d30c0e0 (&type->s_umount_key#77/1){+.+.}-{3:3}, at: alloc_super+0x221/0x9d0 [ 634.591226][T14761] #1: ffff88807d183198 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_fill_super+0x1380/0x1ca0 [ 634.601259][T14761] #2: ffff88802ef000b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 634.611168][T14761] [ 634.611168][T14761] stack backtrace: [ 634.617039][T14761] CPU: 1 PID: 14761 Comm: syz.4.2412 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 634.627170][T14761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 634.637233][T14761] Call Trace: [ 634.640515][T14761] [ 634.643434][T14761] dump_stack_lvl+0x241/0x360 [ 634.648111][T14761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 634.653330][T14761] ? print_circular_bug+0x130/0x1a0 [ 634.658515][T14761] check_noncircular+0x36a/0x4a0 [ 634.663438][T14761] ? __pfx_check_noncircular+0x10/0x10 [ 634.668884][T14761] ? lockdep_lock+0x123/0x2b0 [ 634.673542][T14761] ? _find_first_zero_bit+0xd3/0x100 [ 634.678812][T14761] validate_chain+0x18e0/0x5900 [ 634.683655][T14761] ? __pfx_validate_chain+0x10/0x10 [ 634.688839][T14761] ? mark_lock+0x9a/0x350 [ 634.693158][T14761] ? __lock_acquire+0x1346/0x1fd0 [ 634.698170][T14761] ? look_up_lock_class+0x77/0x160 [ 634.703278][T14761] ? register_lock_class+0x102/0x980 [ 634.708967][T14761] ? validate_chain+0x11e/0x5900 [ 634.715225][T14761] ? __pfx_register_lock_class+0x10/0x10 [ 634.722258][T14761] ? mark_lock+0x9a/0x350 [ 634.727250][T14761] __lock_acquire+0x1346/0x1fd0 [ 634.733599][T14761] lock_acquire+0x1ed/0x550 [ 634.738098][T14761] ? hfsplus_file_extend+0x21b/0x1b70 [ 634.743466][T14761] ? __pfx_lock_acquire+0x10/0x10 [ 634.748476][T14761] ? __pfx___might_resched+0x10/0x10 [ 634.753743][T14761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.759795][T14761] ? arch_stack_walk+0x16d/0x1b0 [ 634.764723][T14761] __mutex_lock+0x136/0xd70 [ 634.769222][T14761] ? hfsplus_file_extend+0x21b/0x1b70 [ 634.774589][T14761] ? hfsplus_file_extend+0x21b/0x1b70 [ 634.779957][T14761] ? __pfx___mutex_lock+0x10/0x10 [ 634.786149][T14761] hfsplus_file_extend+0x21b/0x1b70 [ 634.791466][T14761] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 634.797106][T14761] ? rcu_is_watching+0x15/0xb0 [ 634.801879][T14761] ? trace_contention_end+0x3c/0x120 [ 634.807152][T14761] ? __mutex_lock+0x2ef/0xd70 [ 634.811818][T14761] ? hfsplus_find_init+0x14a/0x1c0 [ 634.816917][T14761] ? __pfx___mutex_lock+0x10/0x10 [ 634.821928][T14761] hfsplus_bmap_reserve+0x105/0x4e0 [ 634.827121][T14761] hfsplus_create_cat+0x1b0/0x1b60 [ 634.832213][T14761] ? do_raw_spin_unlock+0x13c/0x8b0 [ 634.837411][T14761] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 634.843313][T14761] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 634.849642][T14761] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 634.855184][T14761] ? __mod_timer+0xb89/0xeb0 [ 634.859783][T14761] ? do_raw_spin_unlock+0x13c/0x8b0 [ 634.864970][T14761] ? _raw_spin_unlock+0x28/0x50 [ 634.869808][T14761] ? hfsplus_new_inode+0x53e/0x6c0 [ 634.874993][T14761] hfsplus_fill_super+0x13ee/0x1ca0 [ 634.880183][T14761] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 634.885729][T14761] ? snprintf+0xda/0x120 [ 634.889961][T14761] ? __pfx_lock_release+0x10/0x10 [ 634.894972][T14761] ? do_raw_spin_lock+0x14f/0x370 [ 634.899991][T14761] ? sb_set_blocksize+0x98/0xf0 [ 634.904833][T14761] ? setup_bdev_super+0x4ad/0x570 [ 634.909843][T14761] mount_bdev+0x20a/0x2d0 [ 634.914160][T14761] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 634.919699][T14761] ? __pfx_mount_bdev+0x10/0x10 [ 634.924819][T14761] ? vfs_parse_fs_string+0x190/0x230 [ 634.930102][T14761] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 634.935723][T14761] ? cap_capable+0x1b4/0x250 [ 634.940300][T14761] legacy_get_tree+0xee/0x190 [ 634.944964][T14761] ? __pfx_hfsplus_mount+0x10/0x10 [ 634.950072][T14761] vfs_get_tree+0x90/0x2a0 [ 634.954490][T14761] do_new_mount+0x2be/0xb40 [ 634.958977][T14761] ? __pfx_do_new_mount+0x10/0x10 [ 634.963999][T14761] __se_sys_mount+0x2d9/0x3c0 [ 634.968675][T14761] ? __pfx___se_sys_mount+0x10/0x10 [ 634.973942][T14761] ? exc_page_fault+0x590/0x8c0 [ 634.978783][T14761] ? __x64_sys_mount+0x20/0xc0 [ 634.983531][T14761] do_syscall_64+0xf3/0x230 [ 634.988027][T14761] ? clear_bhb_loop+0x35/0x90 [ 634.992693][T14761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.998577][T14761] RIP: 0033:0x7fb926b771ea [ 635.002985][T14761] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.022668][T14761] RSP: 002b:00007fb927986e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 635.031066][T14761] RAX: ffffffffffffffda RBX: 00007fb927986f00 RCX: 00007fb926b771ea [ 635.039027][T14761] RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007fb927986ec0 [ 635.046998][T14761] RBP: 0000000020000000 R08: 00007fb927986f00 R09: 0000000002000010 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 635.055045][T14761] R10: 0000000002000010 R11: 0000000000000206 R12: 0000000020000080 [ 635.063055][T14761] R13: 00007fb927986ec0 R14: 00000000000006a6 R15: 0000000020000100 [ 635.071033][T14761] [ 635.098050][T14761] hfsplus: xattr search failed