last executing test programs: 12m37.072391169s ago: executing program 1 (id=458): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f0000"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 12m35.481020927s ago: executing program 1 (id=461): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x7, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x20000000}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000640)={r4, r1, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6fc}}, 0x40) syz_emit_ethernet(0xfc0, &(0x7f0000000300)=ANY=[], 0x0) 12m35.019787283s ago: executing program 32 (id=461): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x7, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x20000000}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000640)={r4, r1, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6fc}}, 0x40) syz_emit_ethernet(0xfc0, &(0x7f0000000300)=ANY=[], 0x0) 11m25.540410839s ago: executing program 33 (id=601): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sched_setparam(r0, &(0x7f00000006c0)=0x4) sched_setaffinity(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = msgget$private(0x0, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000200)={'wg2\x00'}) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x428}, 0x1, 0x0, 0x0, 0x4000}, 0x40) msgctl$MSG_STAT(r3, 0xb, 0x0) r5 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) lseek(r5, 0x3, 0x3) close_range(r5, r5, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet(0x2, 0x2, 0x1) bind$unix(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 8m47.949301956s ago: executing program 3 (id=1049): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) gettid() timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000009b80)=""/102392, 0x18ff8) 8m46.917081686s ago: executing program 4 (id=1054): syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x18410, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES64=0x0], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') 8m46.419620746s ago: executing program 4 (id=1056): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, r2, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_SETUP={0x14, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5}, @NL80211_MESH_SETUP_IE={0x4}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c050}, 0x40) 8m46.085578938s ago: executing program 34 (id=1055): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x40048c67) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x277fffffffd, 0xffffffff, 0x2, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x27800000000, 0x0, 0x1, r2, 0x5}) 8m46.071059205s ago: executing program 4 (id=1059): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x200000b0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x10, 0x0, 0x3fb}]}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000240)) ptrace$setregset(0x4205, 0x0, 0x200, &(0x7f00000000c0)={&(0x7f0000000500)="2c1b34cafb970be4e2f4141a9b65831671d7b35e9cb8991ed2754e9865117de681633f1fe8fc68e5c6ca1620e68a99760191fe545aa87bf89a0e06b9051331aca72d017c26f66cc3e5580d85031c1d91ef49c54562b425a3a8907fcadee1ce990b073c95200bea91", 0x68}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(0xffffffffffffffff, 0xc004ae0a, &(0x7f0000000400)={0x2, [0x0, 0x0]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x4000081, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x7, 0x0, 0x2, 0xffffffffffffffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0xa, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x400000, 0x0, 0x2000000, 0xffffffffffffffff, 0xd, 0x0, 0xd4e2, 0x6], 0x0, 0x302240}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m45.711405222s ago: executing program 4 (id=1062): syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000640)='./file0\x00', 0x2000003, &(0x7f0000000180)=ANY=[@ANYBLOB="6e6f6465636f6d706f7365008000000000000042000fc32c6e6f636172726965722c6e6f6465636e6d706f736500a580263e005a80c976898113cb9f4680642ce86dd3b5d3ba4a739e6654e4a1277ef2dd52ea98c5ea630da0c29cd73f8b9f4fd077e97f3ec1acc1ac9132611fb53a41b8fdb6b9"], 0x1, 0x62c, &(0x7f0000000680)="$eJzs3U9rHOcdB/DvrKS1pBRbduwmLoWKFEKpqa0/TqpCoWmaFlFCCfQSCDmIWoqF106QlKLkUNTSV9BXkFLUQ0499FQo5NBz34JKjoWefNGlbJnZWe3akqWV7WrXzucDs/M88/ydn2aGmRXLBPjKWn43Ezspsnzt7e0yv7e72Nprt9vtMrO72EpyLkkjmUxSlFv/muTLZCedJVe7BZlIUVU7wvvTzfufv3d1rZObrJeqXXHQ/rHt5MLYQaaRZObY6ieO1t23YjzJwgn9TSbXmyeO1xlzNsmleg1D1+7615HFT3heAgCjrEjGjto+k0zXN+vlc0Dnjr9zj51H3es/C3aGPQEAAAA4Axf2s5/tnB/2PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUr//v6iXRjc9m6L7/v9mvS11+pn2xbAnAAAAAAAAAABPwbf2s5/tnO/m20X1P/9Xqszl6vOFfJzNrGYj17OdlWxlKxuZTzLT11Fze2Vra2N+gJYLR7ZcOJv9BQAAAAAAAIDn1O+y3Pv/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjIIiGeusUownl7vpmTTGk0wmaZb1djrlzWHP93S+dmjLF0OZBwAAAJytC/vZz3bOd/Ptonrm/3r13D+Zj3MvW1nPVlpZza3qu4DOU39jb3extbe7eLdcev2N1esf/+dU06h6PGh+1MhzVY0rBy2W87P8Mtcym3eykfX8OivZympm81aVWkmRmfrbi5nuPA/Pt/TGA7l3Tprry9VMprKW9Wpu1/OrfJhWbqVR7UNV5/gRf1tGp/hRbcAY3arX5R79vF6PhpkqIhMHEZmrY19G4+LxkTjlcfLwSPNpHHwHdfn/EPPpel3G+q2RjvlC7+h7oa7yqEgkr/7pD/dvt+7dub22eW10dukxPRyJxb7z8KXjj4nnLBLNOhqdq+jprpavVG3PZz2/yIe5ldW8nptZykJey83M5wd5rS+uVwY41xqnO9e+/Z06MZHkp/V6NJRxvdgX1/4r3UxV1r+lF6VLT/+KNP6NOlEerG+O3BXp4kPX5m4kXjw+En9sl5+brXt3Nm6vfDTgeK/W6zICPxmpSJTHy6Xyj1XlHjw6yrIXjyybr8ouH5Q1DpVdOSg76Uxt1vdwh3qaWqjKXjpylMWq7OW+sqPucgAYedPfnW5O/Xvqn1OfTf1+6vbU25Nvnls6981mJv4x/rexvzT+3PhhkXyW3/Se/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMe3+cmnd1ZardWNExLdl60NULkYqMOvduKNsxmrMcjf6xlM/Lfdbo/ANI6NfPIU+um+R6u/aKrs+phW3fdhPeHoQ7ogAWfmxtbdj25sfvLp99bvrnyw+sHqvZtL3198/eb80tKNtfXW6lznc9izBACept5N/7BnAgAAAAAAAAAAAAAAPMppfhg8Odjv/w8lhr2PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA82353UzspMj83PW5Mr+3u9gql266V3MySVEm/p7ky2QnnSUzfd0Vjxrn/enm/c/fu7rW62uyW784rt1gHphL46E5PWl/C0/cX28PZ5NcqtcwdP8LAAD//wew8bU=") open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x24) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0) 8m44.189824124s ago: executing program 3 (id=1064): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) r1 = gettid() sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x8) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) mkdir(&(0x7f0000000040)='./file1\x00', 0x7) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) 8m43.262072306s ago: executing program 4 (id=1065): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1138}}, 0xc000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x10100, 0x202}}, 0x20}, 0x1, 0x0, 0x0, 0x20004002}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81", 0xcb}], 0x1}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd6, 0xd6, 0x7, [@float={0xc, 0x0, 0x0, 0x10, 0x10}, @struct={0xf, 0x1, 0x0, 0x4, 0x0, 0x9, [{0xd, 0x0, 0xe57}]}, @enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x3, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x2, 0x5, 0x8001}, {0x0, 0x4, 0x6}]}, @enum64={0x10, 0x2, 0x0, 0x13, 0x0, 0x1, [{0x9, 0x3, 0x8}, {0x6, 0x4}]}, @fwd={0x5}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}, @datasec={0xa, 0x3, 0x0, 0xf, 0x2, [{0x4, 0x10000, 0x6}, {0x1, 0x53f5, 0x100}, {0x1, 0x2, 0xc}], "81d1"}]}, {0x0, [0x5f, 0x0, 0x2e, 0x2e, 0x5f]}}, &(0x7f0000000640)=""/160, 0xf7, 0xa0, 0x1, 0xfffffff8}, 0x28) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x2}]}, 0x1c}}, 0xc000) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d000100"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r5 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 8m43.146385473s ago: executing program 3 (id=1066): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000080)={0x7f, 0xe000, 0xb7d, 0x8000000000000001, 0xfffffffa, 0xc278}) 8m42.373330506s ago: executing program 3 (id=1067): r0 = getpid() syz_pidfd_open(r0, 0x0) socket$unix(0x1, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mkdir(&(0x7f0000000280)='./file0/file1\x00', 0xb) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file0/file1\x00', 0x0, 0x2243005, 0x0) 8m42.259984583s ago: executing program 4 (id=1069): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r0, 0x1, 0x22, &(0x7f0000000140)=""/181, &(0x7f0000000200)=0xb5) r1 = syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000540)='./file6\x00', 0x201080b, &(0x7f0000000bc0)=ANY=[@ANYRES64=0x0, @ANYRES64=0x0, @ANYRES8, @ANYBLOB="f9a192156bf01ca65961aa6bd8ded2e99e6d0172a290a4fb5b1c9e8d9a9f58a7c3868f3eb59150ec071f4e3228ed5671cc052363c2bc5a05b0140cd7da2c3b26425ae32d743c4d16e3c55cf800e12e64a3640a40b4f2f180a48dd8a25cf189be2fd909aa7590af8279dcc0a61037dc8c3700a8c29ca46a4843d9fefb37f83f64ea9df56d8d0de49b763efff6f4760bea6106b97d031bae46be2b0fd7048ba60a097ee8310a55b529828699f7acce", @ANYRES8, @ANYRESHEX], 0x21, 0x1d2, &(0x7f0000000840)="$eJzsVc/rEkEU/4w739U8VOcIPCRlh3RdK7pEnsJ/Ikp0M2nthyuUIrid/D+6+G906N4lKAi61KGCDkbXMN7MG5vS0FKhYD6wfubN+zHz3lvf3kkeJgDwbT5uoQ4FH8fxRghIAAWh965nNX/yNZdZ/iA1n+f9p8wLRjIc3W3GcdQ/4GK9LqMvgj+JSPa/ql7Ob5xYF0fIzQFfw8eBk1cLDzu4i78o1MYFUh308Ln/M4ubnkmZkt814Nd9Xazwu3djU9/lFl3Gapdz9B/a/oYT8t9LpmJV9UO89iSDzyrjV/Nxixa3eErRXls/wrahbj63bE5J9QgPi6UNDT8SzgmgMug9qCTD0YVur9mJOtG9MKxdDi4GwaWwcrsbR4H+FdYRZkQR169mQTP1mKU/AvCWB2weFj4aT3011gvbl+bwgod06Qx+QsZKy3Aez5a+7AbPB3I4C2rpo9S8L1SYoooioVJqQMBTAg/9CZdFn5VTVuXW/bg9hVDnKbcZpI5xtDSV8GEJZFa7kpqtKXORucE8Y37HbL5Z5lskVYT3LJVSqujj5mDQr/ov2KVKXz21F/pGG55M7YLRqV84hknudBYODg4ODg4ODv8ZvgcAAP//PEdNSw==") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000280)}) r2 = epoll_create1(0x0) epoll_pwait2(r2, &(0x7f0000000640), 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000240)={0x4, &(0x7f0000000280)=[{0x20, 0x2, 0x81, 0xfffff038}, {0x20, 0x0, 0x8, 0xfffff00c}, {0x48, 0x7}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x8, @mcast2}, 0x1c) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000740)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64=0x0], 0x4, 0x128a, &(0x7f0000003700)="$eJzs3UtrJEUcAPD/JJPnmkzUdXUXxEIvijBucvDkJcguiAElmgX11GsmOmTyIDMEZhE3njwJfgxRj94E8Qvk4sWzIIjk4nEPYkvSkzWTSbLJ5gXy+126qKp/PVKdhh6q6K03vl5aXGhWF7JW9JVKUV4diPKDFCn6oj8KG/HKnV9/e/69Dz58e3pm5tZsSren3598PaU0/sJPH332/Ys/t67c+WH8x6HYnOjb+mvq981rm9e3/vku6s1Ub6bllVbK0t2VlVZ2t1FL8/XmYjWldxu1rFlL9eVmba2rfKGxsrraTtny/Njo6lqt2UzZcjst1tqpVUqttXbKPsnqy6laraax0eA05r59kOd5RJ4PxGDkeZ6PxGhciSdiLMajEhPxZDwVT8fVeCauxbPxXFzfqXXZ4wYAAAAAAAAAAAAAAAAAAID/l0ec/y85/w8AAAAAAAAAAAAAAAAAAADnb//5/3KE7/8DAAAAAAAAAAAAAAAAAADABXvE9//3nf9/1fl/AAAAAAAAAAAAAAAAAAAAOA/DxWU2peGIpS/X59bnimuRP70Q9WhELW5GJf6OndP/hSJ9+62ZWzfTjol4bel+J/7++lx/d/zkQCUmSgfGT45EREqpO34oRvfGT0Ulrh7c/1TR/7744Xj5pe34L4r4alTil49jJRoxH1HqzH4n/vPJlN58Z2akO/7Gdr1D9Z/zsgAAAMBZqqaHet/fNzqVivLh7vKiqPN+njo1S0f8PrDv/bwcN8qXNWt2Ndv3FrNGo7b2mInBw9sZPF3LPYlSRGSxN2d89I/Z7c6P2c7u7XZG49mT6D/rBo9MDBxd5xRrGuVj/zGPOdTjr05n8Bv7c/JKxEl7//ObPTnDJw5/nETfw5n2dW6zrLFx7JstNvL8XEfY88840r63OHRU1OHPjNI5P5O4OP8t+mWPBAAAAAAAAAAAgJM4cPffSET07Af8tCdnd3t4d3hvy4f3/tUFzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5lB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8FQAA//9S0cg2") syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)) r5 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x37) chdir(&(0x7f0000001180)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) removexattr(&(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000600)=@random={'os2.', '/dev/net/tun\x00'}) sendto$inet6(r4, 0x0, 0x0, 0x4000080, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000000c0)={0x8, 0xffffffffffffffff, 'id1\x00'}) r7 = creat(&(0x7f0000000040)='./bus\x00', 0x4) r8 = getuid() r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x7a) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x20000) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r10, 0x80605414, 0x0) ioctl$TUNSETVNETHDRSZ(r6, 0x400454d8, &(0x7f00000002c0)=0xe) quotactl_fd$Q_SETINFO(r7, 0xffffffff80000601, r8, &(0x7f0000000300)={0xed, 0x5, 0x0, 0x4}) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0xf8ae0c248aa1ff0f}, "9302c4a7ed7f157e", "57851d1a3bcdb1092ac3246a01a93bb2026d95f558f31c1901fd0eef8dd22172", "a335e309", "e392479ac91af5e0"}, 0x38) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x50) close(r1) 8m41.734987706s ago: executing program 35 (id=1069): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r0, 0x1, 0x22, &(0x7f0000000140)=""/181, &(0x7f0000000200)=0xb5) r1 = syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000540)='./file6\x00', 0x201080b, &(0x7f0000000bc0)=ANY=[@ANYRES64=0x0, @ANYRES64=0x0, @ANYRES8, @ANYBLOB="f9a192156bf01ca65961aa6bd8ded2e99e6d0172a290a4fb5b1c9e8d9a9f58a7c3868f3eb59150ec071f4e3228ed5671cc052363c2bc5a05b0140cd7da2c3b26425ae32d743c4d16e3c55cf800e12e64a3640a40b4f2f180a48dd8a25cf189be2fd909aa7590af8279dcc0a61037dc8c3700a8c29ca46a4843d9fefb37f83f64ea9df56d8d0de49b763efff6f4760bea6106b97d031bae46be2b0fd7048ba60a097ee8310a55b529828699f7acce", @ANYRES8, @ANYRESHEX], 0x21, 0x1d2, &(0x7f0000000840)="$eJzsVc/rEkEU/4w739U8VOcIPCRlh3RdK7pEnsJ/Ikp0M2nthyuUIrid/D+6+G906N4lKAi61KGCDkbXMN7MG5vS0FKhYD6wfubN+zHz3lvf3kkeJgDwbT5uoQ4FH8fxRghIAAWh965nNX/yNZdZ/iA1n+f9p8wLRjIc3W3GcdQ/4GK9LqMvgj+JSPa/ql7Ob5xYF0fIzQFfw8eBk1cLDzu4i78o1MYFUh308Ln/M4ubnkmZkt814Nd9Xazwu3djU9/lFl3Gapdz9B/a/oYT8t9LpmJV9UO89iSDzyrjV/Nxixa3eErRXls/wrahbj63bE5J9QgPi6UNDT8SzgmgMug9qCTD0YVur9mJOtG9MKxdDi4GwaWwcrsbR4H+FdYRZkQR169mQTP1mKU/AvCWB2weFj4aT3011gvbl+bwgod06Qx+QsZKy3Aez5a+7AbPB3I4C2rpo9S8L1SYoooioVJqQMBTAg/9CZdFn5VTVuXW/bg9hVDnKbcZpI5xtDSV8GEJZFa7kpqtKXORucE8Y37HbL5Z5lskVYT3LJVSqujj5mDQr/ov2KVKXz21F/pGG55M7YLRqV84hknudBYODg4ODg4ODv8ZvgcAAP//PEdNSw==") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000280)}) r2 = epoll_create1(0x0) epoll_pwait2(r2, &(0x7f0000000640), 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000240)={0x4, &(0x7f0000000280)=[{0x20, 0x2, 0x81, 0xfffff038}, {0x20, 0x0, 0x8, 0xfffff00c}, {0x48, 0x7}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x8, @mcast2}, 0x1c) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000740)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64=0x0], 0x4, 0x128a, &(0x7f0000003700)="$eJzs3UtrJEUcAPD/JJPnmkzUdXUXxEIvijBucvDkJcguiAElmgX11GsmOmTyIDMEZhE3njwJfgxRj94E8Qvk4sWzIIjk4nEPYkvSkzWTSbLJ5gXy+126qKp/PVKdhh6q6K03vl5aXGhWF7JW9JVKUV4diPKDFCn6oj8KG/HKnV9/e/69Dz58e3pm5tZsSren3598PaU0/sJPH332/Ys/t67c+WH8x6HYnOjb+mvq981rm9e3/vku6s1Ub6bllVbK0t2VlVZ2t1FL8/XmYjWldxu1rFlL9eVmba2rfKGxsrraTtny/Njo6lqt2UzZcjst1tqpVUqttXbKPsnqy6laraax0eA05r59kOd5RJ4PxGDkeZ6PxGhciSdiLMajEhPxZDwVT8fVeCauxbPxXFzfqXXZ4wYAAAAAAAAAAAAAAAAAAID/l0ec/y85/w8AAAAAAAAAAAAAAAAAAADnb//5/3KE7/8DAAAAAAAAAAAAAAAAAADABXvE9//3nf9/1fl/AAAAAAAAAAAAAAAAAAAAOA/DxWU2peGIpS/X59bnimuRP70Q9WhELW5GJf6OndP/hSJ9+62ZWzfTjol4bel+J/7++lx/d/zkQCUmSgfGT45EREqpO34oRvfGT0Ulrh7c/1TR/7744Xj5pe34L4r4alTil49jJRoxH1HqzH4n/vPJlN58Z2akO/7Gdr1D9Z/zsgAAAMBZqqaHet/fNzqVivLh7vKiqPN+njo1S0f8PrDv/bwcN8qXNWt2Ndv3FrNGo7b2mInBw9sZPF3LPYlSRGSxN2d89I/Z7c6P2c7u7XZG49mT6D/rBo9MDBxd5xRrGuVj/zGPOdTjr05n8Bv7c/JKxEl7//ObPTnDJw5/nETfw5n2dW6zrLFx7JstNvL8XEfY88840r63OHRU1OHPjNI5P5O4OP8t+mWPBAAAAAAAAAAAgJM4cPffSET07Af8tCdnd3t4d3hvy4f3/tUFzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5lB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8FQAA//9S0cg2") syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)) r5 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x37) chdir(&(0x7f0000001180)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) removexattr(&(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000600)=@random={'os2.', '/dev/net/tun\x00'}) sendto$inet6(r4, 0x0, 0x0, 0x4000080, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000000c0)={0x8, 0xffffffffffffffff, 'id1\x00'}) r7 = creat(&(0x7f0000000040)='./bus\x00', 0x4) r8 = getuid() r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x7a) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x20000) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r10, 0x80605414, 0x0) ioctl$TUNSETVNETHDRSZ(r6, 0x400454d8, &(0x7f00000002c0)=0xe) quotactl_fd$Q_SETINFO(r7, 0xffffffff80000601, r8, &(0x7f0000000300)={0xed, 0x5, 0x0, 0x4}) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0xf8ae0c248aa1ff0f}, "9302c4a7ed7f157e", "57851d1a3bcdb1092ac3246a01a93bb2026d95f558f31c1901fd0eef8dd22172", "a335e309", "e392479ac91af5e0"}, 0x38) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x50) close(r1) 8m41.717927883s ago: executing program 3 (id=1072): socket$nl_route(0x10, 0x3, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f00000000c0)=0x6, 0x4) 8m39.867931059s ago: executing program 3 (id=1077): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="480000001100010025bd7000fbdbdf25fc010000000000000000110000000001000004d50a0032"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000) 8m39.327781549s ago: executing program 36 (id=1077): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="480000001100010025bd7000fbdbdf25fc010000000000000000110000000001000004d50a0032"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000) 6m53.975988768s ago: executing program 6 (id=1353): execveat(0xffffffffffffffff, &(0x7f0000003180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x1000) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') write$FUSE_DIRENT(0xffffffffffffffff, 0x0, 0x200001d0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x180, 0x1000, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x4000, 0x0, {{{@in=@rand_addr=0x64010100, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffc, 0x0, 0x0, 0xfffd, 0x0, 0xa0}, {@in=@multicast1, 0x0, 0x33}, @in6=@dev={0xfe, 0x80, '\x00', 0x40}, {0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffed, 0x3}, {0x0, 0x0, 0x1, 0xfffbfffffffffffe}, {0x1000000, 0x0, 0x796}, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe55286f1921f7492}, 0x0, 0x1a0b1}}, 0xf8}, 0x1, 0x0, 0x0, 0x40040}, 0x8000) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0) r4 = getpgid(0x0) r5 = syz_pidfd_open(r4, 0x0) ioctl$FIOCLEX(r5, 0x5451) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r6 = pidfd_getfd(r5, r5, 0x0) setns(r6, 0x66020000) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/57, 0x39}], 0x1, 0x33, 0x2000051b) 6m49.78800819s ago: executing program 6 (id=1365): bind$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x4}, 0xc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='8'], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080) syz_emit_ethernet(0x7d, &(0x7f00000000c0)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "a70002", 0x47, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x2}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9900, [], "0080d5"}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x14}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x80000003, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x9, 0xc, 0x0, 0x6, 0x1, 0x86, 0x2, 0xe7, 0x0, 0x2, 0x4, 0x0, 0x7, 0x4, 0x7, 0x5, 0xff, 0x3b, '\x00', 0x8, 0x7ffffffffffffffe}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 6m49.024345015s ago: executing program 6 (id=1367): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000600)={0x34, &(0x7f0000000240)={0x40, 0xc, 0x2, '!5'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(0xffffffffffffffff, &(0x7f0000000640)={0x14, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x7b, @string={0x7b, 0x3, "e259d666cd75fc1f57c3059580ab4b51157f722790792c3cb20de3710aaa2753aaebb02e04f34e7be6f9861e47e975066be55d56977da12ad965b51e3771ae05958bb84943ec8a685483befbaea91a4d981eb886140c483c78bd75ba91a297ea24e9a5e34f790cfa40fbdba96c6ae56ea4e4d556b3d5ed63b7"}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB="201104060000000101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6m45.422003845s ago: executing program 6 (id=1376): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x2808082, &(0x7f00000002c0)={[{@uid}, {@gid}, {@gid}, {@uid}, {@nls={'nls', 0x3d, 'cp437'}}, {@part={'part', 0x3d, 0x2}}, {@nodecompose}]}, 0x1, 0x6e8, &(0x7f0000001f80)="$eJzs3U1sHGcZAOB31uu1N5XcbZq0BSHFakQEDSS2l5IgIREQQj5UKBKXXk3iNFbWbmRvkRMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtr79qb+CcJzyPNzjcz3887r2dmZ2cTbQD/txbfjslWJLF4/q3NdPnBVr3xYKu+WpQjYioiShHlziyStYjks4gr0Znic+nKvLtk2DhvPvz0w3P3P653lsr5lNUvjWq3rT1ihFY+xWxETOTzMZWH9Xdtl/7ujdV10o07TdjZInFw3No7tMZpvo/zFnja3YuYmNxlfS3iRERM5/cBkV8dSkcc3oEb6yoHAAAAT6eJvSq8+CgexWbMHE04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HxIOr8ZmORTqSjPRlL8/n8lX5eqVI453tG+ssf2D24cUSAAAAAAAAAAcCg+yb+4P/MoHsVmzBTr20n2nf/r2cKp7PWFeC82YjnW40JsxlI0oxnrMR8xOdPTYWVzqdlcn9/Z8jeRtmy32/fylgsRUdvRcuEIdhoAAAAAAAAAnl8/jcWYOe4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgVxIx0Zll06miXItSOSKmI6KS1mtF/LkoP8v+ctwBAAAAwOGr5vOZ5L+dQjvJPvO/kn3un473Yi2asRLNaMRyXM+eBXQ+9Zf+0ao3HmzVV9NpZ8ff/vdYcWQ9RsREvD9k5Lmsxului8X4XvwgzsdsXI31WIkfxVI0Yzlmo5ruRCxFErVq5+lFrYhz93iv9C1dHYztzMDya1kk1bgRK1lsF+JaJTqPTbJ9SMd8rWe0P1YiBkZ8P81O8q3cPnN0vefv9ev8uUyu/eI++xiu/ARta9meT3YzMpfmPs/GS6NzP+ZxMjjSfJS6z6BObY+SLg6OVOT8h+Pk/EQ+T3P9i/6cH7QxH6UNZmIhSvnRF/FKf85vf/H+yf7GX/7nX6/eLK3dunlj4/wh7tKhmiwKg5mo92Ti1dFHX56JRpqJ1v4zMTm4YvoJ9uMAVfJsZJeifV4tv5uVluL1nkPw3bgey3Ep5mI+LsdcfCMWot53hJ3uy2u5vtqfk+xcK+28vlVHBH/2Sz2VfrlH5aOV5uWlnrz2Xulq2bZ8zZVfxVxPlk6OPvrGfhdIx/98Xk7H+Fn3Hedp0JeJ/NpcRPfy6Ez8tp2+bjTWbq3fXLo9pP/Bd6hz+Tw9bT/ovzb/7qD26fGkx8vJbsRZTqrF8ZJue7kbbX++Kvk3Lp12pR3bTne31WImVuL7Q8/USn4Pt7OnzrZXe7f9a/vKWcnvb4ptfXc58W40sruQAbNHk1UA9u3EGycq1YfVv1c/qv68erP61vR3pi5PfaESk38r/2niD6Xfl76ZvBEfxU9i5rgjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACA58HGnbu3lhqN5fVuIaYH1zxpoTJ0rNGFKO1ZZ+uF/XUYtYjRYyV5oXKw+/4sFqpxSD1/EhEj6lSeeIhk7GNs7EJ6IB9Ih8UPp2Vr2hNjNC8XrXavU46N6WF/wantsyBqt5Ya/2n31alGzykDPOcuNldvX9y4c/erK6tL7yy/s7y2cPnS5Uv1r89/7eKNlcbyXOf1uKMEDsPGnbsTxx0DAAAAAAAAAAAAMJ78X/83H/s/M5T3qFNZ39h95DNHvasAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAM2rx7ZhsRRLzcxfm0uUHW/VGOhXl7ZrliChFRPLjiOSziCvRmaLW010ybJw3H3764bn7H9e3+yoX9Uuj2u1PK59iNiIm8vnepnbpZmd/13r6az1WeEl3D9OEnS0SB8ftfwEAAP//p+75lw==") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c8e, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) 6m44.892442428s ago: executing program 6 (id=1379): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x485, 0x0, 0x8}]}) creat(&(0x7f0000000200)='./bus\x00', 0x268) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 6m44.057318308s ago: executing program 6 (id=1382): openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x120000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000100), 0xa) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) memfd_create(&(0x7f00000000c0)='/dev/kvm\x00', 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x1000005, 0x3, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m43.562110408s ago: executing program 37 (id=1382): openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x120000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000100), 0xa) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) memfd_create(&(0x7f00000000c0)='/dev/kvm\x00', 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x1000005, 0x3, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m13.751420809s ago: executing program 1 (id=1383): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) 6m11.138200181s ago: executing program 1 (id=1455): bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x1004000, &(0x7f0000000640)=ANY=[@ANYBLOB='gid=ignore,undelete,anchor=00000000000000000011,longad,umask=00000000000000000000004,utf8,novrs,noadinicb,uid=forget,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c6e6f7374726963742c73686f727461642c646d6f64653d30303030303030303030303030303030303030303030302c0080ad9b92f74a7d4f9c4c2d40531531b8a84c7ad96565dc47c8f2c93715951bb4517f8bea88665ff7b1cbbb1efb194b6fbb9438655a17adf3317298821eba064f27ece65a487e218391424720c9c7321be9bf783a2a84ecd18bf3e86d87ce991173"], 0x1, 0xc32, &(0x7f0000001bc0)="$eJzs3U9sXNd5N+D3XHHEofx9FRM7ipPGxaQtUlmxXP2LqViFO6pptgFkWQjF7AJwJFLqwBRJkFQjG2nBdNNFFwGKoousCLRGgRQNjKYIumRaF0g2XhRZdUW0sBEUXbBFgKwCFvfOGXFIkTYjkhJpP49N/WbunHPnnHvH98qC3jkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAET83iuXz5xNj3sUAMCjdHX0q2fOuf8DwMfKdf//DwAAAAAAAAAAAAAAB12KIp6MFLNXV9N49byjfqVdu3tvbHhk624Dqep5pGpf/tTPnjt/4UsvDF3s5pX29Af032ufjddGr19uvDxzZ3Zucn5+cqIxNt2+OTMxueM97Lb/ZqeqA9C48/rdiVu35hvnnj+/4eV7g+/3P3Fi8NLQs6ef6bYdGx4ZGV1vUt/y4UParsLjaBRxOlI8972fplZEFLH7Y1F/tOd+s4FqEqeqSYwNj1QTmWq3phfKF691D0QR0ejp1Oweo63PRfTVHukctteMWCyHXw74VDm90dnWXOvG1GTjWmtuob3Qnpm+ljqjLefTiCIupoiliFjpf3B3tSiiL1J85/hquhERR7rH4YtVYfD24yj2cY47UI6zUYtYKg7BOTvA+qOIVyPFz945GTfLY5Z/4gsRr5b5g4i3ynwpIpUfjAsR723xOeJw6osi/rw8/5dW00R1PeheV658rfGV6VszPW2715Vf8v7wwJXiMd0fBjblo3HAr031KKJVXfFX08P/ZgcAAAAAAAAAAAAAAACAvTYQRXwmUrzyb39U1RVHVZd+/NLQ7w/+/96a8ac/ZD9l2+cjYrHYWU3u0VwYeC1dS2mntcTqTvdcPYr441z/963HPRgAAAAAAAAAAAAAAAAAAICPtSJ+EilefPdkWoreNcXb07cb11s3pjqrwnbX/u2umb62trbWSJ1s5hzPuZhzKedyzpWcUeT+OZs5xwc6O17Mz5dyLudcyRlHcv+czZzjORdzLuVczrmSM/py/5zNnOM5F3Mu5VzOuZIzDsjavQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHyVFFPGLSPHtb6ymSBHRjBiPTi73P+7RAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl/lTE9yNF4w+a97f1RUSq/u04Wf5yIZpHy/xkNIfKfCmal3O2quxrfusxjJ/dqaUifhwp+utv3z/h+fzXOs/ufwzirW+uP/tsXyePdF8cfL//iRPHLw2N/NrT2z1OWw3g1JX29N17jbHhkZHRns19+d0/2bNtML9vsTdTJyLm33jz9dbU1OTcwz8oPwK76H6IHqS+gz/T2oEf4SF6EH0HYhiPZ+58DJT3//cixW+/++/dG37n/l+P/9d5dv8OHz//k/X7/4ubd7TD+3/f5n75/l/e07e6/z/Zs+3F/LuRWl9EfeHObO1ERH3+jTdPt++0bk/enpy+cObMl4eGvnz+TO1oRP1We2qy59GeHC4AAAAAAAAAAAAAAACARycV8buRovXj1dSIiHtVvdbgpaFnTz9zJI5U9VYb6rZfG71+ufHyzJ3Zucn5+cmJxth0++bMxORO365elXuNDY/sy2Q+1MA+j3+g/vLM7Btz7dt/uLDl68fql2/ML8y1bm79cgxEEdHs3XKqGvDY8Eg16Kl2a7rqem3LYvpfXi0V8R+R4uaFRvp83pbr/zdX+G+o/1/cvKN9qv//RM+28j1TKuLnkeK3/uLp+Hw1zmPxwDHL7f4mUpy6+LncLo6W7bpj6HyvQKcysGz7P5HiH36xsW23HvLJ9bZnd3xgD4ny/B+PFN//s+/Gr+dtG7//Yevzf2zzjvbp/D/Vs+3Yhu8r2PXUyef/dKR46cm34zfytg/6/o/ud2+czI3vfz/HPp3/T/VsG8zv+5t7M3UAAAAAAAAAAIBDrZaK+NtI8cORvvRC3raTv/83sXlH+/T3vz7ds21ib9Yr+tAHuz6oAAAAAHBA1FIRP4kUtxfevl9DvbH+u6f+83fW6z+H06ZXqz/n+5XqewP28s//eg3m9x3f/bQBAAAAAAAAAAAAAAAAAADgQEmpiBfyeurjVT3/xLbrqS9Hilf+67ncLp0o23XXgR+sfq1fnZk+fXlqauZma6F1Y2qyMTrbujlZ9n0qUqz+9edy36JaX7273nxnjff1tdjnIsXI33XbdtZi765N/tR627Nl209Eiv/8+41tu+tYf2q97bmy7V9Fiq//09ZtT6y3PV+2/W6k+NHXG922x8q23e9H/fR62+dvzhT7cFYAAAAAAAAAAAAAAAAAAAD4uKmlIv40Uvz3naX7tfx5/f9az9PKW988tu1+7lXr/A9W6/9v9/hh1v+vvldgccueAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwkZWiiDcjxezV1bTcXz7vqF9pT9+9NzY8snW3gVT1PFK1L3/qZ8+dv/ClF4YudvOD+++1z8Rro9cvN16euTM7Nzk/PznRGJtu35yZmNzxHnbbf7NT1QFo3Hn97sStW/ONc8+f3/DyvcH3+584MXhp6NnTz3Tbjg2PjIz2tOmrPfS7PyBts/1oFPGXkeK57/00/bA/oojdH4sP+ezst4FqEqeqSYwNj1QTmWq3phfKF691D0QR0ejp1Oweo0dwLnalGbFYDr8c8KlyeqOzrbnWjanJxrXW3EJ7oT0zfS11RlvOpxFFXEwRSxGx0v/g7mpRxOuR4jvHV9M/90cc6R6HL14d/eqZc9uPo9jHOe5AOc5GLWKpOATn7ADrjyL+MVL87J2T8S/9EX3R+YkvRLxa5g8i3orO+U7lB+NCxHtbfI44nPqiiP8tz/+l1fROf3k96F5Xrnyt8ZXpWzM9bbvXlUN/f3iUDvi1qR5F/Ki64q+mf/XfNQAAAAAAAAAAAAAAAMABUsSvRooX3z2Zqvrg+zXF7enbjeutG1Odsr5u7V+3ZnptbW2tkTrZzDmeczHnUs7lnCs5o8j9czbLrK+tjefnizmXci7nXMkZR3L/nM2c4zkXcy7lXM65kjP6cv+czZzjORdzLuVczrmSMw5I7R4AAAAAAAAAAAAAAAAAAPDRUlT/pPj2N1bTWn9nfenx6OSy9UA/8v4vAAD///RZ9vs=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x91145a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) read$FUSE(r0, &(0x7f0000004840)={0x2020}, 0x2020) 6m10.214411363s ago: executing program 1 (id=1461): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x20004, r4}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000040)=0x6) pidfd_getfd(0xffffffffffffffff, r3, 0x0) openat$6lowpan_enable(0xffffffffffffff9c, 0x0, 0x2, 0x0) 6m5.70541833s ago: executing program 1 (id=1477): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r0, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0) 6m4.71899957s ago: executing program 38 (id=1477): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r0, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0) 5m32.792648352s ago: executing program 2 (id=1606): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount$cgroup(0x0, 0x0, 0x0, 0x1000000, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r5 = getpgrp(0xffffffffffffffff) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, 0x42838, 0x4a3}, [@IFLA_NET_NS_PID={0x8, 0x13, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x8090}, 0x4048004) 5m29.733797233s ago: executing program 2 (id=1612): openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) lseek(0xffffffffffffffff, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x3}, {0x0, [0x2e]}}, 0x0, 0x1b, 0x0, 0x1}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x0, r2}) r4 = socket(0xa, 0x1, 0x0) ioctl(r4, 0x8936, &(0x7f0000000000)) 5m24.853799915s ago: executing program 2 (id=1625): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000031c0)={0x11, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x41100, 0x20}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x145042, 0x2c) socket$kcm(0xa, 0x2, 0x11) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) ioctl$KDGKBDIACR(r0, 0x4b4a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) close(0x3) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r3, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {0x7, 0x1}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0xc9, 0x8}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084) getgroups(0x0, 0x0) 5m24.521734127s ago: executing program 2 (id=1627): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = io_uring_setup(0x68f4, &(0x7f00000002c0)={0x0, 0x48c7, 0x8, 0x0, 0x1000168}) io_uring_enter(r1, 0x2b45, 0x1d1f, 0x20, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400f60000", @ANYRES32=0x0, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x20000004}, 0x20004000) 5m23.177742325s ago: executing program 2 (id=1630): memfd_secret(0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000001200)=0x8a4, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) r1 = io_uring_setup(0x4ff1, &(0x7f0000000040)={0x0, 0x835c, 0xf000, 0x20000a, 0x20002f3}) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f0000000100)={0x3c, 0x21, 0xa, 0x1e, 0x3, 0x4, 0x2, 0x14, 0xffffffffffffffff}) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x7, &(0x7f0000000240)=[{0x6, 0x4, 0x3f, 0x7fff4002}, {0x7f, 0x0, 0x6, 0x61}, {0xce, 0x3, 0x0, 0x8}, {0x0, 0x6, 0x33, 0x80000001}, {0x2, 0x80, 0xd, 0xfffffff7}, {0x45fd, 0x4, 0xaa, 0x3}, {0x4, 0x8c, 0x7, 0x2}]}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r3 = semget$private(0x0, 0x7, 0x191) semtimedop(r3, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0) semop(r3, &(0x7f0000000180)=[{0x2, 0x2, 0x800}, {0x3, 0x5, 0x3000}], 0x2) semop(r3, &(0x7f0000000140)=[{0x2, 0xce97, 0x800}, {0x1, 0x5, 0x1000}], 0x2) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x6883, 0x7, 0x1) get_mempolicy(0x0, 0x0, 0x9b, &(0x7f0000ffc000/0x1000)=nil, 0x2) semctl$GETZCNT(r3, 0x5, 0xf, 0x0) fchdir(0xffffffffffffffff) removexattr(0x0, &(0x7f0000000200)=@known='system.posix_acl_default\x00') setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 5m20.370220356s ago: executing program 2 (id=1638): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x20008001, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0, 0x40000000}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x5, 0xa8, 0x20, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x2a, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, 0x0, 0x0) 5m5.212070065s ago: executing program 39 (id=1638): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x20008001, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0, 0x40000000}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x5, 0xa8, 0x20, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x2a, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, 0x0, 0x0) 15.90463635s ago: executing program 0 (id=3008): syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6(0xa, 0x1, 0x6) dup3(r2, r0, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 15.645353767s ago: executing program 0 (id=3012): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0xfffe, @empty}, {0x4, 0x0, @empty}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @private}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x5}) modify_ldt$read_default(0x2, 0xfffffffffffffffc, 0x0) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@nojournal_checksum}]}, 0x1, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==") lsetxattr$security_capability(&(0x7f0000000280)='./file1\x00', &(0x7f0000000080), &(0x7f0000000180)=@v3={0x3000000, [{0x7fffffdf, 0xabda}, {0x3, 0x2}], 0xee00}, 0x18, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r2, 0x6, 0x23, &(0x7f0000000040)=""/40, &(0x7f0000000080)=0x28) fallocate(r1, 0x20, 0x0, 0x8000) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) 15.2217808s ago: executing program 0 (id=3015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r2 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r2, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x7, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14) 14.557095624s ago: executing program 0 (id=3021): bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x800700, &(0x7f0000000ac0), 0x2, 0x46a, &(0x7f0000000640)="$eJzs3M9vFFUcAPDvTH+A/GpF/AGiVomx8UdLCyoHLxpNPEA0URM81rYQwkINrYkQItUYvJgYEj0bjyb+Bd68GPVk4lXvhkiUC+ipZmZnYHfZ7Q/Y7pb280kG3tt50/e+ffNm38zbbQAb1lD2TxKxLSJ+j4iBara+wFD1v+tXz0/+e/X8ZBILC2/9neTlrl09P1kWLY/bWmSG04j00yQ/+Mg79fXOnj13cqJSmT5T5EfnTr0/Onv23HMnTk0cnz4+fXr80KGDB8ZefGH8+bbEmcV1bc9HM3t3v/7upSOTRy+99/N3WXu3Fftr42iXoSzwfxZyjfuebHdlXba9Jp30drEhrEhPRGTd1ZeP/4HoiZudNxCvfdLVxgGrKntv2tR69/wCsI4l0e0WAN1RvtFn97/l1qGpx5pw5eXqDVAW9/Viq+7pjbQo09dwf9tOQxFxdP6/r7MtVuk5BABArc8nvzoczzab/6XxQE25HcUaymBE3BsROyPivojYFRH3R+RlH4yIh1ZY/1BD/tb5T3r5tgJbpmz+91KxtlU//ytnfzHYU+S25/H3JcdOVKb3F7+T4ejblOXHFqnjh1d/+6LVvtr5X7Zl9ZdzwaIdl3sbHtBNTcxN5JPSNrjyccSe3mbxJzdWApKI2B0Re1b2o3eUiRNPf7u3VaGl419EG9aZFr6JeCrv/7/moyH+UrL4+uTo5qhM7x8tz4pb/fLrxTdb1X9H8bdB1v9b6s//xiKDSe167ezK67j4x2e33tPUnNO3c/73J2/n/dJfvPbhxNzcmbGI/uRwnq97ffzmsWW+LJ/FP7yv+fjfWRyT1fNwRGQn8SMR8WhEPFb03eMR8URE7Fsk/p9eab1vLfT/VNPr343zv6H/V57oOfnj963qX97172CeGi5eya9/S1huA+/kdwcAAAB3izT/DHySjtxIp+nISPUz/LtiS1qZmZ175tjMB6enqp+VH4y+tHzSNVDzPHQsmS9+YjU/XjwrLvcfKJ4bf9lzT54fmZypTHU5dtjotrYY/5k/e7rdOmDVNVtHG+/vQkOAjmsc/2l99sIbnWwM0FG+rw0b1xLjP+1UO4DO8/4PG1ez8X+hIW8tANanuvHfpi8WAXeHpeb/i/yBMOAu5/4fNq7lj//Nq9oOoKPu5Hv9ayrRtzaasR4S/bGcwpGugaZKrFqi21cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9vg/AAD//17B7og=") chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10) r2 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x200810, &(0x7f0000000200)={[{@check_strict}, {@unhide}, {@showassoc}, {@nocompress}, {@dmode={'dmode', 0x3d, 0xb}}]}, 0xff, 0x564, &(0x7f00000003c0)="$eJzs3V1v01gawPHHpV2ioK3QskKoKnAou1KRSnASCIq48jon6YHEjmwHtVeooimqSGFFWWnbG5YbdkaauZ175nK+w8w3QvMJRjOynfSFvE1f6XT+vwjOiX3s8xw38lOn8YkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACx3Ipt5y2pG6+1pIZzK4Hf2H3a3bpvgdzZV4zoV8SK/0kmI9fSRdf+vrv6avzfnMymz2YlExcZ2b509fKjK5MTve1HBHwg3x9yT5tb2y9XOp32m+MK5Ay6fnH4upr2TOibhlPTyoS+KpdK9r3Faqiqpq7D5TDSDeUG2on8QM27d1S+XC4qnVv2W16t4tR1b+HDuwXbLqnHuaZ2gtD37j3Ohe6iqdeNV0vaxKvjNg/jF+ITE6lIOw2l1tY77eK4AcSN8r+nUWFco4JdKOTzhUK+9KD84KFtT/YtsD8jfS2O70WLP6ZjPHsDRzPRzf9SFyOetGRJ1MCHKxUJxJfGkPVdvfz/z3t6ZL97838vy1/bXT0jSf6/kT67MSz/D4nl9B6bsiXb8lJWpCMdacubQa2s3qgOvv/DbXWkR+YgfdZEiydGQvHFSEOcZInqLlFSlpKUxJZnsihVCUVJVYzURUsoyxJKJDp5RbkSiBZHIvElECXz4sodUZKXspSlKEq05GRZfGmJJzWpiJPsZU3Wk+NeFGUNPYZrcjlplB86jGzvJ9SWwojRkv9xdMdy3gaOw6+9/A8AAAAAAM4tK3n3Pb7+n5LrSa1q6tr+0mEBAAAAAIBjlPzlfzYupuLadbG4/gcAAAAA4LyxknvsLBHJys20tiZWcrsUbwIAAAAAAHBOJH//vxEXyRwoN8XamVOF638AAAAAAM6Jr8bOsR82L1o//SxBMGW9by79w9pI5uZ1Ni6k2134fI9Rdcaa7u4kKUppMTl56a+zViZttDMJ5qdusTYuDms3AGcngP8dJIArk/KN3Erb3FpNy9XemrSXbNXUdc7164/y4jjTE5Feiv7zav2/kgz/a68xbWVkvdPOPX/dWU1ieR/v5f1GdwLFvnkUR8TyNplvIbnnYuCIp5IbMbr9Zi1ZW++07b3jn0g3n9jf47vpEX1+kLm01Vx3xtvs/vFn4j7zuWGj70aRP+LIP8jttM3t+dtpMSCKwrgoCnujGHwsjh5FcVwUxSNGAQBfytqYLGRJX949xFnucNldDpjdP8h82mZ+JjmxTs4MOKPb487o9hGz2w9934E0LMfG/X77WVb9GG/wcWi/Yb1gxYfwwtuNf8vVza3tu+sbKy/aL9qvCoViyb5v2w8KMpUMo1uQewAAA+z9jh1rYP7vtfjlu7Rhf+6+P+aq+m87HynIyXN5LR1ZlYXkboPkEwcDfyPI7vkYwsKYq9ZskibTb3hZGHFV95fkLofefgsj2+6PoXjyPwgAAE7R3Jg8bPV9C9+P3S138//CmOvu/bl89NXxbtv8KR4FAAD+XHTwycpG/7eCwDSf5cvlvBMtahX47hMVmEpNK+NFOnAXHa+mVTPwI9/163HlqanoUIWtZtMPIlX1A9X0Q7OUTB+oul/9HuqG40XG7b2N7fpe5LiRqpjQVc3Wv+omXNRBsnHY1K6pGteJjO+p0G8Frs4pFWq9p6GpaC8yVRNXPdUMTMMJMuqpX281tKro0A1MM/LTHfb6Ml7VDxrJbnNf+FgDAHBWbG5tv1zpdNpvTrAysOPMqQ8VAAB0jcnSAAAAAAAAAAAAAAAAAAAAAADgDDiN+/+onPNKbyrosxIPlWOojD11vDvxkxOAE/VbAAAA//9oZ0zM") bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x24) openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x1000, 0x0) recvfrom$unix(r2, 0x0, 0x0, 0x13a140872a6dd39f, 0x0, 0x0) 12.593350913s ago: executing program 0 (id=3038): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto, @typedef={0x0, 0x0, 0x0, 0x10, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20) 11.937377209s ago: executing program 0 (id=3042): set_mempolicy(0x3, &(0x7f0000000080)=0xfffffffffffffffd, 0x3) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x2202, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x9) 11.391810678s ago: executing program 40 (id=3042): set_mempolicy(0x3, &(0x7f0000000080)=0xfffffffffffffffd, 0x3) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x2202, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x9) 7.711996386s ago: executing program 8 (id=3069): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b7000000df000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000005d040200000000001d400500000000002004000001ed000062030000000000f53e440000000000007a0a00fe00ffffffc3030000a1000000b520feff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c500000057bd81cb2af0b176275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e5b5b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb9134658fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9a958f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f94fefe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e924d6b1594af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e70300000000000000fee18a22da19fcdb4c2890cda1f96b952511e34cb14ea4a10a6f1dbaa69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45"], 0x0, 0x8}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) writev(r0, &(0x7f000000cac0)=[{&(0x7f0000000040)="419591c78b30640ee91c8fc7c6079c0213a13dce386a64f8a51e9b3931", 0xfe8e}], 0x1) 6.063040739s ago: executing program 7 (id=3073): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r3 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r3, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x7, r2, 0x1, 0xd8, 0x6, @multicast}, 0x14) 5.901245966s ago: executing program 8 (id=3075): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[], 0x0}, 0x94) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008809c000780080077144ebb00000800060000000000080005"], 0xd0}}, 0x0) 5.662030077s ago: executing program 8 (id=3076): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xb, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0xa01, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x5, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0x0, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x7, 0x100, 0x2, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x3, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x0, 0x5, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x2009, 0x2, 0x24, 0x5, 0x7, 0x6, 0x10007e, 0x8, 0x0, 0x7, 0x470, 0x7f, 0xe, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x8, 0x8002, 0x2, 0x6, 0x10001, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x9, 0xfffffffd, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x6, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x3, 0xb6b, 0x5, 0xf7800000, 0xac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000000, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x0, 0xa, 0x1, 0x0, 0x0, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x9, 0xb, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x9, 0x1, 0x7, 0x0, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x200, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x2004, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xfffffeff, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xfffeffff, 0x2, 0x4, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0xfffffffc, 0x3, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94b, 0x9, 0x8, 0x6, 0x100, 0x4, 0xffff, 0x9, 0x2, 0x3ff, 0x2, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7fff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0xff, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffff7f, 0x40, 0x4, 0x0, 0x5, 0x4, 0x1, 0xffff, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x9, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x1, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x6, 0x0, 0x81, 0xfff80000, 0x0, 0x1, 0x9, 0x3, 0x7ef8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x1, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0x4000fff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x1, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0xc000, 0xffffff97, 0x2, 0x40, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0xfff, 0xe, 0x3, 0x9, 0xa, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x4, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x5, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3.734716133s ago: executing program 9 (id=3078): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000280)={@remote, 0x0}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newtaction={0x98, 0x30, 0x1, 0x0, 0xffe4, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80d, 0x0, 0x10000000, 0x5, 0x4}, 0x1, r5}}]}, {0x0, 0xa}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x1}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000004c0)={0xb0, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0x4}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x80}, 0x4) 3.489157083s ago: executing program 7 (id=3080): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x10, 0x0, 0x0, 0x0, {[@sack={0x5, 0x16, [0x49c, 0x8, 0x6, 0x3, 0x4]}, @mptcp=@syn={0x1e, 0xc}, @sack={0x5, 0xa, [0x0, 0x0]}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) 3.470525959s ago: executing program 8 (id=3081): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000000c0)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c000500000000020000000008000200", @ANYRES32=r3, @ANYBLOB="050037"], 0x40}, 0x4, 0x700000000000000}, 0x0) 3.317709458s ago: executing program 9 (id=3082): r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RLOPEN(r0, &(0x7f00000000c0)={0x18, 0xd, 0x1, {{0x1, 0x4, 0x7}}}, 0x18) 3.215690877s ago: executing program 8 (id=3083): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd28, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x8, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004) 3.117370317s ago: executing program 9 (id=3085): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000000)={[{@max_batch_time={'max_batch_time', 0x3d, 0x101}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x1c1202, 0x0) write$P9_RREADDIR(r1, &(0x7f00000000c0)={0x28, 0x29, 0x1, {0x4, [{{0x10, 0x1, 0x1}, 0x80000001, 0xfe, 0x5, './bus'}]}}, 0x28) sendfile(r1, r0, 0x0, 0x3ffff) 2.866506446s ago: executing program 5 (id=3086): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000100)={0x84, @multicast2, 0x4e23, 0x3, 'sh\x00', 0x14, 0xc, 0x22}, 0x2c) 2.613200234s ago: executing program 5 (id=3087): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)) socket$inet_sctp(0x2, 0x1, 0x84) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0xf0e7, 0x60000) syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0xffff7ffe, 0x400, 0x3, 0x8000031c}, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) syz_open_procfs(0x0, &(0x7f0000000100)='net/netlink\x00') socket(0x1e, 0x4, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty20(0xc, 0x4, 0x1) socket(0x1e, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0003001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 2.54617774s ago: executing program 7 (id=3088): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=ANY=[@ANYBLOB="340000001400b59527bd7000fcdbdf2523090000", @ANYBLOB="140002"], 0x34}, 0x1, 0x0, 0x0, 0x40804}, 0x0) 2.439705909s ago: executing program 9 (id=3089): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r3 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r3, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x7, r2, 0x1, 0xd8, 0x6, @multicast}, 0x14) 2.218440413s ago: executing program 5 (id=3090): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x34, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x8d0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xc}, {0xfff2}, {0xfff1, 0x3d}}}, 0x24}}, 0x0) 2.180219436s ago: executing program 7 (id=3091): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xb, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0xa01, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x5, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0x0, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x7, 0x100, 0x2, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x3, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x0, 0x5, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x2009, 0x2, 0x24, 0x5, 0x7, 0x6, 0x10007e, 0x8, 0x0, 0x7, 0x470, 0x7f, 0xe, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x8, 0x8002, 0x2, 0x6, 0x10001, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x9, 0xfffffffd, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x6, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x3, 0xb6b, 0x5, 0xf7800000, 0xac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000000, 0x0, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x0, 0xa, 0x1, 0x0, 0x0, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x9, 0xb, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x9, 0x1, 0x7, 0x0, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x200, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x107e, 0x2004, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xfffffeff, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x3, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xfffeffff, 0x2, 0x4, 0xa6, 0x3, 0x10000, 0x1000, 0x4, 0x0, 0x3, 0xfffffffc, 0x3, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94b, 0x9, 0x8, 0x6, 0x100, 0x4, 0xffff, 0x9, 0x2, 0x3ff, 0x2, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7fff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0xffffff37, 0x3, 0x9, 0xc, 0xff, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffff7f, 0x40, 0x4, 0x0, 0x5, 0x4, 0x1, 0xffff, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x9, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x1, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x6, 0x0, 0x81, 0xfff80000, 0x0, 0x1, 0x9, 0x3, 0x7ef8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x1, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0x4000fff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x400003, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x1, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0xc000, 0xffffff97, 0x2, 0x40, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0xfff, 0xe, 0x3, 0x9, 0xa, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x4, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x2, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x5, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2.124953724s ago: executing program 8 (id=3092): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) kexec_load(0x6, 0x0, 0x0, 0x3e0000) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) ioperm(0xa, 0x1, 0xffff) lgetxattr(0x0, 0x0, 0x0, 0x0) 1.885610805s ago: executing program 5 (id=3093): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x50) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000040)='net/udplite\x00') bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEV(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYBLOB="010026bd7000fcdbdf251b00000010002e800c003f426ad39b34683caaaa0c00060001"], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x20008050) syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3810744, &(0x7f00000002c0)={[{@nombcache}, {@inlinecrypt}, {@dioread_lock}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@jqfmt_vfsv0}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x844d}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@i_version}, {@minixdf}]}, 0x1, 0x46b, &(0x7f0000000b00)="$eJzs3M1vVFUbAPDn3s4AL/AyFfEDBK2isfGjpQWVhS40mrjQxEQXuKxtIchADa2JEKLVGFwaEvfGpYl/gStXRl2ZuNW9ISFKTEA3jrkz99LOMFOmMO1A5/dLLpwz98w958k953LmnBkCGFgj2R9JxPaI+DUiKo1sc4GRxl9XL5+b/vvyuekkarU3/0jq5a5cPjddFC3ety3PjKYR6adJXkmz+TNnT0xVq7On8/z4wsn3xufPnH36+MmpY7PHZk9NHj586ODEc89OPtOTOLM2Xdnz4dze3a++feH16SMX3vnxm6y99+5rnF8eRze2d1FmJAv8z1pd67nHVlPZHeDf2lKcSanfraFbQxGR3a5yffxXYiiWbl4lXvmkr40D1lT2zN7c+fRiDdjAkuh3C4D+KP6hzz7/Fsc6TT1uC5debHwAyuK+mh+NM6VI8zLlNax/JCKOLP7zZXZEyzpErc26AQDArfoum/88df38r7430ijywra8bCUihiPirojYGRF3R8SuiLgnL3tfRNy/yvpbt4aun3+mF282tm5k87/n872t5vlfMfuL4aE89/96/OXk6PHq7IGI2BERo1HenOUn2l28uMTLv3zeqf7l87/syOov5oL5RS6WWhboZqYWpno1Kb30ccSeUrv4k2s7AVlf2B0Re1Z36R1F4vgTX+/tVOjG8a+gB/tMta8iHm/c/8Voib+QrLw/Ob4lqrMHxotecb2ffj7/Rqf6byn+Hsju/9bm/t9SovJXsny/dn71dZz/7bOOnylLN9n/NyVv1fdgN+WvfTC1sHB6ImJT8lo93/T65NJ7i3xRPot/dP9S/BFL439n/p4s/gciIuvE+yLiwYh4KL93D0fEIxGxf4X4f3jp0Xc7nbsd7v9M2+fftf4/3Hz/V58YOvH9t53q7+75d6ieGs1fqT//bqBzc7bkJW62NwMAAMCdJ61/lz1Jx66l03RsrPF9+V2xNa3OzS88eXTu/VMzje+8D0c5LVa6KsvWQyeSxfyKjfxkvlZcnD+Yrxt/MfS/en5seq460+fYYdBt6zD+M78P9bt1wJq70T6a5wBsXK3jP+1TO4D15/faMLiMfxhc3Y7/Q2vcDmD9tRv/H7XkrQHCxmT+D4PL+IfBZfzD4DL+YSDdyu/61ypRWuHX++uWKK/4nwhInI30tmiGRJtEqQeju88PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75LwAA//+MOu7f") r2 = syz_pidfd_open(0x0, 0x0) pread64(r2, &(0x7f00000021c0)=""/4096, 0x1000, 0x62) syz_genetlink_get_family_id$nl80211(0x0, r0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000002180)={0x1, &(0x7f0000000240)=[{0x6, 0xfd, 0x0, 0x7fffffff}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c00000002060108000000000000000000001000050005000a000000050001000700000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c697000"], 0x4c}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 1.829236174s ago: executing program 9 (id=3094): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x19) ioctl$TUNSETLINK(r0, 0x400454cd, 0x332) 1.554533018s ago: executing program 5 (id=3095): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) socket$packet(0x11, 0x3, 0x300) openat$vcsu(0xffffffffffffff9c, 0x0, 0x101000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) setpriority(0x2, 0x0, 0x7) mkdirat(0xffffffffffffff9c, 0x0, 0x1c6) mount(0x0, 0x0, 0x0, 0xc00, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r3, 0x0, 0x0, 0x40) sendto$inet(r3, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 327.731877ms ago: executing program 9 (id=3096): r0 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800718, &(0x7f00000003c0)={[{@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x60}}, {@nobh}, {@resgid}, {@resuid}, {@nombcache}, {@noblock_validity}, {@usrquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}]}, 0x22, 0x4a3, &(0x7f0000000980)="$eJzs281rXFUbAPDn3nz2M3n79v1orRotQlBMmrRqF24UBZGKgi7qMk6mJXTaSBPBfmCjiCtBCroWl6J/gbgRQdSV4Epw5UoKRbNp6ypyZ+5NMpNM2iSTTO38fjCZc+aemXueOffce+45kwA61lD2J4nYHRG/RsRALVtfYKj2dHP+cunW/OVSEgsLr/6RVMvdmL9cKooW79uVZ4bTiPT9JN9JvZkLF89MVCrl83l+dPZsX56cOF0+XT43fvz4saNjTz05/kRL4sziunHwnelDB154/epLpZNX3/jhy6y+u/Pty+NYp19Gm2wYygL/c6GqcdsjG9zZ3WrPsnTS3caKsC5dEZE1V0+1/w9EVyw13kA8/15bKwdsqeza1Nd889wCcA9Lot01ANqjuNDvnO8qZffAK++DB7Zy+NF215+p3QBlcd/MH7Ut3ZHmZXoa7m9baSgiTs799Wn2iM3NQwAA3JEPS5+c6I2IS7e+eDEbeyyN9tLu/1aff6v+3ZuPBAcj4l8RsS8i/h0R+yPiPxGRlf1fRPx/k/VZOf5Jr23yI9eUjf+ezte26sd/xegvBrvy3J5q/D3JqalK+Uj+nQxHT1+WH1tjH9889/NHzbYtH/9lj2z/xVgwr8e17oYJusmJ2YnqoLQFrr8bcbA7SVbGnyyuBCQRcSAiDq7vo/cWialHPz/UrNDt419DC9aZFj7LwpvL2n8uGuIvJLX1yTdHZy5cfHzqbOP65Gh/VMpHRoujYqUff/rglWb7r8Xfn+dWj3/H5sNs6nq59rys/ZdtXewDS+u1M63d/waP/7Q3ea26ztybv/b2xOzs+bGI3uRENV/3+vjSe4t8UT47/ocPr97/9+Xvydr/vojIDuL7I+KBiHgwr/tDEfFwRBxeI8bvn719/JFu4PhvgSz+yVXPf4vH/2BS1/7rT3Sd+e6rZvu/s/Y/Vk0N569Uz38Nkob8atXpjuhrrOBmvz8AAAD4J0irv4FP0pHFdJqOjNR+w78/dqaV6ZnZx05Nv3VusvZb+cHoSYuZroF8PrQyVSmPJXP5J9bmR8fzueJivvRoPm/8cdeOan6kNF2ZbHPs0Ol2Nen/md+72l07YIvVLy8VC8DjvW2pDLDNGtfR0/rslZfDyQDuVf5fGzrXbfp/ul31ALaf6z90rtX6/5WGvLUAuDe5/kPn0v+hQ6Xfrvry19teEaAdXP+hI23m//q3MNF/d1SjPYntbpRYV+EoEmnbv6hWJfrjrqjGxhOX8t7cyk9u84kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgRf4OAAD//+Nr2uw=") chroot(&(0x7f0000000100)='./file0\x00') pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000500)='./file0\x00') 279.925087ms ago: executing program 7 (id=3097): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000b80), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000006c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf250100000008000600ac1414bb08000800e000000206000a004e200000050004000200"], 0x34}, 0x1, 0x0, 0x0, 0x40048021}, 0x40080) 165.521004ms ago: executing program 5 (id=3098): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x10, 0x0, 0x0, 0x0, {[@sack={0x5, 0x16, [0x49c, 0x8, 0x6, 0x3, 0x4]}, @mptcp=@syn={0x1e, 0xc}, @sack={0x5, 0xa, [0x0, 0x0]}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) 0s ago: executing program 7 (id=3099): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000740)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[], 0xf0}}], 0x1, 0x24004c41) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x1004800, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) kernel console output (not intermixed with test programs): out [ 672.288321][T10778] cp210x 10-1:0.0: cp210x converter detected [ 672.691541][T10778] cp210x 10-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 672.726333][T10778] cp210x 10-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 672.738048][T10778] cp210x 10-1:0.0: GPIO initialisation failed: -71 [ 672.766058][T10778] usb 10-1: cp210x converter now attached to ttyUSB0 [ 672.794594][T10778] usb 10-1: USB disconnect, device number 9 [ 672.834573][T10778] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 672.850660][T10778] cp210x 10-1:0.0: device disconnected [ 673.031607][T10844] device hsr_slave_0 entered promiscuous mode [ 673.089617][T10844] device hsr_slave_1 entered promiscuous mode [ 673.101450][T10917] loop7: detected capacity change from 0 to 164 [ 673.530333][T10925] loop9: detected capacity change from 0 to 2048 [ 673.551377][ T4323] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.603134][T10925] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 673.866429][ T4323] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.043493][ T4323] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.097834][T10938] tipc: Started in network mode [ 674.105989][T10938] tipc: Node identity 7f000001, cluster identity 4711 [ 674.126487][T10938] tipc: Enabling of bearer rejected, failed to enable media [ 674.206375][ T4323] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.368113][ T4274] Bluetooth: hci5: command 0x040f tx timeout [ 674.829991][ T1169] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 675.029881][ T1169] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 675.049723][ T1169] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.096675][ T1169] usb 10-1: config 0 descriptor?? [ 675.136474][ T1169] cp210x 10-1:0.0: cp210x converter detected [ 675.543291][ T1169] cp210x 10-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 675.566836][ T1169] cp210x 10-1:0.0: failed to get vendor val 0x000e size 678: -121 [ 675.585526][ T1169] cp210x 10-1:0.0: GPIO initialisation failed: -121 [ 675.628399][ T1169] usb 10-1: cp210x converter now attached to ttyUSB0 [ 675.936818][ T4319] usb 10-1: USB disconnect, device number 10 [ 676.438178][ T4274] Bluetooth: hci5: command 0x0419 tx timeout [ 676.462698][ T4319] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 676.471317][ T4319] cp210x 10-1:0.0: device disconnected [ 676.765239][T10981] loop8: detected capacity change from 0 to 512 [ 676.796485][T10981] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 676.843410][T10981] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.1723: bad orphan inode 16 [ 676.886022][T10981] ext4_test_bit(bit=15, block=4) = 0 [ 676.892645][T10981] EXT4-fs (loop8): 1 orphan inode deleted [ 676.898918][T10981] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 676.913648][T10981] capability: warning: `syz.8.1723' uses 32-bit capabilities (legacy support in use) [ 676.960126][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 677.802850][T10844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 677.828760][T10993] loop8: detected capacity change from 0 to 512 [ 677.835896][T10993] EXT4-fs: Ignoring removed i_version option [ 677.875219][T10993] EXT4-fs: Ignoring removed bh option [ 677.933101][T10993] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 677.947541][T10844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 677.961006][T10844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 677.975866][T10844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 677.987345][T10993] ext4 filesystem being mounted at /115/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 678.225661][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 678.481426][T10844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.792333][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 678.850914][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 679.126697][T10844] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.390104][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 679.428956][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 679.468115][ T4384] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.475322][ T4384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.484131][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 680.301241][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 680.341541][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 680.371926][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.379153][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.976242][ T7886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 681.641063][T11033] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 681.750441][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 681.764136][T11033] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 681.795760][ T4323] device hsr_slave_0 left promiscuous mode [ 681.838688][ T4323] device hsr_slave_1 left promiscuous mode [ 681.845191][T11033] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 681.858776][ T4323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 681.889725][ T4323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.026960][ T4323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.051411][ T4323] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.060423][ T4323] device bridge_slave_1 left promiscuous mode [ 682.066746][ T4323] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.109442][ T4323] device bridge_slave_0 left promiscuous mode [ 682.128132][ T4323] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.263004][ T4323] device veth1_macvtap left promiscuous mode [ 682.279217][ T4323] device veth0_macvtap left promiscuous mode [ 682.298186][ T4323] device veth1_vlan left promiscuous mode [ 682.304117][ T4323] device veth0_vlan left promiscuous mode [ 684.887787][ T4323] team0 (unregistering): Port device team_slave_1 removed [ 684.965581][ T4323] team0 (unregistering): Port device team_slave_0 removed [ 685.033472][ T4323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 685.109869][ T4323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 685.551506][ T4323] bond0 (unregistering): Released all slaves [ 685.679799][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1743'. [ 685.698832][T11064] netlink: 'syz.8.1743': attribute type 5 has an invalid length. [ 685.737549][T11064] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1743'. [ 685.786193][T11064] netdevsim netdevsim8 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 685.810135][T11064] netdevsim netdevsim8 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 685.834414][T11064] netdevsim netdevsim8 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 685.843459][T11064] netdevsim netdevsim8 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 685.852935][T11064] device geneve3 entered promiscuous mode [ 685.861553][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 685.882157][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.888629][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.902286][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 686.010628][T10844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 686.031493][T10844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 686.104396][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 686.128595][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 686.137600][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 686.186549][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 686.238921][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 686.443363][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 686.615511][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 686.875234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 688.159739][T11117] loop9: detected capacity change from 0 to 1024 [ 688.167659][T11117] EXT4-fs: Ignoring removed oldalloc option [ 688.174251][T11117] EXT4-fs: Ignoring removed bh option [ 688.188228][T11117] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 688.282496][T11124] device bridge0 entered promiscuous mode [ 688.302883][T11117] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 689.525549][ T27] audit: type=1804 audit(2000000026.950:126): pid=11117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.1755" name="/newroot/140/file1/bus" dev="loop9" ino=18 res=1 errno=0 [ 689.724625][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 689.875041][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1758'. [ 689.968029][T11138] loop7: detected capacity change from 0 to 1024 [ 690.117124][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 690.143285][T11138] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #3: block 2: comm syz.7.1760: lblock 2 mapped to illegal pblock 2 (length 1) [ 690.158343][ T4384] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 690.190895][T10844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 690.233344][T11138] Quota error (device loop7): qtree_write_dquot: dquota write failed [ 690.256809][T11138] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #3: block 48: comm syz.7.1760: lblock 0 mapped to illegal pblock 48 (length 1) [ 690.796881][T11138] Quota error (device loop7): v2_write_file_info: Can't write info structure [ 690.923837][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 690.951855][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 690.975670][T11138] EXT4-fs error (device loop7): ext4_acquire_dquot:6835: comm syz.7.1760: Failed to acquire dquot type 0 [ 691.061292][T11138] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 691.080175][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 691.138045][T11138] EXT4-fs error (device loop7): ext4_evict_inode:279: inode #11: comm syz.7.1760: mark_inode_dirty error [ 691.149344][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 691.187682][T10844] device veth0_vlan entered promiscuous mode [ 691.195283][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 691.209275][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 691.212649][T11138] EXT4-fs warning (device loop7): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 691.245446][T10844] device veth1_vlan entered promiscuous mode [ 691.274158][T11138] EXT4-fs (loop7): 1 orphan inode deleted [ 691.318306][T11138] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 691.327240][ T4397] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:11: lblock 1 mapped to illegal pblock 1 (length 1) [ 691.342994][T11152] loop9: detected capacity change from 0 to 2048 [ 691.359262][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 691.387924][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 691.406026][ T4397] Quota error (device loop7): remove_tree: Can't read quota data block 1 [ 691.423163][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 691.452480][T11152] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 691.459797][ T4397] EXT4-fs error (device loop7): ext4_release_dquot:6871: comm kworker/u4:11: Failed to release dquot type 0 [ 691.478958][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 691.514978][T11154] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1763'. [ 691.525443][T10844] device veth0_macvtap entered promiscuous mode [ 691.563977][T10844] device veth1_macvtap entered promiscuous mode [ 691.635940][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.695815][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.735616][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.769457][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.834181][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.878458][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.953551][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.004982][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.022528][ T8190] EXT4-fs (loop7): unmounting filesystem. [ 692.030557][T10844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.038851][ T4333] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 692.054942][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 692.063943][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 692.074429][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 692.090357][ T4333] Quota error (device loop7): remove_tree: Can't read quota data block 1 [ 692.112633][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 692.140136][ T4333] EXT4-fs error (device loop7): ext4_release_dquot:6871: comm kworker/u4:7: Failed to release dquot type 0 [ 692.142701][T11169] overlayfs: missing 'lowerdir' [ 692.663526][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.717559][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.748279][ T8190] EXT4-fs error (device loop7): __ext4_get_inode_loc:4513: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 692.782356][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.806160][ T8190] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 692.829964][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.903344][ T8190] EXT4-fs error (device loop7): ext4_quota_off:7141: inode #3: comm syz-executor: mark_inode_dirty error [ 692.918442][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.950923][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.045389][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.116937][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.188952][T10844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 693.247469][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 694.127188][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 694.234296][T10844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.388052][T10844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.398194][T10844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.407471][T10844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.298660][T11184] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 695.338703][T11184] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 695.408804][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1770'. [ 695.422785][T11184] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 695.564852][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.602715][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.689737][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 695.792758][T11206] loop7: detected capacity change from 0 to 256 [ 695.801005][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.845766][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.855300][T11206] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00007372) [ 695.914287][ T4523] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 697.532566][T11222] overlayfs: missing 'lowerdir' [ 697.708683][T11223] loop0: detected capacity change from 0 to 2048 [ 697.764670][T11223] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 697.834018][T11225] loop9: detected capacity change from 0 to 1024 [ 697.939212][T11225] EXT4-fs: Ignoring removed oldalloc option [ 697.981357][T11227] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1781'. [ 698.006380][T11225] EXT4-fs: Ignoring removed bh option [ 698.078176][T11225] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 698.199218][T11231] lo speed is unknown, defaulting to 1000 [ 698.205412][T11231] lo speed is unknown, defaulting to 1000 [ 698.211763][T11231] lo speed is unknown, defaulting to 1000 [ 698.224801][T11231] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 698.247113][T11231] lo speed is unknown, defaulting to 1000 [ 698.254224][T11231] lo speed is unknown, defaulting to 1000 [ 698.261180][T11231] lo speed is unknown, defaulting to 1000 [ 698.267983][T11231] lo speed is unknown, defaulting to 1000 [ 698.271000][T11232] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 698.276171][T11231] lo speed is unknown, defaulting to 1000 [ 698.444014][T11235] loop0: detected capacity change from 0 to 1024 [ 698.497554][T11225] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 698.556249][T11235] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 698.586419][T11235] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 698.651649][ T27] audit: type=1804 audit(2000000036.080:127): pid=11225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.1780" name="/newroot/148/file1/bus" dev="loop9" ino=18 res=1 errno=0 [ 698.792844][T11235] EXT4-fs error (device loop0): ext4_map_blocks:745: inode #15: block 3: comm syz.0.1782: lblock 3 mapped to illegal pblock 3 (length 1) [ 698.941945][T11235] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 699.009907][T11235] EXT4-fs (loop0): This should not happen!! Data will be lost [ 699.009907][T11235] [ 699.025967][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 699.245544][T10844] EXT4-fs (loop0): unmounting filesystem. [ 700.734328][T11258] loop0: detected capacity change from 0 to 512 [ 700.835108][T11258] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 700.948335][T11258] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 700.971994][T11262] loop9: detected capacity change from 0 to 2048 [ 701.020544][T11258] EXT4-fs (loop0): 1 truncate cleaned up [ 701.068774][T11258] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 701.081688][T11262] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 701.133785][T11258] EXT4-fs: group quota file already specified [ 701.357370][T10844] EXT4-fs (loop0): unmounting filesystem. [ 701.413337][T11272] overlayfs: missing 'lowerdir' [ 702.265139][T11282] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1794'. [ 702.285721][T11281] loop0: detected capacity change from 0 to 2048 [ 702.352690][T11282] 8021q: VLANs not supported on caif0 [ 702.392211][T11281] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 702.673605][T11289] loop9: detected capacity change from 0 to 512 [ 702.819058][T11289] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 702.858657][T11289] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 703.099153][T11295] device syzkaller0 entered promiscuous mode [ 703.156364][ T4269] syzkaller0: tun_net_xmit 48 [ 703.167575][T11296] syzkaller0: create flow: hash 3901073331 index 1 [ 703.201368][ T8190] cgroup: fork rejected by pids controller in /syz7 [ 703.300345][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 703.614687][T11304] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.643746][T11311] overlayfs: missing 'lowerdir' [ 703.657598][T11304] device bridge_slave_1 left promiscuous mode [ 703.677476][T11304] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.706993][T11304] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 703.827019][T11291] syzkaller0: delete flow: hash 3901073331 index 1 [ 704.059379][T11322] loop9: detected capacity change from 0 to 2048 [ 704.096459][T11322] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 705.106592][T11326] sctp: failed to load transform for md5: -2 [ 705.811204][ T4284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 705.854381][ T4284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 705.864874][ T4284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 705.886611][ T4284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 706.638215][ T4287] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 706.645948][ T4287] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 706.742770][T11351] overlayfs: missing 'lowerdir' [ 706.949490][T11358] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1819'. [ 708.692138][ T4287] Bluetooth: hci0: command 0x0409 tx timeout [ 709.267698][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1807'. [ 709.278169][T11319] 8021q: VLANs not supported on caif0 [ 709.285130][T11362] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1820'. [ 709.338166][T11362] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1820'. [ 709.471457][T10585] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.758320][ T4287] Bluetooth: hci0: command 0x041b tx timeout [ 710.902397][T10585] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.979087][T11346] lo speed is unknown, defaulting to 1000 [ 711.114493][T10585] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.138084][T11377] loop0: detected capacity change from 0 to 8192 [ 711.285594][T10585] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.321324][T11377] lo speed is unknown, defaulting to 1000 [ 711.359290][T11380] qfq: no options [ 712.107531][T11346] chnl_net:caif_netlink_parms(): no params data found [ 712.139274][T11396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1831'. [ 712.162688][T11396] 8021q: VLANs not supported on caif0 [ 712.839605][ T4287] Bluetooth: hci0: command 0x040f tx timeout [ 713.767635][T11346] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.818172][T11346] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.909318][T11346] device bridge_slave_0 entered promiscuous mode [ 714.037255][T11346] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.065974][T11346] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.123419][T11346] device bridge_slave_1 entered promiscuous mode [ 714.417765][T11346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 714.497822][T11439] loop0: detected capacity change from 0 to 512 [ 714.531624][T11346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 714.562048][T11439] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 714.677082][T11439] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1844: invalid indirect mapped block 4294967295 (level 1) [ 714.700243][T11439] EXT4-fs (loop0): Remounting filesystem read-only [ 714.707029][T11439] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1844: invalid indirect mapped block 4294967295 (level 1) [ 714.722551][T11439] EXT4-fs (loop0): Remounting filesystem read-only [ 714.729802][T11439] EXT4-fs (loop0): 2 truncates cleaned up [ 714.735817][T11439] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 714.751685][T11439] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.1844: bg 0: block 5: invalid block bitmap [ 714.774337][T11439] EXT4-fs (loop0): Remounting filesystem read-only [ 714.832890][T11430] lo speed is unknown, defaulting to 1000 [ 714.875626][T11346] team0: Port device team_slave_0 added [ 714.896939][T10844] EXT4-fs (loop0): unmounting filesystem. [ 714.917979][ T4287] Bluetooth: hci0: command 0x0419 tx timeout [ 715.403251][T11346] team0: Port device team_slave_1 added [ 715.420647][T11447] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1846'. [ 715.445942][T11447] 8021q: VLANs not supported on caif0 [ 715.839925][T11459] loop0: detected capacity change from 0 to 128 [ 715.857745][T11458] loop9: detected capacity change from 0 to 128 [ 716.101952][ T27] audit: type=1800 audit(2000000001.320:128): pid=11459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1851" name="bus" dev="loop0" ino=1048684 res=0 errno=0 [ 716.788712][T11346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 717.040048][T11346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 717.944139][T11346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 718.032815][T11346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 718.053340][T11346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.188208][T11346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 718.528408][T10585] device hsr_slave_0 left promiscuous mode [ 718.539291][T10585] device hsr_slave_1 left promiscuous mode [ 718.680164][T10585] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 718.783793][T10585] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 718.908914][T10585] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 718.945591][T11476] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1856'. [ 718.977675][T11476] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1856'. [ 718.997644][T10585] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 719.091167][T10585] device bridge_slave_1 left promiscuous mode [ 719.411179][T10585] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.462952][T10585] device bridge_slave_0 left promiscuous mode [ 719.500969][T10585] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.628822][T10585] device bridge0 left promiscuous mode [ 719.645595][T10585] device veth1_macvtap left promiscuous mode [ 719.680346][T10585] device veth0_macvtap left promiscuous mode [ 719.693782][T10585] device veth1_vlan left promiscuous mode [ 719.701834][T10585] device veth0_vlan left promiscuous mode [ 721.412050][T11498] loop9: detected capacity change from 0 to 2048 [ 721.464012][T11498] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 722.344596][T10585] team0 (unregistering): Port device team_slave_1 removed [ 722.431646][T10585] team0 (unregistering): Port device team_slave_0 removed [ 722.555574][T10585] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 722.748767][T10585] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 723.265989][T10585] bond0 (unregistering): Released all slaves [ 723.389896][T11485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1860'. [ 723.399637][T11485] 8021q: VLANs not supported on caif0 [ 723.572068][T11346] device hsr_slave_0 entered promiscuous mode [ 723.608383][T11346] device hsr_slave_1 entered promiscuous mode [ 723.627585][T11346] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 723.664255][T11346] Cannot create hsr debugfs directory [ 726.329239][T11601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1878'. [ 726.408594][T11601] 8021q: VLANs not supported on caif0 [ 726.804998][T11346] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 726.835094][T11615] loop8: detected capacity change from 0 to 512 [ 726.926166][T11346] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 726.956143][T11615] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 726.984273][T11346] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 727.001161][T11615] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 727.102544][T11346] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 727.196335][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 727.479287][T11623] loop0: detected capacity change from 0 to 8192 [ 728.423110][T11346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 728.454865][T11623] lo speed is unknown, defaulting to 1000 [ 728.597256][ T7886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 728.617193][ T7886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 728.664114][T11346] 8021q: adding VLAN 0 to HW filter on device team0 [ 728.690791][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 728.710440][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 728.745498][T11586] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.752758][T11586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.768175][ T4319] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 728.782406][T11644] loop9: detected capacity change from 0 to 512 [ 728.817197][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 728.833222][T11644] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 728.844738][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 728.864112][T11644] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e854e018, mo2=0003] [ 728.890400][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 728.902157][T11644] System zones: 0-1, 15-15, 18-18, 34-34 [ 728.911014][T11586] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.918230][T11586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.928650][T11644] EXT4-fs (loop9): orphan cleanup on readonly fs [ 728.935154][T11644] Quota error (device loop9): v2_read_header: Failed header read: expected=8 got=0 [ 728.947647][T11644] EXT4-fs warning (device loop9): ext4_enable_quotas:7087: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 728.967304][ T7886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 728.979048][ T4319] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 728.981976][T11644] EXT4-fs (loop9): Cannot turn on quotas: error -22 [ 728.997443][T11644] EXT4-fs error (device loop9): ext4_orphan_get:1399: inode #16: comm syz.9.1891: iget: bad extended attribute block 1 [ 729.023113][ T4319] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.024822][T11644] EXT4-fs error (device loop9): ext4_orphan_get:1404: comm syz.9.1891: couldn't read orphan inode 16 (err -117) [ 729.054576][T11570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 729.066299][T11644] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 729.091446][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 729.094697][ T4319] usb 9-1: config 0 descriptor?? [ 729.127684][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 729.137315][T11644] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 729.151593][T11644] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e854e018, mo2=0003] [ 729.168741][ T4319] cp210x 9-1:0.0: cp210x converter detected [ 729.220958][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 729.244496][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 729.270151][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 729.289327][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 729.300444][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 729.335261][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 729.349813][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 729.362912][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 729.382466][T11346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 729.476128][T11649] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1892'. [ 729.511237][T11649] device team_slave_0 entered promiscuous mode [ 729.518099][T11649] device team_slave_1 entered promiscuous mode [ 729.533525][T11649] device vlan2 entered promiscuous mode [ 729.543473][T11649] device team0 entered promiscuous mode [ 729.554233][ T4319] cp210x 9-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 729.573746][ T4319] cp210x 9-1:0.0: GPIO initialisation failed: -524 [ 729.613469][ T4319] usb 9-1: cp210x converter now attached to ttyUSB0 [ 729.785848][ T126] usb 9-1: USB disconnect, device number 5 [ 729.802624][ T126] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 729.852555][ T126] cp210x 9-1:0.0: device disconnected [ 730.252381][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 730.263654][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 730.283132][T11346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 731.794306][T11688] loop8: detected capacity change from 0 to 2048 [ 731.876391][T11688] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 732.324605][T11709] loop0: detected capacity change from 0 to 2048 [ 732.366044][T11709] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 732.576837][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 732.920473][T11721] loop8: detected capacity change from 0 to 512 [ 732.977358][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 732.994617][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 733.019659][T11712] lo speed is unknown, defaulting to 1000 [ 733.035458][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 733.056307][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 733.067305][T11721] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 733.081270][T11346] device veth0_vlan entered promiscuous mode [ 733.099221][T11721] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 733.111374][T11496] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 733.172768][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 733.174544][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 733.187081][T11586] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 733.201758][T11346] device veth1_vlan entered promiscuous mode [ 733.317662][T11496] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 733.345557][T11496] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 733.364373][T11496] usb 10-1: config 0 descriptor?? [ 733.371805][T11496] cp210x 10-1:0.0: cp210x converter detected [ 733.413122][T11570] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 733.422671][T11570] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 733.447208][T11570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 733.811565][T11496] cp210x 10-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 733.869438][T11496] cp210x 10-1:0.0: GPIO initialisation failed: -524 [ 733.969729][T11496] usb 10-1: cp210x converter now attached to ttyUSB0 [ 734.132996][T11496] usb 10-1: USB disconnect, device number 11 [ 734.319672][T11496] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 734.333809][T11570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 734.340311][T11496] cp210x 10-1:0.0: device disconnected [ 734.381603][T11346] device veth0_macvtap entered promiscuous mode [ 734.406923][T11736] loop8: detected capacity change from 0 to 128 [ 734.427156][T11736] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 734.443589][T11346] device veth1_macvtap entered promiscuous mode [ 734.486581][T11736] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 734.490402][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.506774][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.577291][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.600535][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.634494][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.665391][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.701298][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.755164][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.791544][T11346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 734.841585][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.867007][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.879557][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.907132][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.954895][T11741] block device autoloading is deprecated and will be removed. [ 734.964896][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.991341][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.005196][T11346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.035564][T11346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.066855][T11346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 735.099001][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 735.119515][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 735.133183][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 735.159790][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 735.233281][T11346] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.263339][T11747] loop8: detected capacity change from 0 to 1024 [ 735.276957][T11346] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.299853][T11747] EXT4-fs: Ignoring removed oldalloc option [ 735.301317][T11346] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.305867][T11747] EXT4-fs: Ignoring removed bh option [ 735.349546][T11346] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.391399][T11756] loop9: detected capacity change from 0 to 2048 [ 735.404353][T11747] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 735.539119][T11747] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 735.549329][T11756] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 735.659525][ T27] audit: type=1804 audit(2000000002.700:129): pid=11747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.1918" name="/newroot/152/file1/bus" dev="loop8" ino=18 res=1 errno=0 [ 735.824239][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 735.896863][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.199896][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 736.220073][ T4523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 736.259642][ T4523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.397410][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 736.451474][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 736.451490][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 736.546794][T11773] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1923'. [ 736.575623][T11776] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1922'. [ 736.897162][T11787] loop0: detected capacity change from 0 to 512 [ 736.923891][T11787] EXT4-fs: Ignoring removed oldalloc option [ 736.965766][T11787] EXT4-fs (loop0): 1 truncate cleaned up [ 736.996178][T11787] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 737.182973][T11785] device syzkaller0 entered promiscuous mode [ 737.282089][T10844] EXT4-fs (loop0): unmounting filesystem. [ 741.294934][T11823] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 741.310396][T11833] lo speed is unknown, defaulting to 1000 [ 741.329761][T11823] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 741.391779][T11823] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 741.557390][T11840] netlink: 128 bytes leftover after parsing attributes in process `syz.9.1936'. [ 741.608667][T11840] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1936'. [ 743.169316][T11871] loop8: detected capacity change from 0 to 512 [ 743.306577][T11871] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem [ 743.425234][T11871] EXT4-fs error (device loop8): ext4_validate_block_bitmap:429: comm syz.8.1948: bg 0: block 104: invalid block bitmap [ 743.532008][T11871] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 743.561762][T11871] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #11: comm syz.8.1948: invalid indirect mapped block 1 (level 1) [ 743.651209][T11880] loop7: detected capacity change from 0 to 8192 [ 743.672090][T11871] EXT4-fs (loop8): 1 truncate cleaned up [ 743.702802][T11871] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 743.708817][T11888] netlink: 128 bytes leftover after parsing attributes in process `syz.9.1952'. [ 743.778327][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1952'. [ 743.831097][T11880] lo speed is unknown, defaulting to 1000 [ 743.852166][ T27] audit: type=1800 audit(2000000000.020:130): pid=11871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1948" name="file1" dev="loop8" ino=18 res=0 errno=0 [ 744.075501][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 744.451076][T11909] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1960'. [ 744.487073][T11909] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1960'. [ 745.221218][T11927] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1966'. [ 745.258407][T11926] netlink: 'syz.9.1968': attribute type 1 has an invalid length. [ 745.294610][T11931] loop8: detected capacity change from 0 to 512 [ 745.390713][T11931] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 745.421377][T11931] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 745.484153][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 745.847274][T11941] loop8: detected capacity change from 0 to 2048 [ 745.978593][T11941] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 745.989958][T11937] loop7: detected capacity change from 0 to 8192 [ 746.356105][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 747.288204][T11945] lo speed is unknown, defaulting to 1000 [ 747.320433][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.327002][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.949950][T11966] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1979'. [ 748.315191][T11976] lo speed is unknown, defaulting to 1000 [ 748.549893][T11982] loop9: detected capacity change from 0 to 2048 [ 748.692028][T11982] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 749.150467][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 749.334706][T11996] loop7: detected capacity change from 0 to 1024 [ 749.426624][T11996] EXT4-fs: Ignoring removed oldalloc option [ 749.447177][T11996] EXT4-fs: Ignoring removed bh option [ 749.469306][T11996] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 749.524303][T11996] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 749.631266][T12005] loop0: detected capacity change from 0 to 1024 [ 749.638741][T12005] EXT4-fs: inline encryption not supported [ 749.789238][T12003] loop9: detected capacity change from 0 to 2048 [ 749.835896][T12003] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 751.477444][T12005] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 751.719758][T11346] EXT4-fs (loop7): unmounting filesystem. [ 751.758291][T10844] EXT4-fs (loop0): unmounting filesystem. [ 752.179842][T11993] lo speed is unknown, defaulting to 1000 [ 753.536912][T12041] loop7: detected capacity change from 0 to 128 [ 753.584736][T12041] FAT-fs (loop7): Directory bread(block 32) failed [ 753.619338][T12041] FAT-fs (loop7): Directory bread(block 33) failed [ 753.943390][T12047] loop9: detected capacity change from 0 to 1024 [ 753.951239][T12047] EXT4-fs: inline encryption not supported [ 753.977387][T12037] nfs4: Unknown parameter 'Iðªw) B£§•ÙIv7»›ÝdµûùÀ´ïͼÍ{ß̼÷æeè[£Ù?IÄžˆø-"†kÙÆ£µÿ–¯Lÿ½xe:‰JåÍ?“j¹[‹W¦‹¢Åçv™ˆôÓ$¶¨wþÒåsSåòìÅÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2038-01-19 (0x7fffffff) [ 815.528367][T12938] loop9: detected capacity change from 0 to 512 [ 815.545288][T12938] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem [ 815.783426][T12938] EXT4-fs (loop9): 1 truncate cleaned up [ 815.795597][T12938] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 815.942812][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 816.094178][T12952] loop0: detected capacity change from 0 to 512 [ 816.097479][T11346] EXT4-fs (loop7): unmounting filesystem. [ 816.224410][T12952] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 816.288171][T12952] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 816.444440][T12959] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2257'. [ 816.717241][T12970] loop7: detected capacity change from 0 to 128 [ 817.003832][T12978] device syzkaller0 entered promiscuous mode [ 817.033992][T10844] EXT4-fs (loop0): unmounting filesystem. [ 817.049409][T12977] Set syz1 is full, maxelem 0 reached [ 817.301516][T12982] loop0: detected capacity change from 0 to 512 [ 817.375135][T12982] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 817.428139][T12982] EXT4-fs (loop0): 1 truncate cleaned up [ 817.433863][T12982] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 817.770991][T10844] EXT4-fs (loop0): unmounting filesystem. [ 819.071488][T13008] usb usb8: usbfs: process 13008 (syz.8.2272) did not claim interface 0 before use [ 819.605096][T13019] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2275'. [ 822.377403][T13059] loop7: detected capacity change from 0 to 1024 [ 822.404404][T13059] EXT4-fs: Ignoring removed orlov option [ 822.445012][T13059] EXT4-fs: Ignoring removed nobh option [ 822.488952][T13066] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 822.549042][T13059] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 822.594484][T13071] tipc: Started in network mode [ 822.613967][T13071] tipc: Node identity 080211000001, cluster identity 4711 [ 822.664088][T13071] tipc: Enabled bearer , priority 0 [ 822.689956][T13066] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2290'. [ 822.820803][T13075] loop9: detected capacity change from 0 to 512 [ 822.839089][T13075] EXT4-fs: inline encryption not supported [ 822.850252][ T27] audit: type=1800 audit(2000000075.590:134): pid=13072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2287" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 822.897774][T13075] EXT4-fs: Ignoring removed i_version option [ 822.931083][T13075] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 822.977772][T13075] System zones: 1-12 [ 823.083379][T13075] EXT4-fs (loop9): 1 orphan inode deleted [ 823.110217][T13075] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 823.249087][T11346] EXT4-fs (loop7): unmounting filesystem. [ 823.330996][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 823.633378][T13097] loop8: detected capacity change from 0 to 4096 [ 823.706731][T13097] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 823.771853][ T4269] tipc: Node number set to 134418688 [ 824.056546][T13112] loop9: detected capacity change from 0 to 512 [ 824.086105][T13112] EXT4-fs: Ignoring removed i_version option [ 824.120026][T13112] EXT4-fs: Ignoring removed bh option [ 824.254219][T13112] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 824.327963][T13112] ext4 filesystem being mounted at /286/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 824.456077][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 824.653486][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 824.909464][T13130] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2309'. [ 825.036488][T13134] loop9: detected capacity change from 0 to 512 [ 825.080078][T13134] EXT4-fs: inline encryption not supported [ 825.086093][T13134] EXT4-fs: Ignoring removed i_version option [ 825.148837][T13134] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 825.167578][T13134] System zones: 1-12 [ 825.526876][T13134] EXT4-fs (loop9): 1 orphan inode deleted [ 825.698191][T13134] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 826.153270][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 826.454273][T13160] loop9: detected capacity change from 0 to 764 [ 826.542163][T12841] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 826.843308][T13175] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2323'. [ 826.863813][T13176] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2324'. [ 827.269226][T13184] loop9: detected capacity change from 0 to 512 [ 827.316520][T13184] EXT4-fs: inline encryption not supported [ 827.377108][T13184] EXT4-fs: Ignoring removed i_version option [ 827.431892][T13184] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 827.453740][T13184] System zones: 1-12 [ 827.498174][T13184] EXT4-fs (loop9): 1 orphan inode deleted [ 827.503983][T13184] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 828.730086][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 828.964634][T13211] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2336'. [ 829.072639][T13215] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2337'. [ 829.364665][T13224] loop8: detected capacity change from 0 to 512 [ 829.442450][T13224] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem [ 829.524975][T13224] EXT4-fs error (device loop8): ext4_validate_block_bitmap:429: comm syz.8.2339: bg 0: block 104: invalid block bitmap [ 829.571754][T13224] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 829.598359][T13224] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #11: comm syz.8.2339: invalid indirect mapped block 1 (level 1) [ 829.714275][T13224] EXT4-fs (loop8): 1 truncate cleaned up [ 829.777018][T13224] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 829.846944][ T27] audit: type=1800 audit(2000000082.580:135): pid=13224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2339" name="file1" dev="loop8" ino=18 res=0 errno=0 [ 830.031771][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 830.167449][T13247] loop7: detected capacity change from 0 to 1024 [ 830.216531][T13247] EXT4-fs: Ignoring removed orlov option [ 830.244776][T13247] EXT4-fs: Ignoring removed nobh option [ 830.328217][T13247] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 830.587355][T11346] EXT4-fs (loop7): unmounting filesystem. [ 831.318098][ T4287] Bluetooth: hci0: command 0x0406 tx timeout [ 831.504293][T13283] loop9: detected capacity change from 0 to 512 [ 831.532159][T13283] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem [ 831.614395][T13283] EXT4-fs error (device loop9): ext4_validate_block_bitmap:429: comm syz.9.2354: bg 0: block 104: invalid block bitmap [ 831.670722][T13277] lo speed is unknown, defaulting to 1000 [ 831.699922][T13283] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 831.717732][T13283] EXT4-fs error (device loop9): ext4_free_branches:1030: inode #11: comm syz.9.2354: invalid indirect mapped block 1 (level 1) [ 831.734414][T13283] EXT4-fs (loop9): 1 truncate cleaned up [ 831.745864][T13283] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 831.779629][ T27] audit: type=1800 audit(2000000000.090:136): pid=13283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2354" name="file1" dev="loop9" ino=18 res=0 errno=0 [ 831.881590][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 832.477243][T13305] netlink: 'syz.9.2361': attribute type 11 has an invalid length. [ 832.511993][T13307] xt_hashlimit: size too large, truncated to 1048576 [ 833.173824][T13325] loop9: detected capacity change from 0 to 2048 [ 833.233631][T13327] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2366'. [ 833.251852][T13325] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 833.350172][T13327] device vlan2 entered promiscuous mode [ 833.737473][T13333] loop7: detected capacity change from 0 to 8192 [ 833.892319][T13333] lo speed is unknown, defaulting to 1000 [ 835.993172][T13379] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2381'. [ 836.284049][T13382] loop8: detected capacity change from 0 to 8192 [ 836.353104][T13387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2384'. [ 836.427324][T13382] lo speed is unknown, defaulting to 1000 [ 836.464568][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 836.721853][T13393] netlink: 'syz.9.2385': attribute type 11 has an invalid length. [ 836.974278][T13400] loop8: detected capacity change from 0 to 128 [ 838.767599][T13422] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2396'. [ 838.794047][T13420] loop9: detected capacity change from 0 to 2048 [ 839.009175][T13420] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 839.138605][T13423] loop8: detected capacity change from 0 to 8192 [ 839.189941][ T4348] kernel write not supported for file /vcs (pid: 4348 comm: kworker/1:7) [ 839.682632][T13423] lo speed is unknown, defaulting to 1000 [ 839.900306][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 840.161413][T13439] loop9: detected capacity change from 0 to 128 [ 841.470983][T13471] loop0: detected capacity change from 0 to 2048 [ 841.545947][T13471] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 842.511077][T10844] EXT4-fs (loop0): unmounting filesystem. [ 842.551558][T13487] loop8: detected capacity change from 0 to 128 [ 842.990191][T13501] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2417'. [ 843.293659][T13507] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2420'. [ 844.227767][ T56] Bluetooth: hci4: Frame reassembly failed (-84) [ 845.309394][T13551] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2434'. [ 845.591492][T13564] device syzkaller0 entered promiscuous mode [ 846.280110][ T4274] Bluetooth: hci4: command 0x1003 tx timeout [ 846.287256][ T4287] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 846.732106][T13574] loop0: detected capacity change from 0 to 8192 [ 846.772524][T13574] lo speed is unknown, defaulting to 1000 [ 846.816796][ T4269] kernel write not supported for file /vcs (pid: 4269 comm: kworker/0:3) [ 846.949072][T13587] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2446'. [ 847.055680][T13589] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2446'. [ 847.081452][T13589] 8021q: adding VLAN 0 to HW filter on device bond1 [ 847.145215][T13587] device macvlan2 entered promiscuous mode [ 847.197392][T13587] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 847.270424][T13596] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2449'. [ 847.572493][T13604] loop9: detected capacity change from 0 to 512 [ 847.624888][T13604] EXT4-fs: inline encryption not supported [ 847.680807][T13604] EXT4-fs: Ignoring removed i_version option [ 847.718616][T13604] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 847.742165][T13604] System zones: 1-12 [ 847.790301][T13604] EXT4-fs (loop9): 1 orphan inode deleted [ 847.796096][T13604] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 847.971351][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 848.262346][T13618] loop9: detected capacity change from 0 to 2048 [ 849.367466][T13618] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 849.622633][T13637] 9pnet_fd: Insufficient options for proto=fd [ 850.286760][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 850.298027][T13641] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2462'. [ 850.402259][T13647] autofs4:pid:13647:autofs_fill_super: called with bogus options [ 850.698823][T13658] loop8: detected capacity change from 0 to 512 [ 850.746471][T13658] EXT4-fs: inline encryption not supported [ 850.781664][T13658] EXT4-fs: Ignoring removed i_version option [ 850.795260][T13652] loop0: detected capacity change from 0 to 8192 [ 850.845629][T13658] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 850.899481][T13658] System zones: 1-12 [ 850.958569][T13658] EXT4-fs (loop8): 1 orphan inode deleted [ 851.012431][T13658] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 851.050713][T13652] lo speed is unknown, defaulting to 1000 [ 851.201259][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 853.114583][T13693] loop0: detected capacity change from 0 to 1024 [ 853.131976][T13693] EXT4-fs: inline encryption not supported [ 853.673356][T13693] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 853.801778][T13693] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 853.843353][ T27] audit: type=1800 audit(2000000002.840:137): pid=13693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2478" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=19 res=0 errno=0 [ 854.085932][T10844] EXT4-fs (loop0): unmounting filesystem. [ 855.605770][T13721] loop0: detected capacity change from 0 to 8192 [ 855.762740][T13721] lo speed is unknown, defaulting to 1000 [ 855.832495][T13737] 9pnet_fd: Insufficient options for proto=fd [ 855.874065][T13738] loop7: detected capacity change from 0 to 512 [ 855.911254][T13738] EXT4-fs: inline encryption not supported [ 855.937654][T13738] EXT4-fs: Ignoring removed i_version option [ 855.982186][T13738] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 856.048590][T13738] System zones: 1-12 [ 856.126289][T13738] EXT4-fs (loop7): 1 orphan inode deleted [ 856.168376][T13738] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 856.466211][T11346] EXT4-fs (loop7): unmounting filesystem. [ 858.065827][T13772] loop8: detected capacity change from 0 to 512 [ 858.106242][T13772] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 858.135757][T13774] 9pnet_fd: Insufficient options for proto=fd [ 858.137545][T13772] ext4 filesystem being mounted at /272/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 858.168075][T13772] EXT4-fs error (device loop8): ext4_lookup:1858: inode #12: comm syz.8.2501: iget: bad i_size value: 2533274857506816 [ 858.258516][T13776] EXT4-fs (loop8): resizing filesystem from 128 to 1 blocks [ 858.303210][T13776] EXT4-fs warning (device loop8): ext4_resize_fs:2051: can't shrink FS - resize aborted [ 858.511945][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 858.657181][T13779] loop7: detected capacity change from 0 to 8192 [ 858.817552][T13779] lo speed is unknown, defaulting to 1000 [ 859.070640][T13799] netlink: 44 bytes leftover after parsing attributes in process `syz.9.2506'. [ 860.767301][T13820] 9pnet_fd: Insufficient options for proto=fd [ 861.070215][T13826] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2498'. [ 861.124635][T13833] loop8: detected capacity change from 0 to 4096 [ 861.195848][T13833] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 861.280754][ T27] audit: type=1800 audit(2000000002.470:138): pid=13833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2515" name="file0" dev="loop8" ino=13 res=0 errno=0 [ 861.364352][T13837] loop0: detected capacity change from 0 to 512 [ 861.452895][T13837] EXT4-fs: inline encryption not supported [ 861.501714][T13837] EXT4-fs: Ignoring removed i_version option [ 861.536595][T13839] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2518'. [ 861.547346][T13837] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 861.595697][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 861.653200][T13837] System zones: 1-12 [ 861.697483][T13837] EXT4-fs (loop0): 1 orphan inode deleted [ 861.708754][T13842] loop7: detected capacity change from 0 to 8192 [ 861.742963][T13837] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 861.805975][T13842] lo speed is unknown, defaulting to 1000 [ 861.997114][T10844] EXT4-fs (loop0): unmounting filesystem. [ 862.515277][T13862] 9pnet_fd: Insufficient options for proto=fd [ 863.059074][T13881] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2530'. [ 863.078055][ T4284] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 863.259617][T13886] device syzkaller0 entered promiscuous mode [ 863.406523][T13895] program syz.8.2535 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 863.421708][T13890] loop0: detected capacity change from 0 to 8192 [ 863.502113][T13890] lo speed is unknown, defaulting to 1000 [ 864.778264][T13908] 9pnet_fd: Insufficient options for proto=fd [ 865.168341][T13921] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2543'. [ 865.379780][T13925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2544'. [ 865.427998][T13925] 8021q: VLANs not supported on caif0 [ 866.983080][T13946] 9pnet_fd: Insufficient options for proto=fd [ 867.362813][T13956] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2555'. [ 867.443241][T13959] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2557'. [ 867.495186][T13959] 8021q: VLANs not supported on caif0 [ 869.518345][T13982] 9pnet_fd: Insufficient options for proto=fd [ 870.203436][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.209958][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.770385][T14021] 9pnet_fd: Insufficient options for proto=fd [ 873.174959][T14028] netlink: 'syz.5.2580': attribute type 1 has an invalid length. [ 877.443086][T14095] 9pnet_fd: Insufficient options for proto=fd [ 877.753645][T14104] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2578'. [ 877.783356][T14106] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2600'. [ 877.793616][T14106] 8021q: VLANs not supported on caif0 [ 879.353972][T14122] IPv6: NLM_F_CREATE should be specified when creating new route [ 879.928641][T14144] 9pnet_fd: Insufficient options for proto=fd [ 881.045397][T14157] loop0: detected capacity change from 0 to 2048 [ 882.649677][T14157] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 884.193015][T14155] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2612: bg 0: block 234: padding at end of block bitmap is not set [ 884.428426][T14155] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 158 with error 28 [ 884.588100][T14155] EXT4-fs (loop0): This should not happen!! Data will be lost [ 884.588100][T14155] [ 884.682222][T14155] EXT4-fs (loop0): Total free blocks count 0 [ 884.805154][T14155] EXT4-fs (loop0): Free/Dirty block details [ 884.937705][T14155] EXT4-fs (loop0): free_blocks=0 [ 885.059804][T14155] EXT4-fs (loop0): dirty_blocks=160 [ 885.065084][T14155] EXT4-fs (loop0): Block reservation details [ 885.128879][T14155] EXT4-fs (loop0): i_reserved_data_blocks=10 [ 885.336363][T10844] EXT4-fs (loop0): unmounting filesystem. [ 885.344993][T14178] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2602'. [ 885.576022][T14183] loop0: detected capacity change from 0 to 1024 [ 885.616461][T14183] EXT4-fs: Ignoring removed orlov option [ 885.658325][T14183] EXT4-fs: Ignoring removed nobh option [ 885.757587][T14183] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 885.908199][T14191] 9pnet_fd: Insufficient options for proto=fd [ 886.145187][ T27] audit: type=1800 audit(2000000022.610:139): pid=14195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2619" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 888.437279][T10844] EXT4-fs (loop0): unmounting filesystem. [ 888.805928][T14228] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2630'. [ 888.874696][T14228] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2630'. [ 890.458947][T14242] loop0: detected capacity change from 0 to 512 [ 890.630951][T14242] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 890.711875][T14242] EXT4-fs (loop0): can't mount with journal_checksum, fs mounted w/o journal [ 890.792793][T14242] netlink: 'syz.0.2634': attribute type 1 has an invalid length. [ 891.810156][T14257] loop9: detected capacity change from 0 to 512 [ 891.984600][T14257] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 892.012212][T14257] EXT4-fs (loop9): orphan cleanup on readonly fs [ 892.145515][T14257] Quota error (device loop9): do_check_range: Getting dqdh_prev_free 4294967295 out of range 0-7 [ 892.181664][T14267] program syz.7.2642 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 892.201471][T14257] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota [ 892.293284][T14257] EXT4-fs error (device loop9): ext4_acquire_dquot:6835: comm syz.9.2638: Failed to acquire dquot type 1 [ 892.356797][T14257] EXT4-fs error (device loop9): ext4_do_update_inode:5272: inode #16: comm syz.9.2638: corrupted inode contents [ 892.376552][T14270] loop0: detected capacity change from 0 to 512 [ 892.391130][T14257] EXT4-fs error (device loop9): ext4_dirty_inode:6137: inode #16: comm syz.9.2638: mark_inode_dirty error [ 892.421920][T14270] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 892.494889][T14257] EXT4-fs error (device loop9): ext4_do_update_inode:5272: inode #16: comm syz.9.2638: corrupted inode contents [ 892.530619][T14257] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #16: comm syz.9.2638: mark_inode_dirty error [ 892.589092][T14257] EXT4-fs error (device loop9): ext4_do_update_inode:5272: inode #16: comm syz.9.2638: corrupted inode contents [ 892.655996][T14270] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 892.875453][T14257] EXT4-fs error (device loop9) in ext4_orphan_del:303: Corrupt filesystem [ 893.051955][T14270] EXT4-fs (loop0): 1 truncate cleaned up [ 893.252358][T14257] EXT4-fs error (device loop9): ext4_do_update_inode:5272: inode #16: comm syz.9.2638: corrupted inode contents [ 893.274786][T14270] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 893.366238][T14257] EXT4-fs error (device loop9): ext4_truncate:4318: inode #16: comm syz.9.2638: mark_inode_dirty error [ 893.476316][T14257] EXT4-fs error (device loop9) in ext4_process_orphan:345: Corrupt filesystem [ 894.495465][T14257] EXT4-fs (loop9): 1 truncate cleaned up [ 894.518862][T14257] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 894.553540][T10844] EXT4-fs (loop0): unmounting filesystem. [ 895.464840][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 895.730673][T14297] loop7: detected capacity change from 0 to 2048 [ 895.834973][T14297] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 895.955752][T14297] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.2649: bg 0: block 234: padding at end of block bitmap is not set [ 896.048624][T14297] EXT4-fs (loop7): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 408 with error 28 [ 896.099464][T14297] EXT4-fs (loop7): This should not happen!! Data will be lost [ 896.099464][T14297] [ 896.112785][T14297] EXT4-fs (loop7): Total free blocks count 0 [ 896.133002][T14297] EXT4-fs (loop7): Free/Dirty block details [ 896.173064][T14297] EXT4-fs (loop7): free_blocks=0 [ 896.193496][T14297] EXT4-fs (loop7): dirty_blocks=416 [ 896.218002][T14297] EXT4-fs (loop7): Block reservation details [ 896.284304][T14297] EXT4-fs (loop7): i_reserved_data_blocks=26 [ 896.756168][T11346] EXT4-fs (loop7): unmounting filesystem. [ 898.891896][T14352] program syz.8.2663 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 900.141865][T14376] lo speed is unknown, defaulting to 1000 [ 900.304406][T14377] loop8: detected capacity change from 0 to 512 [ 900.549603][T14377] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 900.558721][T14377] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 900.671659][T14374] EXT4-fs error (device loop8): ext4_empty_dir:3136: inode #12: comm syz.8.2668: invalid size [ 900.696949][T14374] EXT4-fs (loop8): Remounting filesystem read-only [ 901.966217][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 902.075442][T14391] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2674'. [ 902.186551][T14396] program syz.0.2675 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 902.912152][T14417] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2682'. [ 904.890655][T14459] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2695'. [ 906.540952][T14486] loop0: detected capacity change from 0 to 4096 [ 906.673797][T14486] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 906.783346][ T27] audit: type=1800 audit(2000000043.250:140): pid=14486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2704" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 906.879255][T14504] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2711'. [ 906.946470][T10844] EXT4-fs (loop0): unmounting filesystem. [ 910.184023][T14572] loop9: detected capacity change from 0 to 512 [ 910.236090][T14572] EXT4-fs: Ignoring removed bh option [ 910.251795][T14572] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem [ 910.310931][T14572] EXT4-fs (loop9): 1 truncate cleaned up [ 910.326981][T14572] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 910.454519][T14572] EXT4-fs error (device loop9): ext4_free_branches:1030: inode #13: comm syz.9.2732: invalid indirect mapped block 4294901760 (level 0) [ 910.553030][T14572] EXT4-fs error (device loop9): ext4_free_branches:1030: inode #13: comm syz.9.2732: invalid indirect mapped block 4294967295 (level 1) [ 910.744656][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 911.008810][T14598] loop8: detected capacity change from 0 to 736 [ 911.737488][T14598] rock: directory entry would overflow storage [ 911.837945][T14598] rock: sig=0x3b10, size=4, remaining=3 [ 915.558874][T14651] bridge0: port 2(bridge_slave_1) entered disabled state [ 915.566280][T14651] bridge0: port 1(bridge_slave_0) entered disabled state [ 915.691756][T14653] 9pnet_fd: Insufficient options for proto=fd [ 916.461350][T14680] loop9: detected capacity change from 0 to 512 [ 916.491842][T14683] program syz.7.2771 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 916.503488][T14680] EXT4-fs: Ignoring removed bh option [ 916.610002][T14680] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem [ 916.721868][T14680] EXT4-fs (loop9): 1 truncate cleaned up [ 916.728428][T14680] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 917.576105][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 917.775983][T14699] loop9: detected capacity change from 0 to 512 [ 917.795024][T14699] EXT4-fs: inline encryption not supported [ 917.841977][T14699] EXT4-fs: Ignoring removed i_version option [ 917.893618][T14699] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 917.961480][T14699] System zones: 1-12 [ 917.998880][T14699] EXT4-fs (loop9): 1 orphan inode deleted [ 918.004776][T14699] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 918.510561][T14715] device syzkaller1 entered promiscuous mode [ 919.455637][T14745] loop7: detected capacity change from 0 to 512 [ 919.483992][T14745] EXT4-fs: Ignoring removed bh option [ 919.500221][T14745] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 919.526214][T14745] EXT4-fs (loop7): 1 truncate cleaned up [ 919.547928][T14745] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 919.738345][T14749] loop8: detected capacity change from 0 to 512 [ 919.759846][T14749] EXT4-fs: inline encryption not supported [ 919.791889][T14749] EXT4-fs: Ignoring removed i_version option [ 919.890089][T14749] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 919.900009][T11346] EXT4-fs (loop7): unmounting filesystem. [ 919.939387][T14749] System zones: 1-12 [ 919.958062][T14749] EXT4-fs (loop8): 1 orphan inode deleted [ 919.963860][T14749] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 920.249970][T14757] device syzkaller0 entered promiscuous mode [ 920.277467][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 920.693371][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 920.711580][T14766] netlink: 'syz.0.2793': attribute type 2 has an invalid length. [ 920.940420][T14766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2793'. [ 921.721740][T14786] loop0: detected capacity change from 0 to 128 [ 922.513569][T14800] loop8: detected capacity change from 0 to 128 [ 922.807575][T14806] loop7: detected capacity change from 0 to 512 [ 922.863187][T14806] EXT4-fs: inline encryption not supported [ 922.907095][T14806] EXT4-fs: Ignoring removed i_version option [ 922.960364][T14806] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 922.998656][T14806] System zones: 1-12 [ 923.037301][T14816] device syzkaller0 entered promiscuous mode [ 923.043721][T14806] EXT4-fs (loop7): 1 orphan inode deleted [ 923.083503][T14806] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 923.988506][T14836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2809'. [ 925.781732][T11346] EXT4-fs (loop7): unmounting filesystem. [ 926.105876][T14869] device syzkaller0 entered promiscuous mode [ 926.790705][T14878] device syzkaller1 entered promiscuous mode [ 926.799260][T14885] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2821'. [ 927.034332][T14892] loop0: detected capacity change from 0 to 1024 [ 927.244577][T14892] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 927.630490][T10844] EXT4-fs (loop0): unmounting filesystem. [ 927.766948][T14927] loop8: detected capacity change from 0 to 256 [ 927.830233][T14930] loop0: detected capacity change from 0 to 128 [ 927.846589][T14927] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 929.376250][T14950] device syzkaller0 entered promiscuous mode [ 930.192758][T14959] device syzkaller1 entered promiscuous mode [ 931.983143][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.993330][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.126353][T14979] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2840'. [ 933.950958][T15014] device erspan1 entered promiscuous mode [ 934.190623][T15022] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2852'. [ 934.515428][T15028] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2854'. [ 934.544978][T15028] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2854'. [ 934.588405][T15028] device vlan2 entered promiscuous mode [ 934.614280][T15028] device batadv0 entered promiscuous mode [ 936.306922][T15063] netlink: 104 bytes leftover after parsing attributes in process `syz.7.2864'. [ 936.321869][T15061] loop8: detected capacity change from 0 to 512 [ 936.375455][T15061] EXT4-fs: Ignoring removed nobh option [ 936.434337][T15061] EXT4-fs error (device loop8): __ext4_iget:5095: inode #11: block 1: comm syz.8.2863: invalid block [ 936.502594][T15061] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.2863: couldn't read orphan inode 11 (err -117) [ 936.596171][T15061] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 936.800151][T15069] loop7: detected capacity change from 0 to 8192 [ 937.061592][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 937.343516][T15069] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 938.263702][T15098] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2877'. [ 938.620766][T15106] device bond1 entered promiscuous mode [ 938.626992][T15106] 8021q: adding VLAN 0 to HW filter on device bond1 [ 938.758496][T15105] loop0: detected capacity change from 0 to 1024 [ 938.978182][T15105] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 939.017074][T15105] System zones: 0-1, 3-36 [ 939.064629][T15105] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.2878: bad orphan inode 134217728 [ 939.151639][T15105] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 939.209833][T15115] loop8: detected capacity change from 0 to 512 [ 939.224811][ T27] audit: type=1800 audit(2000000075.690:141): pid=15105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2878" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 939.268458][T15115] EXT4-fs: inline encryption not supported [ 939.316038][T15115] EXT4-fs: Ignoring removed i_version option [ 939.354497][ T27] audit: type=1804 audit(2000000075.740:142): pid=15116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2878" name="/newroot/201/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 939.356544][T15115] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 939.464756][T15115] System zones: 1-12 [ 939.506622][T15115] EXT4-fs (loop8): 1 orphan inode deleted [ 939.512537][T15115] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 939.568669][T10844] EXT4-fs (loop0): unmounting filesystem. [ 939.802555][T15129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2883'. [ 941.683069][T15158] device hsr0 entered promiscuous mode [ 941.870379][T15163] loop0: detected capacity change from 0 to 512 [ 941.914818][T15163] EXT4-fs: Ignoring removed bh option [ 941.957336][T15163] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 942.026983][T15163] EXT4-fs (loop0): 1 truncate cleaned up [ 942.081804][T15163] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 942.303666][T15173] loop7: detected capacity change from 0 to 2048 [ 942.350551][T10844] EXT4-fs (loop0): unmounting filesystem. [ 942.434192][T15173] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 942.508337][T15180] loop9: detected capacity change from 0 to 512 [ 942.515749][T15180] EXT4-fs: Ignoring removed nobh option [ 942.544851][T15182] loop0: detected capacity change from 0 to 1024 [ 942.555655][T15182] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 942.564478][T15182] System zones: 0-1, 3-36 [ 942.574321][T15182] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.2898: bad orphan inode 134217728 [ 942.586779][T15182] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 942.603854][T15180] EXT4-fs error (device loop9): __ext4_iget:5095: inode #11: block 1: comm syz.9.2899: invalid block [ 942.670134][T15180] EXT4-fs error (device loop9): ext4_orphan_get:1404: comm syz.9.2899: couldn't read orphan inode 11 (err -117) [ 942.686200][ T27] audit: type=1800 audit(2000000079.160:143): pid=15182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2898" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 942.768455][ T27] audit: type=1804 audit(2000000079.180:144): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2898" name="/newroot/205/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 942.793118][T15180] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 942.859579][T10844] EXT4-fs (loop0): unmounting filesystem. [ 942.989791][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 943.381840][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 943.662721][T15207] loop8: detected capacity change from 0 to 512 [ 943.748694][T15207] EXT4-fs: inline encryption not supported [ 943.754678][T15207] EXT4-fs: Ignoring removed i_version option [ 943.794596][T15210] loop9: detected capacity change from 0 to 512 [ 943.874745][T15210] EXT4-fs (loop9): Unsupported blocksize for fs-verity [ 943.924507][T15207] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 943.989291][T15207] System zones: 1-12 [ 944.070594][T11346] EXT4-fs (loop7): unmounting filesystem. [ 944.077465][T15215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2908'. [ 944.097998][T15207] EXT4-fs (loop8): 1 orphan inode deleted [ 944.104156][T15207] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 944.605555][T15232] loop9: detected capacity change from 0 to 512 [ 944.622378][T15234] loop7: detected capacity change from 0 to 1024 [ 944.644076][T15232] EXT4-fs: Ignoring removed nobh option [ 944.715171][T15234] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 944.758132][T15232] EXT4-fs error (device loop9): __ext4_iget:5095: inode #11: block 1: comm syz.9.2914: invalid block [ 944.775197][T15234] System zones: 0-1, 3-36 [ 944.785918][T15232] EXT4-fs error (device loop9): ext4_orphan_get:1404: comm syz.9.2914: couldn't read orphan inode 11 (err -117) [ 944.824921][T15232] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 944.863479][T15234] EXT4-fs error (device loop7): ext4_orphan_get:1425: comm syz.7.2915: bad orphan inode 134217728 [ 944.925657][T15234] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 945.029899][ T27] audit: type=1800 audit(2000000081.500:145): pid=15234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2915" name="bus" dev="loop7" ino=18 res=0 errno=0 [ 945.086660][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 945.126872][ T27] audit: type=1804 audit(2000000081.530:146): pid=15241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.2915" name="/newroot/206/bus/bus" dev="loop7" ino=18 res=1 errno=0 [ 945.259053][T11346] EXT4-fs (loop7): unmounting filesystem. [ 945.836644][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 945.953105][T15259] loop9: detected capacity change from 0 to 512 [ 946.083767][T15259] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 946.116697][T15259] ext4 filesystem being mounted at /397/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 946.205663][ T27] audit: type=1800 audit(2000000082.670:147): pid=15259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2925" name="file1" dev="loop9" ino=15 res=0 errno=0 [ 946.226251][ C1] vkms_vblank_simulate: vblank timer overrun [ 946.276684][T15271] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2927'. [ 946.418439][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 948.108366][T15321] loop8: detected capacity change from 0 to 512 [ 948.167329][T15321] EXT4-fs: inline encryption not supported [ 948.198585][T15321] EXT4-fs: Ignoring removed i_version option [ 948.250687][T15321] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 948.309820][T15321] System zones: 1-12 [ 948.411364][T15321] EXT4-fs (loop8): 1 orphan inode deleted [ 948.417178][T15321] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 948.600567][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 948.794267][T15339] loop7: detected capacity change from 0 to 512 [ 948.862096][T15339] EXT4-fs: inline encryption not supported [ 948.900537][T15339] EXT4-fs: Ignoring removed i_version option [ 948.942298][T15339] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 948.963763][T15347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 949.019882][T15339] System zones: 1-12 [ 949.025293][T15347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 949.038070][T15339] EXT4-fs (loop7): 1 orphan inode deleted [ 949.045213][T15339] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 949.156342][T11346] EXT4-fs (loop7): unmounting filesystem. [ 949.369600][T15358] loop7: detected capacity change from 0 to 2048 [ 949.470298][T15358] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 949.636370][T15371] loop8: detected capacity change from 0 to 512 [ 949.644407][T15371] EXT4-fs: Ignoring removed bh option [ 949.678493][T15371] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 949.766251][T15371] EXT4-fs (loop8): 1 truncate cleaned up [ 949.813870][T15371] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 949.939370][T11346] EXT4-fs (loop7): unmounting filesystem. [ 950.108615][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 950.215722][T15384] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2963'. [ 950.333562][T15387] qfq: no options [ 950.342906][T15388] netlink: 'syz.0.2965': attribute type 4 has an invalid length. [ 950.728976][T15398] loop8: detected capacity change from 0 to 1024 [ 950.786325][T15398] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 950.844744][T15398] System zones: 0-1, 3-36 [ 950.857269][T15398] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2969: bad orphan inode 134217728 [ 950.872963][T15398] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 950.901269][ T27] audit: type=1800 audit(2000000087.370:148): pid=15398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2969" name="bus" dev="loop8" ino=18 res=0 errno=0 [ 950.957678][T15408] loop7: detected capacity change from 0 to 2048 [ 951.018871][T15408] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 951.266817][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 951.445656][T11346] EXT4-fs (loop7): unmounting filesystem. [ 952.202304][T15432] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2978'. [ 953.094590][T15452] loop9: detected capacity change from 0 to 1024 [ 953.170707][T15452] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 953.193068][T15452] System zones: 0-1, 3-36 [ 953.196623][T15456] loop7: detected capacity change from 0 to 2048 [ 953.225125][T15452] EXT4-fs error (device loop9): ext4_orphan_get:1425: comm syz.9.2983: bad orphan inode 134217728 [ 953.242060][T15452] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 953.378733][T15456] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 953.422707][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 953.777057][T11346] EXT4-fs (loop7): unmounting filesystem. [ 953.990637][T15474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2990'. [ 954.466802][T15490] loop7: detected capacity change from 0 to 512 [ 954.495613][T15490] EXT4-fs: inline encryption not supported [ 954.518497][T15490] EXT4-fs: Ignoring removed i_version option [ 954.537886][T15494] netlink: 80 bytes leftover after parsing attributes in process `syz.8.2997'. [ 954.559272][T15490] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e000e09d, mo2=0002] [ 954.585152][T15490] System zones: 1-12 [ 954.629727][T15490] EXT4-fs (loop7): 1 orphan inode deleted [ 954.640404][T15490] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 955.555097][T11346] EXT4-fs (loop7): unmounting filesystem. [ 955.797579][ T1169] kernel write not supported for file /sg0 (pid: 1169 comm: kworker/0:2) [ 956.002717][T15543] loop0: detected capacity change from 0 to 512 [ 956.091352][T15543] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 956.260981][T15552] SET target dimension over the limit! [ 956.351491][T10844] EXT4-fs (loop0): unmounting filesystem. [ 956.545673][T15556] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3014'. [ 956.602103][T15556] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3014'. [ 956.649524][T15556] device vlan1 entered promiscuous mode [ 956.701645][T15556] device batadv0 entered promiscuous mode [ 956.910784][T15575] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 956.946650][T15575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 956.996095][T15575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 957.156165][T15581] loop0: detected capacity change from 0 to 512 [ 957.248951][T15581] EXT4-fs error (device loop0): __ext4_iget:5095: inode #15: block 1803188595: comm syz.0.3021: invalid block [ 957.313122][T15581] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.3021: couldn't read orphan inode 15 (err -117) [ 957.366331][T15581] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 957.509218][T15581] loop0: detected capacity change from 512 to 0 [ 957.525667][ C1] I/O error, dev loop0, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 957.576447][ C0] I/O error, dev loop0, sector 14 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 957.586569][ C0] I/O error, dev loop0, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2 [ 957.586607][T15581] EXT4-fs error (device loop0): ext4_get_inode_loc:4651: inode #12: block 7: comm syz.0.3021: unable to read itable block [ 957.596254][ C0] I/O error, dev loop0, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 957.596290][ C0] I/O error, dev loop0, sector 10 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 [ 957.745132][ T5716] loop: Write error at byte offset 9223372036854776831, length 1024. [ 957.757325][ C1] I/O error, dev loop0, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 957.767049][ C1] I/O error, dev loop0, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 957.777586][ C1] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 957.786507][T15581] EXT4-fs (loop0): I/O error while writing superblock [ 957.806087][T15600] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3027'. [ 957.824757][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 957.846328][ T5716] loop: Write error at byte offset 9223372036854776831, length 1024. [ 957.864866][ C0] I/O error, dev loop0, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 957.874513][ C0] I/O error, dev loop0, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 957.884065][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 957.892434][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 957.930082][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 957.993088][ T56] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.003532][ C0] I/O error, dev loop0, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 958.013171][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.021904][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.029680][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.051545][ T56] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.064855][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.078793][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.104853][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.141779][ T56] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.155758][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.164185][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.177842][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.221194][ T56] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.257128][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.265879][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.277022][T15608] loop8: detected capacity change from 0 to 512 [ 958.286110][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.329145][T15608] EXT4-fs: Ignoring removed nobh option [ 958.358417][T11570] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.371923][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.380373][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.387252][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.445890][T15608] EXT4-fs error (device loop8): __ext4_iget:5095: inode #11: block 1: comm syz.8.3030: invalid block [ 958.458066][ T5716] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.466257][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.475062][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.515697][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.558080][T15608] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.3030: couldn't read orphan inode 11 (err -117) [ 958.570162][ T4397] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.609537][ C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.617901][T15595] EXT4-fs (loop0): I/O error while writing superblock [ 958.635091][T15595] EXT4-fs error (device loop0): ext4_check_bdev_write_error:218: comm syz.0.3021: Error while async write back metadata [ 958.665087][ T5716] loop: Write error at byte offset 9223372036854776831, length 1024. [ 958.688696][T15608] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 958.756444][ C1] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 958.898868][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 958.926825][T10844] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -5 reading directory block [ 959.160083][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 193) [ 959.171754][ C0] Buffer I/O error on device loop0, logical block 193 [ 959.179436][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 97) [ 959.190646][ C0] Buffer I/O error on device loop0, logical block 97 [ 959.197370][ C0] Buffer I/O error on device loop0, logical block 98 [ 959.204084][ C0] Buffer I/O error on device loop0, logical block 99 [ 959.210796][ C0] Buffer I/O error on device loop0, logical block 100 [ 959.218039][ C0] Buffer I/O error on device loop0, logical block 101 [ 959.224960][ C0] Buffer I/O error on device loop0, logical block 102 [ 959.231774][ C0] Buffer I/O error on device loop0, logical block 103 [ 959.238580][ C0] Buffer I/O error on device loop0, logical block 104 [ 959.245387][ C0] Buffer I/O error on device loop0, logical block 105 [ 959.252365][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 53) [ 959.263657][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 225) [ 959.275175][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 129) [ 959.286694][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 65) [ 959.298043][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 209) [ 959.309427][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 49) [ 959.320707][ C0] EXT4-fs warning (device loop0): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 36) [ 959.768349][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.029860][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.159670][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.262595][T15648] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3044'. [ 960.288716][T15651] loop8: detected capacity change from 0 to 512 [ 960.295221][T15648] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3044'. [ 960.326146][T15651] EXT4-fs: Ignoring removed nobh option [ 960.373321][T15651] EXT4-fs error (device loop8): __ext4_iget:5095: inode #11: block 1: comm syz.8.3046: invalid block [ 960.393374][T15648] device vlan2 entered promiscuous mode [ 960.433582][T15648] device batadv0 entered promiscuous mode [ 960.452296][T15651] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.3046: couldn't read orphan inode 11 (err -117) [ 960.537995][T15651] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 960.639020][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.803887][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 961.583061][ T4274] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 961.640941][ T4274] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 961.650773][ T4274] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 961.659486][ T4274] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 961.667309][ T4274] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 961.678127][ T4274] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 961.709348][ T4284] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 961.718157][ T4284] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 961.725790][ T4284] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 961.739706][ T4284] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 961.751336][ T4284] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 961.759136][ T4284] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 962.006643][T15686] lo speed is unknown, defaulting to 1000 [ 962.131050][T15693] loop8: detected capacity change from 0 to 512 [ 962.231695][T15693] EXT4-fs (loop8): orphan cleanup on readonly fs [ 962.317087][T15693] EXT4-fs error (device loop8): ext4_map_blocks:635: inode #11: block 1: comm syz.8.3057: lblock 0 mapped to illegal pblock 1 (length 1) [ 962.338549][T15693] EXT4-fs warning (device loop8): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 962.368536][T15693] EXT4-fs error (device loop8): ext4_xattr_inode_update_ref:984: inode #11: comm syz.8.3057: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 962.390528][T15693] EXT4-fs warning (device loop8): ext4_xattr_inode_dec_ref_all:1178: inode #11: comm syz.8.3057: ea_inode dec ref err=-117 [ 962.407846][T15700] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3058'. [ 962.424901][T15693] EXT4-fs (loop8): 1 orphan inode deleted [ 962.431309][T15693] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 962.594591][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 962.666863][T15704] loop7: detected capacity change from 0 to 512 [ 962.718603][T15704] EXT4-fs: Ignoring removed nobh option [ 962.739233][T15704] EXT4-fs error (device loop7): __ext4_iget:5095: inode #11: block 1: comm syz.7.3060: invalid block [ 962.752685][T15700] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3058'. [ 962.765427][T15710] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3061'. [ 962.796034][T15704] EXT4-fs error (device loop7): ext4_orphan_get:1404: comm syz.7.3060: couldn't read orphan inode 11 (err -117) [ 962.876991][T15704] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 963.127032][T11346] EXT4-fs (loop7): unmounting filesystem. [ 963.265283][T15686] chnl_net:caif_netlink_parms(): no params data found [ 963.563567][T15731] loop8: detected capacity change from 0 to 1024 [ 963.601682][T15731] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 963.601793][T15728] netlink: 'syz.5.3065': attribute type 1 has an invalid length. [ 963.622015][T15731] System zones: 0-1, 3-36 [ 963.652017][T15731] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.3066: bad orphan inode 134217728 [ 963.720142][T15731] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 963.799128][ T4284] Bluetooth: hci4: command 0x0409 tx timeout [ 963.819172][ T8237] EXT4-fs (loop8): unmounting filesystem. [ 964.182425][T15686] bridge0: port 1(bridge_slave_0) entered blocking state [ 964.182510][T15686] bridge0: port 1(bridge_slave_0) entered disabled state [ 964.183741][T15686] device bridge_slave_0 entered promiscuous mode [ 964.186282][T15686] bridge0: port 2(bridge_slave_1) entered blocking state [ 964.186410][T15686] bridge0: port 2(bridge_slave_1) entered disabled state [ 964.189512][T15686] device bridge_slave_1 entered promiscuous mode [ 965.444622][ T11] device hsr_slave_0 left promiscuous mode [ 965.560600][ T11] device hsr_slave_1 left promiscuous mode [ 965.570901][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 965.600221][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 965.628771][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 965.652560][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 965.687835][ T11] device bridge_slave_1 left promiscuous mode [ 965.694122][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 965.725477][ T11] device bridge_slave_0 left promiscuous mode [ 965.746633][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 965.775809][T15772] netlink: 128 bytes leftover after parsing attributes in process `syz.8.3075'. [ 965.859871][ T11] device veth1_macvtap left promiscuous mode [ 965.876940][ T4284] Bluetooth: hci4: command 0x041b tx timeout [ 965.885410][ T11] device veth0_macvtap left promiscuous mode [ 965.893186][ T11] device veth1_vlan left promiscuous mode [ 965.900261][ T11] device veth0_vlan left promiscuous mode [ 967.055173][ T11] team0 (unregistering): Port device team_slave_1 removed [ 967.124787][ T11] team0 (unregistering): Port device team_slave_0 removed [ 967.181673][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 967.246325][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 967.641861][ T11] bond0 (unregistering): Released all slaves [ 967.756142][T15686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 967.765489][T15762] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3072'. [ 967.774939][T15762] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3072'. [ 967.789176][T15762] device vlan2 entered promiscuous mode [ 967.847723][T15794] netlink: 'syz.5.3077': attribute type 1 has an invalid length. [ 967.858562][T15686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 967.956834][ T4284] Bluetooth: hci4: command 0x040f tx timeout [ 968.003962][T15686] team0: Port device team_slave_0 added [ 968.011059][T15798] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3078'. [ 968.060630][T15798] netlink: 32 bytes leftover after parsing attributes in process `syz.9.3078'. [ 968.096677][T15798] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3078'. [ 968.119589][T15798] netlink: 32 bytes leftover after parsing attributes in process `syz.9.3078'. [ 968.155289][T15686] team0: Port device team_slave_1 added [ 968.271869][T15686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 968.298127][T15686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 968.387972][T15686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 968.426758][T15686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 968.467816][T15686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 968.573601][T15686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 968.599869][T15821] loop9: detected capacity change from 0 to 1024 [ 968.679900][T15821] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 968.705494][T15821] System zones: 0-1, 3-36 [ 968.743516][T15821] EXT4-fs error (device loop9): ext4_orphan_get:1425: comm syz.9.3085: bad orphan inode 134217728 [ 968.840467][T15686] device hsr_slave_0 entered promiscuous mode [ 968.857396][T15821] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 968.923187][T15686] device hsr_slave_1 entered promiscuous mode [ 968.949166][ T27] audit: type=1800 audit(2000002684.421:149): pid=15821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3085" name="bus" dev="loop9" ino=18 res=0 errno=0 [ 969.125576][ T8257] EXT4-fs (loop9): unmounting filesystem. [ 969.136098][T15833] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3087'. [ 969.156041][T15833] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3087'. [ 969.171775][T15833] device vlan2 entered promiscuous mode [ 969.217815][T15837] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3088'. [ 970.036676][ T4284] Bluetooth: hci4: command 0x0419 tx timeout [ 970.135482][T15860] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 970.145160][T15860] syzkaller1: linktype set to 818 [ 971.532491][T15873] loop9: detected capacity change from 0 to 512 [ 971.605408][T15873] EXT4-fs: Ignoring removed nobh option [ 971.722537][T15873] [ 971.724931][T15873] ====================================================== [ 971.731980][T15873] WARNING: possible circular locking dependency detected [ 971.739062][T15873] syzkaller #0 Not tainted [ 971.743510][T15873] ------------------------------------------------------ [ 971.750644][T15873] syz.9.3096/15873 is trying to acquire lock: [ 971.756736][T15873] ffff888079af4b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x20f/0x2f40 [ 971.767032][T15873] [ 971.767032][T15873] but task is already holding lock: [ 971.774515][T15873] ffff888054c0ef20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 971.784506][T15873] [ 971.784506][T15873] which lock already depends on the new lock. [ 971.784506][T15873] [ 971.794961][T15873] [ 971.794961][T15873] the existing dependency chain (in reverse order) is: [ 971.804089][T15873] [ 971.804089][T15873] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 971.811857][T15873] down_write+0x36/0x60 [ 971.816572][T15873] ext4_destroy_inline_data+0x24/0xe0 [ 971.822506][T15873] ext4_writepages+0x670/0x2f40 [ 971.827898][T15873] do_writepages+0x3ba/0x640 [ 971.833043][T15873] filemap_fdatawrite_wbc+0x11e/0x180 [ 971.838969][T15873] filemap_flush+0xe0/0x140 [ 971.844010][T15873] ext4_release_file+0x7e/0x300 [ 971.849404][T15873] __fput+0x22c/0x920 [ 971.853927][T15873] task_work_run+0x1d0/0x260 [ 971.859451][T15873] exit_to_user_mode_loop+0xe6/0x110 [ 971.865282][T15873] exit_to_user_mode_prepare+0xee/0x180 [ 971.871381][T15873] syscall_exit_to_user_mode+0x16/0x40 [ 971.877429][T15873] do_syscall_64+0x58/0xa0 [ 971.882485][T15873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 971.888926][T15873] [ 971.888926][T15873] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 971.897380][T15873] __lock_acquire+0x2d07/0x7d10 [ 971.902802][T15873] lock_acquire+0x1bb/0x4a0 [ 971.907856][T15873] percpu_down_read+0x44/0x1a0 [ 971.913164][T15873] ext4_writepages+0x20f/0x2f40 [ 971.918598][T15873] do_writepages+0x3ba/0x640 [ 971.923831][T15873] __writeback_single_inode+0x156/0x1160 [ 971.930008][T15873] writeback_single_inode+0x3cb/0x8e0 [ 971.935999][T15873] write_inode_now+0x17f/0x210 [ 971.941310][T15873] iput+0x613/0x980 [ 971.945665][T15873] ext4_xattr_block_set+0x273b/0x32b0 [ 971.951691][T15873] ext4_expand_extra_isize_ea+0x120b/0x1dc0 [ 971.958143][T15873] __ext4_expand_extra_isize+0x301/0x3e0 [ 971.964316][T15873] __ext4_mark_inode_dirty+0x47f/0x770 [ 971.970329][T15873] ext4_evict_inode+0xa7f/0x1110 [ 971.975860][T15873] evict+0x4c9/0x8d0 [ 971.980302][T15873] ext4_orphan_cleanup+0xbeb/0x1420 [ 971.986064][T15873] ext4_fill_super+0x7829/0x7dc0 [ 971.991545][T15873] get_tree_bdev+0x3f1/0x610 [ 971.996681][T15873] vfs_get_tree+0x88/0x270 [ 972.001644][T15873] do_new_mount+0x24a/0xa40 [ 972.006685][T15873] __se_sys_mount+0x2e3/0x3d0 [ 972.011945][T15873] do_syscall_64+0x4c/0xa0 [ 972.016939][T15873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 972.023370][T15873] [ 972.023370][T15873] other info that might help us debug this: [ 972.023370][T15873] [ 972.033634][T15873] Possible unsafe locking scenario: [ 972.033634][T15873] [ 972.041097][T15873] CPU0 CPU1 [ 972.046478][T15873] ---- ---- [ 972.051856][T15873] lock(&ei->xattr_sem); [ 972.056208][T15873] lock(&sbi->s_writepages_rwsem); [ 972.063951][T15873] lock(&ei->xattr_sem); [ 972.070821][T15873] lock(&sbi->s_writepages_rwsem); [ 972.076038][T15873] [ 972.076038][T15873] *** DEADLOCK *** [ 972.076038][T15873] [ 972.084369][T15873] 3 locks held by syz.9.3096/15873: [ 972.089601][T15873] #0: ffff8880685320e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930 [ 972.099847][T15873] #1: ffff888068532650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x43c/0x1110 [ 972.109389][T15873] #2: ffff888054c0ef20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 972.119694][T15873] [ 972.119694][T15873] stack backtrace: [ 972.125615][T15873] CPU: 1 PID: 15873 Comm: syz.9.3096 Not tainted syzkaller #0 [ 972.133087][T15873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 972.143171][T15873] Call Trace: [ 972.146479][T15873] [ 972.149430][T15873] dump_stack_lvl+0x188/0x24e [ 972.154143][T15873] ? load_image+0x400/0x400 [ 972.158670][T15873] ? show_regs_print_info+0x12/0x12 [ 972.163905][T15873] ? print_circular_bug+0x12b/0x1a0 [ 972.169581][T15873] check_noncircular+0x296/0x330 [ 972.174544][T15873] ? look_up_lock_class+0x75/0x140 [ 972.179675][T15873] ? add_chain_block+0x940/0x940 [ 972.184646][T15873] ? lockdep_lock+0xf1/0x1f0 [ 972.189269][T15873] ? _find_first_zero_bit+0xcf/0x100 [ 972.194587][T15873] __lock_acquire+0x2d07/0x7d10 [ 972.199470][T15873] ? verify_lock_unused+0x140/0x140 [ 972.204701][T15873] ? verify_lock_unused+0x140/0x140 [ 972.209932][T15873] ? rcu_is_watching+0x11/0xa0 [ 972.214722][T15873] ? trace_pelt_se_tp+0x5d/0x190 [ 972.219684][T15873] ? __update_load_avg_se+0x6e7/0xba0 [ 972.225085][T15873] lock_acquire+0x1bb/0x4a0 [ 972.229619][T15873] ? ext4_writepages+0x20f/0x2f40 [ 972.234670][T15873] ? __lock_acquire+0x13cf/0x7d10 [ 972.239750][T15873] ? __might_sleep+0xd0/0xd0 [ 972.244468][T15873] ? read_lock_is_recursive+0x10/0x10 [ 972.249958][T15873] ? mark_lock+0x94/0x320 [ 972.254580][T15873] percpu_down_read+0x44/0x1a0 [ 972.259454][T15873] ? ext4_writepages+0x20f/0x2f40 [ 972.264502][T15873] ext4_writepages+0x20f/0x2f40 [ 972.269381][T15873] ? verify_lock_unused+0x140/0x140 [ 972.274619][T15873] ? verify_lock_unused+0x140/0x140 [ 972.279857][T15873] ? mark_lock+0x94/0x320 [ 972.284224][T15873] ? ext4_read_folio+0x370/0x370 [ 972.289200][T15873] ? __lock_acquire+0x13cf/0x7d10 [ 972.294348][T15873] ? save_fpregs_to_fpstate+0x9f/0x200 [ 972.299850][T15873] ? __lock_acquire+0x7d10/0x7d10 [ 972.304915][T15873] ? do_raw_spin_lock+0x128/0x2f0 [ 972.309974][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 972.315199][T15873] ? ext4_read_folio+0x370/0x370 [ 972.320162][T15873] do_writepages+0x3ba/0x640 [ 972.324797][T15873] ? __writepage+0x130/0x130 [ 972.329434][T15873] ? writeback_single_inode+0x3c0/0x8e0 [ 972.335006][T15873] ? __lock_acquire+0x7d10/0x7d10 [ 972.340053][T15873] ? do_raw_spin_lock+0x128/0x2f0 [ 972.345278][T15873] __writeback_single_inode+0x156/0x1160 [ 972.350949][T15873] writeback_single_inode+0x3cb/0x8e0 [ 972.356432][T15873] ? schedule+0xd0/0x180 [ 972.360710][T15873] ? write_inode_now+0x210/0x210 [ 972.365696][T15873] ? io_schedule+0x7c/0xd0 [ 972.370141][T15873] write_inode_now+0x17f/0x210 [ 972.374928][T15873] ? bdi_split_work_to_wbs+0x910/0x910 [ 972.380425][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 972.385646][T15873] iput+0x613/0x980 [ 972.389501][T15873] ext4_xattr_block_set+0x273b/0x32b0 [ 972.394899][T15873] ? __might_sleep+0xd0/0xd0 [ 972.399516][T15873] ? ext4_xattr_block_find+0x2b0/0x2b0 [ 972.405004][T15873] ? ext4_xattr_block_find+0x241/0x2b0 [ 972.410491][T15873] ext4_expand_extra_isize_ea+0x120b/0x1dc0 [ 972.416523][T15873] __ext4_expand_extra_isize+0x301/0x3e0 [ 972.422183][T15873] __ext4_mark_inode_dirty+0x47f/0x770 [ 972.427682][T15873] ext4_evict_inode+0xa7f/0x1110 [ 972.432677][T15873] ? _raw_spin_unlock+0x24/0x40 [ 972.437557][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 972.443482][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 972.448703][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 972.454629][T15873] evict+0x4c9/0x8d0 [ 972.458581][T15873] ? proc_nr_inodes+0x2f0/0x2f0 [ 972.463479][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 972.468700][T15873] ? _raw_spin_unlock+0x24/0x40 [ 972.473572][T15873] ? iput+0x768/0x980 [ 972.477625][T15873] ext4_orphan_cleanup+0xbeb/0x1420 [ 972.483151][T15873] ? ext4_orphan_del+0xbf0/0xbf0 [ 972.488135][T15873] ? errseq_check_and_advance+0x62/0x120 [ 972.493796][T15873] ext4_fill_super+0x7829/0x7dc0 [ 972.498755][T15873] ? bdev_name+0x2c1/0x3f0 [ 972.503213][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 972.509486][T15873] ? set_blocksize+0x1d0/0x470 [ 972.514281][T15873] ? sb_set_blocksize+0xa5/0xe0 [ 972.519159][T15873] get_tree_bdev+0x3f1/0x610 [ 972.523786][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 972.530134][T15873] vfs_get_tree+0x88/0x270 [ 972.534573][T15873] do_new_mount+0x24a/0xa40 [ 972.539102][T15873] __se_sys_mount+0x2e3/0x3d0 [ 972.543808][T15873] ? __x64_sys_mount+0xc0/0xc0 [ 972.548604][T15873] ? lockdep_hardirqs_on+0x94/0x140 [ 972.554090][T15873] ? __x64_sys_mount+0x1c/0xc0 [ 972.558881][T15873] do_syscall_64+0x4c/0xa0 [ 972.563321][T15873] ? clear_bhb_loop+0x60/0xb0 [ 972.568022][T15873] ? clear_bhb_loop+0x60/0xb0 [ 972.572730][T15873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 972.578656][T15873] RIP: 0033:0x7ffa09b9d8ca [ 972.583110][T15873] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.602734][T15873] RSP: 002b:00007ffa0aaaae58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 972.611170][T15873] RAX: ffffffffffffffda RBX: 00007ffa0aaaaee0 RCX: 00007ffa09b9d8ca SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 972.619250][T15873] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007ffa0aaaaea0 [ 972.627244][T15873] RBP: 0000200000000180 R08: 00007ffa0aaaaee0 R09: 0000000000800718 [ 972.635236][T15873] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 972.643225][T15873] R13: 00007ffa0aaaaea0 R14: 00000000000004a3 R15: 00002000000003c0 [ 972.651223][T15873] [ 972.783250][T15873] ------------[ cut here ]------------ [ 972.788923][T15873] EA inode 11 i_nlink=1026 [ 972.790905][T15873] WARNING: CPU: 0 PID: 15873 at fs/ext4/xattr.c:1006 ext4_xattr_inode_update_ref+0x4e7/0x540 [ 972.805627][T15873] Modules linked in: [ 972.809748][T15873] CPU: 0 PID: 15873 Comm: syz.9.3096 Not tainted syzkaller #0 [ 972.817275][T15873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 972.827817][T15873] RIP: 0010:ext4_xattr_inode_update_ref+0x4e7/0x540 [ 972.834465][T15873] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 2a c6 9b ff 49 8b 37 48 c7 c7 c0 a0 a0 8a 89 da e8 e9 48 16 ff <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 83 0a f5 07 [ 972.854415][T15873] RSP: 0018:ffffc90003e771e0 EFLAGS: 00010246 [ 972.860566][T15873] RAX: da03d8a631c32800 RBX: 0000000000000402 RCX: 0000000000080000 [ 972.868606][T15873] RDX: ffffc9000ca49000 RSI: 000000000007ffff RDI: 0000000000080000 [ 972.876659][T15873] RBP: ffffc90003e772d8 R08: ffff8880b8e279db R09: 1ffff110171c4f3b [ 972.884675][T15873] R10: dffffc0000000000 R11: ffffed10171c4f3c R12: ffff8880719534d8 [ 972.892731][T15873] R13: 1ffff1100e32a6da R14: dffffc0000000000 R15: ffff888071953518 [ 972.900778][T15873] FS: 00007ffa0aaab6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 972.909784][T15873] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 972.916458][T15873] CR2: 000000110c453a43 CR3: 0000000054066000 CR4: 00000000003506f0 [ 972.924525][T15873] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 972.932790][T15873] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 972.941039][T15873] Call Trace: [ 972.944364][T15873] [ 972.947358][T15873] ? ext4_xattr_block_csum+0x560/0x560 [ 972.952871][T15873] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 972.958413][T15873] ext4_xattr_set_entry+0xb33/0x1e90 [ 972.963771][T15873] ext4_xattr_ibody_set+0x250/0x690 [ 972.969060][T15873] ext4_expand_extra_isize_ea+0x12c7/0x1dc0 [ 972.975022][T15873] __ext4_expand_extra_isize+0x301/0x3e0 [ 972.980753][T15873] __ext4_mark_inode_dirty+0x47f/0x770 [ 972.986297][T15873] ext4_evict_inode+0xa7f/0x1110 [ 972.991301][T15873] ? _raw_spin_unlock+0x24/0x40 [ 972.996233][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 973.002186][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 973.007464][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 973.013411][T15873] evict+0x4c9/0x8d0 [ 973.017483][T15873] ? proc_nr_inodes+0x2f0/0x2f0 [ 973.022387][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 973.027666][T15873] ? _raw_spin_unlock+0x24/0x40 [ 973.032578][T15873] ? iput+0x768/0x980 [ 973.036642][T15873] ext4_orphan_cleanup+0xbeb/0x1420 [ 973.041905][T15873] ? ext4_orphan_del+0xbf0/0xbf0 [ 973.046925][T15873] ? errseq_check_and_advance+0x62/0x120 [ 973.052620][T15873] ext4_fill_super+0x7829/0x7dc0 [ 973.057639][T15873] ? bdev_name+0x2c1/0x3f0 [ 973.062117][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 973.068441][T15873] ? set_blocksize+0x1d0/0x470 [ 973.073258][T15873] ? sb_set_blocksize+0xa5/0xe0 [ 973.078200][T15873] get_tree_bdev+0x3f1/0x610 [ 973.082879][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 973.089219][T15873] vfs_get_tree+0x88/0x270 [ 973.093677][T15873] do_new_mount+0x24a/0xa40 [ 973.098282][T15873] __se_sys_mount+0x2e3/0x3d0 [ 973.103003][T15873] ? __x64_sys_mount+0xc0/0xc0 [ 973.107857][T15873] ? lockdep_hardirqs_on+0x94/0x140 [ 973.113101][T15873] ? __x64_sys_mount+0x1c/0xc0 [ 973.117977][T15873] do_syscall_64+0x4c/0xa0 [ 973.122446][T15873] ? clear_bhb_loop+0x60/0xb0 [ 973.127210][T15873] ? clear_bhb_loop+0x60/0xb0 [ 973.131951][T15873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 973.137929][T15873] RIP: 0033:0x7ffa09b9d8ca [ 973.142388][T15873] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 973.162083][T15873] RSP: 002b:00007ffa0aaaae58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 973.170576][T15873] RAX: ffffffffffffffda RBX: 00007ffa0aaaaee0 RCX: 00007ffa09b9d8ca [ 973.178657][T15873] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007ffa0aaaaea0 [ 973.186720][T15873] RBP: 0000200000000180 R08: 00007ffa0aaaaee0 R09: 0000000000800718 [ 973.194746][T15873] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 973.202815][T15873] R13: 00007ffa0aaaaea0 R14: 00000000000004a3 R15: 00002000000003c0 [ 973.210969][T15873] [ 973.214035][T15873] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 973.221346][T15873] CPU: 0 PID: 15873 Comm: syz.9.3096 Not tainted syzkaller #0 [ 973.228844][T15873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 973.239112][T15873] Call Trace: [ 973.242424][T15873] [ 973.245425][T15873] dump_stack_lvl+0x188/0x24e [ 973.250156][T15873] ? memcpy+0x3c/0x60 [ 973.254182][T15873] ? show_regs_print_info+0x12/0x12 [ 973.259433][T15873] ? load_image+0x400/0x400 [ 973.264019][T15873] panic+0x2e5/0x730 [ 973.267958][T15873] ? bpf_jit_dump+0xd0/0xd0 [ 973.272521][T15873] __warn+0x2f8/0x4f0 [ 973.276540][T15873] ? ext4_xattr_inode_update_ref+0x4e7/0x540 [ 973.282567][T15873] ? ext4_xattr_inode_update_ref+0x4e7/0x540 [ 973.288606][T15873] report_bug+0x2ba/0x4f0 [ 973.292981][T15873] ? ext4_xattr_inode_update_ref+0x4e7/0x540 [ 973.299014][T15873] handle_bug+0x3a/0x70 [ 973.303232][T15873] exc_invalid_op+0x16/0x40 [ 973.307788][T15873] asm_exc_invalid_op+0x16/0x20 [ 973.312690][T15873] RIP: 0010:ext4_xattr_inode_update_ref+0x4e7/0x540 [ 973.319338][T15873] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 2a c6 9b ff 49 8b 37 48 c7 c7 c0 a0 a0 8a 89 da e8 e9 48 16 ff <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 83 0a f5 07 [ 973.339081][T15873] RSP: 0018:ffffc90003e771e0 EFLAGS: 00010246 [ 973.345203][T15873] RAX: da03d8a631c32800 RBX: 0000000000000402 RCX: 0000000000080000 [ 973.353216][T15873] RDX: ffffc9000ca49000 RSI: 000000000007ffff RDI: 0000000000080000 [ 973.361230][T15873] RBP: ffffc90003e772d8 R08: ffff8880b8e279db R09: 1ffff110171c4f3b [ 973.369245][T15873] R10: dffffc0000000000 R11: ffffed10171c4f3c R12: ffff8880719534d8 [ 973.377350][T15873] R13: 1ffff1100e32a6da R14: dffffc0000000000 R15: ffff888071953518 [ 973.385539][T15873] ? ext4_xattr_block_csum+0x560/0x560 [ 973.391058][T15873] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 973.396582][T15873] ext4_xattr_set_entry+0xb33/0x1e90 [ 973.401945][T15873] ext4_xattr_ibody_set+0x250/0x690 [ 973.407209][T15873] ext4_expand_extra_isize_ea+0x12c7/0x1dc0 [ 973.413170][T15873] __ext4_expand_extra_isize+0x301/0x3e0 [ 973.418859][T15873] __ext4_mark_inode_dirty+0x47f/0x770 [ 973.424380][T15873] ext4_evict_inode+0xa7f/0x1110 [ 973.429374][T15873] ? _raw_spin_unlock+0x24/0x40 [ 973.434270][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 973.440222][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 973.445461][T15873] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 973.451416][T15873] evict+0x4c9/0x8d0 [ 973.455359][T15873] ? proc_nr_inodes+0x2f0/0x2f0 [ 973.460262][T15873] ? do_raw_spin_unlock+0x11d/0x230 [ 973.465506][T15873] ? _raw_spin_unlock+0x24/0x40 [ 973.470393][T15873] ? iput+0x768/0x980 [ 973.474425][T15873] ext4_orphan_cleanup+0xbeb/0x1420 [ 973.479696][T15873] ? ext4_orphan_del+0xbf0/0xbf0 [ 973.484685][T15873] ? errseq_check_and_advance+0x62/0x120 [ 973.490379][T15873] ext4_fill_super+0x7829/0x7dc0 [ 973.495365][T15873] ? bdev_name+0x2c1/0x3f0 [ 973.499848][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 973.506145][T15873] ? set_blocksize+0x1d0/0x470 [ 973.510966][T15873] ? sb_set_blocksize+0xa5/0xe0 [ 973.515873][T15873] get_tree_bdev+0x3f1/0x610 [ 973.520514][T15873] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 973.526803][T15873] vfs_get_tree+0x88/0x270 [ 973.531274][T15873] do_new_mount+0x24a/0xa40 [ 973.535837][T15873] __se_sys_mount+0x2e3/0x3d0 [ 973.540575][T15873] ? __x64_sys_mount+0xc0/0xc0 [ 973.545403][T15873] ? lockdep_hardirqs_on+0x94/0x140 [ 973.550652][T15873] ? __x64_sys_mount+0x1c/0xc0 [ 973.555464][T15873] do_syscall_64+0x4c/0xa0 [ 973.559942][T15873] ? clear_bhb_loop+0x60/0xb0 [ 973.564675][T15873] ? clear_bhb_loop+0x60/0xb0 [ 973.569423][T15873] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 973.575364][T15873] RIP: 0033:0x7ffa09b9d8ca [ 973.579826][T15873] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 973.599486][T15873] RSP: 002b:00007ffa0aaaae58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 973.607946][T15873] RAX: ffffffffffffffda RBX: 00007ffa0aaaaee0 RCX: 00007ffa09b9d8ca [ 973.615957][T15873] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007ffa0aaaaea0 [ 973.624059][T15873] RBP: 0000200000000180 R08: 00007ffa0aaaaee0 R09: 0000000000800718 [ 973.632081][T15873] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 973.640093][T15873] R13: 00007ffa0aaaaea0 R14: 00000000000004a3 R15: 00002000000003c0 [ 973.648212][T15873] [ 973.651860][T15873] Kernel Offset: disabled [ 973.656284][T15873] Rebooting in 86400 seconds..