last executing test programs: 7m40.636509795s ago: executing program 1 (id=210): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x679, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x1}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000005400)=[{{&(0x7f0000000040)={0xa, 0x4e27, 0xfff, @remote, 0x2}, 0x1c, 0x0}}], 0x40000000000016d, 0x1000) 7m39.348313886s ago: executing program 1 (id=213): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r3, 0x5607, 0x4) 7m38.326401959s ago: executing program 1 (id=217): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x48850) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f", @ANYRES8, @ANYRES8], 0x44}}, 0x20000000) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40088c0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x38, r2, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x40}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}}, 0x0) 7m36.963173823s ago: executing program 1 (id=223): syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x21081e, &(0x7f0000000540)={[{@usrquota}, {@debug}, {@resuid}, {@noblock_validity}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x48) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101041, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) pwrite64(r0, &(0x7f0000003a80)='\t', 0x1, 0x8000c61) open(&(0x7f0000000200)='./bus\x00', 0x14507f, 0x80) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x6000, 0x69) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xacdd, 0x1000, 0x0, 0x0, 0x4, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c678082004cb59d654cb9b1b165263bdbcef549ba197fce47ddfdd753abd950100172a00ffffff00f7ffffff000000f3e7f20000000200000000000600", "b7326736181c208280ff18f2ff0000000000000000000000008000", [0x4, 0x4]}) r3 = open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0) fallocate(r3, 0x8, 0x2000000, 0x10000) 7m33.623248s ago: executing program 1 (id=229): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x48c5, &(0x7f0000000640)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c6e66732841d67a798fb12c646973636172642c756e695f786c6174653d312c757466383d312c636865636b3d6e6f726d616c2c646f733178666c6f7070792c646d61736b3d30303030303030303030303030303030303034303030372c726f6469722c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697c65642c726f6469722c00d222ee6c9d4fcb68688de13675aa074e01c0be8dad56b156600c2a4653c5a706f6768f08e144c648b86b709e69d86a39604a2f40b3ec9ffd6d2ce50fbc06151393ab200f508056dcd572727be29306bbbbe4d6a1c232b148a92e80ac5f1c7095e2de1ae57ac0dcdc0eed93"], 0x0, 0x2c2, &(0x7f0000000b00)="$eJzs3c9rE0EUwPGXpD/SlDY5FMGD+NCLXpY2/gVBWhADSm1EPQhbu9GQNVuyMRIR05tX/47i0ZOC+g/04s27eimC4KUHMdLNrk3bpelG2o3t9wNlJzvzMjOdCbws7GbzzqvH1bJrlM2GJNMqSZE12RLJbZd8Cf+Y9Mpj0mtNLk/+/Hzu1t171wvF4vyi6kJh6UpeVafPv3/6/PWFj43J22+m343LRu7+5o/8l40zG2c3fy8F7+6ImLrsOA1z2bZ0peJWDdWbtmW6llZqrlVvaE992XZWV1tq1lamMqt1y3XVrLW0arW04Wij3lLzoVmpqWEYOpWR0yYVOaK0vrhoFiIEJBKR+8Axmgg7Wa8XzFRoZWn9OAYFAACGS1z5/6OKqxVXa86u/H5//p+UCPm/yCnN/0PTvn6+Rsz/xwfpBPHbzv8z/ud3N/J/AAAAAAAAAAAAAAAAAAAAAAD+B1udTrbT6WSDY/A3LjLlN/FexzxMHJED1l/SIhK8jnucOBo9N+6lReyXzVKz1D126wtlqYgtlsyOivzy9oOvW164VpyfVU9OPthtP77dLKW8G8a8+EAuPH6uG6+98W0ZlUxv/3nJykx4fD4kvlkak0sXO8E9a5YYkpVPD8QRW1a8fb0T/2JO9eqN4p74Ca8dAAAAAAAngaF/7fv+7tUbGjw2ZE999+TO9QHJ9rk+sOf79YgkRuKbNwAAAAAAp4nbelY1bduqD00hGFn0cOnTZmLgdw4pxP+vS1dNu+1P6cDGIyLin3k7LKt8mEJye2IDhqf+bZW/i8iuMzMDLPdYvw157IVvT/ztcphPEwAAAIATJkj6+V1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADic9iHhwXtB3n2WE93qXhmCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHPwEAAP//iXAN1A==") r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r2, &(0x7f0000000000), 0x10) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r3, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r3, &(0x7f00000001c0), 0x10) dup3(r1, r2, 0x0) 7m32.895872923s ago: executing program 1 (id=232): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) socket$kcm(0x29, 0x5, 0x0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x4, 0xfd, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x8, 0x4) close(0x3) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@private=0xa010101, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 7m32.467380426s ago: executing program 32 (id=232): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) socket$kcm(0x29, 0x5, 0x0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x4, 0xfd, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x8, 0x4) close(0x3) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@private=0xa010101, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 16.338284171s ago: executing program 0 (id=1804): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x4004040) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0xb4, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0xa0, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x16, 0xf2, 0x3, 0x7}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x44, 0x2, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x2, 0x0, 0x6, 0x80}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814) 16.0799466s ago: executing program 0 (id=1805): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') socket$netlink(0x10, 0x3, 0xb) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socket$kcm(0x29, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0xd, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0xc840}, 0x0) 15.75261436s ago: executing program 0 (id=1807): openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x107043, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500, 0xffffffffffffffff, 0xe}, 0x50) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r3, 0x0) 15.095845721s ago: executing program 3 (id=1809): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x3, 0x5) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000900)='./file0\x00', 0x19f, &(0x7f0000000780)={[{@sysvgroups}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x82f}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@grpid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x80, 0x561, &(0x7f0000000200)="$eJzs3d9rXFkdAPDvnWbSpk13sq4PuuC66kq7aCfNxt0NPqwVRJ8WxPW9xmQaQieZkkx2mxAw/QsEERV90hdfBP8AQQq++ChCQZ8VKohoqg+C2itz5yZNJ3em03Z2Jj8+H7i95/78nnOm9/aee0/vDeDUejUirkXEwzRNX4+ISj6/lA+x0x5a6z3Y3V54sLudRKTpe39PIsnn7e0ryccX8s3ORcQ3vhbx7eRw3PXNrZvz9XptLZ+ebq7cml7f3LqyvDK/VFuqrc7Ozrw19/bcm3NXB1LOixHxzlf+8oPv/vyr7/z68x/8+fpfL7eKHZP58oPleAqtKhrrtUK76OWsLva0Nlh7hmBH1VhWwtxE0RppmqYP08qBOXeGkjMAADq1LmA/EhGfjojXoxJnel/OAgAAAMdQ+qXJ+G/SfkJTYLzLfAAAAOAYKWV9YJNSNe8LMBmlUrXa7sP70ThfqjfWm5+70dhYXbz348mImIpy6cZyvXY17ys8FeWkNT2TpR9Nv9ExPRsRL0bE9ysT2XR1oVFfHPXNDwAAADglLnS0//9Vabf/AQAAgBNm6vCs0ijyAQAAAHx4Ctr/AAAAwAmj/Q8AAAAn2tfffbc1pHvfv158f3PjZuP9K4u19ZvVlY2F6kJj7VZ1qdFYyt7Zt3Jw2zMF+6s3Gre+EKsbt6ebtfXm9Prm1vWVxsZq8/ryY5/ABgAAAIboxU/e/WMSETtfnMiGlvFRZwoYirH9VJKPC47+P73QHt8fUqaAoSi6h9/p/tkhZAQYurFn2irt57QBHHHlUWcAGLnkCcu7dt75XT7+1GDzAwAADN6lj3d//t/7GwA7PhEAx5yDGE6vjgd5aWVUGQGGLnv+32+HXxcLcKKU++oBCJxkz/38/4nS9KkyBAAADNxkNiSlan57bzJKpWo14mL2WYBycmO5XrsaES9ExB8q5bOt6Zlsy+SJbQYAAAAAAAAAAAAAAAAAAAAAAAAAoC1Nk0h7udZzKQAAAHAMRExE8pv2u/wvVV6b7Lg9cHY8+Xf2SeDxiPjgJ+/98PZ8s7k2EzGe/GN/fvNH+fw3RnILAwAAAOiw107fa8cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCA92N1eeLC7nf5nd3thmHH/9uWImNqPnw3tJWNxLhufi3JEnP9nEmMHtksi4swA4u/ciYiPZfHHI+JA/KSVrf2QRfEnBhu/o/xZ/JjKa6Eo/oUBxIfT7G7r/HOt6PgrxavZuPj4G4t4bPpZdT//xf7570yX4/9inzFevvfL6a7x70S8PFZ8/tmLnxyKn+TjUl/xv/XNra1uy9KfRlyK4vgHo003V25Nr29uXVlemV+qLdVWZ2dn3pp7e+7NuavTN5brtfzPwhjf+8SvHvYq//ku8aceK3/pUP2/1lfpI/537/buS13+vWrFv/yZgvi//Vm+xuH6L+X7+myebi2/tJfeaacPeuUXv3+lV/kXH5W/3N/v3455uXexH/2AgzhQAICBWd/cujlfr9fWjkOi/CxbtVrpRYteymvg+TM2flTqR+IpE98Z6A7TNE27/I26GxH97CeJo1AtWWK05yUAAGDwHl30jzonAAAAAAAAAAAAAAAAAAAAcHrt/f//tPLc7wwbL3zNXsGbBXb2U4k3AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR8b/AwAA//9879gn") socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002100)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000200000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb301a913bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd5441110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5e080eaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffda707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c7fdffffffffffffff0000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe030000008e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d3dad8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000f1e2be1b2290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be479998cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa39596443447671971868345e92e4b33079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166fa3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da939954e126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9cdfd008c898d73bb97168ca390ef5398000000000000000000000000a454f930ada97e4d7460bf0d3312c03639870f8b33fa044a805867e88bf164474513ec0cd466baf22573597c7bf340d67a6854e39371fb671a46be4942b49cc28ac921188461979e530c8a90dcfacdad19469540b9deb65290e786e53a715e6b712642087c9a0640b6910f4c07cde1ba22c2224cd9c8c39dd73a9b0a15c743b6c29c7635d96dee702dce815913a7ad9b661da02d7decc1649d06d55c9a8f24dc63f02c3bc2d6ad0425cf71147d0efa8a255819a1c3b54fffe7f2cb3629990f034cae989dd1dfebc50a2a7ed4fbaa267e7c4cd6f11511a12a7116ca9a78e83a59d90a4abe6b0aafc9c9e408c324f67910b938765e0bf7e80d6e306b6827ae12ecae85472d88ad4646256329b6ae3b3974b420504c6df932eb45506db7d0d5d838aeb7ad7b90a38a24ba58e67e8c6845cd16e294fb25681c3c752d02862feb48bb7c67fde3ab4035c7"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x2000800) 14.927933586s ago: executing program 5 (id=1811): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000001e80), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000001ec0)={0x34, r7, 0x16d35d4799791a7b, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x18, 0x17, {0x1b, 0x3, @l2={'eth', 0x3a, 'batadv0\x00'}}}}}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4044054) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r7, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x20, 0x17, {0xc, 0x80000001, @l2={'ib', 0x3a, 'veth0_to_team\x00'}}}}}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20004084) 14.763985221s ago: executing program 3 (id=1812): r0 = socket(0xa, 0x3, 0x87) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@local, 0x78, r4}) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x8936, &(0x7f0000000000)) 13.928636648s ago: executing program 5 (id=1813): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) listen(0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devtmpfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 13.144531373s ago: executing program 3 (id=1824): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x300, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x2b, 0x80801, 0x1) openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 11.059909059s ago: executing program 4 (id=1817): r0 = socket(0x10, 0x803, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x800448f0, &(0x7f0000000100)="e610d126ea49451055fc6b7fc4e7a48d36b4a6ed0be79ab2a27bb6945e635733d03a14824fc30f32faa8d213d3f9484ef32a49872b0915c6193d0acc124763c2226a6e2be014701029d8a27b1ce8907d1548d87f41589a7ae5131dc28586b582429cb9845b36973ce14c4f49720493effb585afd006f39db5248cb56551c3a1117081f30cc7fb0f558466751b1d375533ba7e95d6042815ae69c4c28f5744d035092bb51700a02f74578f8faaff7495dcd048bbe856b332b") r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000002060108000000000000000000000000050005000a0000c4050001000700000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x44}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c0008801c0007801800018014000240fe"], 0x8c}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x8000, 0x20, 0xfffffeff, 0xf510, {{0x5, 0x4, 0x3, 0x2, 0x14, 0x64, 0x0, 0x2f, 0x4, 0x0, @loopback, @multicast2}}}}) sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000040601020000000200000000000000000500010007"], 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x6c, 0x10, 0x503, 0x1, 0x700, {0x0, 0x0, 0x0, 0x0, 0x2201}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast2}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x3}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x2}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3ff}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x7}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8800}, 0xc8b0) 11.059009949s ago: executing program 5 (id=1828): prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x34]}, &(0x7f00000000c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x36, 0x36, 0x0, 0x0, 0x64]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00", 0xfffffffc}, 0x48, 0xfffffffffffffffe) 11.058457959s ago: executing program 3 (id=1819): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0) 10.494634447s ago: executing program 4 (id=1820): timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}}) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) r3 = timerfd_create(0x8, 0x0) read(r3, &(0x7f00000000c0)=""/252, 0xfc) timerfd_settime(r3, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, 0x0) syz_io_uring_setup(0x7b95, &(0x7f0000000040)={0x0, 0xd47d, 0x1, 0x3, 0x98}, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000000)) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r4) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) 9.904693415s ago: executing program 5 (id=1821): socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071127f000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x34) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r3, @ANYBLOB="0008000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0, 0x2}, 0x94) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 9.675451193s ago: executing program 3 (id=1822): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x1c1002, 0x50) ftruncate(r3, 0x2007ffb) sendfile(r3, r4, 0x0, 0x1000000201005) 9.654901693s ago: executing program 5 (id=1823): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) 9.633631134s ago: executing program 4 (id=1825): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) 6.072266587s ago: executing program 2 (id=1827): openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000000dc0)={{0x1, 0x3, 0x9, 0x800, 0x5, 0x5}, 0x8d, [0x7, 0x93b, 0x6, 0x1, 0x1, 0xb8a, 0x2f, 0x100, 0x5, 0x7, 0x7, 0x5, 0x41d4, 0x83, 0x4, 0xffffffff, 0x9, 0x1000, 0x77e4, 0xffff0c56, 0x3, 0x1, 0x0, 0x40, 0x9, 0x200, 0x69, 0x2, 0x0, 0x6, 0x3, 0x7, 0x8, 0x8, 0xa522, 0x100, 0xfffffff8, 0x80000001, 0x0, 0x40, 0x1, 0x6, 0x1, 0x7fffffff, 0x5eb9, 0x5, 0x9c05, 0x800000c, 0x401, 0x4, 0x75, 0x817, 0xb, 0x3, 0xda90, 0x7, 0xf, 0xbc4b, 0x106, 0xfd, 0x81, 0x6, 0x101, 0x39, 0xffffff7f, 0x6, 0x5, 0x5, 0x77, 0xfffffffd, 0x0, 0x9, 0x73f, 0x5, 0x8, 0x4, 0x3, 0xffffffff, 0x5, 0x26be23d3, 0x7, 0x2, 0x9, 0x8, 0xdd2, 0xfffffffb, 0x3, 0x4, 0x2, 0xfff, 0x80000001, 0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x5, 0x6, 0x1, 0x80000001, 0x7, 0x0, 0x40, 0x5, 0x101, 0x8, 0x9, 0x334c230c, 0x6, 0x4, 0xfffffff9, 0x8, 0x3, 0xffff0000, 0x7, 0x2, 0xffffffff, 0x4, 0x3, 0x4, 0x4, 0x3f, 0x81, 0x3, 0x400, 0x4, 0x984, 0x1, 0x6, 0x7, 0x6, 0x1ff, 0x2a3, 0x6d, 0x1, 0x10000, 0x5, 0x80000000, 0x1d01e, 0x1, 0x3, 0xfffffffb, 0x8, 0x63, 0x400, 0x5, 0x401, 0x4, 0xfff, 0x0, 0x9, 0x3, 0x8, 0xfffffff9, 0x2, 0x80000000, 0x3, 0xc, 0x1, 0xad, 0x100, 0x144, 0x2, 0xfffffffc, 0x2, 0x5, 0x0, 0x5, 0x9, 0x1, 0x4, 0x1000, 0x974, 0x5, 0x2, 0x8, 0x5, 0x88, 0x1000, 0x0, 0x1, 0x2, 0x5, 0x9, 0x0, 0x57a, 0x0, 0x0, 0x6, 0x9, 0x5c, 0x6, 0x9, 0xd22, 0x2, 0x7, 0x10, 0x8, 0xffffffff, 0x2149, 0xf, 0x26a02622, 0x7fff, 0x8, 0x8, 0x7ff, 0x5, 0x8, 0x81, 0x8, 0xff, 0x5, 0xfffffffa, 0x2, 0x2, 0xffff, 0xf, 0x5, 0x7, 0x5, 0x100, 0x1e06, 0xf, 0xdf2, 0x0, 0xbb, 0xfff, 0x400, 0x2, 0x80000000, 0x7, 0x8, 0xf9b, 0x8, 0x7ff, 0x7, 0x3ff, 0x630a, 0x5, 0xcff, 0x9, 0xb7, 0x1, 0xff, 0x4, 0x5, 0x10, 0x1, 0x92a, 0x3, 0x5, 0xd, 0x5, 0x101, 0x6, 0x7fff, 0x800, 0x3, 0x4, 0x0, 0x7f, 0x200, 0x20, 0x7, 0x1000000, 0x0, 0x7f, 0x53, 0x8, 0x8, 0x5, 0x2, 0xf, 0xd81c, 0x840, 0x1, 0x9, 0x2, 0x81, 0x9, 0x3, 0x5, 0x1000, 0x8, 0x47, 0x94, 0x7, 0x8, 0x8001, 0x56f71053, 0x1, 0x867, 0x3ff, 0x40, 0x6, 0x3, 0xfff, 0x5, 0x197, 0x9, 0x6, 0x5, 0x6, 0x7, 0x0, 0x84, 0x3, 0x1ff, 0x400, 0x3, 0xd42, 0x9, 0x5, 0x1ff, 0x4, 0x9, 0xbec, 0x5, 0x7, 0x3, 0x5, 0x64000000, 0x2, 0x1e, 0x3a, 0x6, 0x5, 0x18000, 0x2, 0xffff, 0x9, 0x6, 0x9, 0x0, 0xe4f, 0x67c, 0x27b7, 0xe, 0x9, 0x9, 0x5, 0xd, 0x5, 0x7f, 0x76, 0x9, 0xc4fe, 0x9, 0x3, 0x4, 0x8, 0x87, 0x1, 0x4, 0x6, 0x40, 0x9, 0x8, 0x1, 0x6, 0x8, 0xc75e, 0x4, 0x6, 0x1b, 0xfd3, 0x2, 0x3, 0x9, 0x10, 0x4, 0x5d2f, 0x5, 0x1b, 0x3ff, 0x5, 0x8, 0x6, 0xc000000, 0x5c, 0x9, 0x541b, 0xce, 0x6, 0x4, 0x69f, 0x3, 0x5, 0x7, 0x4, 0x200, 0x7, 0x8, 0x2323, 0xfffffff7, 0xffff, 0x7ff, 0x4, 0xd, 0xffffff42, 0x89, 0x80000001, 0x3ff, 0x3, 0x554, 0xde, 0x0, 0x400, 0x3, 0x9, 0x800, 0x7cb3aca3, 0x6, 0x6, 0x4, 0xf8000000, 0x1, 0xfffffff9, 0x9, 0xffffffff, 0x0, 0x7, 0x10000, 0x4, 0x3, 0x8001, 0x8, 0xbb, 0x2, 0xf548, 0x3, 0x36c, 0xffffffff, 0x10, 0x676, 0xe67, 0x88, 0x808, 0x560, 0x6db5, 0xa7b, 0x2, 0x4, 0x9, 0x3, 0x4, 0xffffffff, 0x6, 0xed2, 0x24bdaad2, 0x9, 0x4, 0x3, 0x1, 0xd599, 0x2, 0x6c51, 0x2, 0x0, 0x0, 0x2, 0xfce6, 0xf, 0xcd0, 0x4, 0xf, 0x0, 0x9, 0x5, 0x200, 0x6, 0x5, 0x2, 0x7, 0x17, 0xc36, 0x0, 0x8fbb, 0x3, 0x5, 0x0, 0x8, 0x8, 0x1, 0x8, 0x1000001, 0x45d8, 0x9, 0x0, 0x60000, 0x7, 0x2, 0xfffffff1, 0x3, 0x2, 0xfffffd67, 0x2, 0x4, 0x5, 0x3, 0x800, 0x10, 0xa, 0xb12c, 0x5ce, 0x1, 0xfffffffd, 0xf9c8, 0x0, 0x80f4, 0x10000, 0x3, 0x8, 0x2, 0x7, 0x5, 0x8, 0x401, 0x7, 0x10, 0x0, 0x6b, 0x100, 0x8, 0x2, 0x2, 0x5273, 0xe45f, 0x10, 0x0, 0x8, 0x4, 0x7, 0x7, 0x6, 0x4, 0x8e8b, 0x5, 0x3, 0x7, 0x3, 0xe535, 0x80, 0x5, 0x6, 0x0, 0x3, 0xff, 0x7fffffff, 0x5, 0x1, 0xa, 0x4, 0x1, 0x31, 0x0, 0xee1, 0x10001, 0x3, 0xfffffffc, 0x4, 0x1, 0x6f9, 0x7, 0xb26c, 0xb, 0x0, 0xfffffff3, 0x4000008, 0x8, 0x1ff, 0x6, 0xfd, 0x3, 0x3d, 0x6, 0x80000001, 0x5, 0x7, 0x1, 0xffffffff, 0x6, 0x3d29, 0x4, 0x7, 0x8, 0xb04, 0x3, 0xea6, 0x9, 0x101, 0x4, 0x1400, 0xfffffeff, 0x7, 0x2, 0x4, 0x8, 0x7, 0xe, 0x2, 0xc, 0x2, 0x2, 0x64c1, 0x80000000, 0x200, 0x2, 0xfffffffd, 0x1, 0x91, 0x8001, 0x401, 0x781d, 0x80, 0xfffff5b0, 0x8, 0x3, 0x8, 0xfff, 0xcd800000, 0x9, 0x6, 0x0, 0x5b5, 0x7, 0x3, 0x2, 0x5, 0x10001, 0xc, 0x9e9, 0x53, 0xfffffdd5, 0xc, 0xc00, 0x40, 0x401, 0xf2a6, 0x7, 0x3, 0x2, 0x7, 0x3800000, 0x0, 0x3ff, 0x3, 0x7fffffff, 0x4, 0x0, 0x1, 0xf, 0x7, 0xa84d, 0x3, 0xaf, 0xaf72, 0x5f, 0x1, 0xe, 0x6, 0x9, 0x5, 0x7, 0x3, 0x5, 0x3, 0x40, 0x1000, 0x75f1, 0x4, 0x3, 0x1, 0xfffffffd, 0x4, 0x8, 0x10, 0x80, 0x2, 0x6, 0x0, 0xe, 0xc, 0x3, 0x2, 0xd, 0x8, 0xfffff3f2, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x101, 0x8, 0xbd, 0xa, 0x8, 0xffffed34, 0x8000, 0x2, 0x0, 0x7, 0x55f4727b, 0xd, 0x3b, 0x5, 0x8, 0xffffffff, 0x4, 0x81, 0x6, 0xb, 0x2, 0xa53, 0xff, 0x0, 0x2, 0x5, 0x3233, 0xff, 0x6, 0x2, 0x9, 0x1, 0x0, 0x3ff, 0x5, 0x8, 0x40, 0x0, 0x40, 0x88, 0x5, 0x80, 0x4, 0xd0000000, 0x8, 0x4, 0x5, 0x5, 0x7, 0x0, 0x0, 0x76b, 0xbb, 0x2, 0x5, 0x7fff, 0x9, 0xa, 0x5, 0x80, 0x4, 0x8, 0x8, 0x1f, 0x1, 0x3, 0x4, 0xd126, 0x7, 0x5, 0x0, 0x0, 0x8, 0x4, 0x1, 0x5, 0xfffffffa, 0x8, 0x270b, 0x5, 0x7fff, 0x4, 0x5, 0x6, 0x3, 0x4, 0x13f, 0x0, 0xc906, 0x6, 0x100, 0x4, 0x3, 0x3, 0x7f, 0x2b, 0x4, 0x3, 0x3, 0x8001, 0x46f, 0x19f1, 0x6, 0x20, 0x2, 0x2, 0x6, 0x5, 0x5, 0x401, 0x5, 0x6, 0x5, 0x7, 0xb, 0x200, 0x6, 0x9, 0x7, 0x3, 0x1, 0x7f, 0x9, 0xc3b, 0xfdf5, 0x0, 0x3, 0x0, 0xf, 0x1, 0x800, 0x4f35, 0x1, 0x18, 0x5, 0x0, 0x6, 0xaa5, 0x800, 0xf, 0x7, 0x800, 0xc, 0xfffffffb, 0xff, 0x5, 0x1000, 0x8, 0x81, 0x6, 0x2, 0x9, 0x8, 0x5, 0x8, 0x8, 0x100, 0x5, 0x10, 0x3, 0x7, 0x82, 0x4, 0x40, 0xabde, 0x1, 0xb, 0x8, 0x5, 0x8, 0x7f, 0x100, 0x8, 0x9, 0x6, 0x80000001, 0x2, 0x8, 0x2, 0x7fff, 0x3, 0x6, 0x4, 0x5, 0x3, 0x0, 0x1, 0x8, 0x59, 0x1, 0x0, 0x48, 0xaa19, 0xc, 0x400, 0x1, 0x401, 0x8, 0xc11, 0x4, 0x0, 0x7, 0x2, 0x7f, 0x0, 0x1, 0xc0000, 0x7, 0x4, 0xef47, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0xe14f, 0x5, 0x7, 0x8, 0x7fffffff, 0x7f, 0xffffffff, 0xffffff88, 0x400, 0x7fffffff, 0x10, 0x5, 0x9, 0x5, 0x0, 0xff, 0x0, 0x8, 0x3, 0x5, 0xfffffffc, 0x9, 0x11, 0x9, 0xfffffffe, 0x40, 0x3, 0x7, 0x0, 0x1, 0x2, 0x6, 0x81, 0x4, 0x401, 0x6, 0x5, 0x3, 0x0, 0xd, 0x6, 0xc, 0x2, 0x1, 0xfffffe5c, 0x40, 0x0, 0x9, 0x24, 0x1ff, 0x4, 0xe92, 0x5, 0x6e3, 0x4, 0xff, 0x0, 0xdf, 0x5, 0x7, 0x100, 0x3ac9, 0x10001, 0xae27, 0x80, 0x5, 0x7, 0x7fff, 0x0, 0xb, 0x4, 0x1, 0x1, 0x0, 0x9, 0x331d, 0x5, 0xb6, 0x7, 0x4, 0x4, 0x9, 0x6cf3, 0x8, 0x7, 0xf, 0x80, 0x9, 0xffff, 0x8000, 0x1, 0x2, 0x2, 0xdc0, 0x0, 0x100, 0x9, 0x1, 0xfffffff8, 0x800, 0x3, 0x0, 0x9, 0x644d, 0x93, 0xb0, 0x2, 0x3ff, 0x800, 0xfffffff7, 0x2, 0x0, 0xff]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000050000000900000084"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000dc0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000d40), 0x21800, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r3}, 0x38) 6.070696227s ago: executing program 4 (id=1838): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000000c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@dioread_lock}, {@mblk_io_submit}, {@errors_remount}, {@nombcache}]}, 0x1, 0x460, &(0x7f0000000640)="$eJzs28uPFMUfAPBv9+zAj9dvV4IPHuoqGomPXXZB5OBFo4kHTUy84HHdHQgysIZZEyFE0Rg8GhLvxqOJf4EnvRj1ZOJV74aEGGICehrTM93LTDOzwDLs4M7nkzRUTfek6jvV1V3VtR3AyJrM/kkitkbEbxEx3s52HzDZ/u/alXPzf185N59Es/nWn0nruKtXzs0Xhxbf21JkxiLST5PY3aPcxpmzJ+bq9drpPD+9dPK96caZs88dPzl3rHasdmr28OGDB2ZeODT7/EDizOK6uuvDxT07X3v74hvzRy6+89M3SRF/KY4BmVxp55PN5oCLG65tHelkbIgV4bZU2t00qq3+Px6VuN544/HqJ0OtHHBXNZvN5gP9d59vAutYEsOuATAcxY0+m//mW3HrX4PRx/Bdfqk9Acpiv5Zv7T1jkebHVEvz20GajIgj5//5Mtvidp9DpHepUgDAuvZdNv55tmv8l48/0uh8LvT/fA1lIiLui4jtEXEoInZExP0RrWMfjIiHehWS9C+/vEhy4/gnvbTq4G5BNv57MV/b6h7/LQ+uJip5blsr/mpy9Hi9tj//TfZFdWOWn1mhjO9f+fXzfvs6x3/ZlpVfjAXzelwa29j9nYW5pbk7ibnT5Y8jdo31ij9ZXgnImm9nROxaZRnHn/56T5HeXened/P4VzCAdabmVxFPtdv/fJTiLyRd65NJlNYnp/8X9dr+6eKsuNHPv1x4s1/5dxT/AGTtv7nn+b8c/0SWamQdoF6vnW7cfhkXfv+s75xmVed/j8nYB3NLS6dnIjYkr7cr3fn5bOm42evHZ/Hv29u7/2+P67/E7uz8TyMejohHIuLRvO6PRcTjEbG3szKl692PLz/x7orx/9Uv/o39vjYwWfwLXe1fXPhK7V+s13ckNkT5k96Jyokfvu0qdKIU/03b/2ArtS//5Fauf7dSr9WdzQAAAPDfk032t0aSTi2n03Rqqv03/Dtic1pfbCw9c3Tx/VML7XcEJqKaFk+6xjueh87k0/oiP1vKH8ifG39R2dTKT80v1heGHTyMuC19+n/mj8qwawfcdd7XgtGl/8PI6nwPABgx7v8wunr0/03DqAew9nrd/z8aQj2AtVfq/5b9YISY/8Po0v9hdOn/MJIam+LmL8lLSNyQiPSeqMb6SVTzLnmP1GfIFyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAB+TcAAP//ziDjKw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, 0x0, 0x7, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFACCT_FLAGS={0x8}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x10000}, @NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x400}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7ff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x3}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x884) 5.97997078s ago: executing program 0 (id=1829): syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x2861, &(0x7f0000000500)={[{@nobarrier}, {@oldalloc}, {@nodelalloc}]}, 0x0, 0x53b, &(0x7f0000000780)="$eJzs3e9rJGcdAPDvTLJ3ubvU5FTkLNgWW7kreruXxrZRpK0g6puCWt+fMdkL4TbZI7upl1A0xT9AEFFB3/tG8A8QSsF/QISCvhcVReSqL/VGZmdW82M3u5fuZe82nw9M9nnm1/f7DNnZ+cUzAZxZz0TEaxExFRHPR8RcOT4th5t5Za+Y7/17b63kQxJZ9sY/kkjKcd115fXpiLhULBIzEfGNr0R8Ozkat7Wze3u50ahvlfVae+NOrbWze319Y3mtvlbfXFxceGnp5aUXl25kpWLGvZO1cz4iXvnSX378g198+ZV3PvOdP97827Xv5ml94WNF3hGxcrI1H69Yd6WzLbrybbT1MIKNSd6eytS4swAAYBj5Mf6HI+KTneP/uZjqHM0BAAAAkyR7dTb+nURkD+7ySRYCAAAATl8aEbORpNXyWYDZSNNqtXiG96NxMW00W+1P32pub67m0yLmo5LeWm/Ub0TE+aKe5PWF8hnbbv2FQ/XFiLgcET+au9CpV1eajdVxX/wAAACAM+LS0wfP//81l+bl8+POCwAAABix+b4VAAAAYFI45QcAAIDJ5/wfAAAAJtrXXn89H7Lue7xX39zZvt188/pqvXW7urG9Ul1pbt2prjWba50++zYGra/RbN75bGxu36216612rbWze3Ojub3Zvrl+4BXYAAAAwCm6/PS7f0giYu/zFzpDlP0A9nDudDMDHil/HncCwChNjTsBYGymx50AMDaVgXPYQ8CkSwZMP/rwTnGtMH77cPIBAABG7+rHj97/797oH3xtAHic9XnWBwCYYO7uwdlVOekTgFdGnQkwLh8qPs73m963844+9/9/vq9cXGPIshMnBwAAjMRsZ0jSanmcPhtpWq1GPNF5LUAlubXeqN8ozw9+P1c5n9cXOksmA58ZBgAAAAAAAAAAAAAAAAAAAAAAAAAKWZZENthUZ1YAAADgsRSR/jXp9OYfcXXuudmDVwcOvfXrZ2/85O5yu721EHHuq8Vbvc5FRPun5fgXMq8EAAAAgEdAcZ5efi6MOxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJs37995a6Q6nGffvX4yI+V7xp2Om8zkTlYi4+M8kpvctl0TE1Aji770dEVd6xU/ifpZl82UWveJfeMjx5zubpnf8NCIujSA+nGXv5vuf13p9/9J4pvPZ+/s3XQ4fVP/9X/q//d9Un/3PE4fq/Tz53q9qfeO/HfHkdO/9Tzd+UsQ/ECKvPDtkG7/1zd3dnhP2rbJX/P2xau2NO7XWzu719Y3ltfpafXNxceGlpZeXXly6Ubu13qiXf3uG+eEnfn3/uPZf7BN//mD7j2z/54ZqfRb/ee/uvY8UlUqv+Nee7f37e6VP/LT87ftUWc6nX+2W94ryfk/98ndPHdf+1T7tnxnQ/mtDtT8+9/zXv/+nnlOObA0A4DS0dnZvLzca9a1jCjNDzHPKhVcfjTRGWIhHI41xFbLvFf+PD7TU/ezQmAdbfHAh+yCLT8cI0jh35Hs6FSddYRKxl69ryH9IAABgwvz/oP+4O0gAAAAAAAAAAAAAAAAAAADAwzRE52Hv/CaOdDk2ExFD9z12OObeeJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCs/wYAAP//rDfMnw==") timer_create(0xfffffffffffffff4, 0x0, &(0x7f0000001400)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$keyring(&(0x7f00000101c0), &(0x7f00000026c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000240)=@keyring={'key_or_keyring:', r3, 0x30}) 4.330306652s ago: executing program 2 (id=1830): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x0, 0xffffffffffffffff}}, './file0\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) r1 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x73, 0x2, 0x2, 0x4002804c4, 0x9, 0x8000000000000000, 0xc595, 0x0, 0x4, 0xefffffffffffffff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x284a93}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42282, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.727669421s ago: executing program 0 (id=1831): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) listen(0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devtmpfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 3.588607975s ago: executing program 4 (id=1832): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) recvmmsg(r4, &(0x7f0000006100), 0x49f, 0x0, 0x0) 3.561470157s ago: executing program 2 (id=1833): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be) sendmsg$tipc(r4, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0) 3.422051761s ago: executing program 2 (id=1834): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r2, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r3, 0x8000}], 0x1, 0x0, 0x0, 0x0) dup2(r2, r3) fcntl$setown(r3, 0x8, r1) tkill(r1, 0x13) 1.591942109s ago: executing program 2 (id=1835): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) inotify_init1(0x80800) read$msr(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360) 1.589418979s ago: executing program 4 (id=1846): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 1.54075993s ago: executing program 0 (id=1836): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0) 1.283795988s ago: executing program 3 (id=1837): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000080)={r4}, 0x8) 320.163639ms ago: executing program 5 (id=1839): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) 0s ago: executing program 2 (id=1840): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) kernel console output (not intermixed with test programs): E): veth1_to_batadv: link becomes ready [ 68.023972][ T4192] device veth0_vlan entered promiscuous mode [ 68.033497][ T4187] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.043563][ T4187] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.053082][ T4187] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.062253][ T4187] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.075889][ T4190] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.086450][ T4190] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.095585][ T4190] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.104615][ T4190] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.116060][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.127848][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.138059][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.150570][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.161907][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.170603][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.179199][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.187497][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.196918][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.213139][ T4192] device veth1_vlan entered promiscuous mode [ 68.237079][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.250224][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.260191][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.271460][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.282480][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.293225][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.305119][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.314356][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.322414][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.330726][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.339530][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.348248][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.379429][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.390545][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.400779][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.412933][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.424600][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.434000][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.445079][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.456095][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.466834][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.476856][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.487771][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.499726][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.515153][ T4192] device veth0_macvtap entered promiscuous mode [ 68.522169][ T4236] Bluetooth: hci2: command 0x040f tx timeout [ 68.528360][ T4236] Bluetooth: hci4: command 0x040f tx timeout [ 68.529613][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.534981][ T4236] Bluetooth: hci1: command 0x040f tx timeout [ 68.548251][ T4236] Bluetooth: hci0: command 0x040f tx timeout [ 68.551800][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.554983][ T4236] Bluetooth: hci3: command 0x040f tx timeout [ 68.568224][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.579375][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.589047][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.598359][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.607630][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.619412][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.630712][ T4189] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.640803][ T4189] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.649965][ T4189] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.658888][ T4189] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.674035][ T4188] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.684253][ T4188] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.693539][ T4188] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.702904][ T4188] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.716579][ T4192] device veth1_macvtap entered promiscuous mode [ 68.765731][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.791286][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.803254][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.813693][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.825104][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.835681][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.847194][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.857249][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.868422][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.880476][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.891122][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.901779][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.913154][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.925335][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.936482][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.947876][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.958093][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.969086][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.980589][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.000164][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.016266][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.026885][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.035735][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.053633][ T4192] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.064787][ T4192] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.074148][ T4192] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.086298][ T4192] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.101720][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.110222][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.128079][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.205573][ T4216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.221020][ T4216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.265698][ T4216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.273883][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.285557][ T4216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.296802][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.322089][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.325654][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.330893][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.344372][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.363654][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.378144][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.430708][ T4216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.445815][ T4216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.468448][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.488153][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.505949][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.517427][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.582573][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.588250][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.607330][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.640512][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.648100][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.707805][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.725652][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.775972][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.804860][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.234172][ T4290] loop2: detected capacity change from 0 to 2048 [ 70.291423][ T4295] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 70.342784][ T4299] netlink: 72 bytes leftover after parsing attributes in process `syz.1.9'. [ 70.399326][ T4290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 70.609973][ T4236] Bluetooth: hci3: command 0x0419 tx timeout [ 70.624708][ T4236] Bluetooth: hci0: command 0x0419 tx timeout [ 70.655218][ T4236] Bluetooth: hci1: command 0x0419 tx timeout [ 70.686455][ T4236] Bluetooth: hci4: command 0x0419 tx timeout [ 70.706742][ T4236] Bluetooth: hci2: command 0x0419 tx timeout [ 74.659922][ T4315] ODEBUG: Out of memory. ODEBUG disabled [ 74.764000][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 74.774189][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.158888][ T13] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 76.407028][ T4346] netlink: 20 bytes leftover after parsing attributes in process `syz.4.22'. [ 76.565012][ T4346] device veth0_to_bond entered promiscuous mode [ 77.403920][ T13] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 77.438769][ T13] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 77.549603][ T13] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 77.573975][ T4346] syz.4.22 (4346) used greatest stack depth: 19000 bytes left [ 77.579819][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 77.608760][ T13] usb 1-1: SerialNumber: syz [ 77.925533][ T13] usb 1-1: 0:2 : does not exist [ 78.016483][ T13] usb 1-1: USB disconnect, device number 2 [ 78.067764][ T4267] udevd[4267]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 78.353974][ T4371] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 79.242062][ T4369] Set syz1 is full, maxelem 2 reached [ 80.671313][ T4390] sched: RT throttling activated [ 81.884966][ T4405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'. [ 82.148831][ T21] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 83.530718][ T21] usb 3-1: Using ep0 maxpacket: 32 [ 84.099082][ T21] usb 3-1: config 129 has an invalid interface number: 120 but max is 0 [ 84.186990][ T21] usb 3-1: config 129 has an invalid descriptor of length 123, skipping remainder of the config [ 84.282379][ T21] usb 3-1: config 129 has no interface number 0 [ 84.289261][ T21] usb 3-1: config 129 interface 120 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 84.302887][ T21] usb 3-1: config 129 interface 120 has no altsetting 0 [ 84.412942][ T4439] binder: BINDER_SET_CONTEXT_MGR already set [ 84.431809][ T4439] binder: 4438:4439 ioctl 4018620d 200000000040 returned -16 [ 84.483903][ T4444] loop4: detected capacity change from 0 to 1024 [ 84.490684][ T21] usb 3-1: New USB device found, idVendor=0499, idProduct=c455, bcdDevice=81.ab [ 84.518450][ T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.559167][ T21] usb 3-1: Product: syz [ 84.563393][ T21] usb 3-1: Manufacturer: syz [ 84.584260][ T21] usb 3-1: SerialNumber: syz [ 84.617228][ T4444] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 84.617910][ T4443] loop3: detected capacity change from 0 to 4096 [ 84.700716][ T4454] MPTCP: addr_signal error, add_addr=1, echo=0 [ 84.763945][ T4443] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 84.841681][ T4457] syz.0.54 uses obsolete (PF_INET,SOCK_PACKET) [ 84.987154][ T21] usb 3-1: USB disconnect, device number 2 [ 85.245180][ T4413] udevd[4413]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:129.120/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 86.808657][ T1352] cfg80211: failed to load regulatory.db [ 87.659245][ T4486] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 87.666830][ T4486] IPv6: NLM_F_CREATE should be set when creating new route [ 87.854580][ T4488] loop1: detected capacity change from 0 to 128 [ 87.933389][ T4492] device syzkaller0 entered promiscuous mode [ 87.969092][ T4235] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 87.980222][ T4271] attempt to access beyond end of device [ 87.980222][ T4271] loop1: rw=1, want=769, limit=128 [ 88.043905][ T4271] attempt to access beyond end of device [ 88.043905][ T4271] loop1: rw=2049, want=1041, limit=128 [ 88.249775][ T4505] process 'syz.4.67' launched './file0' with NULL argv: empty string added [ 88.268811][ T4235] usb 4-1: Using ep0 maxpacket: 32 [ 89.408845][ T4235] usb 4-1: config 0 has no interfaces? [ 89.419569][ T4235] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 89.429825][ T4235] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.459241][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 89.562849][ T4515] hub 8-0:1.0: USB hub found [ 89.570445][ T4515] hub 8-0:1.0: 1 port detected [ 89.657348][ T4235] usb 4-1: config 0 descriptor?? [ 90.114608][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 91.879337][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.918872][ T4235] usb 4-1: can't set config #0, error -71 [ 91.926074][ T4235] usb 4-1: USB disconnect, device number 2 [ 91.938796][ T23] usb 1-1: config 0 has no interfaces? [ 91.975553][ T23] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 92.012642][ T4522] ªªªªª: renamed from virt_wifi0 [ 92.058314][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.109786][ T23] usb 1-1: config 0 descriptor?? [ 92.114185][ T4526] binder: BINDER_SET_CONTEXT_MGR already set [ 92.129020][ T4526] binder: 4525:4526 ioctl 4018620d 200000004a80 returned -16 [ 92.462119][ T1352] usb 1-1: USB disconnect, device number 3 [ 92.506904][ T4538] device vlan2 entered promiscuous mode [ 93.886639][ T4551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.79'. [ 93.896144][ T4551] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.904697][ T4551] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.969998][ T4553] netlink: 28 bytes leftover after parsing attributes in process `syz.1.80'. [ 94.895683][ T4551] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.425001][ T4551] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.512254][ T4554] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 95.521902][ T4554] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.529567][ T4554] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.550546][ T4554] device vlan2 left promiscuous mode [ 95.841844][ T4564] loop4: detected capacity change from 0 to 512 [ 95.976161][ T4564] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.84: invalid indirect mapped block 256 (level 2) [ 96.052273][ T4579] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 96.099300][ T4564] EXT4-fs (loop4): 2 truncates cleaned up [ 96.105168][ T4564] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback. [ 97.878492][ T4602] loop4: detected capacity change from 0 to 512 [ 98.181195][ T4602] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 98.252860][ T4602] ext4 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.429714][ T4602] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 98.878820][ T23] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 99.609858][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.671704][ T23] usb 1-1: config 0 has no interfaces? [ 99.718119][ T23] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 99.849293][ T4628] netlink: 'syz.2.96': attribute type 1 has an invalid length. [ 99.890448][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.378519][ T4628] netlink: 'syz.2.96': attribute type 4 has an invalid length. [ 100.450864][ T4628] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.96'. [ 100.478197][ T23] usb 1-1: config 0 descriptor?? [ 100.746768][ T4634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 101.342834][ T4634] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.399087][ T4634] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.423605][ T4634] device bridge_slave_0 left promiscuous mode [ 101.432651][ T1331] usb 1-1: USB disconnect, device number 4 [ 101.464582][ T4634] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.533389][ T4634] device bridge_slave_1 left promiscuous mode [ 101.552037][ T4634] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.583672][ T4634] bond0: (slave bond_slave_0): Releasing backup interface [ 101.625194][ T4634] bond0: (slave bond_slave_1): Releasing backup interface [ 101.718964][ T4634] team0: Port device team_slave_0 removed [ 101.752045][ T4634] team0: Port device team_slave_1 removed [ 101.786891][ T4638] device geneve2 entered promiscuous mode [ 101.816896][ T4635] team0: Mode changed to "roundrobin" [ 101.824075][ T4636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'. [ 101.957296][ T4645] overlayfs: failed to clone upperpath [ 102.016796][ T4645] overlayfs: failed to clone upperpath [ 102.243397][ T4652] pit: kvm: requested 78781 ns i8254 timer period limited to 200000 ns [ 102.263959][ T4652] pit: kvm: requested 74590 ns i8254 timer period limited to 200000 ns [ 102.288256][ T4652] pit: kvm: requested 45257 ns i8254 timer period limited to 200000 ns [ 102.312205][ T4652] pit: kvm: requested 61180 ns i8254 timer period limited to 200000 ns [ 102.325267][ T4652] pit: kvm: requested 18438 ns i8254 timer period limited to 200000 ns [ 102.354198][ T4652] pit: kvm: requested 67885 ns i8254 timer period limited to 200000 ns [ 102.369660][ T4652] pit: kvm: requested 38552 ns i8254 timer period limited to 200000 ns [ 102.389398][ T4652] pit: kvm: requested 81295 ns i8254 timer period limited to 200000 ns [ 102.407842][ T4652] pit: kvm: requested 5028 ns i8254 timer period limited to 200000 ns [ 102.439215][ T4652] pit: kvm: requested 161752 ns i8254 timer period limited to 200000 ns [ 102.464234][ T4660] ======================================================= [ 102.464234][ T4660] WARNING: The mand mount option has been deprecated and [ 102.464234][ T4660] and is ignored by this kernel. Remove the mand [ 102.464234][ T4660] option from the mount to silence this warning. [ 102.464234][ T4660] ======================================================= [ 103.615844][ T4672] loop1: detected capacity change from 0 to 512 [ 103.693590][ T4672] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 103.974773][ T4672] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #16: comm syz.1.109: corrupted inode contents [ 104.068948][ T4672] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #16: comm syz.1.109: mark_inode_dirty error [ 104.253529][ T4672] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #16: comm syz.1.109: corrupted inode contents [ 104.434858][ T4672] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.109: mark_inode_dirty error [ 105.018293][ T4672] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #16: comm syz.1.109: corrupted inode contents [ 105.102196][ T4693] loop2: detected capacity change from 0 to 512 [ 105.119355][ T4672] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 105.146519][ T4693] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.161465][ T4672] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #16: comm syz.1.109: corrupted inode contents [ 105.178263][ T4693] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 105.198244][ T4672] EXT4-fs error (device loop1): ext4_truncate:4286: inode #16: comm syz.1.109: mark_inode_dirty error [ 105.227880][ T4693] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 105.241021][ T4672] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 105.246338][ T4693] System zones: [ 105.264269][ T4672] EXT4-fs (loop1): 1 truncate cleaned up [ 105.278904][ T4672] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,errors=remount-ro,errors=continue,resgid=0x0000000000000000,nobarrier,. Quota mode: writeback. [ 105.311587][ T4693] 1-12 [ 105.316133][ T4693] EXT4-fs (loop2): orphan cleanup on readonly fs [ 105.358185][ T4672] ext4 filesystem being mounted at /19/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.389259][ T4693] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.113: invalid indirect mapped block 2 (level 2) [ 105.439577][ T4693] EXT4-fs (loop2): Remounting filesystem read-only [ 105.449762][ T4693] EXT4-fs (loop2): 1 truncate cleaned up [ 105.457138][ T4693] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,max_batch_time=0x0000000000000006,usrquota,errors=remount-ro,i_version. Quota mode: writeback. [ 110.235119][ T4717] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 110.315423][ T4721] loop3: detected capacity change from 0 to 2048 [ 110.333492][ T4724] netlink: 'syz.1.123': attribute type 1 has an invalid length. [ 110.449172][ T4721] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 113.121649][ T4757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.134'. [ 113.135226][ T4757] Zero length message leads to an empty skb [ 113.352424][ T4233] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 113.365426][ T4763] device syzkaller0 entered promiscuous mode [ 113.608882][ T4233] usb 2-1: Using ep0 maxpacket: 32 [ 113.729022][ T4233] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 113.906660][ T4233] usb 2-1: config 0 has no interface number 0 [ 113.967604][ T4233] usb 2-1: config 0 interface 184 has no altsetting 0 [ 115.700982][ T4776] netlink: 64 bytes leftover after parsing attributes in process `syz.0.141'. [ 115.831485][ T4776] device syzkaller1 entered promiscuous mode [ 115.841145][ T4233] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 115.852166][ T4233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.860784][ T4233] usb 2-1: Product: syz [ 115.865340][ T4233] usb 2-1: Manufacturer: syz [ 115.870015][ T4233] usb 2-1: SerialNumber: syz [ 115.876944][ T4233] usb 2-1: config 0 descriptor?? [ 115.920152][ T4233] smsc75xx v1.0.0 [ 116.111861][ T4787] loop0: detected capacity change from 0 to 512 [ 116.121048][ T4233] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 116.149279][ T4233] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 116.192672][ T4233] usb 2-1: USB disconnect, device number 2 [ 119.117705][ T4804] loop0: detected capacity change from 0 to 1024 [ 124.833617][ T4855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.162'. [ 124.910665][ T4837] kvm: pic: single mode not supported [ 124.911467][ T4837] kvm: pic: single mode not supported [ 124.917952][ T4837] kvm: pic: single mode not supported [ 124.923673][ T4837] kvm: pic: level sensitive irq not supported [ 125.429140][ T4874] loop0: detected capacity change from 0 to 1024 [ 125.509147][ T4874] EXT4-fs (loop0): Ignoring removed bh option [ 125.825156][ T4874] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000002,bh,init_itable,. Quota mode: none. [ 126.351450][ T4874] gadgetfs: Unknown parameter 'lowerdir' [ 126.377496][ T4874] overlayfs: missing 'lowerdir' [ 126.729242][ T4896] device syzkaller0 entered promiscuous mode [ 127.629063][ T4905] loop0: detected capacity change from 0 to 256 [ 127.695284][ T4906] loop2: detected capacity change from 0 to 256 [ 127.702589][ T4905] exfat: Deprecated parameter 'utf8' [ 127.852587][ T4905] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf8a64500, utbl_chksum : 0xe619d30d) [ 128.631958][ T4906] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 128.658998][ T4905] loop_set_status: loop0 () has still dirty pages (nrpages=2) [ 128.667160][ T4906] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 129.930499][ T4933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.188'. [ 131.490277][ T4933] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.709004][ T4942] ptrace attach of "ci2-linux-5-15-kasan/syz-executor exec"[4187] was attempted by "$x`vO¤xŒH`³ã•ÕCBnÜ€º·yòü>bêwìæx\x1bL5? CÝ­8`d…ªþ»‘Jgø39TÃÝ&¨tWCmË<º¨\x1bRbyÑ VqÔ/‰\x5cDw,XT,µWû[esôÿ—‘Ô\x0d1‘\x07þ^òÐÖ|À;dˆg8 Î꥛~åu²}GÇõg6W]ìMìòþlxMð=æMäh\x09¶5²$ªZ†å¹EOÞ1JcÅ&µOÌPÒ5y9\x0dNiï£IÌ<òâ5ÞÐŽñÒd\x22ÐT*ÙɢsÌx)›«Ê¯\x22v:¤øÕ|M\x0aµ…´Ïõ)\x0bøê‹»wRIð˜ åð‘¤ê‹×â;øH¶P?LtœM[w̲SØ7—&åQ瑃ƒ½¡Y‘=NÞݘ\x22“Í߆FSÜB¨Ò˜”Rxë‹9ʼnR_4¦~}eà¢}xçböH\x0d ã%Ç„Þ‘RÀ]€c“Éx‚8‡m‘5'y¨úZ«xÀú^M¢šïy=:å:ÄUVvÒ¼b8‹¡s\x0d0ácŠ£äAßL˜Û=ýø×;¹Òk«[i½†qK”gú´@©8ÊZ\x22&€iy?± m9Ÿ•d©ŠÐ<5ð]ìp2w­Óø´A³¯1ëȦ4qLctG9NÆï_f2so pÜ)™^ÔFISn08¢a¯µS²*Ä’½rXùé\x1b/\x22`¬W×rwr\x22ß!7³ëX˜~ñ ¬öÓ°¯é€DÖEp­÷7ÖeÝh¦NkÃ2I£s„û,>r_<º-œ!à}ÛjnW8-‡lñeÍÚðQÝßî–Å’6Dgfr·ZÒ!ÀV\x0bÛ¡¶ßá*À¡ö>óØýåħk?p>n¯U±³`I‡±ù¶æWŽí ×ô™ú\x1bØßD´ˆ6Öùòó…÷›Ãþ\x5cjì¼óÕÉv†ç(‚ª¯=ª}tŒxôp:ñÔç§ÞŽØ_Æõç´ÕÕ½ü<‹('ôµ(tc©(ÏÖ®¿#2®o¢Ú0xæåÄY4W .vôÅoD´Sâ\x0cXæ¿©šV‚,¤5a#zkP—däÀó 0a. [ 131.751607][ T4933] bond1: (slave ipip0): refused to change device type [ 132.428415][ T1108] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 132.879006][ T1108] usb 1-1: config 127 has an invalid interface number: 127 but max is 0 [ 132.901560][ T1108] usb 1-1: config 127 has no interface number 0 [ 132.935604][ T4971] netlink: 20 bytes leftover after parsing attributes in process `syz.2.199'. [ 133.057862][ T4980] loop2: detected capacity change from 0 to 256 [ 133.093717][ T4982] xt_policy: output policy not valid in PREROUTING and INPUT [ 133.109937][ T1108] usb 1-1: New USB device found, idVendor=0424, idProduct=9d00, bcdDevice=53.27 [ 133.221665][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.609531][ T1108] usb 1-1: can't set config #127, error -71 [ 133.980989][ T1108] usb 1-1: USB disconnect, device number 5 [ 135.408745][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.428733][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.438724][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.448722][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.458724][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.468724][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.478739][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 135.528726][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 135.670597][ T5004] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 135.815261][ T26] audit: type=1326 audit(1780316933.593:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5010 comm="syz.0.212" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a9ab78e59 code=0x0 [ 137.724699][ T5046] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.773290][ T4191] wlan1: authenticate with 08:02:11:00:00:00 [ 137.807257][ T5048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.861365][ T4191] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 138.012491][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.021360][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.050438][ T4216] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 138.168997][ T4216] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 138.568468][ T4216] wlan1: authentication with 08:02:11:00:00:00 timed out [ 138.669974][ T5054] loop1: detected capacity change from 0 to 512 [ 139.349428][ T5054] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=880ec018, mo2=0002] [ 139.392468][ T5054] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,debug,resuid=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: writeback. [ 139.434421][ T5064] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 139.441455][ T5064] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 139.489017][ T5054] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.147721][ T5070] tipc: Started in network mode [ 140.172399][ T5070] tipc: Node identity 8, cluster identity 4711 [ 140.178607][ T5070] tipc: Node number set to 8 [ 140.256951][ T5064] vhci_hcd vhci_hcd.0: Device attached [ 140.285264][ T5066] vhci_hcd: connection closed [ 140.311511][ T4271] vhci_hcd: stop threads [ 140.329112][ T4271] vhci_hcd: release socket [ 140.335870][ T4271] vhci_hcd: disconnect device [ 140.418183][ T26] audit: type=1800 audit(1780316938.133:3): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.223" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 140.492060][ T5054] loop_set_status: loop1 () has still dirty pages (nrpages=2) [ 141.354118][ T4188] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 141.427783][ T4188] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 141.447558][ T5091] loop0: detected capacity change from 0 to 128 [ 141.704762][ T26] audit: type=1804 audit(1780316939.453:4): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.230" name="/newroot/52/file0/bus" dev="loop0" ino=1048609 res=1 errno=0 [ 141.789462][ T26] audit: type=1804 audit(1780316939.483:5): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.230" name="/newroot/52/file0/bus" dev="loop0" ino=1048609 res=1 errno=0 [ 141.855572][ T26] audit: type=1804 audit(1780316939.493:6): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.230" name="/newroot/52/file0/bus" dev="loop0" ino=1048609 res=1 errno=0 [ 142.215308][ T4271] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.468544][ T4271] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.584559][ T4271] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.691002][ T4271] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.616680][ T5165] chnl_net:caif_netlink_parms(): no params data found [ 143.965031][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.999051][ T5165] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.038617][ T5165] device bridge_slave_0 entered promiscuous mode [ 144.085844][ T5165] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.104439][ T5165] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.132322][ T5165] device bridge_slave_1 entered promiscuous mode [ 144.283936][ T5165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 144.327712][ T5165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.425824][ T5165] team0: Port device team_slave_0 added [ 144.451582][ T5195] fuse: Bad value for 'fd' [ 144.506210][ T5165] team0: Port device team_slave_1 added [ 144.625835][ T5165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.639547][ T5165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.674858][ T5165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.788198][ T5165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.811596][ T5165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.861223][ T5165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.681491][ T5211] binder: 5208:5211 ioctl c0306201 200000000300 returned -14 [ 145.748860][ T7] Bluetooth: hci1: command 0x0409 tx timeout [ 145.786503][ T4271] device hsr_slave_0 left promiscuous mode [ 145.949600][ T4271] device hsr_slave_1 left promiscuous mode [ 145.959946][ T4271] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.967739][ T4271] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.996014][ T4271] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.003858][ T4271] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.011960][ T4271] device bridge_slave_1 left promiscuous mode [ 146.019755][ T4271] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.109574][ T4271] device bridge_slave_0 left promiscuous mode [ 147.115888][ T4271] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.185349][ T4271] device veth1_macvtap left promiscuous mode [ 147.423157][ T4271] device veth0_macvtap left promiscuous mode [ 147.504738][ T4271] device veth1_vlan left promiscuous mode [ 147.582789][ T4271] device veth0_vlan left promiscuous mode [ 147.982280][ T1352] Bluetooth: hci1: command 0x041b tx timeout [ 148.816724][ T4271] bond1 (unregistering): Released all slaves [ 149.567309][ T4271] team0 (unregistering): Port device team_slave_1 removed [ 149.594287][ T4271] team0 (unregistering): Port device team_slave_0 removed [ 149.618080][ T4271] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.646564][ T4271] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.789104][ T4271] bond0 (unregistering): Released all slaves [ 150.869184][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 151.078244][ T5165] device hsr_slave_0 entered promiscuous mode [ 151.166752][ T5165] device hsr_slave_1 entered promiscuous mode [ 151.288044][ T5165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.306113][ T5165] Cannot create hsr debugfs directory [ 152.122803][ T5281] binder: BC_ACQUIRE_RESULT not supported [ 152.147878][ T5281] binder: 5277:5281 ioctl c0306201 200000000240 returned -22 [ 152.180934][ T5283] loop0: detected capacity change from 0 to 128 [ 152.461969][ T5165] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 152.531642][ T5165] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 152.607189][ T5165] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 152.689190][ T5165] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 152.817901][ T5314] device syzkaller0 entered promiscuous mode [ 152.919152][ T7] Bluetooth: hci1: command 0x0419 tx timeout [ 152.989158][ T5165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.035412][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.077218][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.122314][ T5165] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.146498][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.173662][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.186610][ T5327] netlink: 72 bytes leftover after parsing attributes in process `syz.2.280'. [ 153.196190][ T5129] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.203425][ T5129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.624549][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.228881][ T5165] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 154.310180][ T5165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.363370][ T5339] loop0: detected capacity change from 0 to 128 [ 154.408003][ T5339] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 154.489841][ T5339] FAT-fs (loop0): bogus number of reserved sectors [ 154.496515][ T5339] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 154.509065][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.511514][ T5339] FAT-fs (loop0): Can't find a valid FAT filesystem [ 154.517818][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.980374][ T5127] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.987670][ T5127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.435226][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.464701][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.479661][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.497835][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.518441][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.645247][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.676681][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.707975][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.732196][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.784118][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.845440][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.885550][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.028723][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 157.038735][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #1a!!! [ 157.167122][ T5370] netlink: 798 bytes leftover after parsing attributes in process `syz.0.290'. [ 157.230312][ T5375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.292'. [ 157.253756][ T5380] loop0: detected capacity change from 0 to 16 [ 157.299558][ T5380] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 157.302409][ T4267] udevd[4267]: incorrect cramfs checksum on /dev/loop0 [ 157.515594][ T5384] netlink: 24 bytes leftover after parsing attributes in process `syz.4.294'. [ 158.094625][ T5165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.114801][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.132659][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 158.265730][ T5394] tipc: Started in network mode [ 158.300682][ T5394] tipc: Node identity bad892e4d8d7, cluster identity 4711 [ 158.329583][ T5394] tipc: Enabled bearer , priority 0 [ 158.440094][ T5398] device syzkaller0 entered promiscuous mode [ 158.468766][ T5397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.297'. [ 158.574314][ T5391] tipc: Resetting bearer [ 158.858651][ T5391] tipc: Disabling bearer [ 160.534174][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.658596][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.905396][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.960308][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.001548][ T5165] device veth0_vlan entered promiscuous mode [ 161.028149][ T5428] device ipip0 entered promiscuous mode [ 161.057148][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.074404][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.165197][ T5165] device veth1_vlan entered promiscuous mode [ 161.236885][ T5438] netlink: 12 bytes leftover after parsing attributes in process `syz.0.306'. [ 161.716959][ T5440] bridge1: port 1(dummy0) entered blocking state [ 162.128358][ T5440] bridge1: port 1(dummy0) entered disabled state [ 162.136254][ T5440] device dummy0 entered promiscuous mode [ 162.160770][ T5441] netlink: 'syz.0.306': attribute type 10 has an invalid length. [ 162.189017][ T5441] netlink: 40 bytes leftover after parsing attributes in process `syz.0.306'. [ 162.266913][ T5441] bridge1: port 1(dummy0) entered blocking state [ 162.273519][ T5441] bridge1: port 1(dummy0) entered forwarding state [ 162.293429][ T5441] bridge1: port 1(dummy0) entered disabled state [ 162.349250][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 162.395531][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.447580][ T5165] device veth0_macvtap entered promiscuous mode [ 162.485612][ T5165] device veth1_macvtap entered promiscuous mode [ 162.567715][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.818837][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.135676][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.482729][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.544408][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.575589][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.614595][ T5165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.644801][ T5460] netlink: 'syz.0.311': attribute type 4 has an invalid length. [ 163.698151][ T5461] netlink: 'syz.0.311': attribute type 4 has an invalid length. [ 163.758878][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.780121][ T5469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.312'. [ 163.799185][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 163.847097][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 163.874745][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.896183][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.918998][ T5470] netlink: 4 bytes leftover after parsing attributes in process `syz.4.312'. [ 163.928293][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.958843][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.978081][ T5165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.003077][ T5165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.035382][ T5165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.132323][ T5135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.170094][ T5135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 164.201370][ T5165] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.240930][ T5165] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.259877][ T5477] loop0: detected capacity change from 0 to 256 [ 164.263452][ T5165] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.292895][ T5165] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.639816][ T5135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.647687][ T5135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.672218][ T5485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.316'. [ 164.746135][ T5135] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 164.771140][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.794416][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.833290][ T5485] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 164.908068][ T5495] capability: warning: `syz.4.317' uses deprecated v2 capabilities in a way that may be insecure [ 165.956415][ T5485] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 165.996250][ T5485] device dummy0 left promiscuous mode [ 166.208444][ T5485] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 166.313161][ T5135] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 166.363724][ T5504] fuse: Bad value for 'fd' [ 166.373775][ T5505] netlink: 28 bytes leftover after parsing attributes in process `syz.4.320'. [ 166.398746][ T5505] netlink: 'syz.4.320': attribute type 7 has an invalid length. [ 166.406441][ T5505] netlink: 4 bytes leftover after parsing attributes in process `syz.4.320'. [ 166.516996][ T5505] device syz_tun entered promiscuous mode [ 166.560297][ T5505] device syz_tun left promiscuous mode [ 167.662333][ T5534] loop0: detected capacity change from 0 to 16 [ 167.710049][ T5532] netlink: 'syz.2.324': attribute type 11 has an invalid length. [ 167.744727][ T5534] erofs: (device loop0): mounted with root inode @ nid 36. [ 167.926042][ T5534] erofs: (device loop0): z_erofs_extent_lookback: unknown type 3 @ lcn 42 of nid 36 [ 167.986250][ T5534] attempt to access beyond end of device [ 167.986250][ T5534] loop0: rw=0, want=31087083408, limit=16 [ 168.025657][ T5534] erofs: (device loop0): z_erofs_readpage: failed to read, err [-95] [ 169.132776][ T5557] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 169.231966][ T5557] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 169.567529][ T5538] loop5: detected capacity change from 0 to 32768 [ 169.710332][ T26] audit: type=1804 audit(1780316967.493:7): pid=5538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.329" name="/newroot/1/file1/file1" dev="loop5" ino=4 res=1 errno=0 [ 173.995245][ T5625] loop2: detected capacity change from 0 to 64 [ 175.119158][ T5634] xt_CT: No such helper "snmp_trap" [ 175.437979][ T5625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.349'. [ 175.498879][ T5625] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 175.767540][ T5657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.357'. [ 177.969967][ T5677] fuse: Bad value for 'fd' [ 178.544562][ T5705] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 178.560032][ T5705] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 178.568334][ T5705] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.810866][ T5723] loop0: detected capacity change from 0 to 512 [ 180.208121][ T5723] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.367: invalid indirect mapped block 256 (level 2) [ 180.589294][ T5723] EXT4-fs (loop0): 2 truncates cleaned up [ 180.644296][ T5723] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback. [ 180.789073][ T5707] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.797076][ T5707] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.168615][ T5707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.204175][ T5707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.502195][ T5707] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.511723][ T5707] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.524015][ T5707] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.535553][ T5707] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.001866][ T5787] netlink: 40 bytes leftover after parsing attributes in process `syz.0.380'. [ 183.253369][ T5787] netlink: 40 bytes leftover after parsing attributes in process `syz.0.380'. [ 183.744040][ T5787] netlink: 40 bytes leftover after parsing attributes in process `syz.0.380'. [ 185.463855][ T5822] device geneve2 entered promiscuous mode [ 185.949083][ T5833] loop2: detected capacity change from 0 to 32768 [ 186.015471][ T5833] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.392 (5833) [ 186.119904][ T5750] Bluetooth: hci0: command 0x0406 tx timeout [ 186.127914][ T5750] Bluetooth: hci2: command 0x0406 tx timeout [ 186.205279][ T5750] Bluetooth: hci4: command 0x0406 tx timeout [ 186.297109][ T5750] Bluetooth: hci3: command 0x0406 tx timeout [ 186.509940][ T5833] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 186.519022][ T5833] BTRFS info (device loop2): turning on sync discard [ 186.525902][ T5833] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 186.535890][ T5833] BTRFS info (device loop2): use zstd compression, level 3 [ 186.543165][ T5833] BTRFS info (device loop2): turning on async discard [ 186.550122][ T5833] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 186.560740][ T5833] BTRFS info (device loop2): trying to use backup root at mount time [ 186.568829][ T5833] BTRFS info (device loop2): enabling auto defrag [ 186.575268][ T5833] BTRFS info (device loop2): using free space tree [ 186.582086][ T5833] BTRFS info (device loop2): has skinny extents [ 187.018470][ T4689] BTRFS warning (device loop2): checksum verify failed on 5337088 wanted 0xe63dbdda found 0xc926492d level 0 [ 187.108594][ T5833] BTRFS warning (device loop2): failed to read root (objectid=2): -5 [ 187.119550][ T5129] BTRFS warning (device loop2): checksum verify failed on 5324800 wanted 0x9f73850b found 0xc092cdc2 level 0 [ 187.159134][ T5833] BTRFS warning (device loop2): couldn't read tree root [ 187.167364][ T5833] BTRFS error (device loop2): parent transid verify failed on 5255168 wanted 5 found 7 [ 187.177975][ T5833] BTRFS warning (device loop2): couldn't read tree root [ 187.253182][ T5833] BTRFS info (device loop2): enabling ssd optimizations [ 187.262869][ T5833] BTRFS info (device loop2): clearing free space tree [ 187.270442][ T5833] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 187.280541][ T5833] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 187.323689][ T5833] BTRFS info (device loop2): creating free space tree [ 187.333048][ T5833] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 187.342689][ T5833] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 190.473586][ T5947] loop2: detected capacity change from 0 to 512 [ 193.206055][ T5992] device syzkaller0 entered promiscuous mode [ 193.433336][ T6006] futex_wake_op: à³OñJ÷N\ìg´é tries to shift op by 144; fix this program [ 193.677879][ T6021] x_tables: unsorted underflow at hook 4 [ 194.045492][ T6033] netlink: 140 bytes leftover after parsing attributes in process `syz.3.428'. [ 194.080577][ T6033] netlink: 28 bytes leftover after parsing attributes in process `syz.3.428'. [ 194.713712][ T6052] loop0: detected capacity change from 0 to 2048 [ 194.916675][ T6058] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.341382][ T6082] netlink: 10 bytes leftover after parsing attributes in process `syz.3.442'. [ 197.443466][ T6086] device syzkaller0 entered promiscuous mode [ 197.474225][ T6089] netlink: 232 bytes leftover after parsing attributes in process `syz.2.443'. [ 199.414351][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.420750][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.448481][ T6132] syz.0.452: vmalloc error: size 9223372036854775807, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 199.505549][ T6132] CPU: 1 PID: 6132 Comm: syz.0.452 Not tainted syzkaller #0 [ 199.512987][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 199.523311][ T6132] Call Trace: [ 199.526740][ T6132] [ 199.529686][ T6132] dump_stack_lvl+0x188/0x250 [ 199.534383][ T6132] ? rcu_lock_release+0x5/0x20 [ 199.539156][ T6132] ? show_regs_print_info+0x20/0x20 [ 199.544464][ T6132] ? load_image+0x400/0x400 [ 199.548977][ T6132] ? __rcu_read_unlock+0x78/0xd0 [ 199.553930][ T6132] warn_alloc+0x243/0x320 [ 199.558455][ T6132] ? zone_watermark_ok_safe+0x240/0x240 [ 199.564304][ T6132] ? __mutex_lock_common+0x465/0x2400 [ 199.569786][ T6132] ? verify_lock_unused+0x140/0x140 [ 199.575079][ T6132] __vmalloc_node_range+0x2b1/0x8b0 [ 199.580384][ T6132] ? dvb_dvr_do_ioctl+0x12a/0x220 [ 199.585420][ T6132] vmalloc+0x75/0x80 [ 199.589333][ T6132] ? dvb_dvr_do_ioctl+0x12a/0x220 [ 199.594403][ T6132] dvb_dvr_do_ioctl+0x12a/0x220 [ 199.599281][ T6132] dvb_usercopy+0x191/0x2b0 [ 199.603916][ T6132] ? dvb_dvr_release+0x3d0/0x3d0 [ 199.608859][ T6132] ? dvb_generic_ioctl+0xb0/0xb0 [ 199.613817][ T6132] ? dvb_dvr_poll+0x230/0x230 [ 199.618499][ T6132] dvb_dvr_ioctl+0x25/0x30 [ 199.623011][ T6132] __se_sys_ioctl+0xfa/0x170 [ 199.627623][ T6132] do_syscall_64+0x4c/0xa0 [ 199.632045][ T6132] ? clear_bhb_loop+0x30/0x80 [ 199.636727][ T6132] ? clear_bhb_loop+0x30/0x80 [ 199.641409][ T6132] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 199.647312][ T6132] RIP: 0033:0x7f6a9ab78e59 [ 199.651741][ T6132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.671795][ T6132] RSP: 002b:00007f6a98dd2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.680582][ T6132] RAX: ffffffffffffffda RBX: 00007f6a9adf1fa0 RCX: 00007f6a9ab78e59 [ 199.688668][ T6132] RDX: 7fffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003 [ 199.696652][ T6132] RBP: 00007f6a9ac0ed6f R08: 0000000000000000 R09: 0000000000000000 [ 199.704714][ T6132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.712779][ T6132] R13: 00007f6a9adf2038 R14: 00007f6a9adf1fa0 R15: 00007ffc7d474cd8 [ 199.721060][ T6132] [ 199.768916][ T6132] Mem-Info: [ 199.789123][ T6132] active_anon:2008 inactive_anon:9102 isolated_anon:0 [ 199.789123][ T6132] active_file:12600 inactive_file:40998 isolated_file:0 [ 199.789123][ T6132] unevictable:18300 dirty:196 writeback:0 [ 199.789123][ T6132] slab_reclaimable:20531 slab_unreclaimable:96423 [ 199.789123][ T6132] mapped:32766 shmem:6212 pagetables:817 bounce:0 [ 199.789123][ T6132] kernel_misc_reclaimable:0 [ 199.789123][ T6132] free:1347868 free_pcp:7266 free_cma:0 [ 199.921936][ T6120] loop2: detected capacity change from 0 to 2048 [ 199.965385][ T6140] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaa [ 199.984747][ T6120] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 200.136097][ T6147] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 1, id = 0 [ 200.178032][ T6146] device macvtap1 entered promiscuous mode [ 200.207164][ T6152] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 200.259990][ T6132] Node 0 active_anon:1376kB inactive_anon:36832kB active_file:50132kB inactive_file:163992kB unevictable:71784kB isolated(anon):0kB isolated(file):0kB mapped:131004kB dirty:828kB writeback:0kB shmem:17032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11784kB pagetables:3312kB all_unreclaimable? no [ 200.320197][ T6153] device macvtap2 entered promiscuous mode [ 200.441094][ T6132] Node 1 active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 200.478835][ T6159] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.488274][ T6159] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.497526][ T6159] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.506991][ T6159] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 200.532512][ T6159] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.541539][ T6159] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.550602][ T6159] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.559602][ T6159] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.569615][ T6132] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 200.632703][ T6132] lowmem_reserve[]: 0 2539 2540 2540 2540 [ 200.640349][ T6132] Node 0 DMA32 free:1461580kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1376kB inactive_anon:36432kB active_file:50132kB inactive_file:163992kB unevictable:71784kB writepending:976kB present:3129332kB managed:2606544kB mlocked:2420kB bounce:0kB free_pcp:29816kB local_pcp:21320kB free_cma:0kB [ 200.750345][ T6165] xt_CT: No such helper "syz1" [ 200.761581][ T6119] UDF-fs: warning (device loop2): udf_truncate_tail_extent: Too long extent after EOF in inode 1367: i_size: 45056 lbcount: 49152 extent 129+13312 [ 200.800871][ T6132] lowmem_reserve[]: 0 0 0 0 0 [ 200.805693][ T6132] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 200.859513][ T6132] lowmem_reserve[]: 0 0 0 0 0 [ 200.865040][ T6132] Node 1 Normal free:3912496kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:3220kB local_pcp:32kB free_cma:0kB [ 201.133664][ T6132] lowmem_reserve[]: 0 0 0 0 0 [ 201.138465][ T6132] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 201.670779][ T6132] Node 0 DMA32: 15*4kB (UME) 4*8kB (UE) 48*16kB (ME) 282*32kB (UM) 116*64kB (UME) 82*128kB (UME) 29*256kB (UME) 15*512kB (UME) 4*1024kB (UME) 6*2048kB (UM) 339*4096kB (M) = 1447836kB [ 201.850901][ T6132] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 201.864253][ T6132] Node 1 Normal: 158*4kB (UME) 37*8kB (UME) 27*16kB (UME) 175*32kB (UME) 76*64kB (UME) 24*128kB (UE) 13*256kB (UM) 4*512kB (UE) 1*1024kB (U) 2*2048kB (UM) 949*4096kB (M) = 3912496kB [ 201.920665][ T6187] loop5: detected capacity change from 0 to 64 [ 201.966136][ T6132] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 202.049538][ T6132] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 202.097813][ T6188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.463'. [ 202.120947][ T6132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 202.163234][ T6132] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 202.227457][ T6132] 75311 total pagecache pages [ 202.440040][ T6132] 0 pages in swap cache [ 202.555431][ T6132] Swap cache stats: add 215, delete 215, find 0/2 [ 202.721263][ T6132] Free swap = 124472kB [ 202.821135][ T6132] Total swap = 124996kB [ 202.899270][ T6132] 2097051 pages RAM [ 203.119351][ T6132] 0 pages HighMem/MovableOnly [ 203.124354][ T6132] 411492 pages reserved [ 203.128533][ T6132] 0 pages cma reserved [ 203.309448][ T6209] netlink: 'syz.2.468': attribute type 21 has an invalid length. [ 203.346162][ T6209] netlink: 132 bytes leftover after parsing attributes in process `syz.2.468'. [ 203.351854][ T6219] netlink: 40 bytes leftover after parsing attributes in process `syz.0.467'. [ 203.403532][ T6224] IPVS: sync thread started: state = MASTER, mcast_ifn = dummy0, syncid = 65, id = 0 [ 203.481006][ T6218] kvm: pic: level sensitive irq not supported [ 203.481296][ T6218] kvm: pic: level sensitive irq not supported [ 203.533283][ T6225] loop5: detected capacity change from 0 to 128 [ 203.596265][ T6228] loop0: detected capacity change from 0 to 4096 [ 203.638939][ T4235] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 203.649821][ T6225] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 203.766172][ T6236] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 203.888083][ T4235] usb 3-1: Using ep0 maxpacket: 32 [ 203.988843][ T26] audit: type=1800 audit(1780317001.733:8): pid=6228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.470" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 204.209189][ T4235] usb 3-1: unable to get BOS descriptor or descriptor too short [ 204.369568][ T4235] usb 3-1: config 7 has an invalid interface number: 223 but max is 0 [ 204.558526][ T4235] usb 3-1: config 7 has no interface number 0 [ 204.738469][ T4235] usb 3-1: config 7 interface 223 altsetting 177 endpoint 0xF has invalid wMaxPacketSize 0 [ 204.824487][ T4235] usb 3-1: config 7 interface 223 altsetting 177 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 204.857020][ T4235] usb 3-1: config 7 interface 223 has no altsetting 0 [ 204.877978][ T6258] netlink: 277 bytes leftover after parsing attributes in process `syz.5.477'. [ 205.029425][ T4235] usb 3-1: New USB device found, idVendor=185b, idProduct=2870, bcdDevice=af.8a [ 205.050652][ T4235] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.067047][ T4235] usb 3-1: Product: syz [ 205.084103][ T4235] usb 3-1: Manufacturer: syz [ 205.144419][ T1108] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 205.170477][ T4235] usb 3-1: SerialNumber: syz [ 205.647544][ T4235] usb 3-1: USB disconnect, device number 3 [ 206.665281][ T6285] No such timeout policy "syz1" [ 207.508861][ T1108] usb 1-1: unable to get BOS descriptor or descriptor too short [ 207.588955][ T1108] usb 1-1: no configurations [ 207.593637][ T1108] usb 1-1: can't read configurations, error -22 [ 207.675372][ T6293] tipc: Enabling of bearer rejected, failed to enable media [ 207.707039][ T4204] Bluetooth: hci1: link tx timeout [ 207.712769][ T4204] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 207.750748][ T4233] hid (null): unknown global tag 0xd [ 207.756648][ T4233] hid (null): unknown global tag 0xda [ 207.804581][ T6299] netlink: 'syz.0.490': attribute type 10 has an invalid length. [ 207.823569][ T4233] hid-generic 0005:0001:0002.0001: collection stack underflow [ 207.849011][ T4233] hid-generic 0005:0001:0002.0001: item 0 1 0 12 parsing failed [ 207.859557][ T4233] hid-generic: probe of 0005:0001:0002.0001 failed with error -22 [ 207.930755][ T6299] team0: Port device netdevsim0 added [ 208.101559][ T6315] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.109147][ T6315] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.359151][ T1352] Bluetooth: hci1: command 0x0406 tx timeout [ 210.433065][ T6339] loop0: detected capacity change from 0 to 1024 [ 210.522539][ T6339] EXT4-fs (loop0): Ignoring removed orlov option [ 210.629238][ T6339] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,nombcache,inode_readahead_blks=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,grpjquota=,,errors=continue. Quota mode: none. [ 212.559911][ T6367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'. [ 214.820323][ T6406] binder: 6405:6406 ioctl 40286608 200000000000 returned -22 [ 215.085335][ T6406] orangefs_mount: mount request failed with -4 [ 215.327477][ T6424] loop0: detected capacity change from 0 to 512 [ 215.398096][ T6424] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 215.689389][ T6424] EXT4-fs error (device loop0): ext4_iget_extra_inode:4573: inode #15: comm syz.0.520: corrupted in-inode xattr [ 215.703076][ T6424] EXT4-fs error (device loop0): ext4_orphan_get:1411: comm syz.0.520: couldn't read orphan inode 15 (err -117) [ 215.718490][ T6424] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 216.418253][ T6424] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 216.609887][ T6448] netlink: 12 bytes leftover after parsing attributes in process `syz.3.524'. [ 216.686747][ T6451] loop5: detected capacity change from 0 to 256 [ 216.780671][ T6454] capability: warning: `syz.2.528' uses 32-bit capabilities (legacy support in use) [ 217.910384][ T6451] FAT-fs (loop5): Unrecognized mount option "01777777777777777777777" or missing value [ 217.983386][ T6462] smc: net device ip6_vti0 applied user defined pnetid SYZ2 [ 217.988266][ T6451] 9pnet: Insufficient options for proto=fd [ 218.046652][ T6469] loop0: detected capacity change from 0 to 764 [ 218.151172][ T6473] netlink: 12 bytes leftover after parsing attributes in process `syz.2.531'. [ 218.276809][ T6473] 8021q: adding VLAN 0 to HW filter on device bond1 [ 218.490408][ T6478] bond1: (slave ipip0): refused to change device type [ 219.434042][ T6494] netlink: 12 bytes leftover after parsing attributes in process `syz.4.545'. [ 221.564337][ T6525] loop5: detected capacity change from 0 to 4096 [ 221.709233][ T6537] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 221.762500][ T26] audit: type=1800 audit(1780317019.543:9): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.541" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 222.168956][ T4232] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 224.061299][ T6574] netlink: 452 bytes leftover after parsing attributes in process `syz.3.553'. [ 225.198900][ T4232] usb 6-1: device descriptor read/all, error -71 [ 225.408825][ T5749] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 226.459380][ T6606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 226.887867][ T6610] loop5: detected capacity change from 0 to 4096 [ 228.248823][ T5749] usb 3-1: unable to get BOS descriptor or descriptor too short [ 228.399077][ T5749] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 229.213312][ T5749] usb 3-1: can't read configurations, error -71 [ 229.252579][ T6626] xt_hashlimit: size too large, truncated to 1048576 [ 229.336778][ T6628] loop0: detected capacity change from 0 to 1024 [ 229.372563][ T6626] xt_hashlimit: invalid rate [ 229.487382][ T6628] EXT4-fs error (device loop0): ext4_map_blocks:631: inode #3: block 2: comm syz.0.569: lblock 2 mapped to illegal pblock 2 (length 1) [ 229.545539][ T6628] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 229.609665][ T6628] EXT4-fs error (device loop0): ext4_map_blocks:631: inode #3: block 48: comm syz.0.569: lblock 0 mapped to illegal pblock 48 (length 1) [ 229.659910][ T6628] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 229.703836][ T6628] EXT4-fs error (device loop0): ext4_acquire_dquot:6236: comm syz.0.569: Failed to acquire dquot type 0 [ 229.747235][ T6628] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 229.787900][ T6628] EXT4-fs error (device loop0): ext4_evict_inode:284: inode #11: comm syz.0.569: mark_inode_dirty error [ 229.841852][ T6628] EXT4-fs warning (device loop0): ext4_evict_inode:287: couldn't mark inode dirty (err -117) [ 229.873727][ T6628] EXT4-fs (loop0): 1 orphan inode deleted [ 229.900821][ T4278] EXT4-fs error (device loop0): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 229.925839][ T6628] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,data_err=ignore,max_batch_time=0x00000000000008c9,nodiscard,stripe=0x0000000000000004,nombcache,,errors=continue. Quota mode: none. [ 229.955506][ T4278] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 229.986411][ T6649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.573'. [ 230.008749][ T4278] EXT4-fs error (device loop0): ext4_release_dquot:6272: comm kworker/u4:7: Failed to release dquot type 0 [ 230.069407][ T6628] EXT4-fs (loop0): Ignoring removed bh option [ 230.133528][ T6628] EXT4-fs error (device loop0): ext4_map_blocks:631: inode #3: block 48: comm syz.0.569: lblock 0 mapped to illegal pblock 48 (length 1) [ 230.170285][ T6628] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=-117 [ 231.728335][ T6658] loop5: detected capacity change from 0 to 4096 [ 231.847054][ T6628] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: none. [ 232.095030][ T6658] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 232.128924][ T6658] EXT4-fs (loop5): inline encryption not supported [ 232.135592][ T6658] EXT4-fs (loop5): Journaled quota options ignored when QUOTA feature is enabled [ 232.183192][ T6658] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 232.232835][ T6658] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,inlinecrypt,grpjquota=./file0,noblock_validity,mblk_io_submit,resgid=0x0000000000000000,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 235.950876][ T6749] netlink: 12 bytes leftover after parsing attributes in process `syz.4.598'. [ 236.003680][ T6749] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 236.912382][ T6749] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 236.986157][ T6749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 237.720223][ T6770] SET target dimension over the limit! [ 240.101675][ T6773] netlink: 452 bytes leftover after parsing attributes in process `syz.2.605'. [ 240.661466][ T6787] netlink: 'syz.4.621': attribute type 6 has an invalid length. [ 241.368823][ T6787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.621'. [ 241.418470][ T6787] bond0: option use_carrier: invalid value (45) [ 241.569818][ T6795] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 241.673330][ T6794] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 241.843499][ T6794] overlayfs: failed to look up (tracing) for ino (-66) [ 244.215739][ T6818] xt_CT: No such helper "snmp_trap" [ 248.179852][ T6833] netlink: 'syz.0.623': attribute type 1 has an invalid length. [ 248.316244][ T6833] device bond1 entered promiscuous mode [ 248.322936][ T6833] 8021q: adding VLAN 0 to HW filter on device bond1 [ 248.355192][ T6834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.623'. [ 248.421395][ T6840] bond1: (slave bridge2): making interface the new active one [ 248.430020][ T6840] device bridge2 entered promiscuous mode [ 248.436969][ T6840] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 249.223853][ T6850] netlink: 12 bytes leftover after parsing attributes in process `syz.3.627'. [ 249.309523][ T4689] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 249.348329][ T6858] loop2: detected capacity change from 0 to 512 [ 249.632072][ T6858] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 249.800046][ T6858] ext4 filesystem being mounted at /116/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.382923][ T6858] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 252.297838][ T6887] set match dimension is over the limit! [ 252.316990][ T6889] fuse: Bad value for 'fd' [ 254.865750][ T6909] xt_CT: No such helper "snmp_trap" [ 255.425059][ T6920] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 256.203545][ T6928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.650'. [ 256.380665][ T6932] bridge2: port 1(dummy0) entered blocking state [ 256.387110][ T6932] bridge2: port 1(dummy0) entered disabled state [ 257.332972][ T6932] device dummy0 entered promiscuous mode [ 257.436398][ T6928] netlink: 'syz.4.650': attribute type 10 has an invalid length. [ 257.449675][ T6928] netlink: 40 bytes leftover after parsing attributes in process `syz.4.650'. [ 257.496149][ T6928] bridge2: port 1(dummy0) entered blocking state [ 257.502765][ T6928] bridge2: port 1(dummy0) entered forwarding state [ 257.511505][ T6928] bridge2: port 1(dummy0) entered disabled state [ 259.991851][ T6988] device syzkaller0 entered promiscuous mode [ 260.013860][ T6988] tipc: Started in network mode [ 260.029183][ T6988] tipc: Node identity 12e65fdbe32a, cluster identity 4711 [ 260.044695][ T6988] tipc: Enabled bearer , priority 0 [ 260.063130][ T6986] tipc: Resetting bearer [ 260.099682][ T6986] tipc: Disabling bearer [ 261.763725][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.770221][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.883881][ T7042] tipc: Enabling of bearer rejected, failed to enable media [ 263.199645][ T7047] netlink: 8 bytes leftover after parsing attributes in process `syz.4.685'. [ 264.160749][ T7055] device syzkaller0 entered promiscuous mode [ 264.205933][ T7057] netlink: 8 bytes leftover after parsing attributes in process `syz.2.689'. [ 264.262362][ T26] audit: type=1326 audit(1780317062.043:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7058 comm="syz.3.691" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f94de275e59 code=0x0 [ 264.313215][ T26] audit: type=1326 audit(1780317062.093:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.329057][ T7060] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 264.344989][ T26] audit: type=1326 audit(1780317062.093:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.380793][ T26] audit: type=1326 audit(1780317062.093:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.482416][ T26] audit: type=1326 audit(1780317062.093:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.557883][ T26] audit: type=1326 audit(1780317062.093:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.643754][ T26] audit: type=1326 audit(1780317062.163:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d19b4f68e code=0x7ffc0000 [ 264.703847][ T26] audit: type=1326 audit(1780317062.163:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.762431][ T26] audit: type=1326 audit(1780317062.163:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 264.824394][ T26] audit: type=1326 audit(1780317062.323:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.4.690" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 265.130927][ T7080] bridge0: port 3(erspan0) entered blocking state [ 265.138078][ T7080] bridge0: port 3(erspan0) entered disabled state [ 265.148915][ T7080] device erspan0 entered promiscuous mode [ 265.166296][ T7080] device erspan0 left promiscuous mode [ 265.176912][ T7080] bridge0: port 3(erspan0) entered disabled state [ 267.655784][ T7122] tipc: Enabling of bearer rejected, failed to enable media [ 271.472068][ T7159] loop5: detected capacity change from 0 to 256 [ 271.745493][ T7159] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 272.847799][ T7175] tipc: Started in network mode [ 272.866393][ T7175] tipc: Node identity 080211000001, cluster identity 4711 [ 272.886709][ T7175] tipc: Enabled bearer , priority 0 [ 273.088836][ T26] audit: type=1800 audit(1780317070.833:20): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.728" name="file1" dev="loop5" ino=1048642 res=0 errno=0 [ 275.055804][ T7198] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 275.073112][ T7196] loop0: detected capacity change from 0 to 512 [ 275.148217][ T7196] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 275.265844][ T7196] ext4 filesystem being mounted at /134/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.679626][ T7196] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 277.808944][ T7183] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.816399][ T7183] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.587432][ T7247] loop5: detected capacity change from 0 to 512 [ 278.616977][ T7247] EXT4-fs (loop5): Ignoring removed nobh option [ 278.764038][ T7247] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 279.090994][ T7247] EXT4-fs (loop5): 1 truncate cleaned up [ 279.166198][ T7247] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 280.596709][ T26] audit: type=1800 audit(1780317077.913:21): pid=7252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.743" name="bus" dev="loop5" ino=18 res=0 errno=0 [ 280.962747][ T7254] loop5: detected capacity change from 0 to 256 [ 281.040560][ T7254] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 281.265968][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.286587][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.542703][ T7261] kvm: pic: non byte write [ 281.768117][ T7183] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.778002][ T7183] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.787699][ T7183] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.819201][ T7183] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.852863][ T4232] tipc: Node number set to 134418688 [ 281.906511][ T7248] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 281.915868][ T7248] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 281.925498][ T7248] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 281.944920][ T26] audit: type=1800 audit(1780317079.683:22): pid=7248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.742" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 282.099774][ T7267] syz.4.748 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 282.420469][ T7277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.752'. [ 283.307464][ T7277] bridge3: port 1(veth5) entered blocking state [ 283.337697][ T7277] bridge3: port 1(veth5) entered disabled state [ 283.369473][ T7277] device veth5 entered promiscuous mode [ 283.462259][ T7279] bridge3: port 2(veth7) entered blocking state [ 283.473787][ T7298] loop5: detected capacity change from 0 to 128 [ 283.478781][ T7279] bridge3: port 2(veth7) entered disabled state [ 283.500694][ T7279] device veth7 entered promiscuous mode [ 283.520021][ T7296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.758'. [ 283.613579][ T7296] 8021q: adding VLAN 0 to HW filter on device bond2 [ 283.624962][ T7300] device macvlan0 entered promiscuous mode [ 283.636794][ T7303] bond2: (slave vti0): refused to change device type [ 288.794144][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.877247][ T7341] tipc: Failed to remove unknown binding: 66,0,0/8:1663570953/1663570955 [ 288.886812][ T7341] tipc: Failed to remove unknown binding: 66,0,0/8:1663570953/1663570954 [ 288.897566][ T7341] tipc: Failed to remove unknown binding: 66,0,0/8:1663570953/1663570955 [ 288.906708][ T7341] tipc: Failed to remove unknown binding: 66,0,0/8:1663570953/1663570954 [ 288.913077][ T7343] netlink: 60 bytes leftover after parsing attributes in process `syz.2.768'. [ 288.916224][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.963168][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.4.771'. [ 288.981094][ T7342] device ip_vti0 entered promiscuous mode [ 289.021891][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 292.487862][ T7365] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 295.576117][ T7424] netlink: 12 bytes leftover after parsing attributes in process `syz.2.796'. [ 295.645600][ T7428] syz.5.794 sent an empty control message without MSG_MORE. [ 297.252835][ T7429] bridge1: port 1(veth3) entered blocking state [ 297.268864][ T7429] bridge1: port 1(veth3) entered disabled state [ 298.063582][ T7429] device veth3 entered promiscuous mode [ 298.162737][ T7431] bridge1: port 2(veth5) entered blocking state [ 298.178749][ T7431] bridge1: port 2(veth5) entered disabled state [ 298.207867][ T7431] device veth5 entered promiscuous mode [ 300.120781][ T7467] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 300.366987][ T7475] device syzkaller0 entered promiscuous mode [ 301.493871][ T7495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.819'. [ 301.535244][ T7493] device syzkaller0 entered promiscuous mode [ 301.584082][ T7495] bridge2: port 1(veth7) entered blocking state [ 301.594929][ T7495] bridge2: port 1(veth7) entered disabled state [ 301.613197][ T7495] device veth7 entered promiscuous mode [ 301.678597][ T7497] bridge2: port 2(veth0_to_bond) entered blocking state [ 301.690749][ T7497] bridge2: port 2(veth0_to_bond) entered disabled state [ 301.708890][ T7497] device veth0_to_bond entered promiscuous mode [ 304.676402][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'. [ 309.450660][ T7614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.851'. [ 309.573589][ T7614] team0: Port device team_slave_1 removed [ 310.269173][ T7609] mmap: syz.2.852 (7609) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 310.752860][ T7630] xt_socket: unknown flags 0x4c [ 311.109990][ T7627] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 311.429201][ T7634] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 311.481567][ T7637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 312.978310][ T7671] netlink: 16 bytes leftover after parsing attributes in process `syz.3.873'. [ 321.809938][ T7695] netlink: 24 bytes leftover after parsing attributes in process `syz.5.880'. [ 322.383074][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.452975][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 326.156205][ T7740] netlink: 'syz.0.891': attribute type 1 has an invalid length. [ 326.392624][ T7742] 8021q: adding VLAN 0 to HW filter on device bond4 [ 326.533302][ T7742] bond3: (slave bond4): making interface the new active one [ 326.580784][ T7742] bond3: (slave bond4): Enslaving as an active interface with an up link [ 327.501890][ T7740] bond3: (slave gretap1): Enslaving as a backup interface with an up link [ 327.543019][ T7754] 8021q: adding VLAN 0 to HW filter on device bond3 [ 327.846830][ T7737] loop5: detected capacity change from 0 to 32768 [ 328.035333][ T7737] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.890 (7737) [ 328.437961][ T7737] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 328.457799][ T7737] BTRFS info (device loop5): force clearing of disk cache [ 328.594369][ T7737] BTRFS info (device loop5): metadata ratio 0 [ 328.627595][ T7737] BTRFS info (device loop5): enabling ssd optimizations [ 328.702749][ T7737] BTRFS info (device loop5): using spread ssd allocation scheme [ 328.711990][ T7737] BTRFS info (device loop5): using free space tree [ 328.718974][ T7737] BTRFS info (device loop5): has skinny extents [ 328.720275][ T7794] IPVS: Error joining to the multicast group [ 328.935302][ T7798] netlink: 'syz.3.907': attribute type 10 has an invalid length. [ 329.405332][ T7798] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 329.416973][ T7737] BTRFS error (device loop5): open_ctree failed: -12 [ 329.537249][ T7788] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by udevd (7788) [ 329.589942][ T7820] netlink: 'syz.4.910': attribute type 1 has an invalid length. [ 329.742467][ T7824] 8021q: adding VLAN 0 to HW filter on device bond2 [ 329.762264][ T7824] bond1: (slave bond2): making interface the new active one [ 329.772534][ T7824] bond1: (slave bond2): Enslaving as an active interface with an up link [ 329.840338][ T7825] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 329.868020][ T7820] 8021q: adding VLAN 0 to HW filter on device bond1 [ 330.773513][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 331.078905][ T7828] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 331.398998][ T7828] usb 6-1: Using ep0 maxpacket: 32 [ 331.629027][ T7828] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 331.637533][ T7828] usb 6-1: config 0 has no interface number 0 [ 331.675485][ T7828] usb 6-1: config 0 interface 12 has no altsetting 0 [ 331.889964][ T7828] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 331.910140][ T7828] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.219111][ T7866] device bridge3 entered promiscuous mode [ 332.770969][ T7866] team0: Port device bridge3 added [ 332.789132][ T7828] usb 6-1: Product: syz [ 333.006979][ T7828] usb 6-1: Manufacturer: syz [ 333.026923][ T7870] bridge0: port 3(team0) entered blocking state [ 333.057246][ T7828] usb 6-1: SerialNumber: syz [ 333.881631][ T7870] bridge0: port 3(team0) entered disabled state [ 334.137726][ T7870] device team0 entered promiscuous mode [ 334.785537][ T7828] usb 6-1: config 0 descriptor?? [ 334.796380][ T7870] device team_slave_0 entered promiscuous mode [ 335.108467][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.922'. [ 335.168924][ T7828] usb 6-1: can't set config #0, error -71 [ 335.176163][ T7828] usb 6-1: USB disconnect, device number 4 [ 335.219224][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.922'. [ 335.262181][ T7872] device bridge4 entered promiscuous mode [ 337.430539][ T7928] cgroup2: Unexpected value for 'memory_localevents' [ 338.531017][ T7938] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·=¼ [ 339.364097][ T7948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.945'. [ 342.248295][ T7998] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 342.257649][ T7998] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 342.285067][ T7998] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 342.315454][ T7998] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 342.357705][ T7998] device geneve3 entered promiscuous mode [ 342.388336][ T7998] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 342.418348][ T7998] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 342.454146][ T7998] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 342.494051][ T7998] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 344.076789][ T8011] Illegal XDP return value 4294967274, expect packet loss! [ 346.666565][ T8030] device syzkaller0 entered promiscuous mode [ 347.274796][ T8053] Error parsing options; rc = [-22] [ 349.788803][ T8060] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 357.532883][ T8146] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 357.532883][ T8146] The task syz.2.1004 (8146) triggered the difference, watch for misbehavior. [ 357.659256][ T8150] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.823672][ T8158] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1010'. [ 357.893917][ T8165] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1010'. [ 357.929131][ T8165] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1010'. [ 359.847722][ T8186] loop5: detected capacity change from 0 to 2048 [ 359.997499][ T8186] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 360.020669][ T8186] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 360.073632][ T8186] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 360.136090][ T26] audit: type=1800 audit(2000000053.170:23): pid=8186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1017" name="file1" dev="loop5" ino=1346 res=0 errno=0 [ 360.541032][ T8197] overlayfs: failed to resolve '/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 363.146568][ T8229] netem: change failed [ 363.294280][ T8236] netlink: 'syz.5.1034': attribute type 1 has an invalid length. [ 363.487346][ T8236] 8021q: adding VLAN 0 to HW filter on device bond1 [ 364.362291][ T8236] device macvlan2 entered promiscuous mode [ 364.409944][ T8236] device bond1 entered promiscuous mode [ 364.416104][ T8236] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 364.458974][ T8236] device bond1 left promiscuous mode [ 364.520416][ T8246] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1038'. [ 365.985841][ T8256] loop5: detected capacity change from 0 to 256 [ 366.840692][ T8256] FAT-fs (loop5): Directory bread(block 64) failed [ 366.847443][ T8256] FAT-fs (loop5): Directory bread(block 65) failed [ 366.894572][ T8256] FAT-fs (loop5): Directory bread(block 66) failed [ 366.908680][ T8256] FAT-fs (loop5): Directory bread(block 67) failed [ 366.915421][ T8256] FAT-fs (loop5): Directory bread(block 68) failed [ 366.938714][ T8256] FAT-fs (loop5): Directory bread(block 69) failed [ 366.945431][ T8256] FAT-fs (loop5): Directory bread(block 70) failed [ 366.961224][ T8256] FAT-fs (loop5): Directory bread(block 71) failed [ 366.991631][ T8256] FAT-fs (loop5): Directory bread(block 72) failed [ 367.034152][ T8256] FAT-fs (loop5): Directory bread(block 73) failed [ 367.857919][ T8282] Invalid ELF header magic: != ELF [ 370.992958][ T8312] tipc: Failed to remove unknown binding: 66,0,0/134418688:1408021138/1408021140 [ 371.002366][ T8312] tipc: Failed to remove unknown binding: 66,0,0/134418688:1408021138/1408021139 [ 371.013822][ T8312] tipc: Failed to remove unknown binding: 66,0,0/134418688:1408021138/1408021140 [ 371.023782][ T8312] tipc: Failed to remove unknown binding: 66,0,0/134418688:1408021138/1408021139 [ 371.253231][ T8318] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 371.614995][ T8065] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 371.788655][ T4233] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 371.896991][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 371.905899][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 371.926191][ T8333] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 371.956694][ T8333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 371.959962][ T8338] raw_sendmsg: syz.3.1066 forgot to set AF_INET. Fix it! [ 371.966421][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 372.148877][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.160079][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.170089][ T4233] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 372.183272][ T4233] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 372.192431][ T4233] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.204942][ T4233] usb 6-1: config 0 descriptor?? [ 372.697800][ T8332] 9pnet: p9_fd_create_tcp (8332): problem connecting socket to 127.0.0.1 [ 372.703276][ T4233] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 372.751465][ T8344] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 372.915020][ T4233] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 372.968900][ T4233] usb 6-1: USB disconnect, device number 5 [ 373.400393][ T8065] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.797565][ T7257] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.835789][ T7257] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.927938][ T7257] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 373.971786][ T8355] fido_id[8355]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 374.422614][ T8371] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 374.436139][ T8371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 374.444450][ T8371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 375.146477][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 375.410896][ T8379] loop5: detected capacity change from 0 to 256 [ 375.523406][ T8379] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 375.571175][ T8379] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 375.593448][ T8379] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d) [ 377.305859][ T8411] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.339122][ T4689] net_ratelimit: 2 callbacks suppressed [ 377.339206][ T4689] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.159063][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.170190][ T8455] device bond0 entered promiscuous mode [ 381.175796][ T8455] device bond_slave_0 entered promiscuous mode [ 381.437230][ T8455] device bond_slave_1 entered promiscuous mode [ 383.556725][ T7828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 383.567373][ T8061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 383.729230][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.735817][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.044680][ T8506] loop5: detected capacity change from 0 to 512 [ 384.073649][ T8509] overlayfs: bad mount option "redirect_dir=off:/" [ 384.202882][ T8506] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 384.214131][ T8506] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 384.297737][ T5165] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Out of memory [ 384.313754][ T5165] EXT4-fs error (device loop5): ext4_quota_off:6542: inode #3: comm syz-executor: mark_inode_dirty error [ 384.330990][ T5165] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Out of memory [ 384.358743][ T5165] EXT4-fs error (device loop5): ext4_quota_off:6542: inode #4: comm syz-executor: mark_inode_dirty error [ 384.366443][ T5747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 384.837396][ T8523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1120'. [ 384.849424][ T8523] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1120'. [ 387.299510][ T8065] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 388.696060][ T8539] device ip_vti0 left promiscuous mode [ 389.481047][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 389.657686][ T8539] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.665153][ T8539] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.700994][ T8539] device bond0 left promiscuous mode [ 389.716832][ T8539] device bond_slave_0 left promiscuous mode [ 389.723343][ T8539] device bond_slave_1 left promiscuous mode [ 389.763576][ T8539] device dummy0 left promiscuous mode [ 390.127391][ T8539] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 390.146793][ T8539] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 390.278781][ T8539] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.287965][ T8539] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.303259][ T8539] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.315435][ T8539] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.340085][ T8539] device geneve2 left promiscuous mode [ 390.348017][ T8539] device ipip0 left promiscuous mode [ 391.811688][ T8597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 391.994902][ T8597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.008282][ T8597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.023318][ T8597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.103189][ T8597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 392.156354][ T8575] infiniband syz1: set down [ 392.161483][ T8575] infiniband syz1: added bond_slave_1 [ 392.192634][ T8575] infiniband syz1: Couldn't open port 1 [ 392.296451][ T8612] xt_connbytes: Forcing CT accounting to be enabled [ 392.431374][ T8612] xt_CT: No such helper "netbios-ns" [ 392.533869][ T8575] RDS/IB: syz1: added [ 392.551870][ T8575] smc: adding ib device syz1 with port count 1 [ 392.689367][ T8575] smc: ib device syz1 port 1 has pnetid [ 394.218205][ T8640] device bridge3 entered promiscuous mode [ 394.647401][ T8659] device bond0 entered promiscuous mode [ 394.670027][ T8659] device bond_slave_0 entered promiscuous mode [ 394.701933][ T8659] device bond_slave_1 entered promiscuous mode [ 394.734834][ T8659] device dummy0 entered promiscuous mode [ 397.576428][ T8703] device bridge3 entered promiscuous mode [ 397.769237][ T8704] loop5: detected capacity change from 0 to 4096 [ 397.775994][ T8710] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000 [ 397.891108][ T8704] ntfs3: loop5: Failed to load $MFT. [ 398.029551][ T8720] (syz.5.1167,8720,0):ocfs2_fill_super:991 ERROR: superblock probe failed! [ 398.039535][ T8720] (syz.5.1167,8720,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 398.226982][ T8730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1171'. [ 398.315706][ T8734] loop5: detected capacity change from 0 to 512 [ 398.389961][ T8734] EXT4-fs (loop5): Ignoring removed nobh option [ 398.404136][ T8730] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1171'. [ 398.492908][ T8734] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 399.151195][ T8734] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 399.264129][ T8734] EXT4-fs (loop5): 1 truncate cleaned up [ 399.301178][ T8734] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nobh,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,max_batch_time=0x0000000000000007,dioread_lock,. Quota mode: none. [ 404.485914][ T8783] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1187'. [ 405.552371][ T8765] loop5: detected capacity change from 0 to 32768 [ 405.668768][ T8765] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1182 (8765) [ 406.346407][ T8797] overlayfs: failed to clone lowerpath [ 406.413998][ T8765] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 406.468810][ T8765] BTRFS info (device loop5): setting nodatasum [ 406.475037][ T8765] BTRFS info (device loop5): force zlib compression, level 3 [ 406.657995][ T8765] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 406.718533][ T8765] BTRFS info (device loop5): use lzo compression, level 0 [ 406.736067][ T8765] BTRFS info (device loop5): turning on flush-on-commit [ 406.750337][ T8765] BTRFS info (device loop5): enabling auto defrag [ 406.768456][ T8765] BTRFS info (device loop5): max_inline at 4096 [ 406.801439][ T8765] BTRFS info (device loop5): using free space tree [ 406.848685][ T8765] BTRFS info (device loop5): has skinny extents [ 408.234267][ T8765] BTRFS error (device loop5): open_ctree failed: -12 [ 408.241444][ T8696] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (8696) [ 410.099194][ T8854] device macvtap1 left promiscuous mode [ 410.164956][ T8854] device syzkaller0 left promiscuous mode [ 410.314703][ T26] audit: type=1326 audit(2000000103.350:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 410.367869][ T8865] loop5: detected capacity change from 0 to 1024 [ 410.431569][ T26] audit: type=1326 audit(2000000103.380:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 410.465961][ T8865] hfsplus: invalid btree flag [ 410.506395][ T8865] hfsplus: failed to load extents file [ 410.527491][ T26] audit: type=1326 audit(2000000103.380:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 410.649353][ T26] audit: type=1326 audit(2000000103.380:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 410.869707][ T26] audit: type=1326 audit(2000000103.380:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 411.089988][ T26] audit: type=1326 audit(2000000103.380:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 411.223913][ T8884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1215'. [ 411.273923][ T8884] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1215'. [ 411.292741][ T26] audit: type=1326 audit(2000000103.380:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 411.376888][ T8884] device geneve2 entered promiscuous mode [ 411.454959][ T26] audit: type=1326 audit(2000000103.380:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 411.675483][ T26] audit: type=1326 audit(2000000103.380:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 413.092874][ T26] audit: type=1326 audit(2000000103.380:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.5.1208" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fae93b95e59 code=0x7ffc0000 [ 413.483078][ T8914] syz.5.1226[8914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.483288][ T8914] syz.5.1226[8914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 415.359828][ T26] kauditd_printk_skb: 53 callbacks suppressed [ 415.359896][ T26] audit: type=1800 audit(2000000108.400:87): pid=8917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1228" name="bus" dev="ramfs" ino=45869 res=0 errno=0 [ 426.096305][ T8997] netlink: 'syz.2.1253': attribute type 10 has an invalid length. [ 427.329066][ T9001] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 429.884780][ T9021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1261'. [ 430.997580][ T9041] netlink: 'syz.0.1268': attribute type 10 has an invalid length. [ 431.849223][ T9050] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 432.700079][ T9058] tipc: Enabled bearer , priority 0 [ 432.742055][ T9058] tipc: Enabled bearer , priority 10 [ 432.775894][ T9058] tipc: Enabled bearer , priority 27 [ 432.815560][ T9058] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 436.904068][ T26] audit: type=1326 audit(2000000129.940:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 437.181961][ T26] audit: type=1326 audit(2000000129.980:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 437.207440][ T26] audit: type=1326 audit(2000000129.980:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 437.498765][ T26] audit: type=1326 audit(2000000129.980:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.538523][ T26] audit: type=1326 audit(2000000129.980:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.579039][ T26] audit: type=1326 audit(2000000129.980:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.678634][ T26] audit: type=1326 audit(2000000129.990:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.890867][ T26] audit: type=1326 audit(2000000129.990:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.915234][ T26] audit: type=1326 audit(2000000129.990:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 438.939380][ T26] audit: type=1326 audit(2000000129.990:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.4.1295" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ee59 code=0x7ffc0000 [ 442.891319][ T9230] netlink: 'syz.5.1326': attribute type 2 has an invalid length. [ 444.015297][ T9254] xt_nat: multiple ranges no longer supported [ 449.393927][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.400332][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 459.332973][ T9404] device gretap1 entered promiscuous mode [ 461.826276][ T9442] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 461.852892][ T9442] CIFS mount error: No usable UNC path provided in device string! [ 461.852892][ T9442] [ 461.863571][ T9442] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 467.471852][ T9486] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1399'. [ 467.676825][ T9497] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1402'. [ 468.836035][ T9530] IPVS: Error connecting to the multicast addr [ 468.937269][ T9532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1412'. [ 469.001798][ T9532] bond1: (slave erspan0): Enslaving as an active interface with an up link [ 469.030871][ T9532] bond1 (unregistering): (slave erspan0): Releasing backup interface [ 469.048761][ T9532] bond1 (unregistering): Released all slaves [ 472.251146][ T9584] overlayfs: failed to clone lowerpath [ 473.269616][ T9593] 8021q: adding VLAN 0 to HW filter on device bond5 [ 473.300700][ T9593] device veth1_to_batadv entered promiscuous mode [ 473.336932][ T9593] bond5: (slave macvlan1): Enslaving as a backup interface with an up link [ 473.371716][ T9598] device team0 left promiscuous mode [ 473.378273][ T9598] device team_slave_0 left promiscuous mode [ 473.398222][ T9598] bridge0: port 3(team0) entered disabled state [ 473.411176][ T9598] bond0: (slave dummy0): Releasing backup interface [ 473.423544][ T9598] device dummy0 left promiscuous mode [ 473.451441][ T9598] device bridge_slave_0 left promiscuous mode [ 473.467443][ T9598] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.478252][ T9598] device bridge_slave_1 left promiscuous mode [ 473.517666][ T9598] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.547105][ T9598] bond0: (slave bond_slave_0): Releasing backup interface [ 473.570549][ T9598] device bond_slave_0 left promiscuous mode [ 473.596318][ T9598] bond0: (slave bond_slave_1): Releasing backup interface [ 473.622278][ T9598] device bond_slave_1 left promiscuous mode [ 473.631319][ T9598] team0: Port device team_slave_0 removed [ 473.652762][ T9598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 473.678092][ T9598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 473.752468][ T9598] team0: Port device bridge3 removed [ 473.768601][ T8065] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready [ 473.804780][ T9611] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1435'. [ 485.094422][ T9806] netlink: 'syz.0.1494': attribute type 2 has an invalid length. [ 486.140971][ T9819] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1501'. [ 486.201322][ T9819] netlink: 'syz.5.1501': attribute type 12 has an invalid length. [ 487.439402][ T9842] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1506'. [ 490.428384][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1521'. [ 490.810774][ T9893] netlink: 'syz.4.1526': attribute type 1 has an invalid length. [ 490.938651][ T9893] device bond3 entered promiscuous mode [ 491.075049][ T9893] 8021q: adding VLAN 0 to HW filter on device bond3 [ 491.666359][ T9898] bond3: (slave erspan1): making interface the new active one [ 491.713607][ T9898] device erspan1 entered promiscuous mode [ 491.746959][ T9898] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 491.756144][ T4689] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 492.056473][ T9918] sctp: [Deprecated]: syz.0.1532 (pid 9918) Use of struct sctp_assoc_value in delayed_ack socket option. [ 492.056473][ T9918] Use struct sctp_sack_info instead [ 492.153186][ T9918] sctp: [Deprecated]: syz.0.1532 (pid 9918) Use of struct sctp_assoc_value in delayed_ack socket option. [ 492.153186][ T9918] Use struct sctp_sack_info instead [ 492.737824][ T9929] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1537'. [ 493.116760][ T9940] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1539'. [ 494.009230][ T9952] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1542'. [ 498.669274][T10010] netlink: 'syz.2.1561': attribute type 1 has an invalid length. [ 501.760332][T10057] overlayfs: missing 'lowerdir' [ 501.887136][T10064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1578'. [ 504.221366][T10102] netlink: 'syz.5.1593': attribute type 1 has an invalid length. [ 504.291520][T10102] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 504.336566][T10102] bond3: (slave gretap1): Enslaving as a backup interface with an up link [ 504.763245][T10117] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1595'. [ 511.303439][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.315750][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.806487][T10214] tipc: Started in network mode [ 514.819885][T10214] tipc: Node identity 080211000001, cluster identity 4711 [ 514.831820][T10214] tipc: Enabled bearer , priority 0 [ 514.900006][T10217] netlink: 'syz.2.1622': attribute type 12 has an invalid length. [ 515.760731][T10224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1627'. [ 515.787269][T10224] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 515.965477][ T4233] tipc: Node number set to 134418688 [ 524.143520][T10270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1636'. [ 526.097712][T10294] ip6t_srh: unknown srh invflags 4000 [ 526.218901][T10302] overlayfs: failed to clone lowerpath [ 526.245735][T10302] overlayfs: failed to clone lowerpath [ 526.311616][T10306] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1653'. [ 526.405097][T10306] af_packet: tpacket_rcv: packet too big, clamped from 64521 to 3956. macoff=92 [ 526.508832][T10312] futex_wake_op: syz.0.1655 tries to shift op by 144; fix this program [ 526.869624][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021d38400: rx timeout, send abort [ 527.404206][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060227800: rx timeout, send abort [ 527.414727][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021d38400: abort rx timeout. Force session deactivation [ 527.865819][T10329] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000 [ 527.947372][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060227800: abort rx timeout. Force session deactivation [ 529.774977][ T26] kauditd_printk_skb: 25 callbacks suppressed [ 529.774995][ T26] audit: type=1800 audit(2000000216.928:123): pid=10334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1662" name="bus" dev="ramfs" ino=49532 res=0 errno=0 [ 531.351803][T10330] bridge2: port 2(veth0_to_bond) entered disabled state [ 531.716997][T10330] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.727656][T10330] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.736597][T10330] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.810991][T10330] device bridge3 left promiscuous mode [ 531.821473][T10330] device gretap1 left promiscuous mode [ 543.295363][T10465] netlink: 'syz.3.1701': attribute type 1 has an invalid length. [ 543.426183][T10468] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 543.527358][T10465] bond1: (slave gretap2): Enslaving as a backup interface with an up link [ 543.538356][T10475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1704'. [ 555.424806][T10534] CIFS mount error: No usable UNC path provided in device string! [ 555.424806][T10534] [ 555.435090][T10534] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 561.833556][T10615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 561.933520][T10615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 563.200594][T10625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 563.282570][T10638] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1747'. [ 564.384933][T10659] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 2 [ 567.773017][T10699] ip6t_srh: unknown srh invflags 4000 [ 569.523093][T10731] xt_nat: multiple ranges no longer supported [ 571.895741][T10759] Unknown status report in ack skb [ 571.926550][T10759] netlink: 'syz.0.1781': attribute type 12 has an invalid length. [ 572.048530][T10762] netlink: 'syz.4.1782': attribute type 29 has an invalid length. [ 572.088144][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1782'. [ 572.289577][T10762] netlink: 'syz.4.1782': attribute type 29 has an invalid length. [ 572.375810][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1782'. [ 573.754177][T10785] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 573.837484][T10790] xt_nat: multiple ranges no longer supported [ 573.896237][T10784] team0: Port device bridge4 added [ 575.699078][ T26] audit: type=1800 audit(2000000259.882:124): pid=10807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1806" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 575.795451][T10810] overlayfs: failed to clone upperpath [ 577.550576][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 577.557119][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 578.401961][T10828] netlink: 'syz.3.1801': attribute type 29 has an invalid length. [ 578.453405][T10828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1801'. [ 578.488328][T10828] netlink: 'syz.3.1801': attribute type 29 has an invalid length. [ 578.496341][T10828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1801'. [ 579.925001][T10852] tipc: Enabled bearer , priority 0 [ 579.972030][T10852] tipc: Enabled bearer , priority 10 [ 580.007971][T10852] tipc: Enabled bearer , priority 27 [ 580.041626][T10852] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 581.192951][ T4232] tipc: Node number set to 4056702939 [ 581.702311][T10861] overlayfs: failed to clone lowerpath [ 585.058807][T10891] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1821'. [ 593.095536][T10929] overlayfs: failed to clone lowerpath [ 595.070711][ C0] ------------[ cut here ]------------ [ 595.076750][ C0] WARNING: CPU: 0 PID: 10956 at net/mac80211/tx.c:4859 __ieee80211_beacon_get+0x179f/0x2000 [ 595.087043][ C0] Modules linked in: [ 595.090985][ C0] CPU: 0 PID: 10956 Comm: syz.5.1839 Not tainted syzkaller #0 [ 595.098612][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 595.108714][ C0] RIP: 0010:__ieee80211_beacon_get+0x179f/0x2000 [ 595.115148][ C0] Code: 2a f8 0f 0b 4f 89 64 2f 04 4f 89 64 2f 0c 43 c6 44 2f 14 f8 e9 19 fe ff ff e8 2d 0c 2a f8 0f 0b e9 03 ef ff ff e8 21 0c 2a f8 <0f> 0b e9 76 f2 ff ff e8 a5 af 6d 00 89 d9 80 e1 07 80 c1 03 38 c1 [ 595.134878][ C0] RSP: 0018:ffffc900000078e0 EFLAGS: 00010246 [ 595.141195][ C0] RAX: ffffffff894f29ef RBX: ffff88805f6a6268 RCX: ffff88805cd59dc0 [ 595.149220][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 595.157318][ C0] RBP: ffffc90000007b08 R08: ffff88805cd59dc0 R09: 0000000000000003 [ 595.165723][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888048040200 [ 595.173740][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff92000000f2c [ 595.182037][ C0] FS: 00007fae91dce6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 595.191318][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 595.197946][ C0] CR2: 00007f94de2c3540 CR3: 0000000048409000 CR4: 00000000003506f0 [ 595.205940][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 595.214057][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 595.222171][ C0] Call Trace: [ 595.225634][ C0] [ 595.228572][ C0] ? ieee80211_beacon_get_template+0x30/0x30 [ 595.234703][ C0] ? verify_lock_unused+0x140/0x140 [ 595.239997][ C0] ? __lock_acquire+0x13bc/0x7d10 [ 595.245048][ C0] ? verify_lock_unused+0x140/0x140 [ 595.250310][ C0] ieee80211_beacon_get_tim+0x48/0x840 [ 595.255888][ C0] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 595.261559][ C0] __iterate_interfaces+0x243/0x500 [ 595.266859][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 595.273399][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 595.279769][ C0] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 595.287112][ C0] mac80211_hwsim_beacon+0x9b/0x180 [ 595.292539][ C0] ? hw_scan_work+0xed0/0xed0 [ 595.297292][ C0] __hrtimer_run_queues+0x4f2/0xb70 [ 595.302641][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 595.307868][ C0] hrtimer_run_softirq+0x176/0x240 [ 595.313206][ C0] handle_softirqs+0x339/0x830 [ 595.318155][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 595.323055][ C0] ? do_softirq+0x210/0x210 [ 595.327720][ C0] __irq_exit_rcu+0x13b/0x230 [ 595.332527][ C0] ? irq_exit_rcu+0x20/0x20 [ 595.337288][ C0] irq_exit_rcu+0x5/0x20 [ 595.341593][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 595.347660][ C0] [ 595.350778][ C0] [ 595.353816][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 595.359934][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x2c/0x80 [ 595.366837][ C0] Code: 04 24 65 48 8b 0d 44 36 89 7e 65 8b 15 45 36 89 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 5b 83 b9 34 16 00 00 00 74 52 <8b> 91 10 16 00 00 83 fa 03 75 47 48 8b 91 18 16 00 00 44 8b 89 14 [ 595.386522][ C0] RSP: 0018:ffffc9000347fa98 EFLAGS: 00000246 [ 595.392744][ C0] RAX: ffffffff87da9112 RBX: 0000000000000002 RCX: ffff88805cd59dc0 [ 595.400875][ C0] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 595.408878][ C0] RBP: ffffc9000347fc90 R08: ffffc9000347fbdf R09: ffffc9000347fb60 [ 595.417091][ C0] R10: dffffc0000000000 R11: fffff5200068ff7c R12: ffffc9000347fc00 [ 595.425122][ C0] R13: 1ffff9200068ff5c R14: f8f8f8f8f8f8f8f8 R15: dffffc0000000000 [ 595.433262][ C0] ? ___sys_recvmsg+0x132/0x5c0 [ 595.438327][ C0] ___sys_recvmsg+0x132/0x5c0 [ 595.443165][ C0] ? __sys_recvmsg+0x280/0x280 [ 595.447989][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 595.453250][ C0] ? __might_fault+0xb3/0x110 [ 595.458039][ C0] do_recvmmsg+0x382/0x850 [ 595.462549][ C0] ? __sys_recvmmsg+0x290/0x290 [ 595.467526][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 595.472601][ C0] __x64_sys_recvmmsg+0x195/0x250 [ 595.477704][ C0] ? do_recvmmsg+0x850/0x850 [ 595.482345][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 595.487614][ C0] do_syscall_64+0x4c/0xa0 [ 595.492055][ C0] ? clear_bhb_loop+0x30/0x80 [ 595.496881][ C0] ? clear_bhb_loop+0x30/0x80 [ 595.501636][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 595.507596][ C0] RIP: 0033:0x7fae93b95e59 [ 595.512049][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.532158][ C0] RSP: 002b:00007fae91dce028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 595.540815][ C0] RAX: ffffffffffffffda RBX: 00007fae93e0f090 RCX: 00007fae93b95e59 [ 595.548830][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 595.556878][ C0] RBP: 00007fae93c2bd6f R08: 0000000000000000 R09: 0000000000000000 [ 595.564911][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 595.573078][ C0] R13: 00007fae93e0f128 R14: 00007fae93e0f090 R15: 00007ffd32fed8e8 [ 595.581106][ C0] [ 595.584185][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 595.591491][ C0] CPU: 0 PID: 10956 Comm: syz.5.1839 Not tainted syzkaller #0 [ 595.598994][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 595.609353][ C0] Call Trace: [ 595.612758][ C0] [ 595.615617][ C0] dump_stack_lvl+0x188/0x250 [ 595.620362][ C0] ? show_regs_print_info+0x20/0x20 [ 595.625588][ C0] ? load_image+0x400/0x400 [ 595.630130][ C0] panic+0x2e5/0x810 [ 595.634114][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 595.638670][ C0] ? __ieee80211_beacon_get+0x179f/0x2000 [ 595.644414][ C0] __warn+0x248/0x2b0 [ 595.648422][ C0] ? __ieee80211_beacon_get+0x179f/0x2000 [ 595.654263][ C0] report_bug+0x1b7/0x2e0 [ 595.658715][ C0] handle_bug+0x3a/0x70 [ 595.662896][ C0] exc_invalid_op+0x16/0x40 [ 595.667418][ C0] asm_exc_invalid_op+0x16/0x20 [ 595.672287][ C0] RIP: 0010:__ieee80211_beacon_get+0x179f/0x2000 [ 595.678747][ C0] Code: 2a f8 0f 0b 4f 89 64 2f 04 4f 89 64 2f 0c 43 c6 44 2f 14 f8 e9 19 fe ff ff e8 2d 0c 2a f8 0f 0b e9 03 ef ff ff e8 21 0c 2a f8 <0f> 0b e9 76 f2 ff ff e8 a5 af 6d 00 89 d9 80 e1 07 80 c1 03 38 c1 [ 595.698633][ C0] RSP: 0018:ffffc900000078e0 EFLAGS: 00010246 [ 595.704725][ C0] RAX: ffffffff894f29ef RBX: ffff88805f6a6268 RCX: ffff88805cd59dc0 [ 595.712719][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 595.720703][ C0] RBP: ffffc90000007b08 R08: ffff88805cd59dc0 R09: 0000000000000003 [ 595.728711][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888048040200 [ 595.736786][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff92000000f2c [ 595.744794][ C0] ? __ieee80211_beacon_get+0x179f/0x2000 [ 595.750569][ C0] ? ieee80211_beacon_get_template+0x30/0x30 [ 595.756569][ C0] ? verify_lock_unused+0x140/0x140 [ 595.761899][ C0] ? __lock_acquire+0x13bc/0x7d10 [ 595.767139][ C0] ? verify_lock_unused+0x140/0x140 [ 595.772395][ C0] ieee80211_beacon_get_tim+0x48/0x840 [ 595.777998][ C0] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 595.783500][ C0] __iterate_interfaces+0x243/0x500 [ 595.788721][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 595.794981][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 595.801328][ C0] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 595.808383][ C0] mac80211_hwsim_beacon+0x9b/0x180 [ 595.813712][ C0] ? hw_scan_work+0xed0/0xed0 [ 595.818493][ C0] __hrtimer_run_queues+0x4f2/0xb70 [ 595.823946][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 595.829174][ C0] hrtimer_run_softirq+0x176/0x240 [ 595.834316][ C0] handle_softirqs+0x339/0x830 [ 595.839114][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 595.844080][ C0] ? do_softirq+0x210/0x210 [ 595.848622][ C0] __irq_exit_rcu+0x13b/0x230 [ 595.853316][ C0] ? irq_exit_rcu+0x20/0x20 [ 595.857846][ C0] irq_exit_rcu+0x5/0x20 [ 595.862189][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 595.867858][ C0] [ 595.870818][ C0] [ 595.873774][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 595.879876][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x2c/0x80 [ 595.886843][ C0] Code: 04 24 65 48 8b 0d 44 36 89 7e 65 8b 15 45 36 89 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 5b 83 b9 34 16 00 00 00 74 52 <8b> 91 10 16 00 00 83 fa 03 75 47 48 8b 91 18 16 00 00 44 8b 89 14 [ 595.906730][ C0] RSP: 0018:ffffc9000347fa98 EFLAGS: 00000246 [ 595.912813][ C0] RAX: ffffffff87da9112 RBX: 0000000000000002 RCX: ffff88805cd59dc0 [ 595.920807][ C0] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 595.928796][ C0] RBP: ffffc9000347fc90 R08: ffffc9000347fbdf R09: ffffc9000347fb60 [ 595.936963][ C0] R10: dffffc0000000000 R11: fffff5200068ff7c R12: ffffc9000347fc00 [ 595.944971][ C0] R13: 1ffff9200068ff5c R14: f8f8f8f8f8f8f8f8 R15: dffffc0000000000 [ 595.952974][ C0] ? ___sys_recvmsg+0x132/0x5c0 [ 595.957859][ C0] ___sys_recvmsg+0x132/0x5c0 [ 595.962545][ C0] ? __sys_recvmsg+0x280/0x280 [ 595.967350][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 595.972423][ C0] ? __might_fault+0xb3/0x110 [ 595.977126][ C0] do_recvmmsg+0x382/0x850 [ 595.981587][ C0] ? __sys_recvmmsg+0x290/0x290 [ 595.986476][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 595.991534][ C0] __x64_sys_recvmmsg+0x195/0x250 [ 595.996612][ C0] ? do_recvmmsg+0x850/0x850 [ 596.001223][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 596.006442][ C0] do_syscall_64+0x4c/0xa0 [ 596.010875][ C0] ? clear_bhb_loop+0x30/0x80 [ 596.015567][ C0] ? clear_bhb_loop+0x30/0x80 [ 596.020262][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 596.026356][ C0] RIP: 0033:0x7fae93b95e59 [ 596.030819][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.050542][ C0] RSP: 002b:00007fae91dce028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 596.059089][ C0] RAX: ffffffffffffffda RBX: 00007fae93e0f090 RCX: 00007fae93b95e59 [ 596.067175][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 596.075248][ C0] RBP: 00007fae93c2bd6f R08: 0000000000000000 R09: 0000000000000000 [ 596.083233][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 596.091319][ C0] R13: 00007fae93e0f128 R14: 00007fae93e0f090 R15: 00007ffd32fed8e8 [ 596.099420][ C0] [ 596.102685][ C0] Kernel Offset: disabled [ 596.107345][ C0] Rebooting in 86400 seconds..