last executing test programs: 5m8.176399409s ago: executing program 0 (id=2674): syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='console\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000b80), 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f00000059c0)) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) flistxattr(0xffffffffffffffff, &(0x7f0000000300)=""/97, 0x61) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x8, &(0x7f0000000400)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @ldst={0x3, 0x0, 0x6, 0x0, 0xa, 0x0, 0xa1}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x90) write(0xffffffffffffffff, &(0x7f0000000040)="1300000043001f00030300f9002304000a04d6", 0x13) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r6}, 0x10) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60100c034002000009051082c137153e373548078007f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=@framed, &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r9 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000850000009e00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) r11 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r8, r10}, 0x40) r12 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000003c0)='syzkaller\x00'}, 0x90) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r4, 0xc0189372, &(0x7f0000000440)={{0x1, 0x1, 0x18, r0, {0x9}}, './file0\x00'}) write$binfmt_elf32(r13, &(0x7f00000006c0)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0x1f, 0x0, 0x0, 0xfffffffffffffffa, 0x3, 0x6, 0x1, 0x358, 0x38, 0xd3, 0x1, 0x8, 0x20, 0x1, 0x6, 0xf000, 0x800}, [{0x6474e551, 0x800, 0x6, 0x0, 0x9, 0x0, 0x7}], "8cacf4f88a1b3670e34df5ca3c15d7d7ab73525411241ec42fef", ['\x00']}, 0x172) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000002c0)={r11, r12, 0x4}, 0x10) 5m7.386611027s ago: executing program 0 (id=2677): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000012000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x80002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020) sendmsg$nl_route(r4, 0x0, 0x0) r5 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000004c900200250000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/144]) 4m7.110770928s ago: executing program 0 (id=2677): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000012000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x80002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020) sendmsg$nl_route(r4, 0x0, 0x0) r5 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000004c900200250000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/144]) 3m15.945162181s ago: executing program 0 (id=2677): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000012000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x80002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020) sendmsg$nl_route(r4, 0x0, 0x0) r5 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000004c900200250000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/144]) 2m37.37904014s ago: executing program 3 (id=3114): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000d80)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f00000002c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_OUT_KEY_ID={0xc, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) 2m36.868002297s ago: executing program 3 (id=3119): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x9, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x98, &(0x7f00000000c0)=""/152}, 0x80) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x3f, 0x8}, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r0, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000400)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x56, &(0x7f00000004c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0x0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='memory.swap.current\x00', 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xa60e, 0x3}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 2m36.609165672s ago: executing program 3 (id=3122): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0xcc04, &(0x7f0000000240)={[{@nodots}, {@fat=@debug}, {@fat=@discard}, {@dots}, {@fat=@nfs}, {@fat=@time_offset={'time_offset', 0x3d, 0x2be}}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x8000}}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@nodots}, {@dots}, {@dots}, {@dots}, {@dots}, {@nodots}, {@fat=@sys_immutable}, {@fat=@dos1xfloppy}]}, 0xfd, 0x1d8, &(0x7f0000000d80)="$eJzs3c9qE1EUB+CTGPNHXHQniMIFN66K+gQVqSAGBCULXSlUN60IdjO6aR/DB/QBpKts5EqdaaaNRWM0M5p+3yZn5jc3c25CJtnkzssbb3d33u2/+XztUwyHnehuxVZMO7ER3ThxGADAOpnmHF9yqe1eAIBmLPD9/7XhlgCAFXv2/MXj++Px9tOUhhFHh8WkmJSPZf7w0Xj7Tvpuox51VBSTS7P8bpr/7XCcX44rVX6vHJ9mcT8iJv24favMj7MHT8bp7PhB7Kx47gAAAAAAAAAAAAAAAAAAAAAA0JabkU6cu77P5uZ8PqrycuvU+kBz6/f04nqv2qyXB8oHTUwKAAAAAAAAAAAAAAAAAAAA/jP7Hz7uvtrbe/2+LgYRcXbP7xSd6omXHN500Y1/oo2/X4zOf3MXKaLXdvN/WqQGzjVa4OVd8lPQj4hVNT/NOZd7Iv/04PoaMWjr4gQAAAAAAAAAAAAAAAAAABfMqX99/2DYRkMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IL6/v9LFAcRcTV+efDsZKNWpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAa+xYAAP//J+sv3A==") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r2 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r2, r1, 0x0, 0x80000000) 2m35.372443921s ago: executing program 0 (id=2677): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000012000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x80002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020) sendmsg$nl_route(r4, 0x0, 0x0) r5 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000004c900200250000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/144]) 2m33.761929149s ago: executing program 3 (id=3129): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@cgroup=r0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 37.405697824s ago: executing program 2 (id=3356): syz_emit_ethernet(0x8a, &(0x7f0000000900)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x1a, 0x0, 0x0, 0x0, 0x0, {[@nop, @mptcp=@remove_addr={0x1e, 0x50, 0x0, 0x0, "003d50d7ca8d6a77855c77937c686612f70e2ae57624b17e562308bb1d8ad4568d9fbe6abfbaec0b290d2b110c36e25d7ce5bbfd6410264878ae0a1ebf38c878f99d93622cbbc9218650ee2e9f"}]}}}}}}}, 0x0) 37.276954534s ago: executing program 2 (id=3357): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 36.708095405s ago: executing program 2 (id=3358): munmap(&(0x7f0000886000/0x6000)=nil, 0x6000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000179000/0x3000)=nil, &(0x7f0000889000/0x1000)=nil, 0x3000}) 36.580087423s ago: executing program 2 (id=3360): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0xff7c}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x1, 0x0, @val=@perf_event}, 0x40) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) 35.142580661s ago: executing program 2 (id=3361): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRES16=0x0], 0x1, 0x6cf, &(0x7f0000000cc0)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kleMit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9Fr8GPp9oPM8zz8v89plnZrzrrCbA/62bl9J8lCI3L72xVOZXV6bbqyvTL9TF7SRlupE0u6sU95PicTJTlhd9S/rWm3w8f+Otz56sft7NNeulqj+yXbshhtRdrpdM1v1NDm05uttdLNfh5cUkt+r1oLHd9jVQsRy0i/Uajl1nk+W9NN/LeQucML27U9G9b24ykZxKMl7/HpD66tA4uggPx56ucgAAAPCc+vTBcUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz5/6+f9FvTTqdSZT9J7/P9bbVqdPoJld13x0qHEAAAAAAAAAwNH4+tM8zVJO9/Kdovqb/4UqczZfdJIv5f08zFwWcjlLmc1iFrOQq0km+joaW5pdXFy4utayNLzltaEtrx3VKwYAAAAAAACA/0m/TGv97/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHASFMlId1UtZ+t1JtJoZr0sy8k/k4wdd7x7UAzb+Ojo4wAAAIB9GX+GNl9+mqdZyulevlNU7/m/Ur1fHs/7uZ/FzGcx7czldv0eunzX31hdmW6vrkzfK5cyP9jv9/+9pzDG6h5GqtywPZ+varRyJ/PVlsu5VQVzO43uvi8m53vx9MXV56MypuJ7tV1G1qyHtdzZ77f6FOFADH4U0dimZms9uGRtRKbq2MqWZ7ojUFQf1CQbR2LHo9McyE1UvY6u7elqGmuf/Jw9hDE/Va/L1/ObQx3zvVobiUaqkbjWm33lObP9SCTf+Ouf3r7bvv/u3TsPL52cl7SDkS22b5wT030j8cpzPRLNPdafqkbi3Fr+Zn6Un+RSJvNmFjKfn2Y2i5lLpy6fredz+XNi+5GaGci9uVMkY/Vx6R6z3cQ0mR9WqdlcqNqeznyKPMjtzOX16t+1XM23cz3Xc6PvCJ/bMu7qtVVnfWPjWd870n8bGvzFb9aJ8ur22/Wr3Mx2r3ir2XlQutf+clzP9I1rd9Y/Wat1pu88mOobpZd6ozM6tPNnuTY2v1onyn38aof7xNGaqEeiPIF6d4ledC93R6JZ3Ys2z/M/dMp2ad/vdO7OvrdF/8sb8q/V63JarXxtp9o9ww/FwSrny0sZr68kg7OjLHt57SrTV9ZZn8vdssE7btnuXFVWFL0z9cd5UE2AzWfqWP073OaerlVlrwwtm67KzveVDfy+lQdp5/YRjB8Az+Ifb68lJ3JqrPWv1qetT1q/bt1tvTH+gxe+88KrYxn9++h3m1MjrzVeLf6ST/Lz9ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAs3v4wYfvzrbbcwvDE42tiwYSrWzcslPPGxJF/UCfvbU6uYnxJANbquccHXkYrY1hbEp0fpEc+fj0HiI4vM7vykRz04walpgZ2PLnzR1+tMcIi92dF4eYaGR//fQeY7fbViMZPgGO6YIEHJkri/feu/Lwgw+/NX9v9p25d+buj16/fmPqxvXXp6/cmW/PTXV/HneUwGFYv+kfdyQAAAAAAAAAAADAbg37YsCFF3f60siuvuPhfxYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+LmpTQfpcjVqctTZX51ZbpdLr30es1mkkYjKX6WFI+TmXSXTPR1V+SPj9MZsp+P52+89dmT1c/X+2p26yeNer217UuTLNdLJpOM1Ot9GOjv1r77K/7Tew3lgH3R6XRm9hcfHIz/BgAA///l6fGg") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRESDEC], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='objagg_obj_put\x00', r0}, 0xfffffffffffffdb8) r1 = getpid() syz_clone3(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x16, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58) sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x5, 0x5f6, 0x101, 0x124, 0x1, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x5, 0xb}, 0x48) socket$netlink(0x10, 0x3, 0x7) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmmsg$unix(r6, &(0x7f0000003700)=[{{0x0, 0x703, 0x0, 0x0, 0x0, 0x0, 0x41000000}}], 0x600, 0x0, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r7, 0x0, 0x43, 0x0, &(0x7f0000000140)) mknod(&(0x7f0000000200)='./file1\x00', 0x1000, 0x0) 33.706117312s ago: executing program 2 (id=3362): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/fscaps', 0x101, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f0000000140)="170000000000020000ffbe8c2ee1768814002b000203000afdff020657fc5ad90200bb6a880000d6c9db0000db0000eb00df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd30500000000", 0xb8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe80, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="52bb753901dd1e0a9434d4d0f20bf76fb405"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, r3}, 0x90) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae"], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x80d010, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00') r6 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x1217880, 0x0) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$nl_xfrm(0x10, 0x3, 0x6) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) sendfile(r6, r5, 0x0, 0x80000004) 12.934441968s ago: executing program 5 (id=3199): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001a000100000000000000000081800000", @ANYRES32=0x0, @ANYBLOB="00000000140002"], 0x30}}, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110f"], 0x14) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$inet6(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48) r1 = socket(0x10, 0x3, 0x0) pipe(0x0) write(r1, &(0x7f0000000040)="1400000052004f030e789e7e27286d000a4149f3", 0x14) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0c011c20741a6b92c6ce9d71ff"], 0xf) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001500)=ANY=[@ANYBLOB="1800000011140100000000000000000008"], 0x18}}, 0x0) unshare(0x0) socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket(0x0, 0x80000, 0x0) readv(r4, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/195, 0xc3}], 0x1) chdir(&(0x7f0000000080)='./file1\x00') openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) 12.004865807s ago: executing program 5 (id=3364): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x8, 0x0, r1, 0x0}]) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x1004000, &(0x7f0000000280)=ANY=[@ANYBLOB="747970653dd88d17102c6e6c733d61736369692c00b65c5e80ee881a8017a99080db5f384bdecc38aad57f2265deb9bc09ceaa37a446dd9779c499df84c71ac5709884f5a46a6157a859efa0011b98ed9e0084e7f30840308a546dfc131f58f11e2885d3d93d1ea670d769ec2f0aa0c9e9bc2dce36eb80f93e9c66e51cd63047e63897ad645ff9e1c43c323948225427a038840483468e20afe97ee11df867f724292017e27da8ee18b36e12ec848a02f157f0c97084870848c3f5101666aeeb41"], 0x4, 0x5ce, &(0x7f00000006c0)="$eJzs3U9rHOcdB/DvrNay5IKjJHbitoGKlP6horZW67ZJwVQtpugQSsCvQNTrWHitBGlTlByKXfxCUoLeQC+55OCDz+1LEPRYKPRURC8uMzu72tiyLCWSdh1/Pvaz8zz7zPzmN7+dGWlXAgV4aa0spPkwRVYW3tsqxzvb7e7OdvvuoJ/kbJJG9T/NsvvPZOpBMp9+y3eTFHW44ln7ufbF5818ef9Gf9SoW7X+1EHbHc69umW5TnL5GOM9+sbxiuERlkGvD4JPgsfP958T3P3UCcbmCIpnvBZzybkkM/V9YHDiNk43u+M3MRcgAAAAnKBXdrObrZwfdx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIqn//n9Rt8agP59i8Pf/p+vnUvdfaA/HnQAAAAAAAAAAHIMf7GY3Wzk/GD8uqp/5v10NLlSP38nH2UwnG7mcrayml1420koyNxJoemu119toHWLLpX23XDqd4wUAAAAAAACAb6m/ZGXv5/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJimSqv6jahUF/Lo1mkpkk0+V695J/DPovsofjTgAAAABOwSu72c1Wzg/Gj4vqPf8b1fv+mXyc9fSyll666eRm9VlA/11/Y2e73d3Zbt8t29Nxf/vvI6VRRUz/s4f993ypWmM2t7JWPXM5f8yH6eZmGtWWpUuDfPbP636ZU/Gb2iEzu1kvi6T4fv1pyGSYqypyZliRxTq3shqvHlyJI746T+6plcbwk58LJ1Dzc/WyrPnMRNd8aeTse+PgSiQ/uvbf9dvd9Tu3b20uTM4hfU1PVqI9Uok3X6pKLFaVuDgcr+T3uZGFzOf9bGQtf8pqeulkPter3mp9PpePcwdXavkro/efl8l0/br076JHy+ntatvzWcsf8mFuppNfZilX805a+VX17+rIK3zxEFd942hX/Q9/WndeS4rZ/nJClHV9daSuo/fcuWpu9Jm9Kr12/PfG5vfqzlRSNIc5TYInK9EaqcTrB1fir4/Lx83u+p2N26sfHXJ/P6mX5VeJsxP1VWK6Pnub1eirZ0c59/q+c61q7sJwrvHU3MXh3POu1On6e7inIy1Vc2/uO9eu5i6NzO33/RYAE+/cz85Nz/5r9u+zn80+mL09+97M786+c/at6Zx5dObXzcWpHzfeKv6Wz/Lnvff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA17f5yad3VrvdzoaOjo7OsDPuOxOn4Urv7kdXNj/59Odrd1c/6HzQWW8v/mLp3XZr6d2rV26tdTuL/cdxp8kJ2bvox50JAAAAAAAAAAAAR3Eav0467mMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxbGykObDFGktXl4sxzvb7W7ZBv29NRtJmuXyf8nUg2Q+/Za5kXDFs/Zz7YvPm/ny/o29WI3B+lMHbXc49+qW5TrJ5WOM9+gbxyuGR1gGvT4IDuP2/wAAAP//wg8dzA==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pwritev2(r3, &(0x7f0000000680), 0x0, 0x85ffffff, 0xff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x43}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6000) io_setup(0x200, &(0x7f0000000140)=0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={0x0, &(0x7f00000000c0)=""/220, 0x0, 0xdc}, 0x20) r6 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r6, &(0x7f0000000080), 0x208e24b) io_submit(r5, 0x0, &(0x7f0000000540)) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) 9.314864251s ago: executing program 5 (id=3367): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000180)='page_pool_release\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000eb1d95"], &(0x7f0000000040)='GPL\x00'}, 0x80) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000180)='page_pool_release\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 8.11698771s ago: executing program 5 (id=3372): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) read$dsp(r1, &(0x7f00000011c0)=""/4117, 0x200021d5) 3.627532s ago: executing program 4 (id=3383): r0 = socket$inet(0x2, 0x0, 0x9e5a) dup(r0) r1 = gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xb1b082, &(0x7f0000000480)=ANY=[@ANYRES32=r1, @ANYRES32=r2], 0x1, 0xc56, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfG+2KK7mtmdhVnDQONm2Ryorl6l9MxSrcVU2zDSDLQijmFoArkVIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEXQI9O6QHLxocipJ6KFjaDogS0CBCgQsJjZt+KSIi1ZJCVK/nxs6js7897MezPrGVnQmxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTvvXr+xMm0xYYDD6ExAMADcXH0qydObfX8BwAeW5e3+/9/AAAAAAAAAAAAAABgv0hRxFORYvbiahqvPnc1LnTqN2+NDY9sXe1QqmoeqMqXP42Tp06f+dKLQ2d7eaEz/SH1d9tn4vXRy+ebr8zcmJ2bnJ+fnGiOTXeuzkxM3vMedlp/s2PVCWjeeOPmxLVr881TL5zesPnW4AcDTxwZPDf03PFne2XHhkdGRteLNPrL1+67IV3bjfA4GEUcjxTPf++nqR0RRez8XDQe7LXf7FDViWNVJ8aGR6qOTHXa0wvlxku9E1FENPsqtXrnaOtrEbX6A+3D9loRi2XzywYfK7s3Otuea1+Zmmxeas8tdBY6M9OXUre1ZX+aUcTZFLEUESsDd+6uHkXUIsV3nlxNV/JbP6rz8MVqYPD27Sj2sI/3oGxnsx6xVDwC12wfG4giXosUP3v3aFzN95nqXvOFiNfK/EHE22W+HJHKL8aZiPe3+B7xaKpFEX9eXv9zq2miuh/07isXvtb8yvS1mb6yvfvKR3w+3HGneEjPh0Ob8sHY5/emRhTRru74q+n+f7MDAAAAAAAAAAAAAAAAwG47FEV8OlK8+m9/VI0rjmpc+pPnhn5/8Jf7x4w/c5f9lGVfiIjF4t7G5B7MAwMvpUspPeSxxB9njSjij/P4v2897MYAAAAAAAAAAAAAAAAAAAB8rBXxk0jx0ntH01L0zynemb7evNy+MtWdFbY3929vzvS1tbW1ZupmK+d4zsWcSzmXc67kjCLXz9nKOZ5zMedSzuWcKznjQK6fs5VzPOdizqWcyzlXckYt18/ZyjmeczHnUs7lnCs5Y5/M3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DgpoohfRIpvf2M1RYqIVsR4dHN54GG3DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDaQivh8pmn/Qur2uFhGp+rfraPnLmWgdLPOT0Roq8+Vonc/ZrrLW+tZDaD87U09F/DhSDDTeuX3B8/Wvdz/d/hrE299c//SZWjcP9DYOfjDwxJEnzw2NfO6Z7ZbTVg04dqEzffNWc2x4ZGS0b3UtH/2TfesG83GL3ek6ETH/5ltvtKemJufuf6H8Cty98EA+4M6O9XAXUu1eevqgF4r90Yx9tVDbnf3ELu3nUVzYeJ9oPIybE3uufP6/Hyl++71/7z3wu8//RvxS99PtJ3z8/E/Wn/8vbd7RPT7/a5vr5ed/+Uzf6vn/VN+6l/LvRuq1iMbCjdn6kYjG/JtvHe/caF+fvD45febEiS8PDX359In6wYjGtc7UZN/SrpwuAAAAAAAAAAAAAAAAgAcnFfG7kaL949XUjIhb1XitwXNDzx1/9kAcqMZbbRi3/fro5fPNV2ZuzM5Nzs9PTjTHpjtXZyYm7/VwjWq419jwyJ505q4O7XH7DzVemZl9c65z/Q8Xttx+uHH+yvzCXPvq1pvjUBQRrf41x6oGjw2PVI2e6rSnq6qXthxM/9HVUxH/ESmunmmmz+d1efz/5hH+G8b/L27e0S6O///c4YhavTv88BN9RctjplTEzyPFb/3FM/H5qp2H445zlsv9TaQ4dvazuVwcLMv12tB9r0B3ZGBZ9n8ixT/8YmPZ3njIp9bLnvxoZ3f/K6//k5Hi+3/23fj1vG7j+x+2vv6HN+9oj97/8HTfusMb3lew466Tr//xSPHyU+/Eb1Rr/u9D3//Re/fG0W7h9fdz7NH1/9W+dYP5uL+5W50HAAAAAAAAAAB4hNVTEX8bKX44Uksv5nX38vf/JjbvaI/+/ten+tZN7M58RXdd2PFJBQAAAIB9op6K+EmkuL7wzu0x1BvHf/eN//yd9fGfw2nT1urP+X6lem/Abv75X7/BfNzxnXcbAAAAAAAAAAAAAAAAAAAA9pWUingxz6c+Xo3nn9h2PvXlSPHqfz2fy6UjZbnePPCD1a+NizPTx89PTc00YqF9ZWqyOTrbvjpZ1n06Uqz+9Wdz3aKaX70333x3jvf1udjnIsXI3/XKdudi781N/vR62ZNl2U9Eiv/8+41l89TUee7oquypsuxfRYqv/9PWZY+slz1dlv1upPjR15u9sofLsr33o35qvewLV2eKPbgqAAAAAAAAAAAAAAAAAAAAfNzUUxF/Gin++8bS7bH8ef7/et/Hytvf7Jvvf5Nb1Tz/g9X8/9st38/8/9V7BRa3OyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyeUhTxVqSYvbialgfKz12NC53pm7fGhke2rnYoVTUPVOXLn8bJU6fPfOnFobO9/PD6u+3T8fro5fPNV2ZuzM5Nzs9PTjTHpjtXZyYm73kPO62/2bHqBDRvvHFz4tq1+eapF05v2Hxr8IOBJ44Mnht67vizvbJjwyMjo31lavX7Pvod0jbrD0YRfxkpnv/eT9MPByKK2Pm5uMt3Z68dqjpxrOrE2PBI1ZGpTnt6odx4qXciiohmX6VW7xw9gGuxI62IxbL5ZYOPld0bnW3Pta9MTTYvtecWOgudmelLqdvasj/NKOJsiliKiJWBO3dXjyLeiBTfeXI1/fNAxIHeefjixdGvnji1fTuKPezjPSjb2axHLBWPwDXbxwaiiH+MFD9792j8y0BELbo/8YWI18r8QcTb0b3eqfxinIl4f4vvEY+mWhTxv+X1P7ea3h0o7we9+8qFrzW/Mn1tpq9s777yyD8fHqR9fm9qRBE/qu74q+lf/XcNAAAAAAAAAAAAAAAAsI8U8WuR4qX3jqZqfPDtMcWd6evNy+0rU91hfb2xf70x02tra2vN1M1WzvGcizmXci7nXMkZRa6fs1VmY21tPH9ezLmUcznnSs44kOvnbOUcz7mYcynncs6VnFHL9XO2co7nXMy5lHM550rO2Cdj9wAAAAAAAAAAAAAAAAAAgMdLUf2T4tvfWE1rA935pcejm8vmA33s/X8AAAD//9009OI=") r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r4 = fsopen(&(0x7f0000000180)='sockfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000000)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x7, 0x0, 0x0, 0x0) fallocate(r4, 0x0, 0x8, 0xeeac) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000160000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000380)=ANY=[], 0x0) getdents64(r3, 0x0, 0x0) read(r2, &(0x7f0000000100)=""/247, 0xf7) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000040)={0x529}) tkill(r1, 0x7) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000200)={{0x3}, 0x159620c86ba9a23, 0x0, 0x0, {}, 0x0, 0x2}) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000100)={0xfffffffffffffffc, 0x2d, 0x0, 0xa, 0x0, 0x2c}, 0x48) 3.255135511s ago: executing program 1 (id=3384): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000001400)={0xe0, 0x10, 0x50b, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @typed={0xa9, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff5f282d73882fbd9423debbb86f9dba4a2dba4dbe076c02262600c446a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b5eb5100100000000000000a0912086d9f4606d2e4cc898739222c5d3a83cb6b707f3336336ebb7d681"}, @generic="9a9e27f5451fe21e0e21a4c37be5153642d73ec1"]}, 0xe0}], 0x1}, 0x0) 2.918710933s ago: executing program 1 (id=3385): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000000000711216000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x80) 2.85983882s ago: executing program 4 (id=3386): pwritev(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000200)="93c9178ac5436e9ae48866df99d28e2206e52a4d4770fa052dce4dfe2374679992f89d03885bb2ca49a5c5b151a4c2746d1b5f6a651ea567f3d618a7e9052bc79728778526f14dfd9e92911b971b44ad2b7cb354e7c631c13637e0b60816f5f480532a7f9b8d1739e9fec475e2e7c434bc906f7c51d4ef16975b9e166ceafe1968e4f5e383447d76d0174d1a1084cf7559a675d56c0e1cc0ccef58d3aa90cd57a529f151a336f465f60d1ae52277176460774f1492094eb098ce265aff6b418ac9c1a7932c4dfa8158614fbf8950c29eaa357b374b84e30544f3", 0xda}], 0x1, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000002400010000000000000000000000000006000400"], 0x1c}}, 0x0) 2.668877896s ago: executing program 1 (id=3387): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff02, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f90535fc60040011000a740200053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 2.660971285s ago: executing program 3 (id=3131): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6) r1 = syz_io_uring_setup(0x26c6, &(0x7f0000000080)={0x0, 0x0, 0x10900}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000013c0)) read$dsp(r0, &(0x7f0000000440)=""/171, 0xab) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x41565559}}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000000c0)={'NETMAP\x00'}, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) 2.566399512s ago: executing program 4 (id=3388): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) set_tid_address(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8}, 0x48) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f00000005c0)=0x80000001, 0x4) sendto$inet(r3, 0x0, 0x0, 0x20020080, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r3, &(0x7f0000000580)="8f", 0x20000581, 0x400c040, 0x0, 0x12eed8485ad) 2.462689303s ago: executing program 1 (id=3389): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743c, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x1000004, &(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x3, 0x7a3, &(0x7f0000000a80)="$eJzs3U1sHOX5APBnHBuCkSLE/68URSFMApWCFMx6DaYWB1jWY3tgvWvtrqtEVUUj4iArDiAoaskFokrQVq2qnnqkXLn11qpSK/XQ9lSpHHrpDYlTRaV+iaqq5Gpmdx1/2+QTyO9ned/Z2Wfe95n1eJ6dtWc2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBI6tOVyngSjby5eDrdWX263Zrf5fFBf7/e0Gzw9IZxI5LiOw4ejE/+0Zv3/1cePlzcnIijvXtH42DRHIxLdx++58n/Gx4aLL9LQlfr+D7jkoi3iqQunF1ZWXr1BiRyE33/l596kX+vFrezWTPvtPL52myW5p1WOjU5WXl0bqaTzuSNrHOm083m03o7q3Vb7fRk/eF0fGpqIs3GzrQWm7PTtUY2mPnEI9VKZTJ9dmwhq7U7reajz0anPpc3GnlztoypVr4VRcwTxYb4XN5Nu1ltPk3PL68sTeyVahE0vt0DB3rbz9GH7vno9Q//vrxUbJA7dZL0N8zq+Hi1Oj75+NTjT1Qqw9VKdeOMyiaxFhFDEUXEDdlo+Ry5vjtwuAZD/fofjcijGYtxOtJtvkaiHtPRjlbMF/f/NLIlom9Q/7/86F//sNu46+v/oMrfd+XhI1HW/2O9e8d2qv/b5nozv16LN+JSXIizsRIrsRSv3vKM9vgautYekg33ZiOLZuTRiVbkMR+1ck7an5PGVEzGZFTi+ZiLmehEGjORRyOy6MSZ6EQ3snKLqkc7sqhFN1rRjjRORj0ejjTGYyqmYiLSyGIszkQrFqMZszEdtbKX87FcPu8Tm7I8fFf84sU/fvRuMb0WNL7bahUv5oqgv+0StKXc71r/V1eL1wubI9T/290N2IvD1Vkd1H8AAADgCysp330vjv9H4v5yaiZvZF+71WkBAAAA11H5l/+jRTNSTN0fSXH8X9km8oObnhsAAABwfSTlOXZJRIzGA72p87Ecb8VSbPcmAAAAAPA5VP79/1jRjEa8Wc4YXC7F8T8AAAB8QXx3p2vsfzi4xm5n4c7kVyMRMZJcXjj9UHKxVsTVLh7oLddvvrrWY3fmSHKo30nZTA5fujuJiOF6djQZXP3yv3f22o/L2yPDa4vvdK3/pN3eNYHYPYHyXvwgjvdijp/rtef6jyS9UUZn8kY2Vm81niwviVh8d19/afnbEcXo32vOH0ri/PLK0tgLL6+cK3O5XPRy+WL/AopbrqO4Sy6r/Wcg7t9+jUfKEzH64472xq2sX/+h3uJDu4+ZrB/z7TjRizkx2mtHB4/0xjxYjDk+9uR41GqHhrrZ6e7rq+vWvp/F+DWu+dvxYC/mwZMP9pptsqhuyOKlrVlU12exv+di31m8e/zN0//6bSvJJvbKYuJTZLF6IGJzFgC3yvnyqj9XqtBdZRX6z2pPUf831d27BkvuY1/7zyujrL3KGCy/rtYNx+bqfqXv/VX31ejt0U/2Yk72Xk8MH9mmrlS22aO/svzK7/p79Mfe/8lPv37s9z8rx72q6vZ+PNyL6Tdx7292qLHFOv9wU1V9r1jivR3H7TSqSVyOOPDNi6/E4dfeuPTI8sWzLy69uPRStToxWXmsUnm8GiPlS4V+s0umANy+9v6MnR0j7uh3kTy201F1v+Ldu/YvBWPxQrwcK3EuTpVnG0TEA9uPO7ru3xBO7XHUOrruE15O7XFseSW2ujU2iR1iJ9Y9Y1/6cdl8ckN+HABwU5zYow7vUv/X3pk/tcdx98ZavunoOHau5dv5yg19NgDg9pC1P05Gu+8k7Xa+8Pz41NR4rTuXpe1W/bm0nU/PZmne7Gbt+lytOZulC+1Wt1UfvHE8nXXSzuLCQqvdTWda7TSGOvnp8pPf0/5Hv3ey+Vqzm9c7C42s1snSeqvZrdW76XTeqacLi8808s5c1i4X7ixk9Xwmr9e6eauZdlqL7Xo2lqadLFsXmE9nzW4+kxeTzXShnc/X2pcjorE4n6XTWafezhe6rV6Hg7Hy5kyrPV92O7Z19f9ys59vAPgseO2NSxfOrqwsvXp1E3/eT/CtXkcAYCNVGgAAAAAAAAAAAAAAPvu2nq5XzL2GMwI/3cSdccOHuG0nih/kZyCNWzvxjaeeurBTzDNv3je3v362/03Z7lTXdw5F3PHzH/XmPL1z8Hf6v3/XZ00/iIirWHw12SVmw27ijpu/ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACArf4XAAD//7hdYFI=") r1 = inotify_init() inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x4000001) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="16000000020000001d"], 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000003c0)="01d0138bcd610056301ebdf42888c6df5019e97ebeae1b394a0552068fe1de27ab876d384442dcff3a756f3e14bf1b9f78435e2292f5786983f256aad069649904f4f1586562bea93dbd490dc6029140704a576d47be7f4a8b15f19943ae404a6be3897581a97ddd9d5d409ef41b217ee925a0bbfc1e013fd6958f73f052f5046372eb693a864c07f1540fcbb6bd99253a8d51982b21fd5b19abb68f34fd06877d723e03ff3f0e540b9b7b93fba5f9cb4604a4c24e06f15e0ee59b55a9085c07aa8b8ba10e7126473ace8273ba9a3e6a8b1257acc3c474930752c64c377d1c92074b13d986dafd76703095dc6d8c9f2afa62c83eb6f6804029c1c8488ec024ecf5afb6e2cca30b5bc125f6f3abd43a84909e48db9866f8c44f45be8e1c00000000000000a2460000a64e7ab697a23e225272b047bb868ad68b834718fc8f2e2d89c51878f960e4673bb96ce10f04daa581a20bee08e2c35cdd18f7398754e78c4f9527f6d1dee2c27310691d0b7acb49f68658a9e4340c20ed0d", 0x17a, 0x20) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002180)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sendfile(r3, r2, &(0x7f00000000c0)=0x100001000, 0xe0000000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) ftruncate(r5, 0x0) ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000100)={[0x3]}) r6 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_opts(r6, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="ec08"], 0x48) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) socket$igmp(0x2, 0x3, 0x2) getpid() 1.251087986s ago: executing program 4 (id=3390): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000040, &(0x7f0000002880)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) 671.994459ms ago: executing program 5 (id=3391): syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x86040) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) r0 = open$dir(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x0, 0x9, 0x8}, 0x48) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = epoll_create1(0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000780), 0x2c}}, 0x8400) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000100)={0x1}) epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000000)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$incfs(0xffffffffffffff9c, &(0x7f00000003c0)='.pending_reads\x00', 0x1054c1, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r5) epoll_pwait(r4, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x80000001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000200)=@v2={0x2, @aes256, 0x0, '\x00', @d}) chdir(&(0x7f0000000300)='./bus\x00') chdir(&(0x7f00000002c0)='./bus\x00') r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00'}) setsockopt$packet_int(r7, 0x107, 0x14, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x48) 556.613136ms ago: executing program 1 (id=3392): semget$private(0x0, 0x4, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000340)) semctl$IPC_RMID(0x0, 0x0, 0x0) 368.65908ms ago: executing program 4 (id=3393): bpf$BPF_PROG_QUERY(0x8, &(0x7f0000000480)={@map, 0x0, 0x1d, 0x0, &(0x7f0000000380)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 360.826665ms ago: executing program 3 (id=3394): r0 = socket(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000440)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x0, 0x0, 0x2b}, @l2cap_cid_signaling={{0x27}, [@l2cap_move_chan_cfm_rsp={{0x11, 0x49, 0x2}, {0x3}}, @l2cap_cmd_rej_unk={{0x1, 0x79, 0x2}, {0x9}}, @l2cap_move_chan_req={{0xe, 0xc, 0x3}, {0x7, 0xd}}, @l2cap_conn_rsp={{0x3, 0x9, 0x8}, {0x7fff, 0x0, 0x2, 0x4f4}}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x7, 0x101}}]}}, 0x30) syz_emit_vhci(0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000029c0)={{{@in=@multicast2, @in=@initdev}}, {{@in6=@remote}, 0x0, @in=@remote}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000180)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000600)={0xcc, r1, 0x0, 0x70bd25, 0xa5dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x9, 0x4b}}}}, [@NL80211_ATTR_REKEY_DATA={0x7c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="4902c9c0d5931e691507c899faf41370298d00"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="948b3e98c888c88a33cacd7b68dbe0a6"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "661f83ecad25a51e"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="640000005cf1eae0d35a000d00008402d93f72000000000007000800"}]}, @NL80211_ATTR_REKEY_DATA={0x28, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="f1dbfbce65c8d020c4157938ab36a6c1"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x400}]}]}, 0xcc}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffe4e}}, 0x4040001) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f0000001200)={0x0, 0x48574653}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000240)="df9410e2b3956e80bc3aa4847ecce9e0ca44d5845e69669c9864104576daa895910737a5b6ec2bc98d8a83251946890552f9aa43ad2ac23aa0407d5c1b8b3671a1d0c0df1be9f97aeaf604cd0c9fdbf97e87f2b82cb2c17810658a5b9d4733506070cc26127b234861d673a4adc99acadb72f1d17635164a3e96d9b83a887deb0df0887b2e6121f80fda17d2f54842f26f491f53e04de7649f54e8e220148fa5a659821e28ccc41a5610a4e3410d5a7d1ac8430d0d4c8884c2eb5cdef28ac6be16656b35b3e3cc95", 0xc8}, {&(0x7f0000000040)="4c3b4c3eb00ca4e04a96d3295871e209b97a13b37bc78e", 0x17}], 0x2}, 0x2000c001) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e31"], 0x4b0}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') preadv(r6, &(0x7f0000000400)=[{&(0x7f0000000340)=""/134, 0x86}], 0x1, 0x68, 0x0) 324.499873ms ago: executing program 1 (id=3395): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x1, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) getsockname$packet(r2, 0x0, 0x0) close(r0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) read(r3, &(0x7f0000002e00)=""/4088, 0xff8) 135.233534ms ago: executing program 5 (id=3396): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 370.112µs ago: executing program 4 (id=3397): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=@base={0x17, 0x0, 0x3, 0x7fff, 0x114, 0x1}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000000)={r4, 0x0, 0x0}, 0x20) socket$tipc(0x1e, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYRES8], 0x15) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x800003, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, &(0x7f00000002c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r6}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r7}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc}, 0x48) 0s ago: executing program 0 (id=2677): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000012000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x10, 0x80002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020) sendmsg$nl_route(r4, 0x0, 0x0) r5 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000004c900200250000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/144]) kernel console output (not intermixed with test programs): : command 0x0406 tx timeout [ 1189.210408][T13574] syz.5.2096: attempt to access beyond end of device [ 1189.210408][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1189.248295][T13574] syz.5.2096: attempt to access beyond end of device [ 1189.248295][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1189.313905][T13574] syz.5.2096: attempt to access beyond end of device [ 1189.313905][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1189.362541][T13574] syz.5.2096: attempt to access beyond end of device [ 1189.362541][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1189.804062][ T5243] Bluetooth: Wrong link type (-71) [ 1190.106215][T18087] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3192'. [ 1190.364939][T18087] No control pipe specified [ 1190.805563][ T1044] hsr_slave_0: left promiscuous mode [ 1190.946550][ T1044] hsr_slave_1: left promiscuous mode [ 1190.992771][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1191.099216][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1191.143927][T18091] loop4: detected capacity change from 0 to 512 [ 1191.174563][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1191.197323][T18091] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 1191.227665][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1191.300809][T18091] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.3193: iget: bad i_size value: -6917529027641081756 [ 1191.422655][T18091] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3193: couldn't read orphan inode 17 (err -117) [ 1191.457379][ T1044] veth1_macvtap: left promiscuous mode [ 1191.472669][ T1044] veth0_macvtap: left promiscuous mode [ 1191.484675][ T1044] veth1_vlan: left promiscuous mode [ 1191.491069][ T1044] veth0_vlan: left promiscuous mode [ 1191.513710][T18091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1191.785881][T18091] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3193: bg 0: block 65: padding at end of block bitmap is not set [ 1191.840743][T18091] Quota error (device loop4): write_blk: dquota write failed [ 1191.882191][T18091] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1191.911920][T18091] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.3193: Failed to acquire dquot type 0 [ 1192.171655][T15470] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1193.817828][T13574] bio_check_eod: 10956 callbacks suppressed [ 1193.817854][T13574] syz.5.2096: attempt to access beyond end of device [ 1193.817854][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1193.856661][T13574] syz.5.2096: attempt to access beyond end of device [ 1193.856661][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1193.890770][T13574] syz.5.2096: attempt to access beyond end of device [ 1193.890770][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1193.942391][T13574] syz.5.2096: attempt to access beyond end of device [ 1193.942391][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1193.982851][T13574] syz.5.2096: attempt to access beyond end of device [ 1193.982851][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.032407][T13574] syz.5.2096: attempt to access beyond end of device [ 1194.032407][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.066195][T13574] syz.5.2096: attempt to access beyond end of device [ 1194.066195][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.112428][T13574] syz.5.2096: attempt to access beyond end of device [ 1194.112428][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.157795][T13574] syz.5.2096: attempt to access beyond end of device [ 1194.157795][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.201754][T13574] syz.5.2096: attempt to access beyond end of device [ 1194.201754][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1194.628760][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 1194.798077][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 1196.987174][T18098] dvmrp0: entered allmulticast mode [ 1197.293921][T14606] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1197.308096][T14606] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1197.318556][T14606] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1197.328424][T14606] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1197.338533][T14606] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1197.356592][T14606] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1197.782471][T18112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3202'. [ 1197.828386][T18112] bridge0: entered promiscuous mode [ 1198.158190][T18117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3203'. [ 1198.417685][T17872] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1198.478017][T18107] chnl_net:caif_netlink_parms(): no params data found [ 1198.586971][T17872] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1198.674951][T17872] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1198.837838][T13574] bio_check_eod: 21590 callbacks suppressed [ 1198.837863][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.837863][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.857759][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.857759][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.897399][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.897399][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.929249][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.929249][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.947490][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.947490][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.950237][ T61] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1198.970941][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.970941][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1198.993287][T13574] syz.5.2096: attempt to access beyond end of device [ 1198.993287][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1199.030002][T17872] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1199.049254][T13574] syz.5.2096: attempt to access beyond end of device [ 1199.049254][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1199.142734][T13574] syz.5.2096: attempt to access beyond end of device [ 1199.142734][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1199.162368][T13574] syz.5.2096: attempt to access beyond end of device [ 1199.162368][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1199.385741][T18127] loop2: detected capacity change from 0 to 8192 [ 1199.450185][T14606] Bluetooth: hci7: command tx timeout [ 1199.476954][ T61] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1199.534770][T18127] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1199.552611][T18127] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 1199.603983][T18127] REISERFS warning (device loop2): reiserfs_fill_super: Filesystem cannot be mounted because it is bigger than the device [ 1199.623694][T18127] REISERFS warning (device loop2): reiserfs_fill_super: You may need to run fsck or increase size of your LVM partition [ 1199.636526][T18127] REISERFS warning (device loop2): reiserfs_fill_super: Or may be you forgot to reboot after fdisk when it told you to [ 1199.806121][ T61] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1200.097595][ T61] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1200.149184][T18107] bridge0: port 1(bridge_slave_0) entered blocking state [ 1200.182294][T18107] bridge0: port 1(bridge_slave_0) entered disabled state [ 1200.189600][T18107] bridge_slave_0: entered allmulticast mode [ 1200.222536][T18107] bridge_slave_0: entered promiscuous mode [ 1200.247445][T18107] bridge0: port 2(bridge_slave_1) entered blocking state [ 1200.272527][T18107] bridge0: port 2(bridge_slave_1) entered disabled state [ 1200.283741][T18107] bridge_slave_1: entered allmulticast mode [ 1200.301575][T18107] bridge_slave_1: entered promiscuous mode [ 1200.320255][T18072] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1200.476813][T18107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1200.513294][T18107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1200.542821][T18072] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 1200.551931][T18072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.578201][T18072] usb 3-1: config 0 descriptor?? [ 1200.826448][T18107] team0: Port device team_slave_0 added [ 1200.940813][T18107] team0: Port device team_slave_1 added [ 1201.013705][ T61] bridge_slave_1: left allmulticast mode [ 1201.017168][T18072] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 1201.019369][ T61] bridge_slave_1: left promiscuous mode [ 1201.041893][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 1201.064101][ T61] bridge_slave_0: left allmulticast mode [ 1201.069963][ T61] bridge_slave_0: left promiscuous mode [ 1201.088904][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 1201.420331][T18072] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 1201.487483][T18072] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 1201.512682][T14606] Bluetooth: hci7: command tx timeout [ 1201.649930][T18072] usb 3-1: USB disconnect, device number 40 [ 1202.667022][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1202.687270][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1202.703094][ T61] bond0 (unregistering): Released all slaves [ 1202.745835][T17878] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1203.063925][T17878] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1203.097822][T17878] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1203.164142][T18107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1203.194619][T18107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1203.278541][T18107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1203.319564][T18107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1203.352628][T18107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1203.473995][T18107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1203.593534][T14606] Bluetooth: hci7: command tx timeout [ 1203.784224][ T5243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1203.796752][ T5243] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1203.809213][ T5243] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1203.818916][ T5243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1203.832968][ T5243] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1203.843230][T13574] bio_check_eod: 22537 callbacks suppressed [ 1203.843551][ T5243] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1203.882811][T17878] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1203.891217][T13574] syz.5.2096: attempt to access beyond end of device [ 1203.891217][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1203.929810][T13574] syz.5.2096: attempt to access beyond end of device [ 1203.929810][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1203.985794][T13574] syz.5.2096: attempt to access beyond end of device [ 1203.985794][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.044756][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.044756][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.082354][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.082354][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.135499][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.135499][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.151879][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.151879][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.166527][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.166527][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.221761][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.221761][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.250170][T13574] syz.5.2096: attempt to access beyond end of device [ 1204.250170][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1204.277813][T18107] hsr_slave_0: entered promiscuous mode [ 1204.311892][T18107] hsr_slave_1: entered promiscuous mode [ 1204.335700][T18107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1204.348396][T18107] Cannot create hsr debugfs directory [ 1204.512892][T17872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1204.861453][ T29] audit: type=1326 audit(1722687649.881:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18175 comm="syz.2.3221" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb5999779f9 code=0x0 [ 1205.594486][ T61] hsr_slave_0: left promiscuous mode [ 1205.617081][ T61] hsr_slave_1: left promiscuous mode [ 1205.636489][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1205.664658][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1205.705264][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1205.762360][T14606] Bluetooth: hci7: command tx timeout [ 1205.846610][ T61] veth1_macvtap: left promiscuous mode [ 1205.891947][ T61] veth0_macvtap: left promiscuous mode [ 1205.912763][T14606] Bluetooth: hci4: command tx timeout [ 1205.923913][ T61] veth1_vlan: left promiscuous mode [ 1205.929275][ T61] veth0_vlan: left promiscuous mode [ 1205.946375][T18183] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1206.180337][T18187] loop2: detected capacity change from 0 to 8 [ 1207.160898][ T61] team0 (unregistering): Port device team_slave_1 removed [ 1208.122580][T14606] Bluetooth: hci4: command tx timeout [ 1208.448599][ T61] team0 (unregistering): Port device team_slave_0 removed [ 1208.570601][T18197] loop2: detected capacity change from 0 to 2048 [ 1208.654583][T18197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1208.857223][T13574] bio_check_eod: 16655 callbacks suppressed [ 1208.857250][T13574] syz.5.2096: attempt to access beyond end of device [ 1208.857250][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1208.906970][T13574] syz.5.2096: attempt to access beyond end of device [ 1208.906970][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1208.930096][T13574] syz.5.2096: attempt to access beyond end of device [ 1208.930096][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1208.952844][T13574] syz.5.2096: attempt to access beyond end of device [ 1208.952844][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.002350][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.002350][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.026755][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.026755][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.072517][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.072517][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.087908][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.087908][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.109211][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.109211][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.130238][T13574] syz.5.2096: attempt to access beyond end of device [ 1209.130238][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1209.387272][T15141] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1210.156713][ T5243] Bluetooth: hci4: command tx timeout [ 1210.402368][T14863] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1210.598193][T14863] usb 2-1: config index 0 descriptor too short (expected 20498, got 18) [ 1210.632537][T14863] usb 2-1: config 4 has an invalid interface number: 48 but max is 0 [ 1210.649440][T14863] usb 2-1: config 4 has no interface number 0 [ 1210.659736][T17872] 8021q: adding VLAN 0 to HW filter on device team0 [ 1210.666576][T14863] usb 2-1: too many endpoints for config 4 interface 48 altsetting 48: 48, using maximum allowed: 30 [ 1210.718933][T14863] usb 2-1: config 4 interface 48 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 1210.758519][T14863] usb 2-1: config 4 interface 48 has no altsetting 0 [ 1210.771097][T14863] usb 2-1: New USB device found, idVendor=04b4, idProduct=bd29, bcdDevice= 0.c7 [ 1210.780459][T14863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1210.914807][T10163] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.922082][T10163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1210.955886][T10163] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.963245][T10163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1211.106819][T18215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1211.186640][T18215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1211.335152][T14863] usb 2-1: string descriptor 0 read error: -71 [ 1211.346745][T14863] usb 2-1: USB disconnect, device number 43 [ 1212.264716][ T5243] Bluetooth: hci4: command tx timeout [ 1213.888199][T13574] bio_check_eod: 16234 callbacks suppressed [ 1213.888224][T13574] syz.5.2096: attempt to access beyond end of device [ 1213.888224][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1213.952801][T13574] syz.5.2096: attempt to access beyond end of device [ 1213.952801][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1213.971278][T18256] loop2: detected capacity change from 0 to 2048 [ 1213.980008][T13574] syz.5.2096: attempt to access beyond end of device [ 1213.980008][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.003595][T18256] udf: Bad value for 'anchor' [ 1214.011084][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.011084][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.075397][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.075397][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.132628][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.132628][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.162920][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.162920][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.198931][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.198931][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.215084][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.215084][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.228765][T13574] syz.5.2096: attempt to access beyond end of device [ 1214.228765][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1214.241788][T17878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1214.287391][T18165] chnl_net:caif_netlink_parms(): no params data found [ 1214.658052][T17878] 8021q: adding VLAN 0 to HW filter on device team0 [ 1214.801649][T14606] Bluetooth: hci0: command 0x0406 tx timeout [ 1214.985237][ T61] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.075523][T18273] fuse: Bad value for 'fd' [ 1215.131328][T18165] bridge0: port 1(bridge_slave_0) entered blocking state [ 1215.152575][T18165] bridge0: port 1(bridge_slave_0) entered disabled state [ 1215.162614][T18165] bridge_slave_0: entered allmulticast mode [ 1215.180561][T18165] bridge_slave_0: entered promiscuous mode [ 1215.358325][ T61] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.432934][T18107] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1215.467583][T18107] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1215.506403][T18107] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1215.594168][T10163] bridge0: port 1(bridge_slave_0) entered blocking state [ 1215.601397][T10163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1215.654159][T18165] bridge0: port 2(bridge_slave_1) entered blocking state [ 1215.661424][T18165] bridge0: port 2(bridge_slave_1) entered disabled state [ 1215.682616][T18165] bridge_slave_1: entered allmulticast mode [ 1215.690408][T18165] bridge_slave_1: entered promiscuous mode [ 1215.871480][ T61] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.926487][T18107] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1216.097718][T18165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1216.116739][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1216.123991][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1216.232825][ T61] batman_adv: batadv0: Removing interface: macvtap1 [ 1216.265105][ T61] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1216.308169][T18165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1216.438843][T18165] team0: Port device team_slave_0 added [ 1216.497127][T18165] team0: Port device team_slave_1 added [ 1216.686478][T18165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1216.704374][T18165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1216.782430][T18165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1216.806212][T18165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1216.828698][T18165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1216.870473][T18286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3244'. [ 1216.890176][T18165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1217.088949][T17872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1218.293377][ T61] bond0: left allmulticast mode [ 1218.298298][ T61] bond_slave_0: left allmulticast mode [ 1218.439500][ T61] bond_slave_1: left allmulticast mode [ 1218.470231][ T61] bridge0: port 3(bond0) entered disabled state [ 1218.527562][ T61] bridge_slave_1: left allmulticast mode [ 1218.572359][ T61] bridge_slave_1: left promiscuous mode [ 1218.602745][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 1218.661696][ T61] bridge_slave_0: left allmulticast mode [ 1218.721441][ T61] bridge_slave_0: left promiscuous mode [ 1218.778350][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 1218.899319][T13574] bio_check_eod: 21251 callbacks suppressed [ 1218.899419][T13574] syz.5.2096: attempt to access beyond end of device [ 1218.899419][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.152481][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.152481][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.209981][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.209981][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.269203][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.269203][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.332745][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.332745][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.397049][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.397049][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.413542][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.413542][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.415564][T18301] loop2: detected capacity change from 0 to 256 [ 1219.427092][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.427092][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.447634][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.447634][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.461245][T13574] syz.5.2096: attempt to access beyond end of device [ 1219.461245][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1219.509344][T18301] FAT-fs (loop2): Directory bread(block 64) failed [ 1219.532315][T18301] FAT-fs (loop2): Directory bread(block 65) failed [ 1219.542417][T18301] FAT-fs (loop2): Directory bread(block 66) failed [ 1219.552319][T18301] FAT-fs (loop2): Directory bread(block 67) failed [ 1219.558952][T18301] FAT-fs (loop2): Directory bread(block 68) failed [ 1219.582310][T18301] FAT-fs (loop2): Directory bread(block 69) failed [ 1219.588977][T18301] FAT-fs (loop2): Directory bread(block 70) failed [ 1219.634695][T18301] FAT-fs (loop2): Directory bread(block 71) failed [ 1219.641382][T18301] FAT-fs (loop2): Directory bread(block 72) failed [ 1219.692116][T18301] FAT-fs (loop2): Directory bread(block 73) failed [ 1219.868909][T18301] /dev/loop2: Can't open blockdev [ 1221.432613][ T5294] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1221.640512][ T5294] usb 3-1: Using ep0 maxpacket: 32 [ 1221.665429][ T5294] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1221.678685][ T5294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.702862][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1221.725407][ T5294] usb 3-1: Product: syz [ 1221.729588][ T5294] usb 3-1: Manufacturer: syz [ 1221.741650][ T61] bond_slave_0: left promiscuous mode [ 1221.748630][ T5294] usb 3-1: SerialNumber: syz [ 1221.769397][ T5294] usb 3-1: config 0 descriptor?? [ 1221.775055][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1221.806272][ T61] bond_slave_1: left promiscuous mode [ 1221.815488][ T61] bond0 (unregistering): Released all slaves [ 1221.957813][T18165] hsr_slave_0: entered promiscuous mode [ 1222.001663][ T5294] airspy 3-1:0.0: usb_control_msg() failed -71 request 09 [ 1222.001937][T18165] hsr_slave_1: entered promiscuous mode [ 1222.011770][ T5294] airspy 3-1:0.0: Could not detect board [ 1222.037395][ T5294] airspy 3-1:0.0: probe with driver airspy failed with error -71 [ 1222.047994][ T5294] usb 3-1: USB disconnect, device number 41 [ 1222.068676][T18165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1222.085610][T18165] Cannot create hsr debugfs directory [ 1222.322317][ T5243] Bluetooth: hci0: command 0x0406 tx timeout [ 1223.004109][T17872] veth0_vlan: entered promiscuous mode [ 1223.118411][ T61] hsr_slave_0: left promiscuous mode [ 1223.128661][ T61] hsr_slave_1: left promiscuous mode [ 1223.149318][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1223.166796][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1223.184046][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1223.202794][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1223.277387][ T61] veth1_macvtap: left promiscuous mode [ 1223.292500][ T61] veth0_macvtap: left promiscuous mode [ 1223.309979][ T61] veth1_vlan: left promiscuous mode [ 1223.315926][ T61] veth0_vlan: left promiscuous mode [ 1223.903270][T13574] bio_check_eod: 19517 callbacks suppressed [ 1223.903297][T13574] syz.5.2096: attempt to access beyond end of device [ 1223.903297][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1223.932589][T13574] syz.5.2096: attempt to access beyond end of device [ 1223.932589][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.017071][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.017071][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.070058][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.070058][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.088308][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.088308][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.120600][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.120600][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.135023][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.135023][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.149518][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.149518][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.169250][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.169250][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.200068][T13574] syz.5.2096: attempt to access beyond end of device [ 1224.200068][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1224.839493][ T29] audit: type=1804 audit(1722687669.851:346): pid=18335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3261" name="/newroot/81/file0/bus" dev="ramfs" ino=73847 res=1 errno=0 [ 1225.260024][ T61] team0 (unregistering): Port device team_slave_1 removed [ 1225.327920][ T61] team0 (unregistering): Port device team_slave_0 removed [ 1226.670525][T18107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1226.828370][T18107] 8021q: adding VLAN 0 to HW filter on device team0 [ 1226.873713][T17872] veth1_vlan: entered promiscuous mode [ 1227.093367][T18339] loop2: detected capacity change from 0 to 256 [ 1227.429861][ T5289] bridge0: port 1(bridge_slave_0) entered blocking state [ 1227.437103][ T5289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1228.421587][ T5289] bridge0: port 2(bridge_slave_1) entered blocking state [ 1228.428830][ T5289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1228.458382][T17878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1228.715894][T18350] syz.2.3265[18350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1228.716088][T18350] syz.2.3265[18350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1228.932321][T13574] bio_check_eod: 22464 callbacks suppressed [ 1228.932351][T13574] syz.5.2096: attempt to access beyond end of device [ 1228.932351][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1228.995804][T13574] syz.5.2096: attempt to access beyond end of device [ 1228.995804][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.047711][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.047711][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.109092][T17878] veth0_vlan: entered promiscuous mode [ 1229.176591][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.176591][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.178862][T17878] veth1_vlan: entered promiscuous mode [ 1229.243085][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.243085][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.312045][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.312045][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.365452][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.365452][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.393428][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.393428][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.496174][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.496174][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.553165][T13574] syz.5.2096: attempt to access beyond end of device [ 1229.553165][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1229.873065][T18165] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1230.019084][T18165] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1230.106717][T18165] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1230.566813][T18165] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1230.683640][T14606] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1230.691836][T18369] loop2: detected capacity change from 0 to 2048 [ 1230.707142][T14606] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1230.716828][T14606] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1230.725224][T14606] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1230.735596][T18369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1230.748255][T14606] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1230.770419][T14606] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1231.026691][T14606] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1231.040367][T14606] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1231.056809][T14606] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1231.079225][T14606] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1231.090253][T14606] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1231.097742][T14606] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1231.428576][ T29] audit: type=1804 audit(1722687676.411:347): pid=18383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3270" name="/newroot/192/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 1232.014843][T15141] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1232.251760][T18107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1232.962948][T14606] Bluetooth: hci1: command tx timeout [ 1233.194607][ T5243] Bluetooth: hci2: command tx timeout [ 1233.293585][T18405] Invalid ELF header len 1 [ 1234.277258][T13574] bio_check_eod: 13427 callbacks suppressed [ 1234.277337][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.277337][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.516610][ T52] bridge_slave_1: left allmulticast mode [ 1234.518618][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.518618][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.522548][ T52] bridge_slave_1: left promiscuous mode [ 1234.553513][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.553513][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.570710][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1234.574156][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.574156][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.596326][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.596326][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.610088][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.610088][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.623768][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.623768][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.625551][ T52] bridge_slave_0: left allmulticast mode [ 1234.647099][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.647099][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.662828][ T52] bridge_slave_0: left promiscuous mode [ 1234.671179][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.671179][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1234.682525][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1234.692986][T13574] syz.5.2096: attempt to access beyond end of device [ 1234.692986][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1235.032343][ T5243] Bluetooth: hci1: command tx timeout [ 1235.050404][T18419] loop2: detected capacity change from 0 to 1024 [ 1235.273194][ T5243] Bluetooth: hci2: command tx timeout [ 1235.294956][ T29] audit: type=1800 audit(1722687680.311:348): pid=18420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3281" name="bus" dev="loop2" ino=25 res=0 errno=0 [ 1236.830225][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1236.938485][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1237.020246][ T52] bond0 (unregistering): Released all slaves [ 1237.105379][T18432] fuse: Bad value for 'fd' [ 1237.112403][ T5243] Bluetooth: hci1: command tx timeout [ 1237.286076][T18165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1237.362063][ T5243] Bluetooth: hci2: command tx timeout [ 1237.408638][ T52] hsr_slave_0: left promiscuous mode [ 1237.552064][ T52] hsr_slave_1: left promiscuous mode [ 1237.612483][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1237.683595][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1237.849881][ T52] veth1_vlan: left promiscuous mode [ 1237.871723][ T52] veth0_vlan: left promiscuous mode [ 1237.909301][T18429] loop2: detected capacity change from 0 to 40427 [ 1237.945071][T18429] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1237.978320][T18429] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1238.078037][T18429] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1238.317189][ T1254] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.328633][T18429] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1238.346067][T18429] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1239.193975][ T5243] Bluetooth: hci1: command tx timeout [ 1239.282360][T13574] bio_check_eod: 17666 callbacks suppressed [ 1239.282390][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.282390][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.326080][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.326080][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.339994][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.339994][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.353701][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.353701][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.390760][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.390760][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.415051][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.415051][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.428731][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.428731][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.471325][ T5243] Bluetooth: hci2: command tx timeout [ 1239.486173][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.486173][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.531199][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.531199][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.577924][T13574] syz.5.2096: attempt to access beyond end of device [ 1239.577924][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1239.820990][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1239.973545][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1240.012517][ T5459] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1240.214926][ T5459] usb 3-1: Using ep0 maxpacket: 32 [ 1240.252850][ T5459] usb 3-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=40.72 [ 1240.262102][ T5459] usb 3-1: New USB device strings: Mfr=1, Product=129, SerialNumber=0 [ 1240.295048][ T5459] usb 3-1: Product: syz [ 1240.299259][ T5459] usb 3-1: Manufacturer: syz [ 1240.314960][ T5459] usb 3-1: config 0 descriptor?? [ 1241.022092][T18452] loop2: detected capacity change from 0 to 40427 [ 1241.033464][T18452] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1241.041270][T18452] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1241.122639][T18452] F2FS-fs (loop2): Mismatch valid blocks 0 vs. 2 [ 1241.161222][T18452] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117) [ 1241.382733][ T5459] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -110 [ 1245.333452][T13574] bio_check_eod: 6935 callbacks suppressed [ 1245.333479][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.333479][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.369402][ T5289] usb 3-1: USB disconnect, device number 42 [ 1245.414529][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.414529][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.449934][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.449934][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.463664][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.463664][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.478309][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.478309][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.492080][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.492080][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.507972][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.507972][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.540657][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.540657][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.559054][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.559054][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1245.578030][T13574] syz.5.2096: attempt to access beyond end of device [ 1245.578030][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1246.430392][T18370] chnl_net:caif_netlink_parms(): no params data found [ 1246.496887][T18165] 8021q: adding VLAN 0 to HW filter on device team0 [ 1246.523085][T18377] chnl_net:caif_netlink_parms(): no params data found [ 1246.626070][T18072] bridge0: port 1(bridge_slave_0) entered blocking state [ 1246.633317][T18072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1246.674675][T18072] bridge0: port 2(bridge_slave_1) entered blocking state [ 1246.681875][T18072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1247.536840][T18478] loop2: detected capacity change from 0 to 128 [ 1247.566871][T18478] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 1247.582612][T18377] bridge0: port 1(bridge_slave_0) entered blocking state [ 1247.589790][T18377] bridge0: port 1(bridge_slave_0) entered disabled state [ 1247.652725][T18377] bridge_slave_0: entered allmulticast mode [ 1247.674774][T18377] bridge_slave_0: entered promiscuous mode [ 1247.698374][T18370] bridge0: port 1(bridge_slave_0) entered blocking state [ 1247.709335][T18370] bridge0: port 1(bridge_slave_0) entered disabled state [ 1247.737369][T18370] bridge_slave_0: entered allmulticast mode [ 1247.758099][T18370] bridge_slave_0: entered promiscuous mode [ 1247.790890][T18370] bridge0: port 2(bridge_slave_1) entered blocking state [ 1247.802889][T15141] sysv_free_block: trying to free block not in datazone [ 1247.832466][T15141] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1247.844577][T18370] bridge0: port 2(bridge_slave_1) entered disabled state [ 1247.851876][T18370] bridge_slave_1: entered allmulticast mode [ 1247.950188][T18370] bridge_slave_1: entered promiscuous mode [ 1248.822059][T18486] loop2: detected capacity change from 0 to 128 [ 1248.850769][T18107] veth0_vlan: entered promiscuous mode [ 1248.950628][T18107] veth1_vlan: entered promiscuous mode [ 1248.976650][T18377] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.032490][T18377] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.039825][T18377] bridge_slave_1: entered allmulticast mode [ 1249.074962][T18377] bridge_slave_1: entered promiscuous mode [ 1249.292713][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1249.340278][T18377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1249.385798][T18377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1249.485951][T18370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1249.502440][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1249.515913][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1249.534202][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1249.555908][T18486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3295'. [ 1249.573450][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1249.600649][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1249.627269][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1249.656451][ T9] usb 2-1: config 0 descriptor?? [ 1249.668621][T18488] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1249.680165][T18489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3295'. [ 1249.704185][ T9] hub 2-1:0.0: USB hub found [ 1249.752902][T18370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1249.844762][T18493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3295'. [ 1249.946624][ T9] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 1250.054134][T18377] team0: Port device team_slave_0 added [ 1250.162840][T18370] team0: Port device team_slave_0 added [ 1250.211925][ T9] hid-generic 0003:046D:C314.0028: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.1-1/input0 [ 1250.228286][T18377] team0: Port device team_slave_1 added [ 1250.294167][T18370] team0: Port device team_slave_1 added [ 1250.342333][T13574] bio_check_eod: 20792 callbacks suppressed [ 1250.342359][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.342359][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.369320][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.369320][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.399653][T18107] veth0_macvtap: entered promiscuous mode [ 1250.418808][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.418808][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.438297][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.438297][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.476733][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.476733][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.518895][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.518895][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.535364][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.535364][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.559424][T18072] usb 2-1: USB disconnect, device number 44 [ 1250.591095][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.591095][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.614725][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.614725][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.629601][T13574] syz.5.2096: attempt to access beyond end of device [ 1250.629601][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1250.714155][T18377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1250.721192][T18377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1250.784743][T18377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1250.829156][T18370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1250.837812][T18370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1250.865766][T18370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1250.971252][T18377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1251.008977][T18377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1251.042822][T18377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.063241][T18370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1251.070217][T18370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1251.108074][T18370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.145510][T18107] veth1_macvtap: entered promiscuous mode [ 1252.166087][T18165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1252.265461][T18370] hsr_slave_0: entered promiscuous mode [ 1252.336524][T18370] hsr_slave_1: entered promiscuous mode [ 1252.372978][T18370] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1252.381844][T18370] Cannot create hsr debugfs directory [ 1252.616943][T18516] serio: Serial port ptm0 [ 1253.204145][T18377] hsr_slave_0: entered promiscuous mode [ 1253.252717][T18377] hsr_slave_1: entered promiscuous mode [ 1253.322713][T18377] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1253.330353][T18377] Cannot create hsr debugfs directory [ 1254.127209][T18523] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3303'. [ 1254.275709][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.315318][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.352365][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.381609][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.422480][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.443404][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.472901][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.492442][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.515566][T18107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1255.433242][T13574] bio_check_eod: 15102 callbacks suppressed [ 1255.433269][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.433269][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.557891][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.557891][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.630981][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.630981][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.683971][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.695938][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.695938][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.722395][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.732188][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.732188][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.732330][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.732330][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.732401][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.732401][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.732464][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.732464][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.732659][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.732659][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.802773][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.813669][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.836833][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.852697][T13574] syz.5.2096: attempt to access beyond end of device [ 1255.852697][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1255.882503][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.912486][T18107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.932517][T18107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.982131][T18107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1256.117399][T18543] Unsupported ieee802154 address type: 0 [ 1256.177768][T18107] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1256.196929][T18107] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1256.212613][T18107] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1256.229620][T18107] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1256.333507][T18545] ip6tnl1: entered promiscuous mode [ 1256.354896][T18545] ip6tnl1: entered allmulticast mode [ 1256.367236][ T52] bridge_slave_1: left allmulticast mode [ 1256.385348][ T52] bridge_slave_1: left promiscuous mode [ 1256.398265][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1256.420806][ T52] bridge_slave_0: left allmulticast mode [ 1256.435230][ T52] bridge_slave_0: left promiscuous mode [ 1256.446716][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1257.075914][T18072] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1257.275756][T14606] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1257.301306][T14606] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1257.314540][T18072] usb 3-1: Using ep0 maxpacket: 16 [ 1257.319211][T14606] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1257.322094][T18072] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1257.350759][T18072] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1257.363917][T18072] usb 3-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 1257.364207][T14606] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1257.394905][T18072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1257.404576][T14606] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1257.412148][T14606] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1257.414576][T18072] usb 3-1: config 0 descriptor?? [ 1257.683043][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1257.723868][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1257.748528][ T52] bond0 (unregistering): Released all slaves [ 1257.896050][T18072] mcp2200 0003:04D8:00DF.0029: unknown main item tag 0x0 [ 1257.928598][T18072] mcp2200 0003:04D8:00DF.0029: USB HID v0.00 Device [HID 04d8:00df] on usb-dummy_hcd.2-1/input0 [ 1258.197313][T14863] usb 3-1: USB disconnect, device number 43 [ 1258.533408][ T52] hsr_slave_0: left promiscuous mode [ 1258.545554][ T52] hsr_slave_1: left promiscuous mode [ 1258.551789][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1258.573032][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1258.609171][ T52] veth1_vlan: left promiscuous mode [ 1258.614852][ T52] veth0_vlan: left promiscuous mode [ 1258.825161][T14863] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1259.023257][T14863] usb 2-1: Using ep0 maxpacket: 16 [ 1259.074607][T14863] usb 2-1: New USB device found, idVendor=2304, idProduct=021f, bcdDevice=5f.af [ 1259.092381][T14863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1259.110746][T14863] usb 2-1: Product: syz [ 1259.120873][T14863] usb 2-1: Manufacturer: syz [ 1259.131012][T14863] usb 2-1: SerialNumber: syz [ 1259.145903][T14863] usb 2-1: config 0 descriptor?? [ 1259.164148][T14863] dvb-usb: found a 'PCTV HDTV USB' in warm state. [ 1259.170629][T14863] pctv452e: pctv452e_power_ctrl: 1 [ 1259.170629][T14863] [ 1259.192446][T14863] usb 2-1: selecting invalid altsetting 3 [ 1259.224950][T14863] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 1259.224950][T14863] [ 1259.249751][T14863] dvb-usb: bulk message failed: -22 (5/0) [ 1259.267402][T14863] dvb-usb: PCTV HDTV USB error while loading driver (-22) [ 1259.530653][ T5243] Bluetooth: hci6: command tx timeout [ 1259.781531][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1259.949942][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1260.443780][T13574] bio_check_eod: 30222 callbacks suppressed [ 1260.443807][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.443807][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.466999][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.466999][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.480744][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.480744][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.494316][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.494316][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.508006][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.508006][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.530024][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.530024][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.553341][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.553341][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.568301][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.568301][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.585231][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.585231][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1260.599559][T13574] syz.5.2096: attempt to access beyond end of device [ 1260.599559][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1261.372703][T18072] usb 2-1: USB disconnect, device number 45 [ 1261.467640][T18165] veth0_vlan: entered promiscuous mode [ 1261.546444][T18165] veth1_vlan: entered promiscuous mode [ 1261.592704][ T5243] Bluetooth: hci6: command tx timeout [ 1262.033805][T18165] veth0_macvtap: entered promiscuous mode [ 1262.062152][T18370] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1262.399947][T18370] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1262.441521][T18370] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1262.493178][T18165] veth1_macvtap: entered promiscuous mode [ 1262.594439][T18370] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1262.699003][T18549] chnl_net:caif_netlink_parms(): no params data found [ 1262.874321][T18165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.912359][T18165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.942302][T18165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.972346][T18165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.004449][T18165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.052440][T18165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.085843][T18165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.112526][T18165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.152355][T18165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.182275][T18165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.214556][T18165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1263.601331][ T52] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1263.682864][ T5243] Bluetooth: hci6: command tx timeout [ 1263.889224][T18586] loop2: detected capacity change from 0 to 128 [ 1263.909647][T14606] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1263.940470][T14606] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1263.941241][T18586] EXT4-fs: Ignoring removed mblk_io_submit option [ 1263.970480][T14606] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1264.003933][T14606] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1264.011860][T14606] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1264.019852][T14606] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1264.081727][T18586] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1264.103421][T18586] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1264.149219][T18586] EXT4-fs (loop2): can't mount with journal_async_commit, fs mounted w/o journal [ 1264.169588][ T52] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.528393][T18591] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3323'. [ 1264.978820][T18601] loop2: detected capacity change from 0 to 8 [ 1265.155454][T18601] SQUASHFS error: zlib decompression failed, data probably corrupt [ 1265.163602][T18601] SQUASHFS error: Failed to read block 0x9b: -5 [ 1265.169948][T18601] SQUASHFS error: Unable to read metadata cache entry [99] [ 1265.178369][T18601] SQUASHFS error: Unable to read inode 0x127 [ 1265.294874][ T52] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.452512][T13574] bio_check_eod: 24754 callbacks suppressed [ 1265.452537][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.452537][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.518140][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.518140][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.560039][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.560039][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.590377][T18549] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.595723][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.595723][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.612091][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.612091][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.623542][T18549] bridge0: port 1(bridge_slave_0) entered disabled state [ 1265.627232][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.627232][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.634705][T18549] bridge_slave_0: entered allmulticast mode [ 1265.655586][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.655586][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.663128][T18549] bridge_slave_0: entered promiscuous mode [ 1265.669028][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.669028][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.689954][T18549] bridge0: port 2(bridge_slave_1) entered blocking state [ 1265.697686][T18549] bridge0: port 2(bridge_slave_1) entered disabled state [ 1265.705244][T18549] bridge_slave_1: entered allmulticast mode [ 1265.718330][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.718330][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.725973][T18549] bridge_slave_1: entered promiscuous mode [ 1265.741834][T13574] syz.5.2096: attempt to access beyond end of device [ 1265.741834][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1265.762521][ T5243] Bluetooth: hci6: command tx timeout [ 1265.791890][ T52] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.862351][ T8] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1265.884596][T18370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.922466][T14801] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1265.923465][T18549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1265.971591][T18549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1266.072718][ T5243] Bluetooth: hci7: command tx timeout [ 1266.080553][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 1266.102573][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1266.125478][T18549] team0: Port device team_slave_0 added [ 1266.133264][T18377] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1266.144983][T14801] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1266.158073][ T8] usb 3-1: config 0 descriptor?? [ 1266.172282][T14801] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1266.185665][T18377] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1266.208324][ T8] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input47 [ 1266.219714][T14801] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1266.249831][T18370] 8021q: adding VLAN 0 to HW filter on device team0 [ 1266.257020][T14801] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1266.292729][T14801] usb 2-1: SerialNumber: syz [ 1266.321099][T18549] team0: Port device team_slave_1 added [ 1266.363998][T18377] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1266.515142][T14863] usb 3-1: USB disconnect, device number 44 [ 1266.540501][T14801] usb 2-1: 0:2 : does not exist [ 1266.574372][T18072] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.581582][T18072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1266.597791][T14801] usb 2-1: USB disconnect, device number 46 [ 1266.616639][T18377] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1266.697766][T18549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1266.705356][T18549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1266.741891][T18549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1266.767175][T14830] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.774406][T14830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1266.867391][T18549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1266.882553][T18549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1266.941060][T18549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1266.984410][ T52] bridge_slave_1: left allmulticast mode [ 1266.991633][ T52] bridge_slave_1: left promiscuous mode [ 1267.007572][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.031068][ T52] bridge_slave_0: left allmulticast mode [ 1267.042610][ T52] bridge_slave_0: left promiscuous mode [ 1267.049661][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1267.702481][ T8] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1267.904348][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 1267.922359][ T8] usb 3-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7 [ 1267.941934][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.972430][ T8] usb 3-1: Product: syz [ 1267.976757][ T8] usb 3-1: Manufacturer: syz [ 1267.981579][ T8] usb 3-1: SerialNumber: syz [ 1268.010991][ T8] usb 3-1: config 0 descriptor?? [ 1268.027064][ T8] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out. [ 1268.045157][T18621] netlink: 8280 bytes leftover after parsing attributes in process `syz.1.3331'. [ 1268.062564][T18621] netlink: 8280 bytes leftover after parsing attributes in process `syz.1.3331'. [ 1268.140173][T18621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3331'. [ 1268.170917][ T5243] Bluetooth: hci7: command tx timeout [ 1268.279442][ T9] usb 3-1: USB disconnect, device number 45 [ 1268.429647][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1268.464276][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1268.500950][ T52] bond0 (unregistering): Released all slaves [ 1268.701793][T18549] hsr_slave_0: entered promiscuous mode [ 1268.723051][T18549] hsr_slave_1: entered promiscuous mode [ 1268.733953][T18549] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1268.741715][T18549] Cannot create hsr debugfs directory [ 1268.873612][ T52] hsr_slave_0: left promiscuous mode [ 1268.893307][ T52] hsr_slave_1: left promiscuous mode [ 1268.949932][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1268.968470][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1268.980323][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1268.992492][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1269.113953][ T52] veth1_macvtap: left promiscuous mode [ 1269.119545][ T52] veth0_macvtap: left promiscuous mode [ 1269.184067][ T52] veth1_vlan: left promiscuous mode [ 1269.192032][ T52] veth0_vlan: left promiscuous mode [ 1270.242723][ T5243] Bluetooth: hci7: command tx timeout [ 1270.473882][T13574] bio_check_eod: 34058 callbacks suppressed [ 1270.473908][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.473908][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.512387][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.512387][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.535475][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.535475][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.555737][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.555737][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.578268][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.578268][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.614822][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.614822][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.635878][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.635878][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.655144][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.655144][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.675253][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.675253][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.699799][T13574] syz.5.2096: attempt to access beyond end of device [ 1270.699799][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1270.821857][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1271.005049][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1272.312420][ T5243] Bluetooth: hci7: command tx timeout [ 1272.518768][T18629] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3333'. [ 1272.735525][T18370] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1272.762431][T18370] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1275.692524][T13574] bio_check_eod: 16750 callbacks suppressed [ 1275.692550][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.692550][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.714589][T18377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1275.749318][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.749318][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.780268][T18587] chnl_net:caif_netlink_parms(): no params data found [ 1275.793283][T18662] loop2: detected capacity change from 0 to 1024 [ 1275.842625][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.842625][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.856077][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.856077][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.856834][T18662] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1275.870246][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.870246][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.942627][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.942627][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.973229][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.973229][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1275.987716][T18662] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1275.992407][T13574] syz.5.2096: attempt to access beyond end of device [ 1275.992407][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1276.011586][T13574] syz.5.2096: attempt to access beyond end of device [ 1276.011586][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1276.058611][T13574] syz.5.2096: attempt to access beyond end of device [ 1276.058611][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1276.077702][T18662] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e841c09c, mo2=0003] [ 1276.101970][T18662] System zones: 0-1, 3-36 [ 1276.119661][T18662] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1276.289912][T18370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1276.382360][T18377] 8021q: adding VLAN 0 to HW filter on device team0 [ 1276.684380][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.691632][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1276.711814][ T5289] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1276.731830][T18587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.758329][T18587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.776557][T18587] bridge_slave_0: entered allmulticast mode [ 1276.797499][T18587] bridge_slave_0: entered promiscuous mode [ 1276.834045][T18587] bridge0: port 2(bridge_slave_1) entered blocking state [ 1276.850227][T18587] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.873976][T18587] bridge_slave_1: entered allmulticast mode [ 1276.892208][T18587] bridge_slave_1: entered promiscuous mode [ 1276.924322][ T5289] usb 3-1: Using ep0 maxpacket: 32 [ 1276.977949][ T5289] usb 3-1: config 3 has an invalid interface number: 33 but max is 0 [ 1276.987190][ T5289] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 1277.019572][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 1277.026743][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1277.042836][ T5289] usb 3-1: config 3 has no interface number 0 [ 1277.049926][ T5289] usb 3-1: config 3 interface 33 altsetting 84 bulk endpoint 0x2 has invalid maxpacket 64 [ 1277.083368][ T5289] usb 3-1: config 3 interface 33 altsetting 84 has 3 endpoint descriptors, different from the interface descriptor's value: 8 [ 1277.106705][ T5289] usb 3-1: config 3 interface 33 has no altsetting 0 [ 1277.125745][ T5289] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 1277.144567][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1277.172519][ T5289] usb 3-1: Product: п [ 1277.181818][ T5289] usb 3-1: Manufacturer: ␀ [ 1277.207026][ T5289] usb 3-1: SerialNumber: ȸ砽樁賤鱱ઍ쿀蹎㄃頜Ἧ灉竞늰Ꙝ⎑㇉ぁ湞䢋䬸뗋엻牁明㨑瀬眸ୂ뭢㹌ꖧ墣ដ麜ﻪ [ 1277.294184][T18662] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1277.534249][ T5289] usb 3-1: USB disconnect, device number 46 [ 1277.707591][T18587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1278.575716][T18587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1278.619989][T15141] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1278.699317][T18370] veth0_vlan: entered promiscuous mode [ 1278.980788][T18587] team0: Port device team_slave_0 added [ 1279.918759][T18587] team0: Port device team_slave_1 added [ 1280.403028][T18370] veth1_vlan: entered promiscuous mode [ 1280.431914][T18587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1280.707152][T13574] bio_check_eod: 13462 callbacks suppressed [ 1280.707207][T13574] syz.5.2096: attempt to access beyond end of device [ 1280.707207][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1280.769117][T18587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1280.795278][ C0] vkms_vblank_simulate: vblank timer overrun [ 1281.092409][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.092409][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.117700][T18587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1281.141060][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.141060][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.191131][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.191131][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.248854][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.248854][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.280466][T18549] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1281.293248][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.293248][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.308803][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.308803][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.318688][T18587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1281.322556][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.322556][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.342435][T18587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1281.342481][T18587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1281.394403][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.394403][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.397644][T18549] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1281.412494][T13574] syz.5.2096: attempt to access beyond end of device [ 1281.412494][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1281.516268][T18549] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1282.826430][ T52] bridge_slave_1: left allmulticast mode [ 1282.843114][ T52] bridge_slave_1: left promiscuous mode [ 1282.848838][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1283.045291][ T52] bridge_slave_0: left allmulticast mode [ 1283.050946][ T52] bridge_slave_0: left promiscuous mode [ 1283.073041][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1283.817225][ T29] audit: type=1326 audit(1722687728.821:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18709 comm="syz.1.3354" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff295779f9 code=0x0 [ 1285.201194][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1285.224724][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1285.252165][ T52] bond0 (unregistering): Released all slaves [ 1285.279214][T18549] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1285.662132][ T52] hsr_slave_0: left promiscuous mode [ 1285.712613][T13574] bio_check_eod: 13330 callbacks suppressed [ 1285.712639][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.712639][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1285.753413][ T52] hsr_slave_1: left promiscuous mode [ 1285.760093][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.760093][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1285.787766][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1285.798941][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.798941][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1285.816780][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1285.816888][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.816888][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1285.901973][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1285.930857][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.930857][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1285.998268][T13574] syz.5.2096: attempt to access beyond end of device [ 1285.998268][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1286.035135][ T52] veth1_macvtap: left promiscuous mode [ 1286.040715][ T52] veth0_macvtap: left promiscuous mode [ 1286.046407][T13574] syz.5.2096: attempt to access beyond end of device [ 1286.046407][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1286.092553][ T52] veth1_vlan: left promiscuous mode [ 1286.097955][ T52] veth0_vlan: left promiscuous mode [ 1286.106226][T13574] syz.5.2096: attempt to access beyond end of device [ 1286.106226][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1286.120677][T13574] syz.5.2096: attempt to access beyond end of device [ 1286.120677][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1286.134187][T13574] syz.5.2096: attempt to access beyond end of device [ 1286.134187][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1287.156250][T18734] loop2: detected capacity change from 0 to 1024 [ 1289.100358][T18752] loop2: detected capacity change from 0 to 128 [ 1289.765688][T15141] FAT-fs (loop2): error, invalid access to FAT (entry 0xffff0000) [ 1289.855882][T15141] FAT-fs (loop2): Filesystem has been set read-only [ 1289.932995][T15141] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 1289.940921][T15141] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 1290.734652][T13574] bio_check_eod: 9709 callbacks suppressed [ 1290.734678][T13574] syz.5.2096: attempt to access beyond end of device [ 1290.734678][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1290.811222][T13574] syz.5.2096: attempt to access beyond end of device [ 1290.811222][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1290.875776][T13574] syz.5.2096: attempt to access beyond end of device [ 1290.875776][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1290.947730][T13574] syz.5.2096: attempt to access beyond end of device [ 1290.947730][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1290.996629][T13574] syz.5.2096: attempt to access beyond end of device [ 1290.996629][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.054481][T13574] syz.5.2096: attempt to access beyond end of device [ 1291.054481][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.131013][T13574] syz.5.2096: attempt to access beyond end of device [ 1291.131013][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.198951][T13574] syz.5.2096: attempt to access beyond end of device [ 1291.198951][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.242366][T13574] syz.5.2096: attempt to access beyond end of device [ 1291.242366][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.289201][T13574] syz.5.2096: attempt to access beyond end of device [ 1291.289201][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1291.668528][T14606] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1291.681202][T14606] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1291.689648][T14606] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1291.701471][T14606] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1291.751638][ T5238] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1291.759695][ T5238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1291.792525][ T5238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1291.816455][ T5238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1291.826706][ T5238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1291.837533][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1291.839662][ T5238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1291.854756][ T5238] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1291.862208][ T5238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1292.030115][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1293.832595][T14606] Bluetooth: hci3: command tx timeout [ 1293.896108][T18587] hsr_slave_0: entered promiscuous mode [ 1293.993975][T18587] hsr_slave_1: entered promiscuous mode [ 1294.000892][T14606] Bluetooth: hci4: command tx timeout [ 1294.072583][T18587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1294.080223][T18587] Cannot create hsr debugfs directory [ 1295.751298][T13574] bio_check_eod: 21883 callbacks suppressed [ 1295.751322][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.751322][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.787357][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.787357][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.829424][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.829424][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.863440][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.863440][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.886393][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.886393][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.886552][T18549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1295.906464][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.906464][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.921249][T14606] Bluetooth: hci3: command tx timeout [ 1295.961247][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.961247][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1295.983762][T13574] syz.5.2096: attempt to access beyond end of device [ 1295.983762][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1296.026604][T13574] syz.5.2096: attempt to access beyond end of device [ 1296.026604][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1296.070457][T13574] syz.5.2096: attempt to access beyond end of device [ 1296.070457][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1296.086970][T14606] Bluetooth: hci4: command tx timeout [ 1296.369567][T18549] 8021q: adding VLAN 0 to HW filter on device team0 [ 1296.679067][ T5295] bridge0: port 1(bridge_slave_0) entered blocking state [ 1296.686392][ T5295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1296.735613][T18758] chnl_net:caif_netlink_parms(): no params data found [ 1297.008955][ T5295] bridge0: port 2(bridge_slave_1) entered blocking state [ 1297.016197][ T5295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1297.213050][T18756] chnl_net:caif_netlink_parms(): no params data found [ 1297.576115][T18758] bridge0: port 1(bridge_slave_0) entered blocking state [ 1297.593301][T18758] bridge0: port 1(bridge_slave_0) entered disabled state [ 1297.600706][T18758] bridge_slave_0: entered allmulticast mode [ 1297.624865][T18758] bridge_slave_0: entered promiscuous mode [ 1297.792522][T18758] bridge0: port 2(bridge_slave_1) entered blocking state [ 1297.799820][T18758] bridge0: port 2(bridge_slave_1) entered disabled state [ 1297.821433][T18758] bridge_slave_1: entered allmulticast mode [ 1297.831543][T18758] bridge_slave_1: entered promiscuous mode [ 1297.992752][T14606] Bluetooth: hci3: command tx timeout [ 1298.042842][T18758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1298.154591][T14606] Bluetooth: hci4: command tx timeout [ 1298.191775][T18756] bridge0: port 1(bridge_slave_0) entered blocking state [ 1298.211558][T18756] bridge0: port 1(bridge_slave_0) entered disabled state [ 1298.219030][T18756] bridge_slave_0: entered allmulticast mode [ 1298.240784][T18756] bridge_slave_0: entered promiscuous mode [ 1298.305509][T18758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1298.328662][T18756] bridge0: port 2(bridge_slave_1) entered blocking state [ 1298.336918][T18756] bridge0: port 2(bridge_slave_1) entered disabled state [ 1298.344338][T18756] bridge_slave_1: entered allmulticast mode [ 1298.352025][T18756] bridge_slave_1: entered promiscuous mode [ 1298.655526][T18758] team0: Port device team_slave_0 added [ 1298.676108][T18758] team0: Port device team_slave_1 added [ 1298.706913][T18756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1298.760526][T18587] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1298.787498][T18587] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1298.851523][T18756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1298.915314][T18587] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1299.117186][T18756] team0: Port device team_slave_0 added [ 1299.134451][T18587] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1299.146421][T18758] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1299.163757][T18758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1299.204160][T18758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1299.243009][T18758] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1299.249971][T18758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1299.292069][T18758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1299.316367][T18756] team0: Port device team_slave_1 added [ 1299.496000][T18756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1299.512926][T18756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1299.550882][T18756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1299.630455][T18758] hsr_slave_0: entered promiscuous mode [ 1299.639114][T18758] hsr_slave_1: entered promiscuous mode [ 1299.645728][T18758] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1299.654895][T18758] Cannot create hsr debugfs directory [ 1299.679846][T18756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1299.690514][T18756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1299.717003][T18756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1299.757746][ T1254] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.920854][T18756] hsr_slave_0: entered promiscuous mode [ 1299.928500][T18756] hsr_slave_1: entered promiscuous mode [ 1299.943792][T18756] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1299.962304][T18756] Cannot create hsr debugfs directory [ 1300.066918][T18549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1300.074522][T14606] Bluetooth: hci3: command tx timeout [ 1300.243032][T14606] Bluetooth: hci4: command tx timeout [ 1300.299370][ T52] bridge_slave_1: left allmulticast mode [ 1300.312495][ T52] bridge_slave_1: left promiscuous mode [ 1300.318360][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1300.374294][ T52] bridge_slave_0: left allmulticast mode [ 1300.380000][ T52] bridge_slave_0: left promiscuous mode [ 1300.402045][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1300.429353][ T52] bridge_slave_1: left allmulticast mode [ 1300.443376][ T52] bridge_slave_1: left promiscuous mode [ 1300.449150][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1300.481484][ T52] bridge_slave_0: left allmulticast mode [ 1300.487590][ T52] bridge_slave_0: left promiscuous mode [ 1300.493485][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1300.752732][T13574] bio_check_eod: 38910 callbacks suppressed [ 1300.752758][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.752758][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.774824][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.774824][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.789637][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.789637][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.812812][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.812812][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.827233][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.827233][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.840710][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.840710][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.854498][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.854498][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.880263][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.880263][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.897526][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.897526][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1300.910977][T13574] syz.5.2096: attempt to access beyond end of device [ 1300.910977][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1301.902854][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1301.952968][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1301.996168][ T52] bond0 (unregistering): Released all slaves [ 1302.536989][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1302.567109][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1302.596819][ T52] bond0 (unregistering): Released all slaves [ 1302.942691][ T52] hsr_slave_0: left promiscuous mode [ 1303.003523][ T52] hsr_slave_1: left promiscuous mode [ 1303.021729][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1303.043176][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1303.074306][ T52] hsr_slave_0: left promiscuous mode [ 1303.080534][ T52] hsr_slave_1: left promiscuous mode [ 1303.087197][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1303.095368][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1303.155875][ T52] veth1_vlan: left promiscuous mode [ 1303.161736][ T52] veth0_vlan: left promiscuous mode [ 1304.157695][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1304.247219][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1305.772061][T13574] bio_check_eod: 42354 callbacks suppressed [ 1305.772088][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.772088][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.791856][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.791856][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.801132][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1305.805396][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.805396][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.805468][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.805468][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.805723][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.805723][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.860775][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.860775][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.874364][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.874364][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.887879][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.887879][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.902640][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.902640][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.916752][T13574] syz.5.2096: attempt to access beyond end of device [ 1305.916752][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1305.968524][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1307.320492][T18549] veth0_vlan: entered promiscuous mode [ 1307.541648][T18549] veth1_vlan: entered promiscuous mode [ 1307.579739][T18587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1307.726867][T18587] 8021q: adding VLAN 0 to HW filter on device team0 [ 1307.776739][T18549] veth0_macvtap: entered promiscuous mode [ 1307.818097][ T5459] bridge0: port 1(bridge_slave_0) entered blocking state [ 1307.825337][ T5459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1307.880608][ T5459] bridge0: port 2(bridge_slave_1) entered blocking state [ 1307.887837][ T5459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1307.996967][T18549] veth1_macvtap: entered promiscuous mode [ 1308.254698][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1308.280337][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.292452][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1308.304549][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.314562][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1308.325200][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.335076][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1308.345598][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.357934][T18549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1308.377810][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1308.399354][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.412370][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1308.433071][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.450693][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1308.461257][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.480546][T18549] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1308.493408][T18549] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1308.505835][T18549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1308.546506][T18549] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1308.557044][T18549] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1308.566816][T18549] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1308.576036][T18549] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1308.618160][T18587] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1309.063832][T15640] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1309.071706][T15640] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1309.145881][T18758] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1309.173606][ T1067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1309.181467][ T1067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1309.214573][T18758] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1309.273922][T18758] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1309.383476][T18758] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1309.435499][T18756] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1309.469417][T18587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1309.518663][T18756] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1309.553781][T18756] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1309.602957][T18756] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1310.174133][ T5238] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1310.202780][ T5238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1310.210929][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1310.221134][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1310.230198][ T5238] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1310.243494][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1310.278728][T18758] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1310.346187][T18813] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1310.429901][T18758] 8021q: adding VLAN 0 to HW filter on device team0 [ 1310.480333][T18756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1310.623349][T14801] bridge0: port 1(bridge_slave_0) entered blocking state [ 1310.630497][T14801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1310.708124][T14801] bridge0: port 2(bridge_slave_1) entered blocking state [ 1310.715371][T14801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1310.832480][T13574] bio_check_eod: 29339 callbacks suppressed [ 1310.832507][T13574] syz.5.2096: attempt to access beyond end of device [ 1310.832507][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.909030][T13574] syz.5.2096: attempt to access beyond end of device [ 1310.909030][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.925454][T13574] syz.5.2096: attempt to access beyond end of device [ 1310.925454][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.939181][T13574] syz.5.2096: attempt to access beyond end of device [ 1310.939181][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1311.041712][T18756] 8021q: adding VLAN 0 to HW filter on device team0 [ 1311.644937][T10163] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1312.002020][T10163] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 1312.027097][T10163] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1312.041051][T10163] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1312.085199][T10163] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1312.313382][ T5238] Bluetooth: hci1: command tx timeout [ 1312.353881][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.353881][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.380325][T18756] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1312.421397][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.421397][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.435013][T18756] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1312.492176][T14801] bridge0: port 1(bridge_slave_0) entered blocking state [ 1312.499493][T14801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1312.525933][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.525933][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.557166][T14801] bridge0: port 2(bridge_slave_1) entered blocking state [ 1312.564453][T14801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1312.658297][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.658297][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.712980][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.712980][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.746123][T13574] syz.5.2096: attempt to access beyond end of device [ 1312.746123][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1312.836709][T18587] veth0_vlan: entered promiscuous mode [ 1312.876877][T10163] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1312.901278][T18587] veth1_vlan: entered promiscuous mode [ 1312.915089][T10163] usb 2-1: USB disconnect, device number 47 [ 1313.478572][T18587] veth0_macvtap: entered promiscuous mode [ 1313.585023][T18756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1313.608069][T18587] veth1_macvtap: entered promiscuous mode [ 1313.760739][T18809] chnl_net:caif_netlink_parms(): no params data found [ 1313.897736][T18758] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1313.989744][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.042499][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.062334][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.082279][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.092123][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.103043][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.113238][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.125946][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.135854][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.147805][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.160514][T18587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1314.213987][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1314.242386][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.252424][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1314.271399][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.302333][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1314.312949][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.322945][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1314.335683][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.345734][T18587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1314.356536][T18587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1314.370078][T18587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1314.395488][ T5238] Bluetooth: hci1: command tx timeout [ 1314.426917][T18587] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1314.444240][T18587] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1314.458037][T18587] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1314.503744][T18587] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1314.690922][T18809] bridge0: port 1(bridge_slave_0) entered blocking state [ 1314.700546][T18809] bridge0: port 1(bridge_slave_0) entered disabled state [ 1314.715949][T18809] bridge_slave_0: entered allmulticast mode [ 1314.753375][T18809] bridge_slave_0: entered promiscuous mode [ 1314.784464][T18756] veth0_vlan: entered promiscuous mode [ 1314.817986][T18809] bridge0: port 2(bridge_slave_1) entered blocking state [ 1314.834667][T18809] bridge0: port 2(bridge_slave_1) entered disabled state [ 1314.855957][T18809] bridge_slave_1: entered allmulticast mode [ 1314.866045][T18809] bridge_slave_1: entered promiscuous mode [ 1314.984961][T18756] veth1_vlan: entered promiscuous mode [ 1315.097154][T18809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1315.270373][T18809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1315.601617][T18809] team0: Port device team_slave_0 added [ 1315.676468][T18809] team0: Port device team_slave_1 added [ 1315.860726][T13574] bio_check_eod: 7133 callbacks suppressed [ 1315.860753][T13574] syz.5.2096: attempt to access beyond end of device [ 1315.860753][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1315.906794][T18758] veth0_vlan: entered promiscuous mode [ 1315.985962][T13574] syz.5.2096: attempt to access beyond end of device [ 1315.985962][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.033158][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.033158][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.075963][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.075963][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.097469][T18809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1316.133672][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.133672][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.133766][T18809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1316.183297][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.183297][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.196104][T18809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1316.230923][T18809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1316.240952][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.240952][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.261924][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.261924][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.289828][T18809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1316.333775][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.333775][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.365489][T18809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1316.419222][T13574] syz.5.2096: attempt to access beyond end of device [ 1316.419222][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1316.473697][ T5238] Bluetooth: hci1: command tx timeout [ 1316.503522][T18758] veth1_vlan: entered promiscuous mode [ 1316.577948][T18809] hsr_slave_0: entered promiscuous mode [ 1316.613045][T18809] hsr_slave_1: entered promiscuous mode [ 1316.642889][T18809] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1316.666978][T18809] Cannot create hsr debugfs directory [ 1316.679264][ T5645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1316.720253][ T5645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1316.965792][T18756] veth0_macvtap: entered promiscuous mode [ 1317.138448][T18756] veth1_macvtap: entered promiscuous mode [ 1317.240446][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.292792][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.318614][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.362455][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.374014][T18865] syz.1.3381[18865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1317.410742][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.460930][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.475854][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.486779][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.496829][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.509307][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.520027][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.530609][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.540626][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.555931][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.613988][T18756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1317.676550][T18868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1317.751304][T18758] veth0_macvtap: entered promiscuous mode [ 1317.776808][T18758] veth1_macvtap: entered promiscuous mode [ 1317.799132][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.813274][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.824635][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.837040][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.847044][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.857951][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.868120][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.881300][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.904963][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.917667][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.927823][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.942390][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.952530][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.963297][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.975508][T18758] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1317.984657][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.996344][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.007360][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.022516][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.032689][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.045186][T18874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1318.055679][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.066175][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.077289][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.087637][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.099359][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.109611][T18756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.124118][T18756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.136272][T18756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1318.227428][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.249105][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.261875][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.272989][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.283094][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.293817][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.303873][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.315211][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.326736][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.337447][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.348421][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.360161][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.370253][T18758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.380972][T18758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.393873][T18758] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1318.407338][T18756] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.418206][T18756] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.428835][T18756] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.437979][T18756] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.574118][ T1067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1318.582037][ T1067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1318.622295][ T5238] Bluetooth: hci1: command tx timeout [ 1318.641895][T18758] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.705725][T18758] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.715262][T18758] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.725192][T18758] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.973173][T18877] loop4: detected capacity change from 0 to 2048 [ 1319.014235][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1319.022080][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1319.316043][ T1072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1319.362638][ T1072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1319.376321][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1319.437412][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1319.664190][T18889] netlink: 'syz.1.3387': attribute type 2 has an invalid length. [ 1319.671992][T18889] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.3387'. [ 1320.948863][T13574] bio_check_eod: 4467 callbacks suppressed [ 1320.948888][T13574] syz.5.2096: attempt to access beyond end of device [ 1320.948888][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.007162][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.007162][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.619973][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.619973][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.662793][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.662793][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.710798][T18809] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1321.736532][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.736532][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.760732][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.760732][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.831642][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.831642][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1321.950150][T13574] syz.5.2096: attempt to access beyond end of device [ 1321.950150][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1322.025835][T13574] syz.5.2096: attempt to access beyond end of device [ 1322.025835][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1322.077174][ T5238] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 1322.126408][T13574] syz.5.2096: attempt to access beyond end of device [ 1322.126408][T13574] loop5: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1322.293784][T18809] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1322.693057][T18921] syz.4.3397[18921] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1322.693244][T18921] syz.4.3397[18921] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1324.106117][ T5645] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.271275][T18809] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.395088][ T5645] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.473140][T18809] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.540797][ T5645] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.686319][ T5645] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.807225][T13574] ================================================================== [ 1324.815351][T13574] BUG: KASAN: use-after-free in sysv_new_inode+0xfd3/0x1170 [ 1324.822657][T13574] Read of size 2 at addr ffff8880121761ce by task syz.5.2096/13574 [ 1324.830561][T13574] [ 1324.832893][T13574] CPU: 1 UID: 0 PID: 13574 Comm: syz.5.2096 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 1324.843764][T13574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1324.853832][T13574] Call Trace: [ 1324.854168][T18809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1324.857103][T13574] [ 1324.866717][T13574] dump_stack_lvl+0x241/0x360 [ 1324.871427][T13574] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1324.876656][T13574] ? __pfx__printk+0x10/0x10 [ 1324.881271][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.886913][T13574] ? _printk+0xd5/0x120 [ 1324.891180][T13574] ? __virt_addr_valid+0x183/0x530 [ 1324.896302][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.901967][T13574] print_report+0x169/0x550 [ 1324.906482][T13574] ? __virt_addr_valid+0x183/0x530 [ 1324.911601][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.917228][T13574] ? __virt_addr_valid+0x45f/0x530 [ 1324.922338][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.927995][T13574] ? __phys_addr+0xba/0x170 [ 1324.932513][T13574] ? sysv_new_inode+0xfd3/0x1170 [ 1324.937469][T13574] kasan_report+0x143/0x180 [ 1324.942000][T13574] ? sysv_new_inode+0xfd3/0x1170 [ 1324.946948][T13574] sysv_new_inode+0xfd3/0x1170 [ 1324.951734][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.957368][T13574] ? __pfx_sysv_new_inode+0x10/0x10 [ 1324.962599][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.968247][T13574] ? _raw_spin_unlock+0x28/0x50 [ 1324.973120][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.978768][T13574] ? __d_add+0x500/0x800 [ 1324.983043][T13574] sysv_mknod+0x4e/0xe0 [ 1324.987225][T13574] ? __pfx_sysv_create+0x10/0x10 [ 1324.992179][T13574] path_openat+0x1a9c/0x3470 [ 1324.996785][T13574] ? __pfx_path_openat+0x10/0x10 [ 1325.001729][T13574] do_filp_open+0x235/0x490 [ 1325.006237][T13574] ? __pfx_do_filp_open+0x10/0x10 [ 1325.011286][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.016919][T13574] ? _raw_spin_unlock+0x28/0x50 [ 1325.021764][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.027395][T13574] ? alloc_fd+0x5a1/0x640 [ 1325.031745][T13574] do_sys_openat2+0x13e/0x1d0 [ 1325.036414][T13574] ? kasan_quarantine_put+0xdc/0x230 [ 1325.041728][T13574] ? __pfx_do_sys_openat2+0x10/0x10 [ 1325.046928][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.052585][T13574] __x64_sys_openat+0x247/0x2a0 [ 1325.057469][T13574] ? __pfx___x64_sys_openat+0x10/0x10 [ 1325.062845][T13574] ? do_syscall_64+0x100/0x230 [ 1325.067632][T13574] ? do_syscall_64+0xb6/0x230 [ 1325.072337][T13574] do_syscall_64+0xf3/0x230 [ 1325.076870][T13574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1325.082780][T13574] RIP: 0033:0x7facef9779f9 [ 1325.087206][T13574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1325.106824][T13574] RSP: 002b:00007facf06fd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1325.115247][T13574] RAX: ffffffffffffffda RBX: 00007facefb05f80 RCX: 00007facef9779f9 [ 1325.123216][T13574] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1325.131373][T13574] RBP: 00007facef9e58ee R08: 0000000000000000 R09: 0000000000000000 [ 1325.139341][T13574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1325.147313][T13574] R13: 000000000000000b R14: 00007facefb05f80 R15: 00007ffdff6cb718 [ 1325.155391][T13574] [ 1325.158426][T13574] [ 1325.160732][T13574] The buggy address belongs to the physical page: [ 1325.167133][T13574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x282 pfn:0x12176 [ 1325.176072][T13574] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1325.183187][T13574] raw: 00fff00000000000 ffffea0000485d48 ffffea0000485dc8 0000000000000000 [ 1325.191782][T13574] raw: 0000000000000282 0000000000000000 00000000ffffffff 0000000000000000 [ 1325.200364][T13574] page dumped because: kasan: bad access detected [ 1325.206771][T13574] page_owner tracks the page as freed [ 1325.212132][T13574] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 18919, tgid 18918 (syz.4.3397), ts 1322423396654, free_ts 1323802306121 [ 1325.230184][T13574] post_alloc_hook+0x1f3/0x230 [ 1325.234956][T13574] get_page_from_freelist+0x2e4c/0x2f10 [ 1325.240523][T13574] __alloc_pages_noprof+0x256/0x6c0 [ 1325.245735][T13574] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1325.251215][T13574] folio_alloc_mpol_noprof+0x36/0x50 [ 1325.256508][T13574] shmem_alloc_and_add_folio+0x2ce/0x14e0 [ 1325.262242][T13574] shmem_get_folio_gfp+0x8dc/0x2370 [ 1325.267473][T13574] shmem_fault+0x252/0x6f0 [ 1325.271893][T13574] __do_fault+0x137/0x460 [ 1325.276219][T13574] handle_pte_fault+0x3b24/0x6eb0 [ 1325.281296][T13574] handle_mm_fault+0x1029/0x1980 [ 1325.286239][T13574] __get_user_pages+0x6ec/0x16a0 [ 1325.291204][T13574] populate_vma_page_range+0x264/0x330 [ 1325.296687][T13574] __mm_populate+0x27a/0x460 [ 1325.301324][T13574] vm_mmap_pgoff+0x2c3/0x3d0 [ 1325.305933][T13574] do_syscall_64+0xf3/0x230 [ 1325.310455][T13574] page last free pid 18921 tgid 18918 stack trace: [ 1325.316948][T13574] free_unref_folios+0x103a/0x1b00 [ 1325.322075][T13574] folios_put_refs+0x76e/0x860 [ 1325.326847][T13574] shmem_undo_range+0x6de/0x1df0 [ 1325.331804][T13574] shmem_evict_inode+0x29b/0xa80 [ 1325.336829][T13574] evict+0x2aa/0x630 [ 1325.340732][T13574] __dentry_kill+0x20d/0x630 [ 1325.345318][T13574] dput+0x19f/0x2b0 [ 1325.349129][T13574] __fput+0x5f8/0x8a0 [ 1325.353108][T13574] task_work_run+0x251/0x310 [ 1325.357716][T13574] do_exit+0xa2f/0x27f0 [ 1325.361882][T13574] do_group_exit+0x207/0x2c0 [ 1325.366484][T13574] get_signal+0x16a1/0x1740 [ 1325.370996][T13574] arch_do_signal_or_restart+0x96/0x860 [ 1325.376542][T13574] syscall_exit_to_user_mode+0xc9/0x370 [ 1325.382089][T13574] do_syscall_64+0x100/0x230 [ 1325.386687][T13574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1325.392611][T13574] [ 1325.394932][T13574] Memory state around the buggy address: [ 1325.400558][T13574] ffff888012176080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1325.408614][T13574] ffff888012176100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1325.416682][T13574] >ffff888012176180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1325.424754][T13574] ^ [ 1325.431164][T13574] ffff888012176200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1325.439225][T13574] ffff888012176280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1325.447285][T13574] ================================================================== [ 1325.468557][T13574] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1325.475826][T13574] CPU: 1 UID: 0 PID: 13574 Comm: syz.5.2096 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 1325.486612][T13574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1325.496680][T13574] Call Trace: [ 1325.499970][T13574] [ 1325.502907][T13574] dump_stack_lvl+0x241/0x360 [ 1325.507606][T13574] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1325.512827][T13574] ? __pfx__printk+0x10/0x10 [ 1325.517468][T13574] ? preempt_schedule+0xe1/0xf0 [ 1325.522335][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.527978][T13574] ? vscnprintf+0x5d/0x90 [ 1325.532316][T13574] panic+0x349/0x860 [ 1325.536223][T13574] ? check_panic_on_warn+0x21/0xb0 [ 1325.541352][T13574] ? __pfx_panic+0x10/0x10 [ 1325.545776][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.551420][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.557056][T13574] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1325.563045][T13574] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1325.569378][T13574] ? print_report+0x502/0x550 [ 1325.574073][T13574] check_panic_on_warn+0x86/0xb0 [ 1325.579014][T13574] ? sysv_new_inode+0xfd3/0x1170 [ 1325.583961][T13574] end_report+0x77/0x160 [ 1325.588218][T13574] kasan_report+0x154/0x180 [ 1325.592747][T13574] ? sysv_new_inode+0xfd3/0x1170 [ 1325.597709][T13574] sysv_new_inode+0xfd3/0x1170 [ 1325.602500][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.608151][T13574] ? __pfx_sysv_new_inode+0x10/0x10 [ 1325.613388][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.619025][T13574] ? _raw_spin_unlock+0x28/0x50 [ 1325.623881][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.629603][T13574] ? __d_add+0x500/0x800 [ 1325.633863][T13574] sysv_mknod+0x4e/0xe0 [ 1325.638065][T13574] ? __pfx_sysv_create+0x10/0x10 [ 1325.643018][T13574] path_openat+0x1a9c/0x3470 [ 1325.647640][T13574] ? __pfx_path_openat+0x10/0x10 [ 1325.652624][T13574] do_filp_open+0x235/0x490 [ 1325.657138][T13574] ? __pfx_do_filp_open+0x10/0x10 [ 1325.662183][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.667851][T13574] ? _raw_spin_unlock+0x28/0x50 [ 1325.672710][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.678354][T13574] ? alloc_fd+0x5a1/0x640 [ 1325.682711][T13574] do_sys_openat2+0x13e/0x1d0 [ 1325.687392][T13574] ? kasan_quarantine_put+0xdc/0x230 [ 1325.692690][T13574] ? __pfx_do_sys_openat2+0x10/0x10 [ 1325.697894][T13574] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1325.703635][T13574] __x64_sys_openat+0x247/0x2a0 [ 1325.708496][T13574] ? __pfx___x64_sys_openat+0x10/0x10 [ 1325.713871][T13574] ? do_syscall_64+0x100/0x230 [ 1325.718737][T13574] ? do_syscall_64+0xb6/0x230 [ 1325.723428][T13574] do_syscall_64+0xf3/0x230 [ 1325.727945][T13574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1325.733856][T13574] RIP: 0033:0x7facef9779f9 [ 1325.738270][T13574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1325.757883][T13574] RSP: 002b:00007facf06fd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1325.766307][T13574] RAX: ffffffffffffffda RBX: 00007facefb05f80 RCX: 00007facef9779f9 [ 1325.774280][T13574] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 1325.782261][T13574] RBP: 00007facef9e58ee R08: 0000000000000000 R09: 0000000000000000 [ 1325.790241][T13574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1325.798211][T13574] R13: 000000000000000b R14: 00007facefb05f80 R15: 00007ffdff6cb718 [ 1325.806198][T13574] [ 1325.809433][T13574] Kernel Offset: disabled [ 1325.813746][T13574] Rebooting in 86400 seconds..