last executing test programs: 2m53.24902043s ago: executing program 2 (id=110): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f00000000c0)=0x3, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000002c0)=[@mss={0x2, 0xfffffff3}, @mss, @mss={0x2, 0x8}, @window, @timestamp, @timestamp, @mss={0x2, 0x9}, @timestamp], 0x401) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0x440) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b23", 0xc1, 0x805, 0x0, 0x0) 2m52.917834155s ago: executing program 2 (id=113): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$vim2m(0x0, 0x0, 0x2) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x11c, 0x4, 0x0, 0x74efdfe049b861ab) r4 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 2m51.80631943s ago: executing program 2 (id=115): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b753b5086d049608113a0102030109021200d53d43"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 2m48.73555687s ago: executing program 3 (id=122): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x48}}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) recvmmsg(r0, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f0000001540)=[{0x0}, {&(0x7f00000002c0)=""/59, 0x3b}], 0x2}}], 0x1, 0x2, 0x0) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 2m47.683607829s ago: executing program 3 (id=125): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x11c, 0x4, 0x0, 0x74efdfe049b861ab) r4 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 2m46.626433184s ago: executing program 2 (id=128): syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000040)=ANY=[], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPaxxzs4w4Uki8eLD05Gb+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6LKBsA=") execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x1000, 0x0) 2m46.625984675s ago: executing program 3 (id=129): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x101, 0xfffffffb}, 0x10) 2m46.24363324s ago: executing program 3 (id=132): sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0) 2m46.025397845s ago: executing program 3 (id=133): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x100000000002, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 2m43.952041341s ago: executing program 2 (id=137): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x6, 0x0, 0x0, 0x0, &(0x7f0000001400)={0x0, 0x3938700}}) io_uring_enter(r1, 0x6b4d, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r1, 0x0, 0x3, 0x7, 0x0, 0x0) 2m43.875159216s ago: executing program 3 (id=138): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200, 0x0, 0x0, 0x0, 0xfffffffe, 0x9}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) 2m43.226021603s ago: executing program 2 (id=141): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 2m42.107113184s ago: executing program 32 (id=141): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 2m28.692651768s ago: executing program 33 (id=138): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200, 0x0, 0x0, 0x0, 0xfffffffe, 0x9}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) 13.016120861s ago: executing program 1 (id=554): landlock_restrict_self(0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffe01) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2663}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = fsopen(&(0x7f0000000280)='gfs2meta\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f00000002c0)='\x00\x00\xb2\x00\x10\x00\x00\x00\x00\x00\x00ikH\xaf\xfe\x9a%\xca[W\xd2\x9a\xa6\xe2\x85S|\xb2\x03\xae\xc1V\xd1\xa2\x03\xcc\x89\x1d\x05\xecY\xf5\xc8{\x0e\xbd\x0e\xe5]P\x95;\xfbQy\x97[\xb44\xa0\xa6\xac\xec\xd9<\x9c\xe5y%*\xf1\xc3Ks6 z\xeef:\v\x8a\x00\xd59\x00M\xbd\x89\xc8Qi\xa0v\x8b\xe3\x14', 0x0) sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005f40)={0x0, 0x0, &(0x7f0000005f00)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x80b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xc, 0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x44}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000080)={0x2c, r7, 0x801, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}]}, 0x2c}}, 0x0) 11.563481362s ago: executing program 1 (id=560): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000480), 0x0) syz_emit_ethernet(0x2be, 0x0, 0x0) socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x891a, 0x0) socket$inet(0x2, 0x80001, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r5 = socket$isdn(0x22, 0x2, 0x26) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x80044943, &(0x7f00000002c0)={'wlan0\x00'}) r6 = timerfd_create(0x8, 0x0) timerfd_settime(r6, 0x3, 0x0, 0x0) timerfd_settime(r6, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) socket$netlink(0x10, 0x3, 0x14) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x1}}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/cgroup\x00') r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/cgroup\x00') setns(r8, 0x0) 8.332782253s ago: executing program 5 (id=565): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, 0x0, 0x20040800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c) listen(r3, 0x20000005) r4 = socket$inet6(0xa, 0x6, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r5, 0x0, 0x24040040) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 7.567437136s ago: executing program 0 (id=568): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x20000044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$ptys(0xc, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x4048884) 7.490698372s ago: executing program 1 (id=570): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket(0x1e, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) ioctl$TIOCL_BLANKSCREEN(r3, 0x541c, &(0x7f0000000540)) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0), 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiMwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7g0Dw8GozxMZGJcz7mdiYJgZtnMPsr/KG6CRwcDMwMCgwsDAwMTAwpCWmZNq4MHAyMAM5RiyQFXBVDMxcIAl9JLzc1LaGRjBSQCsbTkDC9wMw8cMrHCOETLH2KIBahJDO5RWgdIeUHo5lH4MpeXRkg0L2IR+KE+jgYGBjaEisaSkyJCNgQHKgosZwcWMBOA2M0FtncuE6rnjTAyjYBSMglEwCkbBKBgFo2AUjIJRMJIBIAAA///ZbLn7") getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, 0x0, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040eaf003120"], 0x7) 6.434848567s ago: executing program 0 (id=571): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20000, 0x45) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x0}) 6.391312272s ago: executing program 6 (id=572): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xffffffffffffffff, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) memfd_create(0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001500)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000f3437b00001e3b"], 0x1c}}, 0x0) recvmmsg$unix(r3, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)=""/144, 0x90}, {&(0x7f00000036c0)=""/4106, 0x100a}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000000400)=""/153, 0x99}], 0x4}}, {{0x0, 0x0, 0x0}}], 0x2, 0x10000, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'sh\x00'}, 0x2c) 6.076173422s ago: executing program 1 (id=573): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) unlink(&(0x7f0000000100)='./file0\x00') write$USERIO_CMD_REGISTER(r2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000121000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r5, &(0x7f0000000340)={0x230, 0x7d, 0x40, {{0x500, 0xef, 0x0, 0xb000000, {0x0, 0x2, 0x7}, 0x0, 0x0, 0x0, 0x5, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1h\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\b\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x58}}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(r6, 0x5404) close_range(r0, 0xffffffffffffffff, 0x0) 4.945185213s ago: executing program 0 (id=574): syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000e80)=ANY=[@ANYRES16=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRES32, @ANYBLOB="a6af891d142bbbe86c2b6c42ac9eefc3f3124a519189b105d77c5f5267121c170995cd3bb174096f3c", @ANYRESDEC=0x0, @ANYBLOB="01ce6671a3b30f673148672100038bbb4413ea284b892438cdddda3dc5766f98f85fb413504b3bbb8dce2bcd2b09f68cd741168d69dae50652ca7b67c5b0a27ab80ff9afa5000443de8c748e1d5beabee7c1346b215f641ae190d56ea4ab81bacd909929deb5757040e8d5b2752ea779c30f600bd516a68d881e9cc7289826d49e35134a94e27f115c8195a0f152cbd840ffdb008356c72319cceb43ccb1280556efdf0fdf582fd3cfc830dff178a068d948b7400f5aef57b6dcbfde7af6012383adb085c40e4c295c2a3be750a42400e58523d24b8eecd758aabcee22347bdb78b72b400d080a044ebde5d39ad91ff0ef75aa244381cf00cd6fe9b9a92a9968104bf02481022af426853287e521a4e3cfe480f984efcea1319ff932ebd3bc75aefea41074799f3502a7472a6686b4011a41d7f0cfb25b3dc3077b4e8ded17cfff2b1d59bc12f637c36690f5ca91ee999ec138f6ce76522e652939847435edb78f9ae18489f9d2b73c81609399f0d123f1721171bd72c012623f04d8965d3e5785d057c17998ab36af821c9b308731422ba3859b9895ace14068ea58f8cb6060c205caf209a73628eff5b9270a4a55c2d7fc59a4fe6e023bd424d8b010e2232d1b2e6ca603b466b2c82afff4a8cc469e8664d54769fc97df122b3ff8c34354dad46f900eaf6e72e5e9f8090000000000000074dadad47a42af7cdae5bde6a12f412fe2a876aa191e78e91fbf780e2f4a20f57d41376b29f990ce63aa6edf622d2203fee37df269abf869d13b175852b775fff70491d1e5d1311b7e82cba4584c147c6e79c77e89ef954a101ddb98c5ba2b312528485ece7aff23cc6fee599daea0fca71a902c969fc9077bd75970cf0f11b52af4c82b49640cc3fabbc401dead4f83aa0c4072a9e98ab5afca90be17961fc073e2f8ec0000000000f7f574d97d4b4fcece55eeac5968262e9bd94c1d1bc1138cda4410bee318185f933c130b8765e5078e7642abf5aa7fb04f7b7c930d776622f38fc1422af38d18398766ab0e98f3b07603981b1d0c0b353eb0ae7089ea49a060367512a13eea1d7d608b7297a902508744e4d75dfcdf75fc6dc73f23ef3e97dc7a357cc2e6a0f0c43636f5bdc6beddc09858a6a2ced9d33bd0e0eca77d1821865ad6e4d61b2b65005d", @ANYRESOCT, @ANYRES32, @ANYRES8, @ANYRES8=0x0, @ANYBLOB="64eb9d8a8a48c79c95d055fb439250f5c3eb02d7adf9a4512dcd910bb0f61df6e958b29125bf7821948fea8cd1c5aa12dc764a351434b8c9bdfa20acfa7369538b00ec058238e0532f4c45d34d94bddc281e19be1206fb5d847930f190d253269ec5", @ANYRESDEC, @ANYRESOCT, @ANYRES8, @ANYRESDEC=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x0, 0x1d9, &(0x7f0000000800)="$eJzslU9rE0EYxn+zO0kazaFnrxbbi6bZgvgN7AfwAxjStRY3/ukGNKHg6qUXD+KXKPgpPAh69yAieKkHBT1UPFUkMjvvjLNaiIqhFPaB5X3eZ94/M7PMzPX8Tt4Cvh/sDFikhKLDW6XQwLKy2mHT2i9ip4IP2vo90Z+KfS82H09ePbJ0cqOfZel2Pp5BlIJZMRXyu6T/uNkR5OXDqqL4tzrzJ6PY7myWNakOPa4Et8qYX9Ill2NfxTzI1w6Eysf/UbkbKA3mvQrwyrfO7N/05on9nUfGxJLeprotJ49Ef5WVI9dXfvlBxOfSeX2wMzDkqtxiRtuwnzsSZYxxngcxZzQUoGKmvo4ub0tYBrqj4e1uPp6c3xr2N9PN9GaSrF1cfXFajuj0Pmxl6aoKphEZovEw57QdjDeAdz/HCwKoYGoGp0C5XJfiLueVs0FiG6IgN6xh6z7z/VuixQy5wjkWgLuFGU6wu7WEqaa5Zpa2jiIWp6eDecIhEQvlwIXBrWxjF4VyaXtoX6O3T8M7iTimUbp2yS9/V+yS2HWxe2L3xbq3y71JuqzwSbyVAprc649G2+XjZZnXEq8li75zJF3da6jcTFrUqFGjRo0aNWqcEPwIAAD//+lITgc=") mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000000)=""/204, 0xcc) 4.943644513s ago: executing program 6 (id=575): r0 = io_uring_setup(0x1acb, &(0x7f00000003c0)={0x0, 0x204, 0x2, 0x0, 0xa7}) close_range(r0, 0xffffffffffffffff, 0x0) 4.782305368s ago: executing program 5 (id=576): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x32) setresuid(0x0, r5, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) 4.741901933s ago: executing program 6 (id=577): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="f8000000160001000000000000000000fc010000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000033000000fe880000000000000000000000000001000000000000000000"], 0xf8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@delsa={0x3c, 0x11, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@local}]}, 0x3c}}, 0x0) 4.627617112s ago: executing program 4 (id=578): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0) 4.496618354s ago: executing program 0 (id=579): r0 = syz_init_net_socket$llc(0x1a, 0x802, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) getpeername$llc(r0, 0x0, 0x0) 4.315309413s ago: executing program 4 (id=580): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000480), 0x0) syz_emit_ethernet(0x2be, 0x0, 0x0) socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x891a, 0x0) socket$inet(0x2, 0x80001, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r5 = socket$isdn(0x22, 0x2, 0x26) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x80044943, &(0x7f00000002c0)={'wlan0\x00'}) r6 = timerfd_create(0x8, 0x0) timerfd_settime(r6, 0x3, 0x0, 0x0) timerfd_settime(r6, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) socket$netlink(0x10, 0x3, 0x14) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x1}}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/cgroup\x00') r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/cgroup\x00') setns(r8, 0x0) 4.268591215s ago: executing program 6 (id=581): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x20000044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$ptys(0xc, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x4048884) 3.31542651s ago: executing program 5 (id=582): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r4 = getpid() r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="170000000000000000", @ANYRES32=0x1, @ANYRES32, @ANYBLOB="00000000000000000000001c000000000000000000f0409008000000"], 0x48) bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r5, 0x0, &(0x7f0000001780)=""/4096}, 0x20) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r8 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00004bb000/0x1000)=nil, &(0x7f000064f000/0x2000)=nil, 0x0, &(0x7f0000000080)=[{}, {0x6, 0x6, 0x7fffffff}], 0x2, 0x0, 0x0, 0x0, 0x0, 0x7d}) epoll_create(0x207ffd) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0xc901, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r9, @ANYBLOB="14002c80080000009d03"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) 3.295444585s ago: executing program 1 (id=583): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000851000/0x2000)=nil, 0x2000, 0x2, 0x11, 0xffffffffffffffff, 0x7f9bf000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) set_mempolicy(0x4005, &(0x7f0000000080)=0x41, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x39}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.984821049s ago: executing program 4 (id=584): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0x20ff, 0x5, 0x100, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 2.151449759s ago: executing program 6 (id=585): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, 0x0, 0x20000, 0x45) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x0}) 1.364685986s ago: executing program 4 (id=586): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6(0xa, 0x6, 0x0) socket$inet6(0xa, 0x40000080806, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x303040, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) close(0x3) socket$kcm(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x0, 0x0, @val=@tracing}, 0x40) socket(0x400000000010, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r2], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 1.266670885s ago: executing program 0 (id=587): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, 0x0, 0x20040800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c) listen(r3, 0x20000005) r4 = socket$inet6(0xa, 0x6, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r5, 0x0, 0x24040040) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 847.320707ms ago: executing program 5 (id=588): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0xc}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, r2, 0xb}}, 0x48) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[], 0x4c}}, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000700)={0x2, 0x3, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, '\n'}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}]}, 0x80}, 0x1, 0x7}, 0x0) write$nci(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {&(0x7f0000000300), r2}}, 0x18) 661.801303ms ago: executing program 4 (id=589): syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000e80)=ANY=[@ANYRES16=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRES32, @ANYBLOB="a6af891d142bbbe86c2b6c42ac9eefc3f3124a519189b105d77c5f5267121c170995cd3bb174096f3c", @ANYRESDEC=0x0, @ANYBLOB="01ce6671a3b30f673148672100038bbb4413ea284b892438cdddda3dc5766f98f85fb413504b3bbb8dce2bcd2b09f68cd741168d69dae50652ca7b67c5b0a27ab80ff9afa5000443de8c748e1d5beabee7c1346b215f641ae190d56ea4ab81bacd909929deb5757040e8d5b2752ea779c30f600bd516a68d881e9cc7289826d49e35134a94e27f115c8195a0f152cbd840ffdb008356c72319cceb43ccb1280556efdf0fdf582fd3cfc830dff178a068d948b7400f5aef57b6dcbfde7af6012383adb085c40e4c295c2a3be750a42400e58523d24b8eecd758aabcee22347bdb78b72b400d080a044ebde5d39ad91ff0ef75aa244381cf00cd6fe9b9a92a9968104bf02481022af426853287e521a4e3cfe480f984efcea1319ff932ebd3bc75aefea41074799f3502a7472a6686b4011a41d7f0cfb25b3dc3077b4e8ded17cfff2b1d59bc12f637c36690f5ca91ee999ec138f6ce76522e652939847435edb78f9ae18489f9d2b73c81609399f0d123f1721171bd72c012623f04d8965d3e5785d057c17998ab36af821c9b308731422ba3859b9895ace14068ea58f8cb6060c205caf209a73628eff5b9270a4a55c2d7fc59a4fe6e023bd424d8b010e2232d1b2e6ca603b466b2c82afff4a8cc469e8664d54769fc97df122b3ff8c34354dad46f900eaf6e72e5e9f8090000000000000074dadad47a42af7cdae5bde6a12f412fe2a876aa191e78e91fbf780e2f4a20f57d41376b29f990ce63aa6edf622d2203fee37df269abf869d13b175852b775fff70491d1e5d1311b7e82cba4584c147c6e79c77e89ef954a101ddb98c5ba2b312528485ece7aff23cc6fee599daea0fca71a902c969fc9077bd75970cf0f11b52af4c82b49640cc3fabbc401dead4f83aa0c4072a9e98ab5afca90be17961fc073e2f8ec0000000000f7f574d97d4b4fcece55eeac5968262e9bd94c1d1bc1138cda4410bee318185f933c130b8765e5078e7642abf5aa7fb04f7b7c930d776622f38fc1422af38d18398766ab0e98f3b07603981b1d0c0b353eb0ae7089ea49a060367512a13eea1d7d608b7297a902508744e4d75dfcdf75fc6dc73f23ef3e97dc7a357cc2e6a0f0c43636f5bdc6beddc09858a6a2ced9d33bd0e0eca77d1821865ad6e4d61b2b65005d", @ANYRESOCT, @ANYRES32, @ANYRES8, @ANYRES8=0x0, @ANYBLOB="64eb9d8a8a48c79c95d055fb439250f5c3eb02d7adf9a4512dcd910bb0f61df6e958b29125bf7821948fea8cd1c5aa12dc764a351434b8c9bdfa20acfa7369538b00ec058238e0532f4c45d34d94bddc281e19be1206fb5d847930f190d253269ec5", @ANYRESDEC, @ANYRESOCT, @ANYRES8, @ANYRESDEC=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x0, 0x1d9, &(0x7f0000000800)="$eJzslU9rE0EYxn+zO0kazaFnrxbbi6bZgvgN7AfwAxjStRY3/ukGNKHg6qUXD+KXKPgpPAh69yAieKkHBT1UPFUkMjvvjLNaiIqhFPaB5X3eZ94/M7PMzPX8Tt4Cvh/sDFikhKLDW6XQwLKy2mHT2i9ip4IP2vo90Z+KfS82H09ePbJ0cqOfZel2Pp5BlIJZMRXyu6T/uNkR5OXDqqL4tzrzJ6PY7myWNakOPa4Et8qYX9Ill2NfxTzI1w6Eysf/UbkbKA3mvQrwyrfO7N/05on9nUfGxJLeprotJ49Ef5WVI9dXfvlBxOfSeX2wMzDkqtxiRtuwnzsSZYxxngcxZzQUoGKmvo4ub0tYBrqj4e1uPp6c3xr2N9PN9GaSrF1cfXFajuj0Pmxl6aoKphEZovEw57QdjDeAdz/HCwKoYGoGp0C5XJfiLueVs0FiG6IgN6xh6z7z/VuixQy5wjkWgLuFGU6wu7WEqaa5Zpa2jiIWp6eDecIhEQvlwIXBrWxjF4VyaXtoX6O3T8M7iTimUbp2yS9/V+yS2HWxe2L3xbq3y71JuqzwSbyVAprc649G2+XjZZnXEq8li75zJF3da6jcTFrUqFGjRo0aNWqcEPwIAAD//+lITgc=") mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000000)=""/204, 0xcc) 550.367139ms ago: executing program 5 (id=590): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8000, &(0x7f0000000a00)={[{@type={'type', 0x3d, "25c2506b"}}, {@nobarrier}, {@creator={'creator', 0x3d, "bd3c66f5"}}, {@nls={'nls', 0x3d, 'cp932'}}, {@umask={'umask', 0x3d, 0x1f}}, {@creator={'creator', 0x3d, "0846c920"}}]}, 0x13, 0x6ad, &(0x7f0000000280)="$eJzs3U2InHcdB/DvM5nMZiKk2zZNowhdGijaYLKboSaC0CgiOQQJeul1STbNkklaNlvZFjETtRU8eZIePFRkPfQkIkI9ifUsCF485R7w5iEHdcvzzMvO7kw2u9lsZtt+PvDs83/m//Z7fnleZp7NMgE+ty68loOdFLlw8uJKuX23SLLaulGVV1vtJFNJakm9u0rRTIqPk/PpLvli+WJvuOJB87xy76Oi/v6Hre5WvbdU7Wtb9RsxtmUnOTTYOJBkplv877aHHRmvWqpxLq+P94iKQdxlwk70EweTtjais15Ze2j37Z+3wL51u3vfHDGdHE737lq+D0jv6vDwK8PkbXlt6jy5OAAAAGCvjP0sP+yp+7mflRx5MuEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZ0PR/c7AorfU+uWZFP3v/28Mfad+Y8Lh7tK7V6vV95+adCAAAAAAAAAAsCsv3M/9rORIf3utqH7n/2K1cbT6+YW8lVtZyFJOZSXzWc5yljKXZHpooMbK/PLy0txoz1+l7Lm2tna71/PM2J5nNsbV2RzouP9pMNIIAAAAAAAAAD63fpIL67//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aBIDnRX1XK0X55OrZ7kUJJGMTNo3phosI/BXyYdAAAAAOy9Zm99pPh/t7BWVJ/5j1Wf+w/lrdzMchaznHYWcqV6FtD91F/7R6fVvrvaulEuowN/6987iqMaMd1nD+Nnnq1aPDfocSHfzQ9yMjO5lKUs5oeZz3IWMpPvVKX5FJnuPb2YvrvaTD/W0XjPb9i6tDm2F4bKZXzHq0iauZrFKrZTudzoh17rtTs+NNufGunlbeBOmZ3i1Z5t5uhKb12O9cuMjDlB09WeHxxkZLaX+zIbTw/nfTT3OzxONs80l9rgGdTR9VnKzc0zPVLOD/fWZa7f29uc7/BR2sZMdH5RbvWPvmNb5zz56j//eula7eb1a1dvndw/h9Ej2nxMtIYy8fy2MtEuM9HZRSYO7Sb+x6fRy0b3Krqzq+WLVd8jWcz38kauZCFnM5u5nMtsvpEzaeXMUF6f2zqv1blW29m5duIrvUJ5T/r50L3piZl6UEWZ16eH8jp8pZuu6oZfWc/SM9vIUtHI+Cz9a2wo9S/1CuUcPx2640ze5kzMDWXi2a0z8Zv/rSW51b55fena/JvbnO+l3ro8bd/deG3+7WPZoR2pZ/0fozxenum/9l42HB1l3bP9uk35KuuKen/Ejfe5RiPV+dytftiZWo507E6/9fBI3brnM66uVdUdH6rb8C4nb6Q9eBcCwD52+OXDjea95t+bHzR/1rzWvHjo21Pnpr7cyMG/1f984Pe139W+WbycD/LjHJl0pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Flw6+13rs+32wtL+7CQ2mMe8M7Yqn4quq809se+f1oLU1sdUX9IskX3xiRibibZF6lL/QnMNZUxVRcHrzST2iCeJNf3yRfcAXvh9PKNN0/fevudry3emH994fWFm2fOnX31bOvrc7dPX11sL8x2f046SmAvrL8NmHQkAAAAAAAAAAAAwHZt+guBRjLuLwR2VxgzbdGZwL4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn04XXsvBTorMzZ6aLbfvrrba5dIvr7esJ6klKX6UFB8n59NdMj00XPGgeV6599GvX3r/w9b6WPV++9qmfn/8z9raDvei01syk+RAb/1wU9sa7/LQeJ0dBtZVDPawTNiJfuJg0j4JAAD//0NcA4E=") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) 368.068125ms ago: executing program 6 (id=591): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@delsa={0x3c, 0x11, 0x1, 0x0, 0x0, {@in6=@empty}, [@srcaddr={0x14, 0xd, @in=@local}]}, 0x3c}}, 0x0) 367.479195ms ago: executing program 5 (id=592): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r3 = socket(0x28, 0x3, 0x7218) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x390, 0x190, 0x6c, 0x0, 0x0, 0x0, 0x2c0, 0x258, 0x258, 0x2c0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0xff], [], 'wlan1\x00', '\x00', {0xff}, {}, 0x11}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x7}}, @common=@inet=@multiport={{0x50}, {0x0, 0xfe, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e21], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x14, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff000000], [], 'lo\x00', 'erspan0\x00', {}, {}, 0x62}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@hl={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {0x0, 0x4, 0x3}, {0x0, 0x0, 0x3}, 0x0, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2001}}, {0x28}}}}, 0x3f0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @private=0xa010102}, 0x10) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 256.703284ms ago: executing program 1 (id=593): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000580)={'syz', 0x3}, &(0x7f0000000400)="f47963362d3bfb2cf60efb8a1fa289e43ee9", 0x12, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r2, r2}, &(0x7f0000000480)=""/250, 0xfa, &(0x7f00000001c0)={&(0x7f0000000080)={'poly1305-generic\x00'}}) 256.253285ms ago: executing program 4 (id=594): ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000040)={0xb}) 0s ago: executing program 0 (id=595): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x20000044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$ptys(0xc, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}], 0x1, 0x4048884) kernel console output (not intermixed with test programs): 87.375153][ T5852] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.385694][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.392741][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.410224][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.412713][ T5848] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 87.428070][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.430053][ T5846] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 87.465487][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.517973][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.545779][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.559832][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.586219][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.597902][ T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 87.607115][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.161022][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 88.267677][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 88.355443][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 88.454850][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.464590][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.473274][ T5837] bridge_slave_0: entered allmulticast mode [ 88.482028][ T5837] bridge_slave_0: entered promiscuous mode [ 88.495293][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.504840][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.513688][ T5837] bridge_slave_1: entered allmulticast mode [ 88.523221][ T5837] bridge_slave_1: entered promiscuous mode [ 88.544295][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.553083][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.561940][ T5836] bridge_slave_0: entered allmulticast mode [ 88.570741][ T5836] bridge_slave_0: entered promiscuous mode [ 88.583274][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 88.595223][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.603856][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.612327][ T5836] bridge_slave_1: entered allmulticast mode [ 88.620327][ T5836] bridge_slave_1: entered promiscuous mode [ 88.683202][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.701551][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 88.725800][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.738661][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.796069][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.864890][ T5837] team0: Port device team_slave_0 added [ 88.894994][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.906395][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.914870][ T5847] bridge_slave_0: entered allmulticast mode [ 88.922915][ T5847] bridge_slave_0: entered promiscuous mode [ 88.944628][ T5836] team0: Port device team_slave_0 added [ 88.952861][ T5837] team0: Port device team_slave_1 added [ 88.963591][ T5836] team0: Port device team_slave_1 added [ 88.991568][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.999864][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.007979][ T5847] bridge_slave_1: entered allmulticast mode [ 89.015647][ T5847] bridge_slave_1: entered promiscuous mode [ 89.095661][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.104197][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.134363][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.157106][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.164837][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.192670][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.206464][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.215204][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.242817][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.274204][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.289426][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.302312][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.310149][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.337679][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.361410][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.368828][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.376460][ T5851] bridge_slave_0: entered allmulticast mode [ 89.384087][ T5851] bridge_slave_0: entered promiscuous mode [ 89.392534][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.405333][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.414856][ T5838] bridge_slave_0: entered allmulticast mode [ 89.423312][ T5838] bridge_slave_0: entered promiscuous mode [ 89.450567][ T5852] Bluetooth: hci3: command tx timeout [ 89.451345][ T55] Bluetooth: hci0: command tx timeout [ 89.491342][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.499315][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.507006][ T5851] bridge_slave_1: entered allmulticast mode [ 89.515453][ T5851] bridge_slave_1: entered promiscuous mode [ 89.523484][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.531587][ T55] Bluetooth: hci2: command tx timeout [ 89.538587][ T5852] Bluetooth: hci1: command tx timeout [ 89.545178][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.552995][ T5838] bridge_slave_1: entered allmulticast mode [ 89.560932][ T5838] bridge_slave_1: entered promiscuous mode [ 89.571229][ T5847] team0: Port device team_slave_0 added [ 89.580321][ T5847] team0: Port device team_slave_1 added [ 89.591374][ T5836] hsr_slave_0: entered promiscuous mode [ 89.598352][ T5836] hsr_slave_1: entered promiscuous mode [ 89.689599][ T5837] hsr_slave_0: entered promiscuous mode [ 89.697981][ T5837] hsr_slave_1: entered promiscuous mode [ 89.704767][ T5852] Bluetooth: hci4: command tx timeout [ 89.711809][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.720762][ T5837] Cannot create hsr debugfs directory [ 89.744999][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.757650][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.770897][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.791795][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.799026][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.826897][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.854527][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.886342][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.893835][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.922994][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.955459][ T5838] team0: Port device team_slave_0 added [ 89.999900][ T5838] team0: Port device team_slave_1 added [ 90.030417][ T5851] team0: Port device team_slave_0 added [ 90.075446][ T5851] team0: Port device team_slave_1 added [ 90.090658][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.099647][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.125916][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.168766][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.176617][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.204667][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.216887][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.224383][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.251405][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.271809][ T5847] hsr_slave_0: entered promiscuous mode [ 90.278385][ T5847] hsr_slave_1: entered promiscuous mode [ 90.284987][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.292660][ T5847] Cannot create hsr debugfs directory [ 90.327539][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.334943][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.362360][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.455754][ T5851] hsr_slave_0: entered promiscuous mode [ 90.463943][ T5851] hsr_slave_1: entered promiscuous mode [ 90.472504][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.480672][ T5851] Cannot create hsr debugfs directory [ 90.541505][ T5838] hsr_slave_0: entered promiscuous mode [ 90.548065][ T5838] hsr_slave_1: entered promiscuous mode [ 90.555595][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.563985][ T5838] Cannot create hsr debugfs directory [ 90.768897][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.781260][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.824507][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.843331][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.875301][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.917528][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.951274][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.974166][ T5847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.996008][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.018714][ T5847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.030376][ T5847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.040212][ T5847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.142234][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.164081][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.188780][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.217593][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.300841][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.314325][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.326859][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.355601][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.385524][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.459824][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.513695][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.521485][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.531917][ T5852] Bluetooth: hci3: command tx timeout [ 91.538016][ T5852] Bluetooth: hci0: command tx timeout [ 91.573715][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.601673][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.609974][ T55] Bluetooth: hci1: command tx timeout [ 91.616809][ T55] Bluetooth: hci2: command tx timeout [ 91.624712][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.632554][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.678998][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.711463][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.718718][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.734985][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.754826][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.770835][ T55] Bluetooth: hci4: command tx timeout [ 91.797590][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.805481][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.823324][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.832247][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.843991][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.851800][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.900521][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.931502][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.943671][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.951329][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.033490][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.040910][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.127138][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.174582][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.182530][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.254882][ T53] cfg80211: failed to load regulatory.db [ 92.257515][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.271885][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.403516][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.611040][ T5836] veth0_vlan: entered promiscuous mode [ 92.638462][ T5836] veth1_vlan: entered promiscuous mode [ 92.704301][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.725232][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.803979][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.864589][ T5836] veth0_macvtap: entered promiscuous mode [ 92.899417][ T5836] veth1_macvtap: entered promiscuous mode [ 92.987633][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.014933][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.035916][ T5851] veth0_vlan: entered promiscuous mode [ 93.055616][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.065025][ T5837] veth0_vlan: entered promiscuous mode [ 93.095017][ T5837] veth1_vlan: entered promiscuous mode [ 93.115801][ T5851] veth1_vlan: entered promiscuous mode [ 93.126664][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.140275][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.150284][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.160344][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.299340][ T5847] veth0_vlan: entered promiscuous mode [ 93.317403][ T5851] veth0_macvtap: entered promiscuous mode [ 93.352610][ T5851] veth1_macvtap: entered promiscuous mode [ 93.384161][ T5847] veth1_vlan: entered promiscuous mode [ 93.402925][ T5837] veth0_macvtap: entered promiscuous mode [ 93.419945][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.437899][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.465987][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.478876][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.491466][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.505224][ T5837] veth1_macvtap: entered promiscuous mode [ 93.527399][ T5838] veth0_vlan: entered promiscuous mode [ 93.557005][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.570061][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.584029][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.601180][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.613010][ T55] Bluetooth: hci0: command tx timeout [ 93.613066][ T55] Bluetooth: hci3: command tx timeout [ 93.626372][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.638392][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.652177][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.665462][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.684202][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.694557][ T5852] Bluetooth: hci1: command tx timeout [ 93.700004][ T55] Bluetooth: hci2: command tx timeout [ 93.701370][ T5847] veth0_macvtap: entered promiscuous mode [ 93.717003][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.722529][ T5851] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.740197][ T5851] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.751564][ T5851] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.766668][ T5851] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.795342][ T5838] veth1_vlan: entered promiscuous mode [ 93.810377][ T5847] veth1_macvtap: entered promiscuous mode [ 93.821276][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.835055][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.846588][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.859324][ T55] Bluetooth: hci4: command tx timeout [ 93.867846][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.883690][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.940339][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.955691][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.968628][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.978825][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.999093][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.014693][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.029145][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.043387][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.055788][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.069586][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.085893][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.137822][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.144401][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.153764][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.182104][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.194898][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.209316][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.222324][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.237991][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.275105][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.288308][ T5847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.305651][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.319225][ T5847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.337196][ T5847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.360274][ T5847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.397053][ T5838] veth0_macvtap: entered promiscuous mode [ 94.439279][ T5838] veth1_macvtap: entered promiscuous mode [ 94.619290][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.645847][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.667603][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.698985][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.713387][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.725034][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.736491][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.747965][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.948824][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.398932][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.408401][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.608622][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.634034][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.648132][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.658198][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.678578][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.698908][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.712508][ T55] Bluetooth: hci3: command tx timeout [ 95.720016][ T55] Bluetooth: hci0: command tx timeout [ 95.736179][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.763609][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.775657][ T5852] Bluetooth: hci1: command tx timeout [ 95.782435][ T5852] Bluetooth: hci2: command tx timeout [ 95.798531][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.817859][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.836651][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.897324][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.930128][ T55] Bluetooth: hci4: command tx timeout [ 95.931905][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.953271][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.966633][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.074124][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.101916][ T506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.110444][ T506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.123329][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.226852][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.264539][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.300199][ T5891] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 96.414291][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.434612][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.492221][ T5891] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 96.515626][ T5891] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 96.590466][ T5934] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 96.599768][ T5891] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 96.638581][ T5891] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 96.656709][ T5891] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 96.661505][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.687630][ T5891] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 96.705429][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.712273][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 96.745198][ T5941] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 96.754158][ T5941] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 96.757356][ T5891] usb 3-1: Product: syz [ 96.777382][ T5946] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8'. [ 96.805809][ T5943] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6) [ 96.812722][ T5943] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 96.826808][ T5891] usb 3-1: Manufacturer: syz [ 96.839731][ T5943] vhci_hcd vhci_hcd.0: Device attached [ 96.853770][ T5941] vhci_hcd vhci_hcd.0: Device attached [ 96.870207][ T5891] cdc_wdm 3-1:1.0: skipping garbage [ 96.875626][ T5891] cdc_wdm 3-1:1.0: skipping garbage [ 96.887391][ T5891] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 96.897124][ T5891] cdc_wdm 3-1:1.0: Unknown control protocol [ 96.917393][ T5945] vhci_hcd: connection closed [ 96.918450][ T5944] vhci_hcd: connection closed [ 96.956388][ T52] vhci_hcd: stop threads [ 96.968614][ T52] vhci_hcd: release socket [ 96.974488][ T52] vhci_hcd: disconnect device [ 97.049964][ T52] vhci_hcd: stop threads [ 97.055297][ T52] vhci_hcd: release socket [ 97.060477][ T5919] vhci_hcd: vhci_device speed not set [ 97.070215][ T52] vhci_hcd: disconnect device [ 97.120330][ T5919] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 97.128440][ T5919] usb 39-1: enqueue for inactive port 0 [ 97.270212][ T5919] vhci_hcd: vhci_device speed not set [ 98.409616][ T5936] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 99.115770][ T5890] usb 3-1: USB disconnect, device number 2 [ 99.146210][ T5852] Bluetooth: hci5: sending frame failed (-49) [ 99.154018][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 99.228180][ T5968] loop0: detected capacity change from 0 to 256 [ 99.276794][ T5968] vfat: Unknown parameter '18446744073709551615' [ 99.500997][ T5936] usb 5-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=98.53 [ 99.512131][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.650565][ T5936] usb 5-1: Product: syz [ 99.670247][ T5936] usb 5-1: Manufacturer: syz [ 99.716673][ T5973] loop2: detected capacity change from 0 to 2048 [ 100.021520][ T5973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.084791][ T5936] usb 5-1: SerialNumber: syz [ 100.095466][ T5973] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.119839][ T5936] usb 5-1: config 0 descriptor?? [ 100.128711][ T5936] gspca_main: spca506-2.14.0 probing 99fa:8988 [ 101.676726][ T5973] loop2: detected capacity change from 0 to 256 [ 101.725454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.750858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.760800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.234733][ T5936] usb 5-1: USB disconnect, device number 2 [ 105.573915][ T5888] IPVS: starting estimator thread 0... [ 105.947267][ T6063] IPVS: using max 20 ests per chain, 48000 per kthread [ 106.879908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.891005][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.814856][ T6135] syz.4.49 uses obsolete (PF_INET,SOCK_PACKET) [ 111.677066][ T6139] warning: `syz.1.46' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 112.256009][ T6138] tty tty2: ldisc open failed (-12), clearing slot 1 [ 112.600074][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 112.702449][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.829558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 114.097436][ T5936] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 114.162372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.173599][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.389694][ T5936] usb 3-1: Using ep0 maxpacket: 8 [ 114.402283][ T5936] usb 3-1: config 61 has too many interfaces: 213, using maximum allowed: 32 [ 114.418926][ T5936] usb 3-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config [ 114.447919][ T5936] usb 3-1: config 61 has 0 interfaces, different from the descriptor's value: 213 [ 115.069930][ T5936] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 115.272369][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.393975][ T5936] usb 3-1: Product: syz [ 115.668489][ T6176] loop1: detected capacity change from 0 to 8 [ 115.674559][ T5936] usb 3-1: Manufacturer: syz [ 115.706609][ T5936] usb 3-1: SerialNumber: syz [ 115.720015][ T6176] SQUASHFS error: lzo decompression failed, data probably corrupt [ 115.728887][ T6176] SQUASHFS error: Failed to read block 0x91: -5 [ 115.735993][ T6176] SQUASHFS error: Unable to read metadata cache entry [8f] [ 115.743733][ T6176] SQUASHFS error: Unable to read inode 0x11f [ 115.819171][ T6176] loop1: detected capacity change from 0 to 16 [ 116.362817][ T6176] erofs (device loop1): unsupported chunk format ffff of nid 36 [ 117.001519][ T5888] IPVS: starting estimator thread 0... [ 117.129800][ T6180] IPVS: using max 18 ests per chain, 43200 per kthread [ 117.304360][ T5936] usb 3-1: USB disconnect, device number 3 [ 118.348877][ T6197] capability: warning: `syz.1.63' uses deprecated v2 capabilities in a way that may be insecure [ 119.900273][ T6219] Zero length message leads to an empty skb [ 120.209105][ T6218] loop0: detected capacity change from 0 to 32768 [ 122.860071][ T5919] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.014839][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 123.102457][ T6218] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow,no_data_io [ 123.220723][ T5919] usb 4-1: Using ep0 maxpacket: 8 [ 123.244660][ T5919] usb 4-1: config 61 has too many interfaces: 213, using maximum allowed: 32 [ 123.268972][ T5919] usb 4-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config [ 123.276272][ T6218] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 123.306230][ T6218] bcachefs (loop0): Version upgrade required: [ 123.306230][ T6218] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 123.306230][ T6218] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 123.306230][ T6218] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 123.402525][ T5919] usb 4-1: config 61 has 0 interfaces, different from the descriptor's value: 213 [ 123.417573][ T6218] bcachefs (loop0): dropping and reconstructing all alloc info [ 123.462931][ T5919] usb 4-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 123.473798][ T6218] bcachefs (loop0): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR [ 123.495804][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.526921][ T5919] usb 4-1: Product: syz [ 123.553728][ T6218] bcachefs (loop0): bch2_fs_recovery(): error EINTR [ 123.568912][ T5919] usb 4-1: Manufacturer: syz [ 123.780141][ T6218] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR [ 123.837136][ T6218] bcachefs (loop0): shutting down [ 124.434851][ T6266] loop4: detected capacity change from 0 to 256 [ 124.511082][ T5888] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 124.523618][ T5919] usb 4-1: SerialNumber: syz [ 124.536697][ T6266] exFAT-fs (loop4): Invalid exboot-signature(sector = 7): 0xaa00006c [ 124.547669][ T6218] bcachefs (loop0): shutdown complete [ 124.615787][ T6266] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2119ad3c) [ 124.647564][ T6266] exFAT-fs (loop4): invalid boot region [ 124.668176][ T6266] exFAT-fs (loop4): failed to recognize exfat type [ 124.706333][ T5888] usb 2-1: Using ep0 maxpacket: 8 [ 124.728820][ T5888] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 124.803082][ T5888] usb 2-1: config 0 has no interface number 0 [ 124.861071][ T5888] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 124.887377][ T5888] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 124.937677][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.988779][ T5888] usb 2-1: config 0 descriptor?? [ 125.765980][ T5888] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 126.189765][ T5888] usb 4-1: USB disconnect, device number 2 [ 126.204405][ T5891] usb 2-1: USB disconnect, device number 2 [ 126.429446][ T6279] IPv6: Can't replace route, no match found [ 126.438420][ T6270] loop4: detected capacity change from 0 to 32768 [ 126.451123][ T6270] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.78 (6270) [ 126.739941][ T6270] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 126.788971][ T6270] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 126.818784][ T6270] BTRFS info (device loop4): using free-space-tree [ 127.504787][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 127.505650][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 127.613125][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 127.693391][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 127.767913][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 127.791204][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 127.824563][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 127.845486][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 127.888503][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 127.946132][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 127.961989][ T6270] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 127.972764][ T5891] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 128.152330][ T5891] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 128.179314][ T6270] BTRFS error (device loop4): open_ctree failed [ 128.216486][ T5891] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 128.942728][ T6218] bcachefs: bch2_fs_get_tree() error: EINTR [ 129.023021][ T5891] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 129.037737][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 129.049306][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.067814][ T5891] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 129.077575][ T5891] usb 4-1: invalid MIDI out EP 0 [ 129.378800][ T5891] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 129.445045][ T5891] usb 4-1: USB disconnect, device number 3 [ 129.515185][ T6200] udevd[6200]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 129.708866][ T6321] bridge0: port 3(vlan2) entered blocking state [ 129.727142][ T6321] bridge0: port 3(vlan2) entered disabled state [ 129.736945][ T6321] vlan2: entered allmulticast mode [ 129.743607][ T6321] batadv0: entered allmulticast mode [ 129.752106][ T6321] vlan2: entered promiscuous mode [ 129.758090][ T6321] batadv0: entered promiscuous mode [ 129.766250][ T6321] bridge0: port 3(vlan2) entered blocking state [ 129.774763][ T6321] bridge0: port 3(vlan2) entered forwarding state [ 131.330358][ T6335] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 132.291934][ T5888] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 133.260039][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.267854][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.297137][ T6346] loop4: detected capacity change from 0 to 256 [ 133.348227][ T6346] exFAT-fs (loop4): Invalid exboot-signature(sector = 7): 0xaa00006c [ 133.358873][ T6346] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2119ad3c) [ 133.371173][ T6346] exFAT-fs (loop4): invalid boot region [ 133.377141][ T6346] exFAT-fs (loop4): failed to recognize exfat type [ 133.750966][ T5888] usb 3-1: device descriptor read/all, error -71 [ 135.144899][ T6351] loop4: detected capacity change from 0 to 32768 [ 135.269946][ T6351] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.100 (6351) [ 136.315221][ T6351] BTRFS error (device loop4): open_ctree failed [ 139.407216][ T6404] loop0: detected capacity change from 0 to 256 [ 139.459616][ T46] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 139.482663][ T6404] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 139.789002][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 139.797939][ T46] usb 3-1: config 61 has too many interfaces: 213, using maximum allowed: 32 [ 139.807577][ T46] usb 3-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config [ 139.818663][ T46] usb 3-1: config 61 has 0 interfaces, different from the descriptor's value: 213 [ 139.982178][ T6420] exFAT-fs (loop0): start_clu is invalid cluster(0xffffffff) [ 140.729757][ T5919] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 140.750789][ T46] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 140.761780][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.770197][ T46] usb 3-1: Product: syz [ 140.774585][ T46] usb 3-1: Manufacturer: syz [ 140.779392][ T46] usb 3-1: SerialNumber: syz [ 140.993706][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 141.038212][ T5919] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 141.086116][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.153373][ T5919] usb 5-1: config 0 descriptor?? [ 141.164293][ T5919] pwc: Askey VC010 type 2 USB webcam detected. [ 142.048447][ T5919] pwc: recv_control_msg error -32 req 02 val 2b00 [ 142.061874][ T5919] pwc: recv_control_msg error -32 req 02 val 2700 [ 142.070520][ T5919] pwc: recv_control_msg error -32 req 02 val 2c00 [ 142.083311][ T5919] pwc: recv_control_msg error -32 req 04 val 1000 [ 142.108492][ T5919] pwc: recv_control_msg error -32 req 04 val 1300 [ 142.129181][ T5919] pwc: recv_control_msg error -32 req 04 val 1400 [ 142.138108][ T5919] pwc: recv_control_msg error -32 req 02 val 2000 [ 142.151066][ T5919] pwc: recv_control_msg error -32 req 02 val 2100 [ 142.158735][ T5919] pwc: recv_control_msg error -32 req 04 val 1500 [ 142.167083][ T5919] pwc: recv_control_msg error -32 req 02 val 2500 [ 142.179672][ T5919] pwc: recv_control_msg error -32 req 02 val 2400 [ 142.190022][ T5919] pwc: recv_control_msg error -32 req 02 val 2600 [ 142.472549][ T5919] pwc: recv_control_msg error -71 req 02 val 2800 [ 142.815725][ T5919] pwc: recv_control_msg error -71 req 04 val 1100 [ 142.955078][ T5919] pwc: recv_control_msg error -71 req 04 val 1200 [ 142.976046][ T5919] pwc: Registered as video103. [ 142.993376][ T5919] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input12 [ 143.089709][ T5919] usb 5-1: USB disconnect, device number 3 [ 143.311695][ T6449] loop4: detected capacity change from 0 to 128 [ 143.323458][ T5888] usb 3-1: USB disconnect, device number 6 [ 143.428257][ T6449] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 143.473114][ T6449] FAT-fs (loop4): Filesystem has been set read-only [ 143.548703][ T6449] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 143.602456][ T6454] loop2: detected capacity change from 0 to 1024 [ 143.643603][ T6449] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 143.668920][ T29] audit: type=1800 audit(1733433182.104:2): pid=6449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.130" name="file1" dev="loop4" ino=1048601 res=0 errno=0 [ 143.681523][ T6454] process 'syz.2.128' launched './file1' with NULL argv: empty string added [ 146.019120][ T6472] loop1: detected capacity change from 0 to 256 [ 146.499685][ T46] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 147.303987][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.438824][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 147.458793][ T46] usb 2-1: config 61 has too many interfaces: 213, using maximum allowed: 32 [ 147.469447][ T46] usb 2-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config [ 147.486391][ T46] usb 2-1: config 61 has 0 interfaces, different from the descriptor's value: 213 [ 147.529034][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.543973][ T46] usb 2-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 147.556092][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.567298][ T46] usb 2-1: Product: syz [ 147.572606][ T46] usb 2-1: Manufacturer: syz [ 147.577482][ T46] usb 2-1: SerialNumber: syz [ 148.407108][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.565616][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 148.578436][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 148.594410][ T46] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 148.594912][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.634472][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 148.721489][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 148.730805][ T5852] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 148.743983][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 149.249782][ T46] usb 1-1: Using ep0 maxpacket: 16 [ 149.264724][ T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.278912][ T46] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 149.289222][ T62] bridge_slave_1: left allmulticast mode [ 149.295691][ T62] bridge_slave_1: left promiscuous mode [ 149.324449][ T46] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 149.326212][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.335934][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.389252][ T46] usb 1-1: Product: syz [ 149.394043][ T46] usb 1-1: Manufacturer: syz [ 149.398704][ T46] usb 1-1: SerialNumber: syz [ 149.427761][ T62] bridge_slave_0: left allmulticast mode [ 149.450889][ T62] bridge_slave_0: left promiscuous mode [ 149.473227][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.728971][ T46] usb 1-1: 0:2 : does not exist [ 149.748931][ T46] usb 1-1: USB disconnect, device number 2 [ 150.368801][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 150.466325][ T5890] usb 2-1: USB disconnect, device number 3 [ 150.809752][ T5852] Bluetooth: hci0: command tx timeout [ 151.667684][ T6536] loop4: detected capacity change from 0 to 256 [ 151.724023][ T6536] exFAT-fs (loop4): Invalid exboot-signature(sector = 7): 0xaa00006c [ 151.732813][ T6525] loop0: detected capacity change from 0 to 32768 [ 151.768524][ T6525] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.150 (6525) [ 151.784491][ T6536] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2119ad3c) [ 151.804385][ T6536] exFAT-fs (loop4): invalid boot region [ 151.836448][ T6536] exFAT-fs (loop4): failed to recognize exfat type [ 151.885945][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 151.899418][ T6525] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 151.927270][ T6525] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 151.947898][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.952258][ T6525] BTRFS info (device loop0): using free-space-tree [ 151.973965][ T62] bond0 (unregistering): Released all slaves [ 152.041933][ T6488] chnl_net:caif_netlink_parms(): no params data found [ 152.371777][ T29] audit: type=1804 audit(1733433190.824:3): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.150" name="/newroot/23/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 152.634110][ T6536] loop4: detected capacity change from 0 to 32768 [ 152.685361][ T6536] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.156 (6536) [ 152.713801][ T5838] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 152.896164][ T6536] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 152.911953][ T5852] Bluetooth: hci0: command tx timeout [ 152.933982][ T6536] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 152.959761][ T6536] BTRFS info (device loop4): using free-space-tree [ 153.074366][ T6488] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.091576][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.099141][ T6488] bridge_slave_0: entered allmulticast mode [ 153.106789][ T6488] bridge_slave_0: entered promiscuous mode [ 153.167042][ T6488] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.176909][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.191665][ T6488] bridge_slave_1: entered allmulticast mode [ 153.206059][ T6488] bridge_slave_1: entered promiscuous mode [ 153.320811][ T6488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.352136][ T6488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.238413][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 154.521287][ T6488] team0: Port device team_slave_0 added [ 155.562426][ T5852] Bluetooth: hci0: command tx timeout [ 156.060343][ T62] hsr_slave_0: left promiscuous mode [ 156.126892][ T62] hsr_slave_1: left promiscuous mode [ 156.175902][ T6613] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 156.357862][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.378671][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.432171][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.458406][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.564278][ T62] veth1_macvtap: left promiscuous mode [ 156.578589][ T62] veth0_macvtap: left promiscuous mode [ 156.592727][ T62] veth1_vlan: left promiscuous mode [ 156.607710][ T62] veth0_vlan: left promiscuous mode [ 156.618779][ T6619] loop4: detected capacity change from 0 to 2048 [ 156.732834][ T6619] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.753244][ T6619] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.056529][ T6623] loop4: detected capacity change from 0 to 256 [ 157.666724][ T5852] Bluetooth: hci0: command tx timeout [ 158.613849][ T6635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.169'. [ 159.020044][ T62] team0 (unregistering): Port device team_slave_1 removed [ 159.308122][ T62] team0 (unregistering): Port device team_slave_0 removed [ 160.172559][ T6488] team0: Port device team_slave_1 added [ 160.413163][ T5890] IPVS: starting estimator thread 0... [ 160.425070][ T6635] bond0: (slave bond_slave_0): Releasing backup interface [ 160.441075][ T6648] loop0: detected capacity change from 0 to 2048 [ 160.509754][ T6653] IPVS: using max 20 ests per chain, 48000 per kthread [ 160.547924][ T6648] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.613781][ T6648] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.882023][ T6488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.889050][ T6488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.028104][ T6488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 161.058235][ T6488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 161.113951][ T6488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.179644][ T6488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.537035][ T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 161.965712][ T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 161.985910][ T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 161.998445][ T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 162.007517][ T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 162.016940][ T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 162.236676][ T6488] hsr_slave_0: entered promiscuous mode [ 162.270857][ T6488] hsr_slave_1: entered promiscuous mode [ 162.285775][ T6648] loop0: detected capacity change from 0 to 256 [ 164.089725][ T5852] Bluetooth: hci5: command tx timeout [ 164.112338][ T6488] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 164.140491][ T6711] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 164.164993][ T6713] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 164.259049][ T6488] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 164.275532][ T6488] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 164.287554][ T6488] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 164.392696][ T6679] chnl_net:caif_netlink_parms(): no params data found [ 164.749163][ T6722] netlink: 68 bytes leftover after parsing attributes in process `syz.0.189'. [ 165.615265][ T6488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.715877][ T6488] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.767705][ T6679] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.800155][ T6679] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.828821][ T6679] bridge_slave_0: entered allmulticast mode [ 165.836989][ T6679] bridge_slave_0: entered promiscuous mode [ 165.880907][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.888137][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.954166][ T6679] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.964528][ T6679] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.973045][ T6679] bridge_slave_1: entered allmulticast mode [ 165.988386][ T6679] bridge_slave_1: entered promiscuous mode [ 166.020925][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.028244][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.173137][ T5852] Bluetooth: hci5: command tx timeout [ 166.214075][ T6679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.226175][ T6749] netlink: 44 bytes leftover after parsing attributes in process `syz.1.196'. [ 166.261274][ T6679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.130649][ T6679] team0: Port device team_slave_0 added [ 167.178518][ T29] audit: type=1326 audit(1733433205.624:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.192592][ T6679] team0: Port device team_slave_1 added [ 167.203035][ T29] audit: type=1326 audit(1733433205.624:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.261416][ T6761] loop1: detected capacity change from 0 to 512 [ 167.354669][ T29] audit: type=1326 audit(1733433205.624:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.397653][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.471096][ T29] audit: type=1326 audit(1733433205.624:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.472186][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.496366][ T29] audit: type=1326 audit(1733433205.624:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.521064][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.538823][ T6679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.564315][ T29] audit: type=1326 audit(1733433205.624:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.587557][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.595597][ T6763] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 167.620195][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.636759][ T6761] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.654503][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.689727][ T29] audit: type=1326 audit(1733433205.624:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.690690][ T6761] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.714005][ T6679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.792411][ T29] audit: type=1326 audit(1733433205.624:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.836555][ T29] audit: type=1326 audit(1733433205.624:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f99b437ff19 code=0x7ffc0000 [ 167.859646][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.862108][ T6488] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.887375][ T29] audit: type=1326 audit(1733433205.624:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6760 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f99b437ff53 code=0x7ffc0000 [ 167.909340][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.949626][ T6761] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 168.003322][ T6761] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 168.044076][ T6679] hsr_slave_0: entered promiscuous mode [ 168.100119][ T6761] EXT4-fs (loop1): This should not happen!! Data will be lost [ 168.100119][ T6761] [ 168.128859][ T6761] EXT4-fs (loop1): Total free blocks count 0 [ 168.145453][ T6679] hsr_slave_1: entered promiscuous mode [ 168.153927][ T6761] EXT4-fs (loop1): Free/Dirty block details [ 168.177519][ T6761] EXT4-fs (loop1): free_blocks=65280 [ 168.185606][ T6679] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.203929][ T6761] EXT4-fs (loop1): dirty_blocks=33 [ 168.209338][ T6761] EXT4-fs (loop1): Block reservation details [ 168.236562][ T6679] Cannot create hsr debugfs directory [ 168.242253][ T6761] EXT4-fs (loop1): i_reserved_data_blocks=33 [ 168.251927][ T5852] Bluetooth: hci5: command tx timeout [ 168.253696][ T6783] loop4: detected capacity change from 0 to 2048 [ 168.368695][ T6783] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.391485][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.642270][ T6769] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 168.867394][ T6798] netlink: 8 bytes leftover after parsing attributes in process `syz.4.201'. [ 169.007923][ T6798] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 169.527924][ T6679] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 169.662875][ T6679] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 169.685275][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.699669][ T6679] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 169.733007][ T6679] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 169.810005][ T5919] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 169.866275][ T6488] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.906249][ T6804] loop4: detected capacity change from 0 to 2048 [ 169.987460][ T6679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.011113][ T6679] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.023125][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.030458][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.053955][ T6811] loop1: detected capacity change from 0 to 16 [ 170.093899][ T6804] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.117731][ T6804] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.138739][ T6679] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 170.150162][ T6679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.193521][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.200998][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.206951][ T6811] erofs (device loop1): mounted with root inode @ nid 36. [ 170.269801][ T5919] usb 1-1: Using ep0 maxpacket: 32 [ 170.288121][ T5919] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 170.329989][ T5852] Bluetooth: hci5: command tx timeout [ 170.351407][ T5919] usb 1-1: config 0 has no interface number 0 [ 170.370260][ T5919] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.395974][ T5919] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.431953][ T5919] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 170.460515][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.497072][ T5919] usb 1-1: config 0 descriptor?? [ 170.605468][ T6804] loop4: detected capacity change from 0 to 256 [ 170.872643][ T6834] netlink: 44 bytes leftover after parsing attributes in process `syz.1.207'. [ 170.882392][ T6488] veth0_vlan: entered promiscuous mode [ 170.935571][ T6488] veth1_vlan: entered promiscuous mode [ 171.066139][ T6488] veth0_macvtap: entered promiscuous mode [ 171.103685][ T6488] veth1_macvtap: entered promiscuous mode [ 171.162814][ T6679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.186547][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.189154][ T5919] uclogic 0003:28BD:0094.0001: pen parameters not found [ 171.197882][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.197907][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.197926][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.197942][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.197957][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.197970][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.197986][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.199363][ T6488] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.257771][ T5919] uclogic 0003:28BD:0094.0001: interface is invalid, ignoring [ 171.265118][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.309873][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.320034][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.331077][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.341651][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.352478][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.362958][ T6488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.375136][ T6488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.386848][ T6488] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.397257][ T6488] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.406862][ T6488] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.416409][ T6488] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.425547][ T6488] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.524344][ T5919] usb 1-1: USB disconnect, device number 3 [ 171.567735][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 171.755272][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.797409][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.895737][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.950742][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.446167][ T6865] loop1: detected capacity change from 0 to 8 [ 173.084319][ T6679] veth0_vlan: entered promiscuous mode [ 173.168211][ T6867] loop5: detected capacity change from 0 to 256 [ 173.226332][ T6679] veth1_vlan: entered promiscuous mode [ 173.511937][ T6679] veth0_macvtap: entered promiscuous mode [ 173.553284][ T6679] veth1_macvtap: entered promiscuous mode [ 173.561523][ T6867] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 173.593337][ T6872] loop1: detected capacity change from 0 to 2048 [ 173.610893][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.656748][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.696850][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.716473][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.728097][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.740472][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.751307][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.762457][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.772737][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.783581][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.795199][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.814356][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.825303][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.836097][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.860355][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.880720][ T6872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.904942][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.924757][ T6872] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.950404][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.978570][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.119506][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.246004][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 174.246023][ T29] audit: type=1800 audit(1733433212.504:33): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.142" name="file0" dev="loop5" ino=1048607 res=0 errno=0 [ 174.329674][ T6679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.357501][ T6679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.372596][ T6872] fs-verity: sha512 using implementation "sha512-avx2" [ 174.430647][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.506805][ T6679] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.586120][ T6679] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.636260][ T6679] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.647446][ T6679] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.742645][ T6872] syz.1.214 (6872) used greatest stack depth: 16952 bytes left [ 174.829364][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.875635][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.906228][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.914978][ T6885] loop5: detected capacity change from 0 to 64 [ 174.950957][ T6885] ======================================================= [ 174.950957][ T6885] WARNING: The mand mount option has been deprecated and [ 174.950957][ T6885] and is ignored by this kernel. Remove the mand [ 174.950957][ T6885] option from the mount to silence this warning. [ 174.950957][ T6885] ======================================================= [ 175.057959][ T6862] loop4: detected capacity change from 0 to 32768 [ 175.068802][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.092589][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.151301][ T6862] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.213 (6862) [ 175.277303][ T6862] BTRFS error (device loop4): open_ctree failed [ 176.040826][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 176.133196][ T6904] loop5: detected capacity change from 0 to 1024 [ 176.199929][ T5891] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 176.308011][ T6904] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.433109][ T5891] usb 7-1: Using ep0 maxpacket: 32 [ 176.518776][ T5891] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 176.532111][ T5891] usb 7-1: config 0 has no interface number 0 [ 176.540263][ T5891] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.551554][ T5891] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.561489][ T5891] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 176.570940][ T5891] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.610774][ T5891] usb 7-1: config 0 descriptor?? [ 176.812778][ T5852] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 176.827390][ T5852] Bluetooth: hci4: Injecting HCI hardware error event [ 176.840867][ T5852] Bluetooth: hci4: hardware error 0x00 [ 176.860271][ T6929] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.421264][ T5891] uclogic 0003:28BD:0094.0002: pen parameters not found [ 177.428395][ T5891] uclogic 0003:28BD:0094.0002: interface is invalid, ignoring [ 177.469684][ T5891] usb 7-1: USB disconnect, device number 2 [ 179.217319][ T5852] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 179.423436][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 181.137117][ T6988] loop7: detected capacity change from 0 to 1036 [ 181.285208][ T6971] loop1: detected capacity change from 0 to 40427 [ 181.348979][ T6971] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1fffff [ 181.406171][ T6971] F2FS-fs (loop1): invalid crc value [ 181.980777][ T6989] loop6: detected capacity change from 0 to 2048 [ 182.006052][ T6971] F2FS-fs (loop1): Found nat_bits in checkpoint [ 182.383813][ T6989] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.422911][ T6971] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 183.144956][ T7006] UDF-fs: error (device loop6): udf_read_inode: (ino 1345) failed !bh [ 183.360668][ T7001] IPv6: Can't replace route, no match found [ 184.262948][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 186.862766][ T7047] loop1: detected capacity change from 0 to 164 [ 187.090594][ T7053] loop6: detected capacity change from 0 to 2048 [ 187.206744][ T7053] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.279911][ T7053] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 187.786054][ T7077] loop5: detected capacity change from 0 to 512 [ 187.830609][ T7077] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 187.845264][ T6679] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.856757][ T7077] System zones: 0-2, 18-18, 34-35 [ 187.875805][ T7077] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.908369][ T7077] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.254903][ T6488] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.421098][ T7070] loop1: detected capacity change from 0 to 32768 [ 189.445310][ T7090] loop0: detected capacity change from 0 to 4096 [ 189.857605][ T7090] NILFS (loop0): invalid segment: Checksum error in segment payload [ 189.892590][ T7070] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 190.145000][ T7090] NILFS (loop0): trying rollback from an earlier position [ 190.960534][ T7090] NILFS (loop0): recovery complete [ 190.982023][ T7106] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.403309][ T5851] ocfs2: Unmounting device (7,1) on (node local) [ 192.406547][ T7144] rtc_cmos 00:00: Alarms can be up to one day in the future [ 193.690196][ T7133] loop1: detected capacity change from 0 to 32768 [ 193.785918][ T7132] loop0: detected capacity change from 0 to 32768 [ 193.795714][ T7132] XFS: attr2 mount option is deprecated. [ 193.823876][ T7151] vlan3: entered promiscuous mode [ 193.830225][ T7151] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 194.656054][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.663176][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.914483][ T7132] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 194.960533][ T7133] workqueue: Failed to create a rescuer kthread for wq "bcachefs_journal": -EINTR [ 194.960703][ T7133] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 195.004913][ T7132] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop0": -EINTR [ 195.021356][ T7132] XFS (loop0): log mount failed [ 195.432648][ T7133] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc [ 196.245684][ T7204] loop1: detected capacity change from 0 to 1024 [ 196.602149][ T7204] EXT4-fs (loop1): Test dummy encryption mode enabled [ 196.834761][ T7193] loop4: detected capacity change from 0 to 32768 [ 196.876156][ T7204] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.931709][ T7193] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.288 (7193) [ 197.097876][ T7193] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 197.230506][ T7193] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 197.296930][ T7193] BTRFS info (device loop4): using free-space-tree [ 197.390284][ T7204] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 197.806076][ T5851] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.945466][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 200.777507][ T7288] loop4: detected capacity change from 0 to 2048 [ 200.886467][ T7286] batman_adv: batadv0: Adding interface: vxlan0 [ 200.910792][ T7288] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c018, mo2=0102] [ 200.999713][ T7288] System zones: 0-7 [ 201.007232][ T7288] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.046016][ T7286] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.630184][ T7300] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 201.835796][ T7286] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 202.129943][ T7295] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.922694][ T1102] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1178 with error 28 [ 202.949571][ T1102] EXT4-fs (loop4): This should not happen!! Data will be lost [ 202.949571][ T1102] [ 202.959333][ T1102] EXT4-fs (loop4): Total free blocks count 0 [ 202.979924][ T1102] EXT4-fs (loop4): Free/Dirty block details [ 202.986026][ T1102] EXT4-fs (loop4): free_blocks=2415919104 [ 203.002068][ T1102] EXT4-fs (loop4): dirty_blocks=1184 [ 203.007825][ T1102] EXT4-fs (loop4): Block reservation details [ 203.014482][ T1102] EXT4-fs (loop4): i_reserved_data_blocks=74 [ 203.377939][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.455614][ T7322] loop0: detected capacity change from 0 to 64 [ 205.702733][ T7340] loop1: detected capacity change from 0 to 8 [ 207.819873][ T7360] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 208.042334][ T7361] capability: warning: `syz.4.316' uses 32-bit capabilities (legacy support in use) [ 208.359641][ T46] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 208.463601][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.319'. [ 208.509567][ T46] usb 6-1: device descriptor read/64, error -71 [ 208.751958][ T46] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 208.999870][ T46] usb 6-1: device descriptor read/64, error -71 [ 209.353565][ T7389] loop6: detected capacity change from 0 to 32768 [ 209.369748][ T46] usb usb6-port1: attempt power cycle [ 209.890350][ T46] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 209.989603][ T46] usb 6-1: device descriptor read/8, error -71 [ 210.184578][ T7392] loop0: detected capacity change from 0 to 32768 [ 210.390168][ T7392] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.324 (7392) [ 210.458921][ T7392] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 210.508565][ T7392] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 210.559164][ T7392] BTRFS info (device loop0): using free-space-tree [ 210.699578][ T46] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 210.754201][ T46] usb 6-1: device descriptor read/8, error -71 [ 210.845678][ T5838] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 211.066843][ T7435] loop6: detected capacity change from 0 to 8 [ 211.083906][ T46] usb usb6-port1: unable to enumerate USB device [ 211.144985][ T7435] unable to read xattr id index table [ 211.541720][ T7441] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 212.102459][ T5852] Bluetooth: hci3: command 0x0406 tx timeout [ 212.115267][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 212.124063][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 212.434748][ T7457] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 213.396435][ T7457] netlink: 988 bytes leftover after parsing attributes in process `syz.4.336'. [ 215.879870][ T7486] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 217.289922][ T7497] netlink: 20 bytes leftover after parsing attributes in process `syz.5.350'. [ 217.363465][ T7496] loop1: detected capacity change from 0 to 4096 [ 217.450133][ T7496] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 218.170125][ T7501] loop5: detected capacity change from 0 to 40427 [ 218.224867][ T7501] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x7 [ 218.238694][ T7501] F2FS-fs (loop5): invalid crc value [ 218.252059][ T7501] F2FS-fs (loop5): Found nat_bits in checkpoint [ 218.511649][ T7501] F2FS-fs (loop5): Start checkpoint disabled! [ 218.565013][ T7501] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 218.675867][ T7501] syz.5.352: attempt to access beyond end of device [ 218.675867][ T7501] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 219.191287][ T52] kworker/u8:3: attempt to access beyond end of device [ 219.191287][ T52] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 219.248133][ T52] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 219.276456][ T52] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 219.284162][ T7526] netlink: 20 bytes leftover after parsing attributes in process `syz.1.362'. [ 219.743788][ T7513] loop6: detected capacity change from 0 to 32768 [ 219.769252][ T7513] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.357 (7513) [ 219.848859][ T7513] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 219.886671][ T7513] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 219.919565][ T5891] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 219.929745][ T7513] BTRFS info (device loop6): using free-space-tree [ 220.220437][ T5891] usb 2-1: Using ep0 maxpacket: 16 [ 220.230222][ T5891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 220.241851][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 220.384469][ T5891] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 220.394645][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.408873][ T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 220.409539][ T5891] usb 2-1: Product: syz [ 220.420571][ T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 220.433102][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 220.443203][ T55] Workqueue: hci2 hci_rx_work [ 220.447958][ T55] Call Trace: [ 220.451285][ T55] [ 220.454351][ T55] dump_stack_lvl+0x241/0x360 [ 220.459088][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.464378][ T55] ? __pfx__printk+0x10/0x10 [ 220.469303][ T55] ? __kmalloc_cache_noprof+0x243/0x390 [ 220.474912][ T55] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 220.478638][ T5891] usb 2-1: Manufacturer: syz [ 220.480227][ T55] sysfs_create_dir_ns+0x2ce/0x3a0 [ 220.480261][ T55] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 220.480297][ T55] kobject_add_internal+0x435/0x8d0 [ 220.489515][ T5891] usb 2-1: SerialNumber: syz [ 220.490128][ T55] kobject_add+0x152/0x220 [ 220.510171][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 220.515437][ T55] ? device_add+0x3e7/0xbf0 [ 220.519998][ T55] ? __pfx_kobject_add+0x10/0x10 [ 220.524987][ T55] ? _raw_spin_unlock+0x28/0x50 [ 220.529892][ T55] ? get_device_parent+0x165/0x410 [ 220.535058][ T55] device_add+0x4e5/0xbf0 [ 220.539450][ T55] hci_conn_add_sysfs+0xe8/0x200 [ 220.544414][ T55] le_conn_complete_evt+0xc9f/0x12e0 [ 220.549744][ T55] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 220.555501][ T55] ? __mutex_unlock_slowpath+0x21e/0x790 [ 220.561172][ T55] ? __pfx___mutex_lock+0x10/0x10 [ 220.566222][ T55] ? skb_pull_data+0x112/0x230 [ 220.571036][ T55] hci_le_conn_complete_evt+0x18c/0x420 [ 220.576611][ T55] hci_event_packet+0xa55/0x1540 [ 220.581609][ T55] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 220.586942][ T55] ? __pfx_hci_event_packet+0x10/0x10 [ 220.592392][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 220.597639][ T55] ? hci_send_to_monitor+0xd8/0x7f0 [ 220.602877][ T55] ? kcov_remote_start+0x97/0x7d0 [ 220.607960][ T55] hci_rx_work+0x3f3/0xdb0 [ 220.612422][ T55] ? process_scheduled_works+0x976/0x1840 [ 220.618180][ T55] process_scheduled_works+0xa66/0x1840 [ 220.623783][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 220.629979][ T55] ? assign_work+0x364/0x3d0 [ 220.634606][ T55] worker_thread+0x870/0xd30 [ 220.639225][ T55] ? __kthread_parkme+0x169/0x1d0 [ 220.644272][ T55] ? __pfx_worker_thread+0x10/0x10 [ 220.649427][ T55] kthread+0x2f0/0x390 [ 220.653531][ T55] ? __pfx_worker_thread+0x10/0x10 [ 220.658672][ T55] ? __pfx_kthread+0x10/0x10 [ 220.663286][ T55] ret_from_fork+0x4b/0x80 [ 220.667810][ T55] ? __pfx_kthread+0x10/0x10 [ 220.672431][ T55] ret_from_fork_asm+0x1a/0x30 [ 220.677259][ T55] [ 220.682471][ T55] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 220.697994][ T55] Bluetooth: hci2: failed to register connection device [ 220.909574][ T5891] usb 2-1: 0:2 : does not exist [ 220.948744][ T7541] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 220.957113][ T5891] usb 2-1: USB disconnect, device number 4 [ 221.063166][ T7532] loop4: detected capacity change from 0 to 32768 [ 221.076488][ T7532] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.364 (7532) [ 221.104350][ T6679] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 221.139711][ T7532] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 221.150641][ T7532] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 221.160832][ T7532] BTRFS info (device loop4): using free-space-tree [ 221.202112][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 221.855872][ T29] audit: type=1326 audit(1733433260.304:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7578 comm="syz.1.370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99b437ff19 code=0x0 [ 221.897881][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 222.162837][ T7585] loop6: detected capacity change from 0 to 1024 [ 223.850400][ T7585] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.035646][ T7585] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.023379][ T7585] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 46 with max blocks 1 with error 28 [ 225.038336][ T7585] EXT4-fs (loop6): This should not happen!! Data will be lost [ 225.038336][ T7585] [ 225.048400][ T7585] EXT4-fs (loop6): Total free blocks count 0 [ 225.054564][ T7585] EXT4-fs (loop6): Free/Dirty block details [ 225.062678][ T7585] EXT4-fs (loop6): free_blocks=0 [ 225.067862][ T7585] EXT4-fs (loop6): dirty_blocks=0 [ 225.073207][ T7585] EXT4-fs (loop6): Block reservation details [ 225.079596][ T7585] EXT4-fs (loop6): i_reserved_data_blocks=0 [ 225.358995][ T7610] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 47 with max blocks 1 with error 28 [ 226.253148][ T7616] loop1: detected capacity change from 0 to 2048 [ 226.797816][ T7621] loop6: detected capacity change from 0 to 32768 [ 226.837873][ T7616] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.856605][ T7616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.876446][ T7621] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.382 (7621) [ 226.918979][ T7621] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 226.946588][ T7621] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 226.956353][ T7621] BTRFS info (device loop6): using free-space-tree [ 227.101165][ T7632] loop1: detected capacity change from 0 to 256 [ 229.174047][ T6679] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 231.627025][ T7674] loop6: detected capacity change from 0 to 2048 [ 232.688147][ T7689] loop0: detected capacity change from 0 to 8 [ 232.865619][ T7674] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.926436][ T7674] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.250533][ T5891] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 234.104507][ T6679] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.220218][ T7706] loop1: detected capacity change from 0 to 2048 [ 234.228072][ T5891] usb 5-1: Using ep0 maxpacket: 16 [ 234.239345][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.250507][ T5891] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 234.270548][ T5891] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 234.280555][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.299896][ T5891] usb 5-1: Product: syz [ 234.317468][ T5891] usb 5-1: Manufacturer: syz [ 234.331887][ T5891] usb 5-1: SerialNumber: syz [ 234.411736][ T7706] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.426001][ T7706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.768356][ T7709] loop5: detected capacity change from 0 to 40427 [ 234.785435][ T7709] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x7 [ 234.796410][ T5891] usb 5-1: 0:2 : does not exist [ 234.810305][ T7709] F2FS-fs (loop5): invalid crc value [ 234.824916][ T5891] usb 5-1: USB disconnect, device number 4 [ 234.859311][ T7709] F2FS-fs (loop5): Found nat_bits in checkpoint [ 234.891918][ T7720] loop1: detected capacity change from 0 to 256 [ 235.020559][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.125915][ T7709] F2FS-fs (loop5): Start checkpoint disabled! [ 235.208343][ T7709] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 235.450437][ T7715] loop6: detected capacity change from 0 to 32768 [ 235.729655][ T7729] syz.5.404: attempt to access beyond end of device [ 235.729655][ T7729] loop5: rw=2049, sector=53248, nr_sectors = 256 limit=40427 [ 235.746273][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.753412][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.760625][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.767563][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.774643][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.781806][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.789574][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.796587][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.803974][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.812139][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.820092][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.827181][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.834283][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.841468][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.848576][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.855699][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.863137][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.870315][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.877305][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.884509][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.892253][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.899369][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.906529][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.914296][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.949241][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.956841][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.963859][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.970843][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.977749][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.984909][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.992549][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 235.999573][ T7729] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 237.222515][ T7715] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 237.393489][ T7715] XFS (loop6): Ending clean mount [ 237.474223][ T7715] XFS (loop6): Quotacheck needed: Please wait. [ 237.617898][ T7715] XFS (loop6): Quotacheck: Done. [ 237.784640][ T6679] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 237.939117][ T7745] loop0: detected capacity change from 0 to 32768 [ 238.003472][ T7753] loop5: detected capacity change from 0 to 512 [ 238.492950][ T7753] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 238.522871][ T7753] System zones: 0-2, 18-18, 34-35 [ 238.728463][ T7753] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.766103][ T7753] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.812572][ T7745] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 239.619214][ T7745] XFS (loop0): Ending clean mount [ 239.706659][ T7745] XFS (loop0): Quotacheck needed: Please wait. [ 239.875484][ T6488] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.950233][ T7745] XFS (loop0): Quotacheck: Done. [ 240.248462][ T7777] loop4: detected capacity change from 0 to 1024 [ 240.307771][ T7777] hfsplus: creator requires a 4 character value [ 240.360884][ T5838] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 242.696082][ T5846] Bluetooth: hci2: unexpected event for opcode 0x0403 [ 242.738729][ T7786] loop5: detected capacity change from 0 to 32768 [ 243.516899][ T7786] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=ask,norecovery,nojournal_transaction_names,noexcl,reconstruct_alloc,nocow,no_data_io [ 243.594943][ T7786] bcachefs (loop5): recovering from clean shutdown, journal seq 3338 [ 243.619848][ T7786] bcachefs (loop5): Version upgrade required: [ 243.619848][ T7786] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 243.619848][ T7786] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 243.619848][ T7786] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 243.745304][ T7786] bcachefs (loop5): dropping and reconstructing all alloc info [ 243.761796][ T7786] bcachefs (loop5): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR [ 243.789680][ T7786] bcachefs (loop5): bch2_fs_recovery(): error EINTR [ 243.796471][ T7786] bcachefs (loop5): bch2_fs_start(): error starting filesystem EINTR [ 243.831366][ T7786] bcachefs (loop5): shutting down [ 243.861774][ T7786] bcachefs (loop5): shutdown complete [ 244.142757][ T7811] loop6: detected capacity change from 0 to 32768 [ 244.288321][ T7811] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 246.598962][ T6679] ocfs2: Unmounting device (7,6) on (node local) [ 247.239779][ T5891] IPVS: starting estimator thread 0... [ 247.360005][ T7847] IPVS: using max 20 ests per chain, 48000 per kthread [ 247.669930][ T5891] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 248.145125][ T5891] usb 7-1: Using ep0 maxpacket: 16 [ 248.161439][ T5891] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.197529][ T5891] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 248.276158][ T5891] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 248.295555][ T5891] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.329385][ T5891] usb 7-1: Product: syz [ 248.356439][ T5891] usb 7-1: Manufacturer: syz [ 248.369492][ T5891] usb 7-1: SerialNumber: syz [ 248.568792][ T7859] loop0: detected capacity change from 0 to 1024 [ 248.590788][ T7859] hfsplus: creator requires a 4 character value [ 248.641192][ T5891] usb 7-1: 0:2 : does not exist [ 248.700419][ T5891] usb 7-1: USB disconnect, device number 3 [ 249.023173][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 249.279079][ T7786] bcachefs: bch2_fs_get_tree() error: EINTR [ 249.381689][ T7857] loop4: detected capacity change from 0 to 40427 [ 249.578707][ T7857] F2FS-fs (loop4): invalid crc value [ 249.706116][ T7857] F2FS-fs (loop4): Found nat_bits in checkpoint [ 250.070332][ T7857] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 250.371277][ T7880] loop6: detected capacity change from 0 to 64 [ 251.956114][ T5847] syz-executor: attempt to access beyond end of device [ 251.956114][ T5847] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 251.974236][ T5847] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 252.615904][ T5891] IPVS: starting estimator thread 0... [ 252.739716][ T7896] IPVS: using max 17 ests per chain, 40800 per kthread [ 254.173773][ T7907] loop6: detected capacity change from 0 to 2048 [ 254.371271][ T7907] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.440457][ T7907] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.674288][ T6679] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.891011][ T5846] Bluetooth: hci2: unexpected event for opcode 0x0403 [ 254.930437][ T7930] syz.1.452: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 254.930749][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.1.452 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 254.930777][ T7930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 254.930792][ T7930] Call Trace: [ 254.930802][ T7930] [ 254.930813][ T7930] dump_stack_lvl+0x241/0x360 [ 254.930855][ T7930] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.930889][ T7930] ? __pfx__printk+0x10/0x10 [ 254.930933][ T7930] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 254.930968][ T7930] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 254.931005][ T7930] warn_alloc+0x278/0x410 [ 254.931042][ T7930] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 254.931078][ T7930] ? __pfx_warn_alloc+0x10/0x10 [ 254.931115][ T7930] ? kasan_save_track+0x3f/0x80 [ 254.931138][ T7930] ? __kasan_kmalloc+0x98/0xb0 [ 254.931163][ T7930] ? xsk_setsockopt+0x598/0x950 [ 254.931198][ T7930] ? do_sock_setsockopt+0x3af/0x720 [ 254.931234][ T7930] ? __x64_sys_setsockopt+0x1ee/0x280 [ 254.931269][ T7930] ? do_syscall_64+0xf3/0x230 [ 254.931298][ T7930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.931339][ T7930] __vmalloc_node_range_noprof+0x126/0x1380 [ 254.931406][ T7930] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 254.931448][ T7930] ? __kasan_kmalloc+0x98/0xb0 [ 254.931481][ T7930] vmalloc_user_noprof+0x74/0x80 [ 254.931517][ T7930] ? xskq_create+0xb6/0x170 [ 254.931539][ T7930] xskq_create+0xb6/0x170 [ 254.931566][ T7930] xsk_init_queue+0xa1/0x100 [ 254.931605][ T7930] xsk_setsockopt+0x598/0x950 [ 254.931644][ T7930] ? __pfx_xsk_setsockopt+0x10/0x10 [ 254.931680][ T7930] ? __pfx_aa_sk_perm+0x10/0x10 [ 254.931715][ T7930] ? __pfx_lock_acquire+0x10/0x10 [ 254.931739][ T7930] ? aa_sock_opt_perm+0x79/0x120 [ 254.931776][ T7930] ? __pfx_xsk_setsockopt+0x10/0x10 [ 254.931811][ T7930] do_sock_setsockopt+0x3af/0x720 [ 254.931854][ T7930] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 254.931904][ T7930] ? __fget_files+0x395/0x410 [ 254.931935][ T7930] ? __fget_files+0x2a/0x410 [ 254.931976][ T7930] __x64_sys_setsockopt+0x1ee/0x280 [ 254.932020][ T7930] do_syscall_64+0xf3/0x230 [ 254.932050][ T7930] ? clear_bhb_loop+0x35/0x90 [ 254.932086][ T7930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.932116][ T7930] RIP: 0033:0x7f99b437ff19 [ 254.932146][ T7930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.932167][ T7930] RSP: 002b:00007f99b50f5058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 254.932195][ T7930] RAX: ffffffffffffffda RBX: 00007f99b4546080 RCX: 00007f99b437ff19 [ 254.932215][ T7930] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 254.932231][ T7930] RBP: 00007f99b43f3986 R08: 0000000000000020 R09: 0000000000000000 [ 254.932248][ T7930] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 254.932265][ T7930] R13: 0000000000000001 R14: 00007f99b4546080 R15: 00007ffdb9099298 [ 254.932299][ T7930] [ 254.932310][ T7930] Mem-Info: [ 254.932328][ T7930] active_anon:11286 inactive_anon:944 isolated_anon:0 [ 254.932328][ T7930] active_file:14067 inactive_file:38265 isolated_file:0 [ 254.932328][ T7930] unevictable:768 dirty:178 writeback:0 [ 254.932328][ T7930] slab_reclaimable:10661 slab_unreclaimable:102467 [ 254.932328][ T7930] mapped:41227 shmem:7414 pagetables:1040 [ 254.932328][ T7930] sec_pagetables:0 bounce:0 [ 254.932328][ T7930] kernel_misc_reclaimable:0 [ 254.932328][ T7930] free:1304432 free_pcp:284 free_cma:0 [ 254.932391][ T7930] Node 0 active_anon:45144kB inactive_anon:3776kB active_file:56268kB inactive_file:152988kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:164908kB dirty:712kB writeback:0kB shmem:28120kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11924kB pagetables:4160kB sec_pagetables:0kB all_unreclaimable? no [ 254.932453][ T7930] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 254.932511][ T7930] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 254.932575][ T7930] lowmem_reserve[]: 0 2465 2466 0 0 [ 254.932632][ T7930] Node 0 DMA32 free:1299236kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:45112kB inactive_anon:3772kB active_file:56268kB inactive_file:152156kB unevictable:1536kB writepending:712kB present:3129332kB managed:2552772kB mlocked:0kB bounce:0kB free_pcp:876kB local_pcp:820kB free_cma:0kB [ 254.932700][ T7930] lowmem_reserve[]: 0 0 0 0 0 [ 254.932753][ T7930] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:32kB inactive_anon:4kB active_file:0kB inactive_file:832kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 254.932816][ T7930] lowmem_reserve[]: 0 0 0 0 0 [ 254.932870][ T7930] Node 1 Normal free:3903132kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 254.932942][ T7930] lowmem_reserve[]: 0 0 0 0 0 [ 254.932996][ T7930] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 254.933186][ T7930] Node 0 DMA32: 458*4kB (UME) 421*8kB (UME) 522*16kB (UME) 306*32kB (UME) 143*64kB (UME) 98*128kB (UME) 47*256kB (UME) 12*512kB (UM) 11*1024kB (UME) 10*2048kB (UME) 294*4096kB (UM) = 1299184kB [ 254.933429][ T7930] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 254.933580][ T7930] Node 1 Normal: 191*4kB (UE) 44*8kB (UME) 42*16kB (UME) 223*32kB (UME) 91*64kB (UME) 26*128kB (UME) 14*256kB (UME) 11*512kB (UME) 7*1024kB (UM) 5*2048kB (UE) 942*4096kB (M) = 3903132kB [ 254.933826][ T7930] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 254.933848][ T7930] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 254.933868][ T7930] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 254.933889][ T7930] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 254.933918][ T7930] 59745 total pagecache pages [ 254.933929][ T7930] 0 pages in swap cache [ 254.933939][ T7930] Free swap = 124700kB [ 254.933951][ T7930] Total swap = 124996kB [ 254.933962][ T7930] 2097051 pages RAM [ 254.933973][ T7930] 0 pages HighMem/MovableOnly [ 254.933983][ T7930] 427008 pages reserved [ 254.933994][ T7930] 0 pages cma reserved [ 256.302403][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.302504][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.363584][ T29] audit: type=1326 audit(1733433293.994:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7931 comm="syz.0.455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4fff7ff19 code=0x0 [ 257.347508][ T7927] loop6: detected capacity change from 0 to 40427 [ 257.377489][ T55] Bluetooth: hci5: command 0x0405 tx timeout [ 257.438445][ T7927] F2FS-fs (loop6): invalid crc value [ 257.453892][ T7927] F2FS-fs (loop6): Found nat_bits in checkpoint [ 257.497799][ T7954] loop5: detected capacity change from 0 to 1024 [ 257.593073][ T7927] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 257.611954][ T7954] hfsplus: creator requires a 4 character value [ 259.205467][ T6679] syz-executor: attempt to access beyond end of device [ 259.205467][ T6679] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 259.237814][ T6679] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 259.247817][ T7968] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.462'. [ 262.045577][ T7981] loop4: detected capacity change from 0 to 32768 [ 262.084226][ T7995] netlink: 36 bytes leftover after parsing attributes in process `syz.1.472'. [ 262.124986][ T7981] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.467 (7981) [ 262.362669][ T7983] loop0: detected capacity change from 0 to 32768 [ 262.380566][ T7981] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 262.419180][ T7981] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 262.459683][ T7981] BTRFS info (device loop4): using free-space-tree [ 262.502083][ T7983] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.468 (7983) [ 262.540425][ T7997] loop1: detected capacity change from 0 to 40427 [ 262.558156][ T7997] F2FS-fs (loop1): invalid crc value [ 262.731364][ T7983] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 262.763035][ T7997] F2FS-fs (loop1): Found nat_bits in checkpoint [ 262.842568][ T7983] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 262.884605][ T7983] BTRFS info (device loop0): using free-space-tree [ 262.892250][ T7997] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 263.139945][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 264.036140][ T5851] syz-executor: attempt to access beyond end of device [ 264.036140][ T5851] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 264.065637][ T5851] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 264.229286][ T7983] BTRFS error (device loop0): open_ctree failed [ 268.634747][ T8070] loop4: detected capacity change from 0 to 32768 [ 268.686598][ T8070] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.484 (8070) [ 268.808740][ T8070] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 268.820248][ T8070] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 268.887853][ T8086] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 269.257499][ T8070] BTRFS info (device loop4): using free-space-tree [ 269.498645][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 269.509991][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 269.574575][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 269.661908][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 269.720240][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 269.729899][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 269.749891][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 269.770015][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 269.790024][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 269.809864][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 269.829874][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 269.849930][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 269.869851][ T8070] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 270.023400][ T8070] BTRFS error (device loop4): open_ctree failed [ 273.024837][ T8135] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 273.630677][ T55] Bluetooth: hci0: command 0x0406 tx timeout [ 274.299365][ T8143] loop0: detected capacity change from 0 to 1024 [ 276.211742][ T12] hfsplus: b-tree write err: -5, ino 4 [ 276.530046][ T8141] loop5: detected capacity change from 0 to 32768 [ 277.084213][ T8161] loop4: detected capacity change from 0 to 32768 [ 277.093708][ T8161] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.507 (8161) [ 277.122566][ T8161] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 277.133274][ T8161] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 277.142334][ T8161] BTRFS info (device loop4): using free-space-tree [ 277.238107][ T8141] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 277.409018][ T8141] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 277.459128][ T8141] bcachefs (loop5): Version upgrade required: [ 277.459128][ T8141] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 277.459128][ T8141] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 277.459128][ T8141] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 277.540369][ T8141] bcachefs (loop5): dropping and reconstructing all alloc info [ 277.554818][ T8141] bcachefs (loop5): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR [ 277.619656][ T8141] bcachefs (loop5): bch2_fs_recovery(): error EINTR [ 277.649310][ T8141] bcachefs (loop5): bch2_fs_start(): error starting filesystem EINTR [ 277.693775][ T8141] bcachefs (loop5): shutting down [ 277.770035][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 277.827549][ T8141] bcachefs (loop5): shutdown complete [ 278.104854][ T8195] loop0: detected capacity change from 0 to 32768 [ 278.551661][ T8195] [ 278.551661][ T8195] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.551661][ T8195] [ 278.800631][ T8195] [ 278.800631][ T8195] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.800631][ T8195] [ 278.874963][ T8195] [ 278.874963][ T8195] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.874963][ T8195] [ 278.948564][ T115] [ 278.948564][ T115] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.948564][ T115] [ 278.989882][ T8204] [ 278.989882][ T8204] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.989882][ T8204] [ 279.003953][ T8204] [ 279.003953][ T8204] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.003953][ T8204] [ 279.016255][ T8204] [ 279.016255][ T8204] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.016255][ T8204] [ 279.060149][ T8204] [ 279.060149][ T8204] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.060149][ T8204] [ 279.260733][ T8202] loop6: detected capacity change from 0 to 32768 [ 279.277249][ T114] [ 279.277249][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.277249][ T114] [ 279.288542][ T8202] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.513 (8202) [ 279.321976][ T8202] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 279.375910][ T5838] [ 279.375910][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.375910][ T5838] [ 279.388831][ T8202] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 279.407884][ T8202] BTRFS info (device loop6): using free-space-tree [ 279.509803][ T5838] [ 279.509803][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.509803][ T5838] [ 280.521727][ T8225] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 281.560881][ T8202] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 281.561330][ T8202] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 281.592165][ T8202] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 281.850328][ T8202] BTRFS error (device loop6): open_ctree failed [ 283.105953][ T8141] bcachefs: bch2_fs_get_tree() error: EINTR [ 283.187345][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'. [ 284.410027][ T8252] dccp_xmit_packet: Payload too large (65475) for featneg. [ 285.275547][ T8255] loop0: detected capacity change from 0 to 32768 [ 287.144934][ T8255] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 287.709994][ T8281] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 288.233190][ T8255] XFS (loop0): Ending clean mount [ 288.260471][ T8255] XFS (loop0): Quotacheck needed: Please wait. [ 288.450470][ T8255] XFS (loop0): Quotacheck: Done. [ 288.467820][ T8286] loop4: detected capacity change from 0 to 128 [ 288.560140][ T8286] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 288.732216][ T8286] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 288.822946][ T5838] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 289.117912][ T5839] Bluetooth: hci5: command 0x0405 tx timeout [ 289.493308][ T8291] loop5: detected capacity change from 0 to 512 [ 289.678301][ T8291] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 289.686979][ T8291] System zones: 0-2, 18-18, 34-34 [ 289.729736][ T8291] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.532: bg 0: block 248: padding at end of block bitmap is not set [ 289.789689][ T8301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.533'. [ 289.866878][ T8291] Quota error (device loop5): write_blk: dquota write failed [ 289.877771][ T8291] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 289.890103][ T8291] EXT4-fs error (device loop5): ext4_acquire_dquot:6924: comm syz.5.532: Failed to acquire dquot type 1 [ 289.966866][ T8291] EXT4-fs (loop5): 1 truncate cleaned up [ 290.005540][ T8291] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.093432][ T8291] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 291.706525][ T8322] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 292.775775][ T29] audit: type=1800 audit(1733433331.224:36): pid=8291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.532" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 293.329058][ T8325] syz.5.532 (8325): drop_caches: 2 [ 294.352603][ T8340] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 295.090983][ T8332] loop6: detected capacity change from 0 to 32768 [ 295.159890][ T6488] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.184807][ T8332] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.543 (8332) [ 295.208757][ T8332] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 295.209195][ T8332] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm [ 295.209299][ T8332] BTRFS info (device loop6): using free-space-tree [ 296.132771][ T8332] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 296.278260][ T8332] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 296.278534][ T8332] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 296.569251][ T8332] BTRFS error (device loop6): open_ctree failed [ 297.392043][ T8384] netlink: 'syz.0.557': attribute type 10 has an invalid length. [ 297.454276][ T8384] netlink: 40 bytes leftover after parsing attributes in process `syz.0.557'. [ 297.624658][ T8384] team0: Port device geneve0 added [ 297.971538][ T8393] loop4: detected capacity change from 0 to 2048 [ 298.059591][ T8393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 298.072455][ T8393] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 298.489729][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.569496][ T8437] loop1: detected capacity change from 0 to 8 [ 303.391092][ T8432] netlink: 'syz.4.569': attribute type 10 has an invalid length. [ 303.665615][ T8432] netlink: 40 bytes leftover after parsing attributes in process `syz.4.569'. [ 303.683355][ T8447] loop0: detected capacity change from 0 to 2048 [ 303.806157][ T8447] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 304.547677][ T8447] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.594765][ T8432] team0: Port device geneve0 added [ 304.859462][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.941805][ T8463] loop0: detected capacity change from 0 to 8 [ 305.083512][ T8463] SQUASHFS error: Unable to read directory block [631:72] [ 306.607120][ T8473] delete_channel: no stack [ 308.926505][ T8507] netlink: 'syz.5.588': attribute type 10 has an invalid length. [ 308.946741][ T8507] netlink: 40 bytes leftover after parsing attributes in process `syz.5.588'. [ 308.973202][ T8509] loop6: detected capacity change from 0 to 2048 [ 308.996749][ T8507] team0: Port device geneve0 added [ 309.095792][ T8509] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.109002][ T8509] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 309.168352][ T8517] loop4: detected capacity change from 0 to 8 [ 309.228012][ T8519] loop5: detected capacity change from 0 to 1024 [ 309.349805][ T6679] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.359438][ T8517] SQUASHFS error: Unable to read directory block [631:72] [ 309.360261][ T12] hfsplus: b-tree write err: -5, ino 4 [ 309.642649][ T30] INFO: task syz.3.138:6474 blocked for more than 143 seconds. [ 309.657913][ T30] Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 309.680041][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 310.545476][ T30] task:syz.3.138 state:D stack:21040 pid:6474 tgid:6473 ppid:5837 flags:0x00004004 [ 310.556317][ T30] Call Trace: [ 310.559746][ T30] [ 310.563282][ T30] __schedule+0x189f/0x4c80 [ 310.572930][ T30] ? __pfx___schedule+0x10/0x10 [ 310.579666][ T30] ? __pfx_lock_release+0x10/0x10 [ 310.588571][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 310.595883][ T30] ? schedule+0x90/0x320 [ 310.602777][ T30] schedule+0x14b/0x320 [ 310.607736][ T30] bit_wait+0x12/0xd0 [ 310.627255][ T30] __wait_on_bit+0xb0/0x2f0 [ 310.665211][ T30] ? __pfx_bit_wait+0x10/0x10 [ 310.670093][ T30] out_of_line_wait_on_bit+0x1d5/0x260 [ 310.676491][ T30] ? __pfx_bit_wait+0x10/0x10 [ 310.681430][ T30] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 310.687473][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 310.693428][ T30] ? iov_iter_iovec_advance+0x1fc/0x2c0 [ 310.699045][ T30] netfs_unbuffered_read_iter_locked+0xd83/0x1540 [ 310.707636][ T30] netfs_unbuffered_read_iter+0xbf/0xe0 [ 310.713899][ T30] __kernel_read+0x513/0x9d0 [ 310.718560][ T30] ? do_sys_openat2+0x13e/0x1d0 [ 310.723948][ T30] ? __pfx___kernel_read+0x10/0x10 [ 310.729139][ T30] integrity_kernel_read+0xb0/0x100 [ 310.742222][ T30] ? __pfx_integrity_kernel_read+0x10/0x10 [ 310.750999][ T30] ? __kmalloc_cache_noprof+0x243/0x390 [ 310.757751][ T30] ? ima_calc_file_hash+0xaae/0x1b30 [ 310.763392][ T30] ima_calc_file_hash+0xae6/0x1b30 [ 310.782427][ T30] ? p9_client_stat+0x1be/0x280 [ 310.793532][ T30] ? v9fs_vfs_getattr+0x1c0/0x370 [ 310.801918][ T30] ? ima_collect_measurement+0x2b1/0xb10 [ 310.813720][ T30] ? process_measurement+0x1351/0x1fb0 [ 310.823319][ T30] ? ima_file_check+0xd9/0x120 [ 310.832370][ T30] ? security_file_post_open+0xb9/0x280 [ 310.838156][ T30] ? path_openat+0x2ccd/0x3590 [ 310.845661][ T30] ? do_filp_open+0x27f/0x4e0 [ 310.856966][ T30] ? __x64_sys_openat+0x247/0x2a0 [ 310.864018][ T30] ? do_syscall_64+0xf3/0x230 [ 310.868853][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.881930][ T30] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 310.889096][ T30] ? p9_client_stat+0x1be/0x280 [ 310.908515][ T30] ? kfree+0x196/0x430 [ 310.912772][ T30] ? __kmalloc_cache_noprof+0x243/0x390 [ 310.923491][ T30] ? p9_client_stat+0x1be/0x280 [ 310.933141][ T30] ? p9_client_stat+0x1be/0x280 [ 310.943960][ T30] ? __pfx_p9_client_stat+0x10/0x10 [ 310.955948][ T30] ? v9fs_fid_lookup+0x1b2/0xf30 [ 310.967229][ T30] ? v9fs_vfs_getattr+0x2eb/0x370 [ 310.974502][ T30] ima_collect_measurement+0x520/0xb10 [ 310.986087][ T30] ? __pfx_ima_collect_measurement+0x10/0x10 [ 311.008411][ T30] ? rcu_is_watching+0x15/0xb0 [ 311.015809][ T30] ? trace_contention_end+0x3c/0x120 [ 311.027603][ T30] ? __asan_memset+0x23/0x50 [ 311.033517][ T30] ? ima_get_hash_algo+0x156/0x4d0 [ 311.038670][ T30] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 311.049042][ T30] process_measurement+0x1351/0x1fb0 [ 311.054519][ T30] ? __pfx_process_measurement+0x10/0x10 [ 311.060329][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 311.072457][ T30] ? __pfx_v9fs_file_open+0x10/0x10 [ 311.078084][ T30] ? mnt_get_write_access+0x68/0x2b0 [ 311.083621][ T30] ? mnt_get_write_access+0x226/0x2b0 [ 311.091283][ T30] ? inode_to_bdi+0x69/0xf0 [ 311.097508][ T30] ? apparmor_current_getlsmprop_subj+0xde/0x160 [ 311.103954][ T30] ima_file_check+0xd9/0x120 [ 311.109069][ T30] ? __pfx_ima_file_check+0x10/0x10 [ 311.114958][ T30] security_file_post_open+0xb9/0x280 [ 311.120820][ T30] path_openat+0x2ccd/0x3590 [ 311.125565][ T30] ? __pfx_path_openat+0x10/0x10 [ 311.132649][ T30] do_filp_open+0x27f/0x4e0 [ 311.137237][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 311.144508][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 311.150058][ T30] do_sys_openat2+0x13e/0x1d0 [ 311.154853][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 311.160575][ T30] ? trace_sys_enter+0x74/0x120 [ 311.165551][ T30] __x64_sys_openat+0x247/0x2a0 [ 311.170908][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 311.176482][ T30] ? __might_fault+0xc6/0x120 [ 311.181659][ T30] ? trace_sys_enter+0x74/0x120 [ 311.186621][ T30] ? rcu_is_watching+0x15/0xb0 [ 311.191650][ T30] ? trace_sys_enter+0x25/0x120 [ 311.196621][ T30] do_syscall_64+0xf3/0x230 [ 311.201250][ T30] ? clear_bhb_loop+0x35/0x90 [ 311.206320][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.212374][ T30] RIP: 0033:0x7ff3b697ff19 [ 311.217058][ T30] RSP: 002b:00007ff3b7789058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 311.226661][ T30] RAX: ffffffffffffffda RBX: 00007ff3b6b45fa0 RCX: 00007ff3b697ff19 [ 311.234908][ T30] RDX: 0000000000020842 RSI: 000000002000c380 RDI: ffffffffffffff9c [ 311.243035][ T30] RBP: 00007ff3b69f3986 R08: 0000000000000000 R09: 0000000000000000 [ 311.257785][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.265896][ T30] R13: 0000000000000000 R14: 00007ff3b6b45fa0 R15: 00007fff58f2a0d8 [ 311.274118][ T30] [ 311.277551][ T30] [ 311.277551][ T30] Showing all locks held in the system: [ 311.286685][ T30] 1 lock held by khungtaskd/30: [ 311.291818][ T30] #0: ffffffff8e9374a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 311.302157][ T30] 1 lock held by syslogd/5189: [ 311.307015][ T30] #0: ffff8880b863e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 311.317146][ T30] 2 locks held by getty/5604: [ 311.322073][ T30] #0: ffff8880310440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 311.332078][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 311.342995][ T30] 1 lock held by syz-executor/5847: [ 311.348312][ T30] #0: ffffffff8e93c9b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x381/0x830 [ 311.360465][ T30] 2 locks held by syz.3.138/6474: [ 311.365857][ T30] #0: ffff8880309094a8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7a6/0x1fb0 [ 311.377403][ T30] #1: ffff88805ad687b8 (&sb->s_type->i_mutex_key#27){++++}-{4:4}, at: netfs_start_io_direct+0x1d4/0x210 [ 311.389212][ T30] [ 311.393729][ T30] ============================================= [ 311.393729][ T30] [ 311.404188][ T30] NMI backtrace for cpu 0 [ 311.408646][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 311.418678][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 311.428761][ T30] Call Trace: [ 311.432050][ T30] [ 311.435002][ T30] dump_stack_lvl+0x241/0x360 [ 311.439728][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.444951][ T30] ? __pfx__printk+0x10/0x10 [ 311.449585][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 311.454539][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 311.460026][ T30] ? _printk+0xd5/0x120 [ 311.464228][ T30] ? __pfx__printk+0x10/0x10 [ 311.468855][ T30] ? __wake_up_klogd+0xcc/0x110 [ 311.473749][ T30] ? __pfx__printk+0x10/0x10 [ 311.478393][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 311.483445][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 311.489446][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 311.495461][ T30] watchdog+0xff6/0x1040 [ 311.499723][ T30] ? watchdog+0x1ea/0x1040 [ 311.504159][ T30] ? __pfx_watchdog+0x10/0x10 [ 311.508849][ T30] kthread+0x2f0/0x390 [ 311.512935][ T30] ? __pfx_watchdog+0x10/0x10 [ 311.517631][ T30] ? __pfx_kthread+0x10/0x10 [ 311.522272][ T30] ret_from_fork+0x4b/0x80 [ 311.526727][ T30] ? __pfx_kthread+0x10/0x10 [ 311.531365][ T30] ret_from_fork_asm+0x1a/0x30 [ 311.536172][ T30] [ 311.540576][ T30] Sending NMI from CPU 0 to CPUs 1: [ 311.547376][ C1] NMI backtrace for cpu 1 [ 311.547391][ C1] CPU: 1 UID: 0 PID: 5208 Comm: udevd Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 311.547412][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 311.547424][ C1] RIP: 0010:kasan_check_range+0x9/0x290 [ 311.547452][ C1] Code: e8 1c 76 e3 ff 90 0f 0b 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 41 57 41 56 <41> 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37 49 39 f8 0f [ 311.547467][ C1] RSP: 0018:ffffc900031974f8 EFLAGS: 00000246 [ 311.547485][ C1] RAX: 0000000000000002 RBX: 00000000000000aa RCX: ffffffff84781302 [ 311.547498][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88803162bf40 [ 311.547510][ C1] RBP: ffff888028787a01 R08: ffffffff8478131a R09: 1ffff110062c57e8 [ 311.547523][ C1] R10: dffffc0000000000 R11: ffffed10062c57e9 R12: 00000000000000ab [ 311.547536][ C1] R13: dffffc0000000000 R14: ffff88803162bf30 R15: ffff88803162bf10 [ 311.547551][ C1] FS: 00007f4042cadc80(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 311.547567][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 311.547580][ C1] CR2: 0000555574029648 CR3: 0000000030198000 CR4: 00000000003526f0 [ 311.547596][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 311.547608][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 311.547620][ C1] Call Trace: [ 311.547626][ C1] [ 311.547633][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 311.547651][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 311.547673][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 311.547700][ C1] ? nmi_handle+0x2a/0x5a0 [ 311.547730][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 311.547746][ C1] ? nmi_handle+0x14f/0x5a0 [ 311.547767][ C1] ? nmi_handle+0x2a/0x5a0 [ 311.547789][ C1] ? kasan_check_range+0x9/0x290 [ 311.547809][ C1] ? default_do_nmi+0x63/0x160 [ 311.547836][ C1] ? exc_nmi+0x123/0x1f0 [ 311.547862][ C1] ? end_repeat_nmi+0xf/0x53 [ 311.547888][ C1] ? tomoyo_check_acl+0x2ea/0x3f0 [ 311.547916][ C1] ? tomoyo_check_acl+0x2d2/0x3f0 [ 311.547937][ C1] ? kasan_check_range+0x9/0x290 [ 311.547958][ C1] ? kasan_check_range+0x9/0x290 [ 311.547979][ C1] ? kasan_check_range+0x9/0x290 [ 311.548000][ C1] [ 311.548006][ C1] [ 311.548013][ C1] tomoyo_check_acl+0x2d2/0x3f0 [ 311.548034][ C1] ? __pfx_tomoyo_check_path_acl+0x10/0x10 [ 311.548058][ C1] tomoyo_path_permission+0x1af/0x360 [ 311.548083][ C1] tomoyo_check_open_permission+0x307/0x4f0 [ 311.548107][ C1] ? tomoyo_check_open_permission+0x207/0x4f0 [ 311.548131][ C1] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 311.548172][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 311.548201][ C1] security_file_open+0xac/0x250 [ 311.548223][ C1] do_dentry_open+0x328/0x1b70 [ 311.548254][ C1] vfs_open+0x3e/0x330 [ 311.548277][ C1] path_openat+0x2c84/0x3590 [ 311.548308][ C1] ? __pfx_path_openat+0x10/0x10 [ 311.548333][ C1] do_filp_open+0x27f/0x4e0 [ 311.548350][ C1] ? __pfx_do_filp_open+0x10/0x10 [ 311.548377][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 311.548419][ C1] do_sys_openat2+0x13e/0x1d0 [ 311.548441][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 311.548462][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 311.548484][ C1] ? do_readlinkat+0x2be/0x3a0 [ 311.548511][ C1] ? kmem_cache_free+0x195/0x410 [ 311.548533][ C1] ? do_readlinkat+0x2be/0x3a0 [ 311.548562][ C1] __x64_sys_openat+0x247/0x2a0 [ 311.548587][ C1] ? __pfx___x64_sys_openat+0x10/0x10 [ 311.548612][ C1] ? do_syscall_64+0x100/0x230 [ 311.548635][ C1] ? do_syscall_64+0xb6/0x230 [ 311.548658][ C1] do_syscall_64+0xf3/0x230 [ 311.548679][ C1] ? clear_bhb_loop+0x35/0x90 [ 311.548704][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.548726][ C1] RIP: 0033:0x7f404291a477 [ 311.548741][ C1] Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 82 69 0d 00 f7 d8 64 89 02 48 83 [ 311.548756][ C1] RSP: 002b:00007ffdbd972598 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 311.548773][ C1] RAX: ffffffffffffffda RBX: 0000563b4b5be6a0 RCX: 00007f404291a477 [ 311.548787][ C1] RDX: 0000000000090800 RSI: 0000563b4b5c57b0 RDI: 00000000ffffff9c [ 311.548799][ C1] RBP: 0000563b4b5d7a40 R08: 0000000000090800 R09: 0000563b4b5c57b0 [ 311.548812][ C1] R10: 0000000000000000 R11: 0000000000000287 R12: 0000563b4b5c57b0 [ 311.548824][ C1] R13: 0000000000000100 R14: 0000563b475f2fee R15: 0000000000000000 [ 311.548843][ C1] [ 312.011333][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 312.018368][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 312.028734][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 312.038836][ T30] Call Trace: [ 312.042150][ T30] [ 312.045112][ T30] dump_stack_lvl+0x241/0x360 [ 312.049849][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.055099][ T30] ? __pfx__printk+0x10/0x10 [ 312.059729][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.065757][ T30] ? vscnprintf+0x5d/0x90 [ 312.070134][ T30] panic+0x349/0x880 [ 312.074067][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 312.080360][ T30] ? __pfx_panic+0x10/0x10 [ 312.084816][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 312.090242][ T30] ? __irq_work_queue_local+0x137/0x410 [ 312.095828][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 312.101240][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 312.107443][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 312.113649][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 312.119862][ T30] watchdog+0x1035/0x1040 [ 312.124233][ T30] ? watchdog+0x1ea/0x1040 [ 312.128694][ T30] ? __pfx_watchdog+0x10/0x10 [ 312.133410][ T30] kthread+0x2f0/0x390 [ 312.137526][ T30] ? __pfx_watchdog+0x10/0x10 [ 312.142244][ T30] ? __pfx_kthread+0x10/0x10 [ 312.146885][ T30] ret_from_fork+0x4b/0x80 [ 312.151328][ T30] ? __pfx_kthread+0x10/0x10 [ 312.155944][ T30] ret_from_fork_asm+0x1a/0x30 [ 312.160735][ T30] [ 312.164054][ T30] Kernel Offset: disabled [ 312.168406][ T30] Rebooting in 86400 seconds..