last executing test programs: 5m51.101735992s ago: executing program 0 (id=1031): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x143ff9, 0x7fe4, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f00000000c0)={r3, &(0x7f0000000180), 0x0}, 0x20) recvfrom$inet6(r2, &(0x7f0000000000)=""/185, 0xb9, 0x20000, &(0x7f0000000180)={0xa, 0x4e23, 0x10, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x9e4}, 0x1c) 5m49.912536829s ago: executing program 0 (id=1042): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f00000190c0)=[@in6={0xa, 0x4e20, 0x10001, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x1}]}, &(0x7f0000000000)=0x10) getsockopt$bt_hci(r3, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec) 5m47.842915768s ago: executing program 0 (id=1045): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r0, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(0x3) 5m45.881035868s ago: executing program 0 (id=1053): syz_mount_image$hfs(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x1214080, &(0x7f0000000140)={[{@uid}, {@codepage={'codepage', 0x3d, 'iso8859-15'}}, {@gid}, {@dir_umask={'dir_umask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@part={'part', 0x3d, 0x800}}, {@creator={'creator', 0x3d, "5863953a"}}]}, 0x1, 0x31c, &(0x7f0000000940)="$eJzs3U1P1EAcBvBn2u6yKwQrYEg8oiSeCOBB40ViiBe/gAdDRFgTQsVEMVES4+rZGG8mJh69eTb6FfRi/AJ64mA86YV4sGZmOn1Zpt2ywBayzy9h2bbz8p9OX2aWLAURDayri9/fXdiWP6IGwAVwGXAANAAPwGlMNh5ubK5tBq3VooJclUP+COicYlealY2WLavMp3JEfLnkYSS9jg5HGIbhj66pfvclFqqO0Of+Lg4wFJ2danuj75EdjrZu12BJ9bDYwQ4eYbTKcIiIqHrR/d+J7hIj0fjdcYDpaBx+3O//mfHNTnVxHAnx/d/Ry6GQ++ek2pTM99QUTva+Y2aJtrL0MTGSXRkmu7sOfWRlOkB0m1WqWJzmnbWgNdNWBTzHlUgq2YR6XYVpiJIXbV3/mrLMTQsUtb3YsGpDTbZhPif+8T3X+OknXturW/pSIibxWXwVS8LHG6zG4z8vFHLnqP3jd/SUjn82v0TVSl+nyrQymb+fUpWcMT3w8X3Symbefm3AlbHYyFJE5/jdN3G+qufnwhiyHyvo1s3lt07lGrfmmo+X/1pzTXTmanq1oDWzci8o/CjlwFhndOKluCGm8AsfsJga/zsy9TTyz8zMlV+olNGRUdgeT6XM6ccMdQLftZyZTonMA+2ataOLvcBtXMLog8db68tB0Lpf/RtzqhyRePSBGB2Oco38nUqDhnxTA3Bglf4Lw9C6yUM/mlxTTb34Nmny1vqyaOvF/VWBdlyg2bSQnxjAAoBojbki9FL70zjXUFJgqex/ZG+rNfYD0kTVhwPSVJXZ5GKo1JnS7KHS60/Wl4OerkR0zCSdjsmbVQdDVZDDK6Hnf6n5yqy66sgXv2A2EnYrPFXiXM4MaEy9nig3g4uLzZ3BDZs3XeZcZ88D5zpqdGBqfNZZrB/FiaP4V8m9/ylDLOIbbvHzfyIiIiIiIiIiIiIiIiIiIiIiIiKi42av30bo5esE2Rq3B/AfbxARERERERERERERERERERERERERERER7U/q+b+Aq54YU6/8+b9uief/mudSEFHP/gcAAP//NBBgTQ==") pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00\x00\x00\x00'], 0x58) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r1]) chdir(&(0x7f0000000100)='./file0\x00') read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80) 5m44.683581405s ago: executing program 0 (id=1063): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0xffffff1f}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x2}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0x6, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5m44.290423008s ago: executing program 0 (id=1069): syz_init_net_socket$x25(0x9, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 5m44.135075141s ago: executing program 32 (id=1069): syz_init_net_socket$x25(0x9, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 14.865432107s ago: executing program 5 (id=1980): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x2, 0x0, 0x0) pipe2$9p(0x0, 0x0) ptrace(0x10, 0x1) 14.8211453s ago: executing program 2 (id=1981): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x115}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r6, 0x0, 0x0, 0x0, 0x40020100}) io_uring_enter(r3, 0x8aa, 0x0, 0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2}], 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 12.575602934s ago: executing program 5 (id=1985): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) sendmmsg$inet_sctp(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000240)={r5, 0x40}, 0x8) 12.575179174s ago: executing program 2 (id=1986): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bind$inet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000040) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000180)=0xb, 0x4) 10.482390065s ago: executing program 5 (id=1989): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x24, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) writev(0xffffffffffffffff, &(0x7f0000000480)=[{}, {0x0}], 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) 10.435269708s ago: executing program 3 (id=1990): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) r4 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$int_in(r4, 0x5421, &(0x7f0000000100)=0x9) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r4) 10.351984755s ago: executing program 2 (id=1991): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000640)="8d", &(0x7f00000007c0)=@tcp=r0, 0x2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 10.264096502s ago: executing program 4 (id=1992): sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x3f9, 0x4, 0x70bd29, 0x25dfdbfe}, 0x18}, 0x1, 0x0, 0x0, 0x4050}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10) recvfrom$inet_nvme(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0x0) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4) fchdir(0xffffffffffffffff) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000540)='pagemap\x00') 10.208557947s ago: executing program 1 (id=1993): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r1, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000140)) ioctl$SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000040)) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) 10.192372518s ago: executing program 5 (id=1994): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x800006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x9, 0xb}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 8.920255272s ago: executing program 3 (id=1995): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f00000000c0)={0x0, 0x747, 0x3, 0x4, 0xfb, 0x8, 0x101}, 0xc) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) sendmmsg(r1, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000300)="13", 0x1}], 0x1}}], 0x2, 0x20004840) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800) 8.864081407s ago: executing program 4 (id=1996): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@block_validity}, {@dioread_nolock}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@quota}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000023c0)='./file0\x00', 0x0, 0x95806d, &(0x7f0000000200)={[{@mode={'mode', 0x3d, 0x2}}]}) ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0x40086e81, 0x1000000000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x23108000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fsync(r3) 8.650132444s ago: executing program 3 (id=1997): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0xfffffffd) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040)={0xfe, 0x9, 0x2, 0xff, 0xa7, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2, 0x20}, 0xe) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f00000003c0), 0x4a800, 0x0) 7.796995274s ago: executing program 1 (id=1998): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32314152}}) 7.768783686s ago: executing program 2 (id=1999): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0xfffffcc7}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) write$cgroup_pid(r1, &(0x7f0000000100), 0x12) 7.756063387s ago: executing program 4 (id=2000): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 6.643427108s ago: executing program 1 (id=2001): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r4, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xcaR4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x1, 0x0, 0x0) 4.54051056s ago: executing program 3 (id=2002): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bind$inet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000040) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000180)=0xb, 0x4) 4.53943762s ago: executing program 4 (id=2003): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r3, &(0x7f0000000280)=[{&(0x7f0000000000)='4', 0x1}, {0x0}], 0x2) 4.301286499s ago: executing program 1 (id=2004): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x24, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) writev(0xffffffffffffffff, &(0x7f0000000480)=[{}, {0x0}], 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) 4.300741039s ago: executing program 2 (id=2005): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) shmget$private(0x0, 0x1000, 0x0, &(0x7f00008f0000/0x1000)=nil) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_LOCK(0x0, 0xb) shmdt(0x0) 2.972137988s ago: executing program 4 (id=2006): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r5, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10) 2.971697718s ago: executing program 5 (id=2007): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0xc02, &(0x7f0000000280)={[{@iocharset={'iocharset', 0x3d, 'macturkish'}}, {}, {@errors_continue}, {@fmask={'fmask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@keep_last_dots}, {@errors_remount}, {@namecase}, {@keep_last_dots}, {}]}, 0x1, 0x151e, &(0x7f0000007640)="$eJzs3AucT9XaOPDnWWvtMSbp1ySXYa31bH7JZZkkySVJLkmSJEluCUmTHElIDLklDUlILkNyGUJymZg07ve7JCRJkyQhuSXr/5ni73TqvOec9/Qe7+ed5/v57I/1zN7P2s/+PbNnXzDfdh1Wq0nt6o2ICP4t+OsfyQAQCwCDAOAaAAgAoHx8+fjs9bklJv97O2F/rofSrnQF7Eri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxsy4xC1/KScxd+/5+T8fX//4aLJx98ua7M9d0AYv7ZPO5/zsb9/z8r+Gc24v7nbNz/nCr2ShfA/hfg8z8nyPV313D/czbuP2M52ZV+/3ylF4jk7M/gSn//McYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLGc74yxQAXBpf6boYY4wxxhhjjDH25/G5rnQFjDHGGGOMMcYY+5+HIECCggBiIBfEQm6IAwEAV0NeuAYicC3Ew3WQD66H/FAACkIhSIDCUAQ0GIgBghCKQjGIwg1QHG6EElASSkFpcFAGEuEmKAs3Qzm4BcrDrVABboOKUAkqQxW4HarCHVAN7oTqcBfUgJpQC2rD3VAH7oG6cC/Ug/ugPtwPDeABaAgPQiN4CBrDw9AEHoGm8Cg0g+bQAlpCq/9W/gvQE16EXtAbkqEP9IWXoB/0hwEwEAbByzAYXoEh8CqkwFAYBq/BcHgdRsAbMBJGwWh4E8bAWzAWxsF4mACpMBEmwdswGd6BKTAVpsF0SIMZMBPehVkwG+bAezAX3od5MB8WwEJIhw9gESyGDPgQlsBHkAlLYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHHfAx7IRPYBd8CrthD+yFz2AffP4v5p/+m/xuCAgoUKBChTEYg7EYi3EYh3kwD+bFvBjBCMZjPObDfJgf82NBLIgJmIBFsAgaNEhIWBSLYhSjWByLYwksgaWwFDp0mIiJWBZvxnJYDstjeayAFbAiVsJKWAWrYFWsitWwGlbH6lgDa2AtrIV3493YB+tiXayH9bA+1r/0egobYSNsjI2xCTbBptgUm2EzbIEtsBW2wtbYGttgG2yH7bA9tscO2AGTMAk7YkfshJ2wM3bGLtgFu2JX7IbdsXvWC7kAX8QXsTfWEH2wL/bFfpiSawAOxIH4Mg7GV/AVfBVTcCgOw9fwNXwdR+ApHImjcDSOxqriLRyL45DEBEzFVJyEk3AyTsYpOBWn4nRMwxk4E2fiLJyNs/E9nIvv4/s4H+fjQkzHdFyEizEDM3AJnsZMXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342bciltxO27Hj/Fj/AQVAH6Ke3APpuA+3If7cT8ewAN4EA9iFmbhITyEh/EwHsEjeBSP4jE8jifwOJ7Ek3gKT+MZPIPn8Byex+cSvm78Scm1KSCyKaFEjIgRsSJWxIk4kUfkEXlFXhEREREv4kU+kU/kF/lFQVFQJIgEUUQUEUYYQSKMAQARFVFRXBQXJUQJUUqUEk44kSgSRVlRVpQT5UR5cauoIG4TFUUl0dZVEVVEVdHOVRN3iuqiuqghaopaoraoLeqIOqKuqCvqiXqivqgvGogHREPRBwfgQyK7M03EUGwqhmEz0VzIiz/BWosR2Ea0Fe3EE2IUjsQOorVLEk+LjmIsdhJ/EePwWdFFTMCu4nnRTXQXPcQLoqdo43qJ3mIK9hF9xXTsJ/qLAWKgmIU1xXs4N3ct8apIEUPFMPGaWIivixHiDTFSjBKjxZtijHhLjBXjxHgxQaSKiWKSeFtMFu+IKWKqmCamizQxQ8wU74pZYraYI94Tc8X7Yp6YLxaIhSJdfCAWicUiQ3woloiPRKZYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie1ih/hY7BSfiF3iU7Fb7BF7xWdin/hc7BdfiAPiS3FQfCWyxNfikPhGHBbfiiPiO3FUfC+OiePihPhBnBQ/ilPitDgjzopz4idxXvwsLggvQKIUUkolAxkjc8lYmVvGyatkHhlc/HSvlfHyOplPXi/zywKyoCwkE2RhWURqaaSVJENZVBaTUXmDLC5vlCVkSVlKlpZOlpGJ8iZZVt4sy8lbZHl5q6wgb5MVZSVZWVaRt8uq8g4JkV/3UUPWlLVkbXm3TIZ7ZF15r6wn75P15f2ygXxANpQPykbyIdlYPiybyEdkU/mobCabyxaypWwlH5Ot5eOyjWwr28knZHv5pOwgn5JJ8mnZUfqL3yLPyi7yOdlVPi+7ye6yh/xZXpBe9pK9JfQB2Ve+JPvJ/nKAHCgHyZflYPmKHCJflSlyqBwmX5PD5etyhHxDjpSj5Gj5phwj35Jj5Tg5Xk6QqXKinCTflpPlO3KKnCqnyekyTc6QAy7ONEfKf5j/9h/kD/ll75vlFrlVbsOLrZCfyF1yl9wtd8u9cq/cJ/fJ/XK/PCAPyIPyoMySWfKQPCQPy8PyiDwij8qj8pg8Ls/KH+RJ+aM8JU/L0/KsPCfPyfMXPwNQqISSSqlAxahcKlblVnHqKpVHXa3yqmtURF2r4tV1Kp+6XuVXBVRBVUglqMKqiNLKKKtIhaqoKqai6oZLVapSqrRyqoxKVDf9K/mquLpRlVAlf5N/qb7kv1NfK9VKtVatVRvVRrVT7VR71V51UB1UkkpSHVVH1Ul1Up1VZ9VFdVFdVVfVTXVTPVQP1VP1VL1UL5WsklVf9ZLqp/qrAWqgGqReVoPVYDVEDVEpKkUNU8PUcDVcjVAj1Eg1Uo1Wo9UYNUaNVWPVeDVepapUNUlNUpPVZDVFTVHT1DSVptLUTDVTzVKz1Bw1R81Vc9U8NU8tUAtUukpXi9QilaEy1BK1RGWqpWqpWq6Wq5VqpVqtVqu1aq1ar9arjWqjylRb1Ba1TW1TO9QOtVPtVLvULrVb7VZ71V61T+1T+9V+dUAdUAfVQZWlstQhdUgdVofVEXVEHVVH1TF1TJ1QJ9RJdVKdUqfUGXVGnVPn1Hl1Xl1QF7Jv+wIRiEAF2VfamCA2iA3igrggT5AnyBvkDSJBJIgP4oN8wfVB/qBAUDAoFCQEhYMigQ5MYANxsenR4IageHBjUCIoGZQKSgcuKBMkBjcFZYObg3LBLUH54NagQnBbUDGoFFQOqgS3B1WDO4JqwZ1B9eCuoEZQM6gV1A7uDuoE9wR1g3uDesF9Qf3g/qBB8EDQMHgwaBQ8FDQOHg6aBI8ETYNHg2ZB86BF0DJo9afO7/2pAo+7zbq3TtZ9dF/9ku6n++sBeqAepF/Wg/Ureoh+VafooXqYfk0P16/rEfoNPVKP0qP1m3qMfkuP1eP0eD1Bp+qJepJ+W0/W7+gpeqqepqfrND1Dz9Tv6ll6tp6j39Nz9ft6np6vF+iFOl1/oBfpxTpDf6iX6I90pl6ql+nleoVeqVfp1XqNXqvX6fV6g96oN+nNeoveqrfp7XqH/ljv1J/oXfpTvVvv0Xv1Z3qf/lzv11/oA/pLfVB/pbP01/qQ/kYf1t/qI/o7fVR/r4/p4/qE/kGf1D/qU/q0PqPP6nP6J31e/6wvaJ99c599eTfKKBNjYkysiTVxJs7kMXlMXpPXREzExJt4k8/kM/lNflPQFDQJJsEUMUVMNjJkipqiJmqiprgpbkqYEqaUKWWccSbRJJqypqwpZ8qZ8qa8qWAqmIqmoqlsKpvbze3mDnOHudPcae4yd5mapqapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlqmppmpplpYVqYVqaVaW1amzamjWln2pn2pr3pYDqYJJNkOpqOppPpZDqbzqaL6WK6mq6mm+lmepgepqfpaXqZXibZJJu+pq/pZ/qZAWaAGWQGmcFmsBlihpgUk2KGmWFmuBluRpgRZqQZZUZnnz7mLTPWjDPjzQSTalLNJDPJTDaTzRQzxUwz00yaSTMzzUwzy8wyc8wcM9fMNfPMPLPALDDpJt0sMotMhskwS8wSk2kyzTKzzKwwK8wqs8qsMWvMOrPObIANZpPZZLaYLWab2WZ2mB1mp9lpdpldZrfZbfaavWaf2Wf2m/3mgDlgDpqDJstkmUPmkDlsDpsj5og5ao6aY+aYOWFOmJPmpDllTpkz5ow5ZwpcvF56E2tz2zh7lc1jr7Z57TX2b+OCtpBNsIVtEattflvgN7Gx1pawJW0pW9o6W8Ym2pt+F1e0lWxlW8XebqvaO2y138V17D22rr3X1rP32dr27t/E9e39toF9xDZEBLDNbWPb0jaxj9im9lHbzDa3LWxL294+aTvYp2ySfdp2tM/8Ll5kF9s1dq1dZ9fb3XaPPWPP2sP2W3vO/mR72d52kH3ZDrav2CH2VZtih/4uHm3ftGPsW3asHWfH2wm/i6fZ6TbNzrAz7bt2lp39uzjdfmDn2gw7z863C+zCX+LsmjLsh3aJ/chm2gCW2eV2hV1pV9nV/7/W5Xaj3WQ32132U7vNbrc77Md256UbYbvH7rWf2X32c3vIfmMP2C/tQXvEZtmvf4mzj++I/c4etd/bY/a4PWF/sCftj+pSdvax/2B/thest0BIQJIUBRRDuSiWclMcXUV56GrKS9dQhK6leLqO8tH1lJ8KUEEqRAlUmIqQJkOWiEIqSsUoSjfQpfJKUWlyVIYS6SYqSzdTObqFytOtVIFuo4pUiSpTFbqdqtIdVI3upOp0F9WgmlSLatPdVIfuobp0L9WD+6g+3U8N6AFqSA9SI3qIGtPD1IQeoab0KDWj5tSCWlIreoxa0+PUhtpSO3qC2tOT1IGeoiR6mjrSM9SJ/kKd6VnqQs9RV3qeulF36kEvUE96kXpRb0qmPtSXXqJ+1J8G0EAaRC/TYHqFhtCrlEJDaRi9RsPpdRpBb9BIGkWj6U0aQ2/RWBpH42kCpdJEmkRv02R6h6bQVJpG0ymNZtBMepdm0WyaQ+/RXHqf5tF8WkALKZ0+oEW0mDLoQ1pCH1EmLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQx7STPqFd9Cntpj20lz6jffQ57acv6AB9SQfpK8qir+kQfUOH6Vs6Qt/53vQ9HaPjdIJ+oJP0I52i03SGztI5+onO0890gTxBiKEIZajCIIwJc4WxYe4wLrwqzBNeHeYNrwkj4bVhfHhdmC+8PswfFggLhoXChLBwWCTUoQltSGEYFg2LhdHwhrB4eGNYIiwZlgpLhy4sEyaGN4Vlw5vDcuEtYfnw1rBCeFtYMawUPnJflfD2sGp4R1gtvDOsHt4V1ghrhrXC2uHdYZ3wnrBueG9YL7wvLBfeHzYIHwgbhg+GjcKHwsbhw2GT8JGwafho2CxsHrYIW4atwsfC1uHjYZuwbdgufCJsHz4ZdgifCpPCp8OO4TO/rL9/8d9fnxz2CfuGL4Uvhd7fKxdEF0bTox9EF0UXRzOiH0aXRD+KZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r50LHDrhpFMucDEul4t1uV2cu8rlcVe7vO4aF3HXunh3ncvnrnf5XQFX0BVyCa6wK+K0M846cqEr6oq5qLvBFXc3uhKupCvlSjvnyrhE19K1cq1ca/e4a+PaunbuCfeEe9I96Z5yT7mnXUf3jOvk/uI6u2ddF/ece84977q57q6He8H1dBPz/npOJru+rq/r5/q5AW6AG+QGucFusBvihrgUl+KGuWFuuBvuRrgRbqQb6Ua70W6MG+PGurFuvBvvUl2qm+QmucluspviprhpbppLc2luppvpZrlZrursX/cyz81zC9wCl+7S3SKXfc+Y4Za4JS7TZbplbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vldrnd/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MjEyKvB2ZHHknMiUyNTItMj2SFpkRmRl5NzIrMjsyJ/JeZG7k/ci8yPzIgsjCSHrkg8iiyOJIRuTDyJLIR5HMyNLIssjyyIrIyoj3hbeFvqgv5qP+Bl/c3+hL+JK+lC/tnS/jE/1Nvqy/2Zfzt/jy/lZfwd/mK/pKvrJ/1DfzzX0L39K38o/51v5x38a39e38E769f9J38E/5JP+07+if8Z38X3xn/6zv4p/zXf3zvpvv7nv4F3xP/6Lv5Xv7ZN/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hXfYof6of51/xw/7of4d/wI/0oPzrmTT/m0iMyTPCpfqKf5N/2k/07cKef6qf56T7Nz/Az/bt+lp/t5/j3/Fz/vp/n5/sFfqFP9x/4RX6xz/Af+iX+I5/pl156qexX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h//Y7/Sf+F3+U7/b7/F7/Wd+n//c7/df+AP+S3/Qf+Wz/Nf+kP/GH/bf+iP+O3/Uf++P+eP+hP/Bn/Q/+lP+tD/jz/pz/id/3v/sL/D/WWOMMcYY+6dMvDwUv13z6+v8Pn+QI/5q474AcPX2Qll/vT77jnJD/l/H/UVC+wgAPN2760OXlho1kpOTL26bKSEoNh/g0t8EZYuBy/FSaAdPQhK0hbJ/WH9/0f0c/YP5o7cCxP1VTixcji/P/wUAJv/B/I89MXpRhfBM/H8x/3yAEsUu5+SGy/FSaPfL+5W2UO7v1F+g9T+oP/eXqQBt/ionD1yOL9efCI/DM5D0my0ZY4wxxhhjjLFf9ReVO196/rz0Lz7/6Pk8QV3OyQWX43/0fM4YY4wxxhhjjLEr79nuPZ56LCmpbed/fVDtv5X1Tw+awv/UzDz4w4H3AJe+ogDg35wQIHsg/5NHsfU/sq+Ui6fO365acdYH8L+jlX/G4Ar/YGKMMcYYY4z96S7f9P/26+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVA/4lfJ3alj5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//85evzE") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x40f, &(0x7f0000000000), &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x2bac, &(0x7f0000000340), &(0x7f0000000100)=0x0, &(0x7f0000000000)) syz_io_uring_submit(r6, r5, &(0x7f0000000100)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2a, 0x0, @fd_index=0x3}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x80000004, 0x0, 0x4) io_uring_enter(r3, 0x1469, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x47e9, 0xeb13, 0x6, 0x0, 0x0) 2.891492374s ago: executing program 1 (id=2008): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) ptrace$setsig(0x4203, 0xffffffffffffffff, 0x4, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) sendmmsg$inet6(r3, 0x0, 0x0, 0x4000000) 2.875962805s ago: executing program 3 (id=2009): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(r1, 0xfffffffb) syz_open_dev$video4linux(0x0, 0x5, 0x0) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRESDEC=0x0, @ANYRESOCT=r1, @ANYRES16, @ANYRES16], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x101042, 0x1db) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x29a, 0x0, 0x82, 0x0, &(0x7f0000000180)) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) writev(r3, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 657.669366ms ago: executing program 1 (id=2010): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000640)="8d", &(0x7f00000007c0)=@tcp=r0, 0x2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 657.423616ms ago: executing program 2 (id=2011): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32314152}}) 657.145656ms ago: executing program 4 (id=2012): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000003c0)) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10) sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0) 17.794819ms ago: executing program 5 (id=2013): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)) r3 = socket$kcm(0x10, 0x2, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) sendmsg$inet(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d000a847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 0s ago: executing program 3 (id=2014): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) kernel console output (not intermixed with test programs): 306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.439068][ T4306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.452695][ T4305] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.455867][ T4305] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.458343][ T4305] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.460693][ T4305] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.467895][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.470541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.496108][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.498550][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.508521][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.534597][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.538690][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.541357][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.543895][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.552858][ T4311] device veth0_vlan entered promiscuous mode [ 44.576990][ T4396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.579258][ T4396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.587992][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.590704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.593264][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.607058][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.612044][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.620425][ T4316] device veth0_vlan entered promiscuous mode [ 44.628327][ T4316] device veth1_vlan entered promiscuous mode [ 44.657478][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.659534][ T4311] device veth1_vlan entered promiscuous mode [ 44.659663][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.671603][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.677263][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.679874][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.683395][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.686599][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.689385][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.706695][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.708959][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.714058][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.719843][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.723701][ T4316] device veth0_macvtap entered promiscuous mode [ 44.730625][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.733230][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.736390][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.738772][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.758688][ T4316] device veth1_macvtap entered promiscuous mode [ 44.784322][ T4311] device veth0_macvtap entered promiscuous mode [ 44.806449][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.809335][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.812035][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.819050][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.826045][ T4311] device veth1_macvtap entered promiscuous mode [ 44.870129][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.873204][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.881256][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.884063][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.886800][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.889590][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.893578][ T4316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.896350][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.899299][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.901872][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.904622][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.907941][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.910768][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.913438][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.916470][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.920334][ T4311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.930982][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.943059][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.947579][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.950608][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.954003][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.963120][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.967184][ T4311] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.970066][ T4311] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.974169][ T4311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.985526][ T4311] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.988114][ T4311] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.990489][ T4311] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.992743][ T4311] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.049730][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.052290][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.063781][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.070349][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.073032][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.080935][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.083650][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.087305][ T4423] binder: 4422:4423 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 45.088606][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.090655][ T4423] binder: 4423 RLIMIT_NICE not set [ 45.597032][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.840612][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.843277][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.847819][ T4428] binder: 4422:4428 tried to acquire reference to desc 0, got 1 instead [ 45.858488][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.876895][ T4423] binder: undelivered transaction 5, put_user failed [ 45.878839][ T4423] binder: 4422:4423 ioctl c0306201 20000280 returned -14 [ 45.890799][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.893510][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.897198][ T4384] binder: undelivered TRANSACTION_COMPLETE [ 45.925672][ T4316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.928582][ T4316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.933303][ T4316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.953269][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.958214][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.006387][ T4316] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.008763][ T4316] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.013112][ T4316] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.015647][ T4316] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.174007][ T4396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.177214][ T4396] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.191795][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.375030][ T4322] Bluetooth: hci4: command 0x040f tx timeout [ 46.377295][ T4313] Bluetooth: hci2: command 0x040f tx timeout [ 46.379453][ T4313] Bluetooth: hci1: command 0x040f tx timeout [ 46.381656][ T4322] Bluetooth: hci0: command 0x040f tx timeout [ 46.387483][ T4322] Bluetooth: hci3: command 0x040f tx timeout [ 47.056323][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.058592][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.067530][ T4442] device batadv_slave_1 entered promiscuous mode [ 47.076861][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.086929][ T4442] device batadv_slave_1 left promiscuous mode [ 47.089562][ T4426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.091764][ T4426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.094707][ T4426] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.156719][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.158942][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.161726][ T4426] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.489160][ T4459] binder: 4458:4459 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 47.492887][ T4459] binder: 4459 RLIMIT_NICE not set [ 47.506928][ T4451] loop4: detected capacity change from 0 to 8192 [ 47.531841][ T4451] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 47.541278][ T4461] binder: 4458:4461 tried to acquire reference to desc 0, got 1 instead [ 47.549754][ T4459] binder: undelivered transaction 10, put_user failed [ 47.555390][ T4451] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 47.562637][ T4459] binder: 4458:4459 ioctl c0306201 20000280 returned -14 [ 47.569208][ T4451] REISERFS (device loop4): using ordered data mode [ 47.581277][ T4451] reiserfs: using flush barriers [ 47.591485][ T4352] binder: undelivered TRANSACTION_COMPLETE [ 47.618260][ T4451] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.630784][ T4451] REISERFS (device loop4): checking transaction log (loop4) [ 47.652893][ T4451] REISERFS (device loop4): Using r5 hash to sort names [ 47.657519][ T4451] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 48.456770][ T4315] Bluetooth: hci3: command 0x0419 tx timeout [ 48.458547][ T4315] Bluetooth: hci0: command 0x0419 tx timeout [ 48.460119][ T4315] Bluetooth: hci1: command 0x0419 tx timeout [ 48.461694][ T4315] Bluetooth: hci4: command 0x0419 tx timeout [ 48.463337][ T4315] Bluetooth: hci2: command 0x0419 tx timeout [ 48.604481][ T4451] overlayfs: upper fs needs to support d_type. [ 48.617328][ T4451] overlayfs: upper fs does not support tmpfile. [ 48.641233][ T4451] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 48.646051][ T4451] overlayfs: failed to set xattr on upper [ 48.647715][ T4451] overlayfs: ...falling back to index=off,metacopy=off. [ 48.675506][ T4478] loop2: detected capacity change from 0 to 512 [ 48.714038][ T4478] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 48.733903][ T4483] binder: 4482:4483 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 48.737811][ T4483] binder: 4483 RLIMIT_NICE not set [ 51.108180][ T4506] netlink: 'syz.1.28': attribute type 11 has an invalid length. [ 51.215682][ T4510] process 'syz.4.33' launched '/dev/fd/3' with NULL argv: empty string added [ 51.253201][ T4515] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'. [ 51.300822][ T4517] loop2: detected capacity change from 0 to 512 [ 51.303167][ T4517] ======================================================= [ 51.303167][ T4517] WARNING: The mand mount option has been deprecated and [ 51.303167][ T4517] and is ignored by this kernel. Remove the mand [ 51.303167][ T4517] option from the mount to silence this warning. [ 51.303167][ T4517] ======================================================= [ 51.336052][ T4517] EXT2-fs (loop2): warning: feature flags set on rev 0 fs, running e2fsck is recommended [ 51.351269][ T4517] EXT2-fs (loop2): error: fragsize log 63 != blocksize log 12 [ 51.353905][ T4507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 51.451985][ T4519] loop1: detected capacity change from 0 to 4096 [ 51.496874][ T4523] loop0: detected capacity change from 0 to 8192 [ 51.497094][ T4519] ntfs3: loop1: Failed to load $MFT. [ 51.501234][ T4523] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 51.504690][ T4523] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 51.512730][ T4523] REISERFS (device loop0): using ordered data mode [ 51.514461][ T4523] reiserfs: using flush barriers [ 51.517434][ T4523] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 51.522142][ T4523] REISERFS (device loop0): checking transaction log (loop0) [ 51.556605][ T4523] REISERFS (device loop0): Using r5 hash to sort names [ 51.558847][ T4523] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 51.572150][ T4530] loop2: detected capacity change from 0 to 256 [ 51.580711][ T4523] overlayfs: upper fs needs to support d_type. [ 51.582392][ T4523] overlayfs: upper fs does not support tmpfile. [ 51.586151][ T4523] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 51.588078][ T4523] overlayfs: failed to set xattr on upper [ 51.589764][ T4523] overlayfs: ...falling back to index=off,metacopy=off. [ 51.603477][ T4530] FAT-fs (loop2): Unrecognized mount option "utf8=1Honumtail=0" or missing value [ 51.682609][ T4524] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 51.740726][ T4530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.36'. [ 51.760509][ T4536] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'. [ 51.801597][ T4537] netlink: 168 bytes leftover after parsing attributes in process `syz.1.40'. [ 51.837191][ T4536] Zero length message leads to an empty skb [ 51.960311][ T4546] device batadv_slave_1 entered promiscuous mode [ 51.962873][ T4546] device batadv_slave_1 left promiscuous mode [ 53.019353][ T4555] loop1: detected capacity change from 0 to 64 [ 53.038836][ T4558] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 53.082275][ T4555] netlink: 64 bytes leftover after parsing attributes in process `syz.1.48'. [ 53.274659][ T4571] device macvtap1 entered promiscuous mode [ 53.362164][ T4574] netlink: 16 bytes leftover after parsing attributes in process `syz.3.49'. [ 54.166940][ T27] audit: type=1326 audit(54.090:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4576 comm="syz.0.54" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff7f15ce28 code=0x0 [ 54.252633][ T4585] overlayfs: failed to clone upperpath [ 54.314044][ T4588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.57'. [ 54.351231][ T4582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 56.447815][ T4609] netlink: 'syz.4.64': attribute type 10 has an invalid length. [ 56.516392][ T4620] TCP: tcp_parse_options: Illegal window scaling value 94 > 14 received [ 56.533186][ T4609] team0: Port device dummy0 added [ 56.544743][ T4614] netlink: 'syz.3.66': attribute type 10 has an invalid length. [ 57.397820][ T4614] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 57.405520][ T4618] netlink: 'syz.4.64': attribute type 10 has an invalid length. [ 57.480651][ T4618] team0: Port device dummy0 removed [ 57.484225][ T4618] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 57.504662][ T4626] netlink: 24 bytes leftover after parsing attributes in process `syz.2.70'. [ 57.535253][ T4628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 57.536217][ T4626] netlink: 'syz.2.70': attribute type 1 has an invalid length. [ 57.774812][ T4639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.75'. [ 58.690431][ T4635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 60.027599][ T4658] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 64.730989][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.733035][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.999473][ T4727] netlink: 24 bytes leftover after parsing attributes in process `syz.2.103'. [ 65.081866][ T4731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.103'. [ 66.575141][ T4603] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 67.108337][ T4603] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.111888][ T4603] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.114462][ T4603] usb 1-1: config 0 interface 0 has no altsetting 0 [ 67.124929][ T4603] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 67.127470][ T4603] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.132625][ T4603] usb 1-1: config 0 descriptor?? [ 67.350410][ T4758] binder: 4757:4758 tried to acquire reference to desc 0, got 1 instead [ 67.353576][ T4758] binder: 4757:4758 got transaction with invalid parent offset or type [ 67.357661][ T4758] binder: 4757:4758 transaction async to 4757:0 failed 17/29201/-22, size 96-24 line 3448 [ 67.361804][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 68.178522][ T4603] usbhid 1-1:0.0: can't add hid device: -71 [ 68.180565][ T4603] usbhid: probe of 1-1:0.0 failed with error -71 [ 68.200826][ T4603] usb 1-1: USB disconnect, device number 2 [ 68.311467][ T4765] tipc: Started in network mode [ 68.313036][ T4765] tipc: Node identity 4, cluster identity 4711 [ 68.314677][ T4765] tipc: Node number set to 4 [ 68.326870][ T4767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.118'. [ 68.608336][ T4763] loop4: detected capacity change from 0 to 32768 [ 68.628511][ T4763] XFS (loop4): Mounting V5 Filesystem [ 68.669024][ T4763] XFS (loop4): Ending clean mount [ 68.680622][ T4763] XFS (loop4): Quotacheck needed: Please wait. [ 68.706033][ T4763] XFS (loop4): Quotacheck: Done. [ 68.747984][ T4763] XFS (loop4): User initiated shutdown received. [ 68.751713][ T4763] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x80/0x15c (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 68.755728][ T4763] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 68.779299][ T4316] XFS (loop4): Unmounting Filesystem [ 69.707615][ T24] cfg80211: failed to load regulatory.db [ 72.140417][ T4822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.134'. [ 72.163290][ C1] vcan0: j1939_session_tx_dat: 0x00000000d9bcb09a: queue data error: -100 [ 72.300490][ T4826] device gtp0 entered promiscuous mode [ 73.327274][ T4844] 8021q: adding VLAN 0 to HW filter on device bond1 [ 73.358413][ T4844] device bond_slave_0 entered promiscuous mode [ 73.360353][ T4844] device bond_slave_1 entered promiscuous mode [ 73.362102][ T4844] device dummy0 entered promiscuous mode [ 73.364283][ T4844] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 73.368166][ T4844] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 73.439438][ T4551] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 73.535878][ T4842] loop0: detected capacity change from 0 to 2048 [ 73.629475][ T4855] Set syz0 is full, maxelem 0 reached [ 74.501980][ T4842] loop0: unable to read partition table [ 74.503814][ T4842] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 74.604143][ T4861] binder: 4860:4861 tried to acquire reference to desc 0, got 1 instead [ 74.629040][ T4861] binder: 4860:4861 got transaction with invalid fd, -1 [ 74.630976][ T4861] binder: 4861:4860 translate fd failed [ 74.632518][ T4861] binder: 4860:4861 transaction async to 4860:0 failed 28/29201/-9, size 72-24 line 3424 [ 74.655779][ T4863] netlink: 8 bytes leftover after parsing attributes in process `syz.4.153'. [ 74.661468][ T4603] binder: undelivered TRANSACTION_COMPLETE [ 74.663086][ T4603] binder: undelivered TRANSACTION_ERROR: 29201 [ 74.714374][ T4867] fuse: Bad value for 'fd' [ 75.829659][ T4870] sched: RT throttling activated [ 76.124796][ T4875] xt_CT: No such helper "netbios-ns" [ 76.179591][ T111] binder: undelivered transaction 22, process died. [ 76.556821][ T4881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.577417][ T4881] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.969211][ T4892] bond0: (slave dummy0): Releasing backup interface [ 77.015540][ T4892] device dummy0 left promiscuous mode [ 77.058949][ T4892] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.080428][ T4892] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.858047][ T4892] device bridge_slave_0 left promiscuous mode [ 77.861049][ T4892] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.902354][ T4892] device bridge_slave_1 left promiscuous mode [ 77.904243][ T4892] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.987082][ T4892] bond0: (slave bond_slave_0): Releasing backup interface [ 78.025541][ T4892] device bond_slave_0 left promiscuous mode [ 78.035508][ T4892] bond0: (slave bond_slave_1): Releasing backup interface [ 78.088437][ T4892] device bond_slave_1 left promiscuous mode [ 78.111847][ T4892] team0: Port device team_slave_0 removed [ 78.124485][ T4892] team0: Port device team_slave_1 removed [ 78.126826][ T4892] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.129067][ T4892] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.132839][ T4892] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.135212][ T4892] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.145501][ T4892] bond1: (slave macvlan2): Removing an active aggregator [ 78.148295][ T4892] bond1: (slave macvlan2): Releasing backup interface [ 78.232575][ T4894] team0: Mode changed to "loadbalance" [ 78.274997][ T4913] netlink: 'syz.2.168': attribute type 4 has an invalid length. [ 78.307306][ T4914] netlink: 'syz.2.168': attribute type 4 has an invalid length. [ 78.371240][ T4920] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.373670][ T4920] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.385868][ T4920] device bridge_slave_0 left promiscuous mode [ 78.387648][ T4920] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.438137][ T4920] device bridge_slave_1 left promiscuous mode [ 78.439929][ T4920] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.492814][ T4920] bond0: (slave bond_slave_0): Releasing backup interface [ 78.633646][ T4920] bond0: (slave bond_slave_1): Releasing backup interface [ 78.712678][ T4920] team0: Failed to send options change via netlink (err -105) [ 78.720075][ T4920] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 78.750238][ T4920] team0: Port device team_slave_0 removed [ 79.567665][ T4920] team0: Failed to send options change via netlink (err -105) [ 79.582903][ T4920] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 79.596068][ T4920] team0: Port device team_slave_1 removed [ 79.598137][ T4920] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 79.602359][ T4920] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 79.612478][ T4920] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.614521][ T4920] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.662611][ T4927] team0: Mode changed to "loadbalance" [ 82.412996][ T4983] syz.0.188 uses obsolete (PF_INET,SOCK_PACKET) [ 82.417481][ T4984] syz.3.189 uses old SIOCAX25GETINFO [ 87.660525][ T5129] netlink: 'syz.3.208': attribute type 10 has an invalid length. [ 92.471286][ T5263] netlink: 'syz.3.235': attribute type 10 has an invalid length. [ 92.560762][ T5263] team0: Port device dummy0 added [ 92.562535][ T5267] netlink: 'syz.3.235': attribute type 10 has an invalid length. [ 92.575017][ T5267] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 92.615462][ T5271] netlink: 4 bytes leftover after parsing attributes in process `syz.4.238'. [ 92.642699][ T5267] team0: Failed to send options change via netlink (err -105) [ 92.657520][ T5267] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 92.672231][ T5267] team0: Port device dummy0 removed [ 92.688696][ T5267] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 92.868544][ T5276] overlayfs: failed to clone upperpath [ 93.999495][ T5291] lo speed is unknown, defaulting to 1000 [ 94.001384][ T5291] lo speed is unknown, defaulting to 1000 [ 94.081914][ T5293] netlink: 6 bytes leftover after parsing attributes in process `syz.1.243'. [ 94.084367][ T5293] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.157194][ T5291] lo speed is unknown, defaulting to 1000 [ 94.212456][ T5291] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 94.241297][ T5298] overlayfs: upper fs does not support file handles, falling back to index=off. [ 94.247816][ T5291] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 94.301978][ T5291] lo speed is unknown, defaulting to 1000 [ 94.304274][ T5291] lo speed is unknown, defaulting to 1000 [ 94.347532][ T5291] lo speed is unknown, defaulting to 1000 [ 94.349993][ T5291] lo speed is unknown, defaulting to 1000 [ 94.353590][ T5291] lo speed is unknown, defaulting to 1000 [ 95.442770][ T5313] netlink: 24 bytes leftover after parsing attributes in process `syz.1.259'. [ 95.593407][ T5320] netlink: 4 bytes leftover after parsing attributes in process `syz.2.251'. [ 95.613903][ T5320] netlink: 1 bytes leftover after parsing attributes in process `syz.2.251'. [ 96.835624][ T5339] loop0: detected capacity change from 0 to 1024 [ 96.899354][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 96.901589][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 96.904095][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 96.923296][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 96.945860][ T5346] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 96.956530][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 96.958729][ T5339] hfsplus: request for non-existent node 16777216 in B*Tree [ 97.241616][ T5366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.268'. [ 97.250333][ T5366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.268'. [ 97.264492][ T5366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.268'. [ 97.874660][ T5385] netlink: 104 bytes leftover after parsing attributes in process `syz.2.274'. [ 97.880929][ T5385] netlink: 104 bytes leftover after parsing attributes in process `syz.2.274'. [ 97.889434][ T5385] netlink: 104 bytes leftover after parsing attributes in process `syz.2.274'. [ 99.153939][ T5408] loop3: detected capacity change from 0 to 512 [ 99.178443][ T5408] ext4: Unknown parameter 'smackfsfloor' [ 99.231908][ T4524] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.481487][ T5418] netlink: 104 bytes leftover after parsing attributes in process `syz.1.288'. [ 99.484088][ T5418] netlink: 104 bytes leftover after parsing attributes in process `syz.1.288'. [ 99.488446][ T5418] netlink: 104 bytes leftover after parsing attributes in process `syz.1.288'. [ 101.110847][ T4322] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 101.113341][ T4322] Bluetooth: hci2: Injecting HCI hardware error event [ 101.117373][ T4322] Bluetooth: hci2: hardware error 0x00 [ 102.393031][ T5457] overlayfs: failed to clone upperpath [ 102.666897][ T5466] fuse: Bad value for 'fd' [ 102.670156][ T5464] netlink: 24 bytes leftover after parsing attributes in process `syz.4.302'. [ 102.674292][ T5461] af_packet: tpacket_rcv: packet too big, clamped from 4083 to 4294967272. macoff=96 [ 104.216693][ T4322] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 104.412215][ T5486] binder: 5484:5486 tried to acquire reference to desc 0, got 1 instead [ 104.414711][ T5486] binder: 5484:5486 ioctl c0306201 200003c0 returned -14 [ 104.429534][ T5486] binder_alloc: 5484: binder_alloc_buf failed to map page at 20ffe000 in userspace [ 104.432246][ T5486] binder: cannot allocate buffer: memory allocation failed [ 104.432277][ T5486] binder: 5484:5486 transaction call to 5484:0 failed 35/29201/-12, size 0-240 line 3239 [ 104.456722][ T111] binder: undelivered TRANSACTION_ERROR: 29201 [ 104.590416][ T5500] netlink: 16 bytes leftover after parsing attributes in process `syz.0.314'. [ 104.646656][ T5501] Set syz1 is full, maxelem 9 reached [ 105.693474][ T5514] loop7: detected capacity change from 0 to 7 [ 105.697404][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.700063][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.702409][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.704971][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.706481][ T5512] loop3: detected capacity change from 0 to 764 [ 105.720442][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.723036][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.728150][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.730792][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.745080][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.747590][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.778273][ T5514] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 105.780970][ T5514] Buffer I/O error on dev loop7, logical block 0, async page read [ 105.783055][ T5514] ldm_validate_partition_table(): Disk read failed. [ 105.784850][ T5514] Dev loop7: unable to read RDB block 0 [ 105.796365][ T5514] loop7: unable to read partition table [ 105.798010][ T5514] loop7: partition table beyond EOD, truncated [ 105.799647][ T5514] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 106.525967][ T5536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.325'. [ 106.564550][ T5536] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 106.835090][ T4296] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 107.032026][ T4296] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 107.037119][ T4296] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.365112][ T5546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'. [ 107.392938][ T4296] usb 1-1: config 0 descriptor?? [ 107.457166][ T5551] loop3: detected capacity change from 0 to 2048 [ 107.594042][ T5555] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 107.618685][ T4296] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 107.621749][ T4296] asix: probe of 1-1:0.0 failed with error -32 [ 107.628345][ T5555] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 107.631391][ T5555] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 107.824398][ T5555] Remounting filesystem read-only [ 108.449055][ T5561] netlink: 'syz.4.332': attribute type 1 has an invalid length. [ 108.492203][ T5561] bond2: (slave gretap1): making interface the new active one [ 108.497782][ T5561] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 108.510316][ T5561] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 109.707511][ T4374] usb 1-1: USB disconnect, device number 3 [ 109.827627][ T5597] netlink: 104 bytes leftover after parsing attributes in process `syz.2.347'. [ 110.774956][ T4315] Bluetooth: hci0: command 0x0406 tx timeout [ 110.791909][ T5605] netlink: 24 bytes leftover after parsing attributes in process `syz.2.351'. [ 110.958306][ T5615] loop0: detected capacity change from 0 to 128 [ 110.996460][ T5615] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 111.197861][ T4311] EXT4-fs (loop0): unmounting filesystem. [ 112.382492][ T5638] netlink: 'syz.4.363': attribute type 4 has an invalid length. [ 112.634331][ T5656] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.669947][ T5656] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 112.684175][ T5656] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 112.688556][ T5030] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 113.876683][ T5683] netlink: 32 bytes leftover after parsing attributes in process `syz.1.377'. [ 113.928203][ T5689] netlink: 32 bytes leftover after parsing attributes in process `syz.1.377'. [ 113.971295][ T5694] netlink: 'syz.3.380': attribute type 1 has an invalid length. [ 114.011695][ T5694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.380'. [ 114.019276][ T5694] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 114.053817][ T5694] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 115.963476][ T5691] loop0: detected capacity change from 0 to 32768 [ 115.986265][ T5691] XFS: noikeep mount option is deprecated. [ 116.053677][ T5691] XFS (loop0): Mounting V5 Filesystem [ 116.079307][ T5739] netlink: 'syz.3.395': attribute type 4 has an invalid length. [ 116.254165][ T5742] netlink: 'syz.3.395': attribute type 4 has an invalid length. [ 116.262211][ T5691] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 116.968549][ T5691] XFS (loop0): Starting recovery (logdev: internal) [ 117.135762][ T5691] XFS (loop0): Ending recovery (logdev: internal) [ 117.250730][ T4311] XFS (loop0): Unmounting Filesystem [ 121.498171][ T5817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.417'. [ 122.081585][ T5834] netlink: 20 bytes leftover after parsing attributes in process `syz.0.420'. [ 122.093574][ T5831] ptrace attach of "./syz-executor exec"[4316] was attempted by ""[5831] [ 122.799451][ T5837] binder: 5836:5837 tried to acquire reference to desc 0, got 1 instead [ 122.889455][ T5837] binder: 5836:5837 ioctl c0306201 20000780 returned -14 [ 122.908148][ T4354] binder: release 5836:5837 transaction 40 out, still active [ 122.960773][ T4354] binder: send failed reply for transaction 40, target dead [ 124.432880][ T5859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.432'. [ 124.532682][ T5861] loop0: detected capacity change from 0 to 8 [ 125.376902][ T5859] bridge1: port 1(vlan2) entered blocking state [ 125.385805][ T5859] bridge1: port 1(vlan2) entered disabled state [ 125.408282][ T5859] device vlan2 entered promiscuous mode [ 125.409920][ T5859] device bridge0 entered promiscuous mode [ 125.659289][ T5863] loop4: detected capacity change from 0 to 256 [ 125.702403][ T5863] FAT-fs (loop4): Directory bread(block 64) failed [ 125.704359][ T5863] FAT-fs (loop4): Directory bread(block 65) failed [ 125.706964][ T5863] FAT-fs (loop4): Directory bread(block 66) failed [ 125.708758][ T5863] FAT-fs (loop4): Directory bread(block 67) failed [ 125.710843][ T5863] FAT-fs (loop4): Directory bread(block 68) failed [ 125.712601][ T5863] FAT-fs (loop4): Directory bread(block 69) failed [ 125.714468][ T5863] FAT-fs (loop4): Directory bread(block 70) failed [ 125.725226][ T5863] FAT-fs (loop4): Directory bread(block 71) failed [ 125.727402][ T5863] FAT-fs (loop4): Directory bread(block 72) failed [ 125.729258][ T5863] FAT-fs (loop4): Directory bread(block 73) failed [ 125.986611][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.988842][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 129.252050][ T5913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.448'. [ 130.062275][ T5917] tipc: Started in network mode [ 130.063751][ T5917] tipc: Node identity 7f000001, cluster identity 4711 [ 130.075931][ T5917] tipc: Enabled bearer , priority 10 [ 130.090369][ T5917] loop0: detected capacity change from 0 to 16 [ 130.102881][ T5917] erofs: (device loop0): erofs_superblock_csum_verify: invalid checksum 0x80a9593b, 0x7bbbea8c expected [ 130.113324][ T5848] udevd[5848]: incorrect erofs checksum on /dev/loop0 [ 130.179948][ T5848] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 130.190695][ T5917] tipc: Enabled bearer , priority 10 [ 130.398572][ T5925] loop4: detected capacity change from 0 to 8192 [ 131.196548][ T4354] tipc: Node number set to 2130706433 [ 133.555162][ T5951] netlink: 36 bytes leftover after parsing attributes in process `syz.2.462'. [ 134.295463][ T5964] tipc: Started in network mode [ 134.296940][ T5964] tipc: Node identity ac1414aa, cluster identity 4711 [ 134.299223][ T5964] tipc: Enabled bearer , priority 10 [ 134.353253][ T5964] tipc: Enabled bearer , priority 0 [ 134.668506][ T5972] loop4: detected capacity change from 0 to 256 [ 135.723789][ T24] tipc: Node number set to 2886997162 [ 136.153465][ T5997] loop4: detected capacity change from 0 to 8 [ 137.238332][ T6009] netlink: 36 bytes leftover after parsing attributes in process `syz.3.479'. [ 141.223598][ T6042] netlink: 'syz.1.493': attribute type 1 has an invalid length. [ 141.297645][ T6042] bond1: (slave veth5): Enslaving as an active interface with a down link [ 142.186475][ T6050] netlink: 36 bytes leftover after parsing attributes in process `syz.4.494'. [ 142.626670][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.493'. [ 142.629727][ T6042] 8021q: adding VLAN 0 to HW filter on device bond1 [ 142.884143][ T6063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.498'. [ 145.230209][ T6107] netlink: 'syz.2.513': attribute type 1 has an invalid length. [ 145.276345][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.3.514'. [ 145.331730][ T6107] bond1: (slave veth5): Enslaving as an active interface with a down link [ 145.420282][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.2.513'. [ 145.430600][ T6107] 8021q: adding VLAN 0 to HW filter on device bond1 [ 145.626636][ T6125] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 145.826767][ T6131] ptrace attach of "./syz-executor exec"[4311] was attempted by ""[6131] [ 146.212540][ T6145] capability: warning: `syz.1.522' uses deprecated v2 capabilities in a way that may be insecure [ 147.963693][ T6161] netlink: 'syz.4.528': attribute type 1 has an invalid length. [ 149.868226][ T6167] bond3: (slave veth5): Enslaving as an active interface with a down link [ 149.872994][ T6172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.529'. [ 149.886553][ T6173] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 150.134093][ T6178] binder: 6177:6178 tried to acquire reference to desc 0, got 1 instead [ 150.140654][ T6178] binder: 6177:6178 got transaction with invalid data ptr [ 150.141324][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.4.528'. [ 150.143018][ T6178] binder: 6177:6178 transaction call to 6177:0 failed 46/29201/-14, size 0-4088 line 3342 [ 150.171008][ T6161] 8021q: adding VLAN 0 to HW filter on device bond3 [ 150.215845][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 150.373651][ T4354] binder: undelivered TRANSACTION_ERROR: 29201 [ 150.375801][ T4354] binder: undelivered transaction 45, process died. [ 152.086574][ T24] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 152.138772][ T24] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 152.424470][ T6195] ptrace attach of "./syz-executor exec"[4306] was attempted by ""[6195] [ 155.151370][ T6231] tipc: Enabled bearer , priority 10 [ 155.202421][ T6231] tipc: Enabled bearer , priority 10 [ 155.482125][ T6238] binder: 6237:6238 tried to acquire reference to desc 0, got 1 instead [ 155.487258][ T4352] binder: release 6237:6238 transaction 51 out, still active [ 155.535667][ T4352] binder: undelivered TRANSACTION_COMPLETE [ 156.289451][ T6246] tipc: Started in network mode [ 156.290994][ T6246] tipc: Node identity 7f000001, cluster identity 4711 [ 156.293219][ T6246] tipc: Enabled bearer , priority 10 [ 156.312899][ T6216] loop4: detected capacity change from 0 to 32768 [ 156.333628][ T6246] tipc: Enabled bearer , priority 10 [ 156.425365][ T4352] binder: send failed reply for transaction 51, target dead [ 156.495529][ T6216] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.543 (6216) [ 156.558724][ T6216] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 156.561820][ T6216] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 156.564051][ T6216] BTRFS info (device loop4): using free space tree [ 157.380845][ T4466] tipc: Node number set to 2130706433 [ 157.440891][ T6216] BTRFS error (device loop4): open_ctree failed: -12 [ 160.566135][ T6296] netlink: 'syz.0.573': attribute type 10 has an invalid length. [ 161.733854][ T6296] team0: Port device dummy0 added [ 161.750162][ T6301] netlink: 'syz.0.573': attribute type 10 has an invalid length. [ 161.842551][ T6301] team0: Port device dummy0 removed [ 161.847212][ T6301] device dummy0 entered promiscuous mode [ 161.849542][ T6301] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 164.254988][ T4322] Bluetooth: hci0: command 0x0406 tx timeout [ 164.377282][ T6330] netlink: 'syz.0.574': attribute type 10 has an invalid length. [ 164.606555][ T6341] TCP: tcp_parse_options: Illegal window scaling value 94 > 14 received [ 165.143200][ T4315] Bluetooth: hci1: command 0x0406 tx timeout [ 165.145637][ T4313] Bluetooth: hci3: command 0x0406 tx timeout [ 165.147760][ T4322] Bluetooth: hci4: command 0x0406 tx timeout [ 166.598312][ T6330] wlan1: mtu greater than device maximum [ 166.643679][ T6330] bond0: (slave wlan1): Error -22 calling dev_set_mtu [ 166.974526][ T6352] netlink: 'syz.1.580': attribute type 10 has an invalid length. [ 167.067600][ T6352] team0: Port device dummy0 added [ 167.071428][ T6355] overlayfs: failed to clone upperpath [ 167.086824][ T6351] device bridge0 entered promiscuous mode [ 167.089693][ T6351] batman_adv: batadv0: Adding interface: macsec1 [ 167.091577][ T6351] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.099337][ T6351] batman_adv: batadv0: Interface activated: macsec1 [ 167.102581][ T6353] netlink: 'syz.1.580': attribute type 10 has an invalid length. [ 167.166664][ T6353] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 167.227665][ T6353] team0: Failed to send options change via netlink (err -105) [ 167.229812][ T6353] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 167.233512][ T6353] team0: Port device dummy0 removed [ 167.237147][ T6353] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 172.429916][ T6411] netlink: 'syz.2.597': attribute type 10 has an invalid length. [ 172.477776][ T6411] team0: Port device dummy0 added [ 172.479610][ T6413] netlink: 'syz.2.597': attribute type 10 has an invalid length. [ 172.482798][ T6413] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 172.516961][ T6413] team0: Failed to send options change via netlink (err -105) [ 172.524725][ T6413] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 172.538420][ T6413] team0: Port device dummy0 removed [ 172.553464][ T6413] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 172.822295][ T6407] binder: 6406:6407 ioctl c0306201 200003c0 returned -14 [ 174.639145][ T6442] netlink: 'syz.2.604': attribute type 10 has an invalid length. [ 181.339473][ T6502] netlink: 'syz.4.621': attribute type 10 has an invalid length. [ 182.721364][ T6502] wlan1: mtu greater than device maximum [ 182.723004][ T6502] bond0: (slave wlan1): Error -22 calling dev_set_mtu [ 182.909164][ T6523] netlink: 'syz.3.624': attribute type 10 has an invalid length. [ 183.042011][ T6525] loop0: detected capacity change from 0 to 64 [ 184.385565][ T6525] syz.0.639: attempt to access beyond end of device [ 184.385565][ T6525] loop0: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 184.389646][ T6525] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 184.392807][ T6525] syz.0.639: attempt to access beyond end of device [ 184.392807][ T6525] loop0: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 184.396541][ T6525] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 184.399043][ T6525] syz.0.639: attempt to access beyond end of device [ 184.399043][ T6525] loop0: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 184.402685][ T6525] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 184.405226][ T6525] syz.0.639: attempt to access beyond end of device [ 184.405226][ T6525] loop0: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 184.408919][ T6525] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 184.411215][ T6525] syz.0.639: attempt to access beyond end of device [ 184.411215][ T6525] loop0: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 184.414726][ T6525] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 184.417615][ T6525] syz.0.639: attempt to access beyond end of device [ 184.417615][ T6525] loop0: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 184.421203][ T6525] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 184.423408][ T6525] syz.0.639: attempt to access beyond end of device [ 184.423408][ T6525] loop0: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 184.426933][ T6525] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 184.429208][ T6525] syz.0.639: attempt to access beyond end of device [ 184.429208][ T6525] loop0: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 184.432814][ T6525] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 184.437062][ T6525] syz.0.639: attempt to access beyond end of device [ 184.437062][ T6525] loop0: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 184.527012][ T6523] bond0: (slave dummy0): Releasing backup interface [ 184.587631][ T6523] team0: Failed to send options change via netlink (err -105) [ 184.590185][ T6523] team0: Port device dummy0 added [ 184.605111][ T6529] netlink: 'syz.3.624': attribute type 10 has an invalid length. [ 184.612274][ T6529] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 184.645509][ T6529] team0: Failed to send options change via netlink (err -105) [ 184.655779][ T6529] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 184.665935][ T6529] team0: Port device dummy0 removed [ 184.680002][ T6529] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 184.748559][ T6536] batman_adv: batadv0: Adding interface: dummy0 [ 184.750397][ T6536] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 185.773052][ T6547] 8021q: adding VLAN 0 to HW filter on device bond2 [ 185.813187][ T6554] device bond_slave_0 entered promiscuous mode [ 185.815033][ T6554] device bond_slave_1 entered promiscuous mode [ 185.817464][ T6554] device dummy0 entered promiscuous mode [ 185.832190][ T6554] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 185.852650][ T6554] bond2: (slave macvlan2): Enslaving as a backup interface with an up link [ 185.860730][ T6551] device gtp0 entered promiscuous mode [ 185.875540][ T6557] netlink: 'syz.0.651': attribute type 10 has an invalid length. [ 185.904183][ T6557] bond0: (slave dummy0): Releasing backup interface [ 187.496323][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.498146][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.641930][ T6557] device dummy0 left promiscuous mode [ 187.663600][ T6557] team0: Port device dummy0 added [ 187.738534][ T6560] netlink: 'syz.0.651': attribute type 10 has an invalid length. [ 187.784734][ T6560] team0: Port device dummy0 removed [ 187.788726][ T6560] device dummy0 entered promiscuous mode [ 187.791059][ T6560] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 187.793773][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 190.432626][ T6605] ptrace attach of "./syz-executor exec"[4305] was attempted by " [ 190.890622][ T6603] device gtp0 entered promiscuous mode [ 192.280467][ T6618] loop4: detected capacity change from 0 to 64 [ 192.658167][ T6618] syz.4.661: attempt to access beyond end of device [ 192.658167][ T6618] loop4: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 192.661817][ T6618] Buffer I/O error on dev loop4, logical block 65, lost async page write [ 192.664263][ T6618] syz.4.661: attempt to access beyond end of device [ 192.664263][ T6618] loop4: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 192.667998][ T6618] Buffer I/O error on dev loop4, logical block 66, lost async page write [ 192.670554][ T6618] syz.4.661: attempt to access beyond end of device [ 192.670554][ T6618] loop4: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 192.674117][ T6618] Buffer I/O error on dev loop4, logical block 67, lost async page write [ 192.676650][ T6618] syz.4.661: attempt to access beyond end of device [ 192.676650][ T6618] loop4: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 192.680276][ T6618] Buffer I/O error on dev loop4, logical block 68, lost async page write [ 192.682778][ T6618] syz.4.661: attempt to access beyond end of device [ 192.682778][ T6618] loop4: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 192.686402][ T6618] Buffer I/O error on dev loop4, logical block 72, lost async page write [ 192.689010][ T6618] syz.4.661: attempt to access beyond end of device [ 192.689010][ T6618] loop4: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 192.692795][ T6618] Buffer I/O error on dev loop4, logical block 73, lost async page write [ 192.695363][ T6618] syz.4.661: attempt to access beyond end of device [ 192.695363][ T6618] loop4: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 192.698951][ T6618] Buffer I/O error on dev loop4, logical block 76, lost async page write [ 192.701419][ T6618] syz.4.661: attempt to access beyond end of device [ 192.701419][ T6618] loop4: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 192.705025][ T6618] Buffer I/O error on dev loop4, logical block 77, lost async page write [ 192.731954][ T6618] syz.4.661: attempt to access beyond end of device [ 192.731954][ T6618] loop4: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 193.009808][ T6627] Set syz0 is full, maxelem 0 reached [ 194.209385][ T6643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.670'. [ 194.535714][ T6660] netlink: 'syz.0.675': attribute type 4 has an invalid length. [ 194.587664][ T6660] netlink: 'syz.0.675': attribute type 4 has an invalid length. [ 194.834124][ T6668] loop0: detected capacity change from 0 to 1024 [ 194.864389][ T6668] hfsplus: invalid uid specified [ 194.870850][ T6668] hfsplus: unable to parse mount options [ 196.490399][ T6696] loop4: detected capacity change from 0 to 32768 [ 196.492675][ T27] audit: type=1326 audit(654.340:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.500896][ T27] audit: type=1326 audit(654.340:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.506974][ T27] audit: type=1326 audit(654.340:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.512790][ T27] audit: type=1326 audit(654.340:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.521009][ T6696] Dev loop4 SGI disklabel: csum bad, label corrupted [ 196.525221][ T27] audit: type=1326 audit(654.340:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.530960][ T27] audit: type=1326 audit(654.340:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.544067][ T27] audit: type=1326 audit(654.340:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.551876][ T27] audit: type=1326 audit(654.340:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.558172][ T27] audit: type=1326 audit(654.340:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.564029][ T27] audit: type=1326 audit(654.340:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6684 comm="syz.2.685" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7fc00000 [ 196.641896][ T6703] loop0: detected capacity change from 0 to 512 [ 196.659649][ T6703] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 196.718697][ T6703] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 196.774022][ T4311] EXT4-fs (loop0): unmounting filesystem. [ 196.856301][ T6720] netlink: 16 bytes leftover after parsing attributes in process `syz.1.696'. [ 197.082574][ T6736] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 198.262418][ T6751] loop0: detected capacity change from 0 to 2048 [ 202.364168][ T6782] debugfs: Directory 'netdev:nicvf0' with parent 'phy6' already present! [ 206.562501][ T6829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.733'. [ 206.578093][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 206.639068][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.733'. [ 206.799980][ T6839] netlink: 24 bytes leftover after parsing attributes in process `syz.4.737'. [ 207.976690][ T6856] siw: device registration error -23 [ 208.019456][ T6856] netlink: 6 bytes leftover after parsing attributes in process `syz.4.741'. [ 208.021897][ T6856] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 208.041289][ T6860] netlink: 'syz.3.743': attribute type 10 has an invalid length. [ 208.055582][ T6860] bond0: (slave dummy0): Releasing backup interface [ 208.124845][ T6860] device dummy0 left promiscuous mode [ 208.139336][ T6860] team0: Failed to send options change via netlink (err -105) [ 208.141596][ T6860] team0: Port device dummy0 added [ 208.149922][ T6869] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 208.164378][ T6867] netlink: 'syz.3.743': attribute type 10 has an invalid length. [ 208.210995][ T6867] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 208.233715][ T6867] team0: Failed to send options change via netlink (err -105) [ 208.236052][ T6867] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 208.239383][ T6867] team0: Port device dummy0 removed [ 208.243810][ T6867] device dummy0 entered promiscuous mode [ 208.246465][ T6867] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 210.419312][ T6880] bond0: (slave dummy0): Releasing backup interface [ 210.461990][ T6880] batman_adv: batadv0: Adding interface: dummy0 [ 210.463845][ T6880] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.498014][ T6880] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 210.650114][ T6895] netlink: 24 bytes leftover after parsing attributes in process `syz.1.753'. [ 212.877768][ T6920] netlink: 'syz.4.761': attribute type 10 has an invalid length. [ 212.880120][ T6920] batman_adv: batadv0: Removing interface: dummy0 [ 212.904291][ T6920] team0: Failed to send options change via netlink (err -105) [ 212.906468][ T6920] team0: Port device dummy0 added [ 212.914464][ T6920] netlink: 'syz.4.761': attribute type 10 has an invalid length. [ 212.925496][ T6920] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 212.965175][ T6920] team0: Failed to send options change via netlink (err -105) [ 212.970641][ T6920] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 212.981903][ T6920] team0: Port device dummy0 removed [ 212.998883][ T6920] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 213.001434][ T6924] netlink: 16 bytes leftover after parsing attributes in process `syz.1.762'. [ 213.004845][ T11] tipc: Resetting bearer [ 213.234506][ T6938] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 213.241827][ T6938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.247447][ T6938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.076440][ T7010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.794'. [ 218.419796][ T7015] loop4: detected capacity change from 0 to 2048 [ 219.186046][ T7017] netlink: 24 bytes leftover after parsing attributes in process `syz.3.806'. [ 219.277582][ T7023] netlink: 'syz.1.798': attribute type 1 has an invalid length. [ 219.280960][ T7021] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 219.326442][ T7021] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 219.329457][ T7021] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 219.337072][ T7023] bond2: (slave gretap1): making interface the new active one [ 219.339949][ T7023] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 219.357956][ T7021] Remounting filesystem read-only [ 219.522023][ T7023] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 220.773267][ T7039] Driver unsupported XDP return value 0 on prog (id 84) dev N/A, expect packet loss! [ 220.934426][ T7052] loop0: detected capacity change from 0 to 256 [ 221.050671][ T7058] netlink: 'syz.3.807': attribute type 4 has an invalid length. [ 221.243956][ T7067] device batadv_slave_0 entered promiscuous mode [ 222.055273][ T4322] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 222.058490][ T4322] Bluetooth: hci1: Injecting HCI hardware error event [ 222.061529][ T4322] Bluetooth: hci1: hardware error 0x00 [ 224.865056][ T4322] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 225.518476][ T7118] loop0: detected capacity change from 0 to 4096 [ 225.627113][ T7118] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 225.693043][ T7118] ntfs3: loop0: Failed to load $UpCase. [ 225.944011][ T6637] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 226.047448][ T7101] bond0: (slave wlan1): Releasing backup interface [ 230.141734][ T7175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.846'. [ 230.252394][ T7178] capability: warning: `syz.0.842' uses 32-bit capabilities (legacy support in use) [ 233.011104][ T7193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.851'. [ 234.324527][ T7219] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 234.331962][ T7219] CIFS mount error: No usable UNC path provided in device string! [ 234.331962][ T7219] [ 234.335050][ T7219] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 235.107364][ T7226] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 235.135771][ T7226] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 236.920589][ T7254] loop0: detected capacity change from 0 to 256 [ 236.923163][ T7254] exfat: Deprecated parameter 'namecase' [ 236.924710][ T7254] exfat: Deprecated parameter 'namecase' [ 238.200362][ T7254] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x18d51376, utbl_chksum : 0xe619d30d) [ 238.608598][ T7270] netlink: 165 bytes leftover after parsing attributes in process `syz.1.875'. [ 239.390163][ T7277] 9pnet_fd: Insufficient options for proto=fd [ 241.068077][ T7303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.884'. [ 241.070864][ T7303] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 241.861065][ T7303] device team1 entered promiscuous mode [ 247.727161][ T7352] loop0: detected capacity change from 0 to 764 [ 249.329942][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.331799][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 250.339990][ T7378] netlink: 'syz.0.901': attribute type 4 has an invalid length. [ 250.395583][ T7378] netlink: 'syz.0.901': attribute type 4 has an invalid length. [ 253.011359][ T7395] siw: device registration error -23 [ 253.020607][ T7395] netlink: 6 bytes leftover after parsing attributes in process `syz.2.912'. [ 253.023206][ T7395] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 253.955563][ T7418] netlink: 165 bytes leftover after parsing attributes in process `syz.3.917'. [ 260.845626][ T7475] CIFS mount error: No usable UNC path provided in device string! [ 260.845626][ T7475] [ 260.848359][ T7475] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 264.245579][ T7500] binder: 7498:7500 tried to acquire reference to desc 0, got 1 instead [ 264.274187][ T7500] binder: 7498:7500 got transaction with invalid handle, 0 [ 264.287489][ T7507] netlink: 'syz.3.954': attribute type 5 has an invalid length. [ 264.292059][ T7500] binder: 7500:7498 translate handle failed [ 264.293738][ T7500] binder: 7498:7500 transaction async to 7498:0 failed 58/29201/-22, size 72-24 line 3402 [ 264.302665][ T6270] binder: undelivered TRANSACTION_ERROR: 29201 [ 271.197424][ T7602] overlayfs: statfs failed on './file0' [ 272.494191][ T7617] loop0: detected capacity change from 0 to 32768 [ 272.510084][ T4322] Bluetooth: hci4: hardware error 0x09 [ 272.910159][ T7617] XFS (loop0): Mounting V5 Filesystem [ 273.359703][ T7647] trusted_key: encrypted_key: master key parameter '' is invalid [ 273.421979][ T7617] XFS (loop0): Ending clean mount [ 273.429479][ T7617] XFS (loop0): Quotacheck needed: Please wait. [ 273.493906][ T7617] XFS (loop0): Quotacheck: Done. [ 274.503984][ T4311] XFS (loop0): Unmounting Filesystem [ 275.063603][ T4322] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 278.275926][ T7705] xt_CT: You must specify a L4 protocol and not use inversions on it [ 280.562750][ T7716] loop0: detected capacity change from 0 to 8192 [ 280.669010][ T7716] loop0: p1 p2[DM] p4 [ 280.670340][ T7716] loop0: p1 size 196608 extends beyond EOD, truncated [ 280.680845][ T7716] loop0: p2 start 4292936063 is beyond EOD, truncated [ 280.815891][ T7729] binder: 7715:7729 tried to acquire reference to desc 0, got 1 instead [ 281.391582][ T7716] loop0: p4 size 50331648 extends beyond EOD, truncated [ 281.497789][ T4367] binder: release 7715:7729 transaction 63 out, still active [ 281.500063][ T4367] binder: undelivered TRANSACTION_COMPLETE [ 281.566164][ T111] binder: send failed reply for transaction 63, target dead [ 281.612448][ T7739] mmap: syz.2.1014 (7739) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 281.633375][ T7741] loop0: detected capacity change from 0 to 256 [ 281.647975][ T7696] udevd[7696]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 281.656097][ T7741] exfat: Deprecated parameter 'namecase' [ 281.657672][ T7741] exfat: Deprecated parameter 'codepage' [ 281.659183][ T7741] exfat: Bad value for 'codepage' [ 281.681239][ T7742] udevd[7742]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 281.841871][ T7748] loop0: detected capacity change from 0 to 1024 [ 281.844258][ T7748] EXT4-fs: Ignoring removed nobh option [ 281.855366][ T7748] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 284.003119][ T7748] EXT4-fs (loop0): can't mount with data_err=abort, fs mounted w/o journal [ 284.875942][ T7742] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 293.406863][ T7873] loop0: detected capacity change from 0 to 64 [ 293.433776][ T7876] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1058'. [ 294.657202][ T7895] xt_bpf: check failed: parse error [ 295.099218][ T87] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.103168][ T4315] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 295.108413][ T4315] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 295.111948][ T4315] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 295.114827][ T4315] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 295.123546][ T4315] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 295.126443][ T4315] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 295.278180][ T87] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.386662][ T87] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.394180][ T7922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1076'. [ 295.549788][ T87] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.613158][ T7906] lo speed is unknown, defaulting to 1000 [ 297.712225][ T7906] chnl_net:caif_netlink_parms(): no params data found [ 297.725022][ T4315] Bluetooth: hci2: command 0x0409 tx timeout [ 299.805009][ T4315] Bluetooth: hci2: command 0x041b tx timeout [ 299.909115][ T7906] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.911250][ T7906] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.914061][ T7906] device bridge_slave_0 entered promiscuous mode [ 299.927420][ T7906] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.931720][ T7906] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.943613][ T7906] device bridge_slave_1 entered promiscuous mode [ 300.008896][ T87] tipc: Disabling bearer [ 300.012754][ T87] tipc: Disabling bearer [ 300.023687][ T87] tipc: Left network mode [ 300.035336][ T7906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.068097][ T7906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.140520][ T7906] team0: Port device team_slave_0 added [ 300.153925][ T7906] team0: Port device team_slave_1 added [ 300.201532][ T7906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.207999][ T7906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.233616][ T7906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 300.243638][ T7906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 300.246114][ T7906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.253104][ T7906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 300.437317][ T7906] device hsr_slave_0 entered promiscuous mode [ 300.475384][ T7906] device hsr_slave_1 entered promiscuous mode [ 300.514952][ T7906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 300.518157][ T7906] Cannot create hsr debugfs directory [ 300.689229][ T7906] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 300.769928][ T7906] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 300.806819][ T7906] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 300.878392][ T7906] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 301.109144][ T7906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.170145][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 301.172783][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 301.182676][ T7906] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.194704][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 301.197534][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.202308][ T5025] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.204265][ T5025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.268376][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 301.271027][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 301.273739][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 301.281218][ T5025] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.283183][ T5025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.288677][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 301.291567][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 301.303574][ T7906] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 301.310326][ T7906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 301.314846][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 301.320271][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 301.323381][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 301.327479][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 301.330191][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 301.332704][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 301.337407][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 301.340006][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 301.424085][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 301.428630][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 301.712841][ T7906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.722617][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 301.724808][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 301.815443][ T4315] Bluetooth: hci2: command 0x040f tx timeout [ 302.156875][ T87] device hsr_slave_0 left promiscuous mode [ 302.197483][ T87] device hsr_slave_1 left promiscuous mode [ 302.316104][ T87] device dummy0 left promiscuous mode [ 302.415391][ T87] device veth1_macvtap left promiscuous mode [ 302.417512][ T87] device veth0_macvtap left promiscuous mode [ 302.419264][ T87] device veth1_vlan left promiscuous mode [ 302.420982][ T87] device veth0_vlan left promiscuous mode [ 302.585860][ T87] bond1 (unregistering): (slave macvlan2): Releasing backup interface [ 303.348335][ T87] bond1 (unregistering): Released all slaves [ 303.905657][ T4322] Bluetooth: hci2: command 0x0419 tx timeout [ 306.777447][ T87] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 308.271837][ T87] bond0 (unregistering): Released all slaves [ 308.473933][ T5034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 308.476910][ T5034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 308.497784][ T7906] device veth0_vlan entered promiscuous mode [ 308.503601][ T7906] device veth1_vlan entered promiscuous mode [ 308.512620][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 308.515645][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 308.518423][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 308.521022][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 308.523395][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 308.540782][ T7906] device veth0_macvtap entered promiscuous mode [ 308.551871][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 308.555371][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 308.558061][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 308.561297][ T7906] device veth1_macvtap entered promiscuous mode [ 308.574179][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 308.577644][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 308.583052][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.592744][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.597699][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.600547][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.603241][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.609382][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.613314][ T7906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 308.616330][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 308.619145][ T5025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 308.624272][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.633602][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.640498][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.643346][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.649673][ T7906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.652459][ T7906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.660503][ T7906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 308.662853][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 308.668656][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 308.673135][ T7906] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.677879][ T7906] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.680383][ T7906] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.682749][ T7906] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.737425][ T5039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.739846][ T5039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.744822][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 308.761278][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.763663][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.779164][ T5039] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 310.977935][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.979732][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.206773][ T8084] mmap: syz.3.1093 (8084): VmData 175906816 exceed data ulimit 67108945. Update limits or use boot option ignore_rlimit_data. [ 316.369414][ T8158] loop5: detected capacity change from 0 to 8 [ 316.371933][ T8158] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 316.560352][ T8158] cramfs: Error -5 while decompressing! [ 316.562166][ T8158] cramfs: 000000006b4cddd8(26)->00000000183ae3ce(4096) [ 316.564230][ T8158] cramfs: Error -3 while decompressing! [ 316.565882][ T8158] cramfs: 0000000041682b3c(26)->00000000ca87bdd6(4096) [ 316.567926][ T8158] cramfs: Error -3 while decompressing! [ 316.569397][ T8158] cramfs: 00000000d46c621b(16)->0000000044d0d5d7(4096) [ 316.571817][ T8158] cramfs: Error -5 while decompressing! [ 316.573301][ T8158] cramfs: 000000006b4cddd8(26)->00000000183ae3ce(4096) [ 317.133547][ T8054] udevd[8054]: incorrect cramfs checksum on /dev/loop5 [ 318.316377][ T8178] netlink: 'syz.3.1131': attribute type 4 has an invalid length. [ 318.319299][ T8178] netlink: 'syz.3.1131': attribute type 4 has an invalid length. [ 319.648783][ T8190] loop5: detected capacity change from 0 to 16 [ 319.651348][ T8190] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 324.439682][ T8226] loop5: detected capacity change from 0 to 256 [ 324.456441][ T8224] sch_tbf: burst 1821 is lower than device lo mtu (17233) ! [ 324.483298][ T8226] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 324.619376][ T8225] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1136'. [ 324.726155][ T8237] tipc: Enabling of bearer rejected, failed to enable media [ 326.653590][ T8267] loop5: detected capacity change from 0 to 1024 [ 326.665663][ T8267] ext4: Unknown parameter 'inode_readahe' [ 327.553383][ T8054] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 327.756190][ T8276] fuse: Bad value for 'fd' [ 327.821993][ T8276] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1146'. [ 329.590321][ T8309] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1154'. [ 329.677912][ T8312] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 329.680792][ T8312] FAT-fs (loop5): unable to read boot sector [ 329.717560][ T27] kauditd_printk_skb: 38 callbacks suppressed [ 329.717572][ T27] audit: type=1326 audit(788.647:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 329.755694][ T27] audit: type=1326 audit(788.677:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=448 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 329.802675][ T8324] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1157'. [ 329.836843][ T8323] tipc: Started in network mode [ 329.843947][ T8323] tipc: Node identity ac1414aa, cluster identity 4711 [ 329.861361][ T8323] tipc: Enabled bearer , priority 10 [ 329.884690][ T8323] tipc: Enabled bearer , priority 0 [ 329.936116][ T27] audit: type=1326 audit(788.677:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 329.971639][ T27] audit: type=1326 audit(788.677:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8bf5b354 code=0x7ffc0000 [ 330.275072][ T27] audit: type=1326 audit(788.687:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 330.820683][ T27] audit: type=1326 audit(788.687:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 330.835531][ T27] audit: type=1326 audit(788.687:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8311 comm="syz.2.1156" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 330.916406][ T14] tipc: Node number set to 2886997162 [ 331.709560][ T8344] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1162'. [ 331.716734][ T8344] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1162'. [ 331.888302][ T8344] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1162'. [ 332.135162][ T4322] Bluetooth: hci0: command 0x2016 tx timeout [ 332.452910][ T8383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1170'. [ 336.741460][ T8477] syz.4.1184 sent an empty control message without MSG_MORE. [ 337.457757][ T8485] overlayfs: failed to clone upperpath [ 342.309508][ T8525] trusted_key: encrypted_key: insufficient parameters specified [ 343.331748][ T8537] 9pnet_fd: Insufficient options for proto=fd [ 343.390174][ T8537] loop5: detected capacity change from 0 to 512 [ 343.978397][ T8554] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 344.461400][ T8537] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 344.767189][ T8537] EXT4-fs (loop5): required journal recovery suppressed and not mounted read-only [ 347.250898][ T8591] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1212'. [ 347.269270][ T8591] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1212'. [ 353.184209][ T4315] Bluetooth: hci2: link tx timeout [ 353.186143][ T4315] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 354.337514][ T8677] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1231'. [ 355.169667][ T8688] loop5: detected capacity change from 0 to 64 [ 355.274996][ T4315] Bluetooth: hci2: command 0x0406 tx timeout [ 355.285158][ T8688] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 355.853917][ T8688] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop5 [ 356.095261][ T8688] netlink: 'syz.5.1235': attribute type 2 has an invalid length. [ 356.262297][ T8717] fuse: Bad value for 'fd' [ 356.279660][ T4322] Bluetooth: hci0: Malformed Event: 0x48 [ 359.215069][ T4322] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 359.378269][ T4322] Bluetooth: hci0: Injecting HCI hardware error event [ 359.381897][ T4322] Bluetooth: hci0: hardware error 0x00 [ 363.495005][ T4322] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 363.503040][ T8764] netlink: 'syz.4.1251': attribute type 8 has an invalid length. [ 364.104124][ T8811] tipc: Enabling of bearer rejected, failed to enable media [ 364.803393][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1266'. [ 368.568726][ T8873] binder: 8871:8873 tried to acquire reference to desc 0, got 1 instead [ 368.585838][ T4367] binder: release 8871:8873 transaction 68 out, still active [ 368.587863][ T4367] binder: undelivered TRANSACTION_COMPLETE [ 368.589575][ T4367] binder: undelivered TRANSACTION_COMPLETE [ 368.615637][ T8840] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.617821][ T8840] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.632799][ T4367] binder: send failed reply for transaction 68, target dead [ 368.634797][ T4367] binder: undelivered transaction 69, process died. [ 368.702987][ T8840] device bond_slave_0 left promiscuous mode [ 368.710180][ T8840] device bond_slave_1 left promiscuous mode [ 368.711819][ T8840] device dummy0 left promiscuous mode [ 371.841191][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.843041][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 372.995645][ T8840] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 373.047278][ T8840] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 373.607399][ T8840] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.610189][ T8840] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.612760][ T8840] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.616114][ T8840] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.782948][ T8840] device gtp0 left promiscuous mode [ 373.994228][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1282'. [ 374.031335][ T8884] bridge1: port 1(ip6gretap1) entered blocking state [ 374.035450][ T8884] bridge1: port 1(ip6gretap1) entered disabled state [ 374.051698][ T8884] device ip6gretap1 entered promiscuous mode [ 374.067004][ T8886] device veth3 entered promiscuous mode [ 374.068789][ T8886] bridge1: port 2(veth3) entered blocking state [ 374.071907][ T8886] bridge1: port 2(veth3) entered disabled state [ 374.087590][ T8951] netlink: 'syz.4.1291': attribute type 1 has an invalid length. [ 374.149719][ T8951] 8021q: adding VLAN 0 to HW filter on device bond4 [ 374.164602][ T8952] bond4: (slave veth11): Enslaving as an active interface with a down link [ 374.292433][ T8953] device veth1 entered promiscuous mode [ 374.294588][ T8953] device veth1 left promiscuous mode [ 374.853775][ T8950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 374.880399][ T8953] bond4: (slave vlan2): making interface the new active one [ 374.886549][ T8953] device veth1 entered promiscuous mode [ 374.889006][ T8953] device vlan2 entered promiscuous mode [ 374.896341][ T8953] bond4: (slave vlan2): Enslaving as an active interface with an up link [ 374.904347][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 375.368289][ T8992] Error parsing options; rc = [-22] [ 375.597064][ T9003] loop5: detected capacity change from 0 to 1024 [ 376.566427][ T5056] hfsplus: b-tree write err: -5, ino 4 [ 376.652279][ T9021] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1305'. [ 376.675497][ T9024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.860300][ T9036] device batadv0 entered promiscuous mode [ 376.862251][ T9036] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 376.875887][ T9036] bond0: (slave macvlan3): Enslaving as an active interface with an up link [ 379.085399][ T9054] netlink: 'syz.3.1316': attribute type 3 has an invalid length. [ 379.666978][ T9054] netlink: 'syz.3.1316': attribute type 3 has an invalid length. [ 379.712653][ T9064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.722779][ T9064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.730539][ T9062] tipc: Failed to remove unknown binding: 66,1,1/0:2634779061/2634779063 [ 379.739875][ T9062] tipc: Failed to remove unknown binding: 66,1,1/0:2634779061/2634779063 [ 379.742529][ T9062] tipc: Failed to remove unknown binding: 66,1,1/0:2634779061/2634779063 [ 380.744205][ T9079] netlink: 'syz.4.1323': attribute type 3 has an invalid length. [ 380.750401][ T9079] netlink: 'syz.4.1323': attribute type 3 has an invalid length. [ 381.055552][ T9090] loop5: detected capacity change from 0 to 16 [ 382.236360][ T9090] erofs: (device loop5): mounted with root inode @ nid 36. [ 384.273259][ T9121] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1336'. [ 384.278145][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1336'. [ 384.284244][ T9121] netlink: 'syz.3.1336': attribute type 10 has an invalid length. [ 384.293619][ T9121] bridge0: port 3(team0) entered blocking state [ 384.295672][ T9121] bridge0: port 3(team0) entered disabled state [ 384.298351][ T9121] device team0 entered promiscuous mode [ 384.299825][ T9121] device team_slave_0 entered promiscuous mode [ 384.301568][ T9121] device team_slave_1 entered promiscuous mode [ 384.545643][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1341'. [ 386.847002][ T9157] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 386.850356][ T9157] tipc: Resetting bearer [ 386.854410][ T9157] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 386.857010][ T9157] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 388.363709][ T9164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1352'. [ 390.150727][ T9183] xt_CT: You must specify a L4 protocol and not use inversions on it [ 390.160374][ T9180] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.163187][ T9180] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.165801][ T9180] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.168164][ T9180] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.227214][ T9180] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 392.413930][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 392.427976][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 392.432285][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 393.213252][ T9220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1367'. [ 393.220040][ T9220] netlink: 'syz.2.1367': attribute type 5 has an invalid length. [ 393.222285][ T9220] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1367'. [ 393.230929][ T9220] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 393.233497][ T9220] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 393.674989][ T9220] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 393.915014][ T9220] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 393.935131][ T9220] device geneve2 entered promiscuous mode [ 395.156793][ T9233] loop5: detected capacity change from 0 to 16 [ 395.306986][ T9233] erofs: (device loop5): mounted with root inode @ nid 36. [ 395.382693][ T4322] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 395.391303][ T9233] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 395.398998][ T9233] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 395.403162][ T9233] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 395.407029][ T9233] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 399.497907][ T9265] set match dimension is over the limit! [ 399.590354][ T9268] xt_bpf: check failed: parse error [ 400.548580][ T9281] netlink: 'syz.3.1381': attribute type 4 has an invalid length. [ 400.865321][ T4322] Bluetooth: hci2: command 0x0406 tx timeout [ 401.047100][ T27] audit: type=1326 audit(859.817:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9266 comm="syz.5.1379" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb655ce28 code=0x0 [ 401.166643][ T5034] device vlan2 left promiscuous mode [ 401.858593][ T9298] netlink: 'syz.3.1386': attribute type 10 has an invalid length. [ 401.934323][ T9301] netlink: 'syz.2.1388': attribute type 1 has an invalid length. [ 402.060025][ T9301] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 402.068685][ T9307] loop5: detected capacity change from 0 to 512 [ 402.921523][ T9301] device veth7 entered promiscuous mode [ 402.923844][ T9307] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 402.933944][ T9301] bond2: (slave veth7): Enslaving as a backup interface with a down link [ 403.110280][ T7906] EXT4-fs (loop5): unmounting filesystem. [ 403.820666][ T9329] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 403.892755][ T9331] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1395'. [ 404.943480][ T9342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 404.975662][ T9345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1401'. [ 404.978682][ T9345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1401'. [ 404.979556][ T9342] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 405.079895][ T9342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1400'. [ 405.251328][ T9354] loop5: detected capacity change from 0 to 16 [ 405.259829][ T9354] erofs: (device loop5): mounted with root inode @ nid 36. [ 405.352912][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'. [ 406.220231][ T9363] binder: 9362:9363 tried to acquire reference to desc 0, got 1 instead [ 406.238184][ T9363] binder: 9362:9363 got transaction with invalid data ptr [ 406.240242][ T9363] binder: 9362:9363 transaction async to 9362:0 failed 74/29201/-14, size 0-24 line 3342 [ 406.257682][ T4353] binder: undelivered TRANSACTION_ERROR: 29201 [ 406.485693][ T9375] loop5: detected capacity change from 0 to 256 [ 406.604161][ T9375] FAT-fs (loop5): Directory bread(block 64) failed [ 406.606287][ T9375] FAT-fs (loop5): Directory bread(block 65) failed [ 406.608872][ T9375] FAT-fs (loop5): Directory bread(block 66) failed [ 406.610845][ T9375] FAT-fs (loop5): Directory bread(block 67) failed [ 406.613068][ T9375] FAT-fs (loop5): Directory bread(block 68) failed [ 406.614963][ T9375] FAT-fs (loop5): Directory bread(block 69) failed [ 406.617196][ T9375] FAT-fs (loop5): Directory bread(block 70) failed [ 406.619230][ T9375] FAT-fs (loop5): Directory bread(block 71) failed [ 406.621419][ T9375] FAT-fs (loop5): Directory bread(block 72) failed [ 406.623442][ T9375] FAT-fs (loop5): Directory bread(block 73) failed [ 408.691148][ T9391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 408.707335][ T9391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.801326][ T27] audit: type=1326 audit(1124.724:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.817218][ T27] audit: type=1326 audit(1124.734:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.837516][ T27] audit: type=1326 audit(1124.734:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.869905][ T9412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1421'. [ 409.877988][ T27] audit: type=1326 audit(1124.744:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9a35b354 code=0x7ffc0000 [ 409.886498][ T9412] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 409.892511][ T27] audit: type=1326 audit(1124.744:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.895634][ T9410] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1421'. [ 409.899338][ T27] audit: type=1326 audit(1124.744:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.907280][ T27] audit: type=1326 audit(1124.744:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.913188][ T27] audit: type=1326 audit(1124.744:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.932102][ T27] audit: type=1326 audit(1124.784:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 409.938442][ T27] audit: type=1326 audit(1124.804:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9408 comm="syz.3.1422" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a35ce28 code=0x7ffc0000 [ 410.285012][ T9410] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 410.760789][ T9421] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 410.824062][ T9434] devtmpfs: Unknown parameter 'dirsynck9ěk9X[GcN13Hs~vѸ L D쮔 eOptC{7-`'*+k2WQҗNEZ'r{ҬZz6eUb:Ԑ$#C6[YH^B@ɜl !/JU8q~쭶H7؇#eQRՆNWXa' [ 418.199084][ T9473] loop5: detected capacity change from 0 to 262144 [ 418.477468][ T9473] F2FS-fs (loop5): Found nat_bits in checkpoint [ 418.659861][ T9473] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 425.741416][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1459'. [ 425.747095][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1459'. [ 425.783548][ T9547] lo speed is unknown, defaulting to 1000 [ 425.872342][ T9552] netlink: 'syz.1.1462': attribute type 1 has an invalid length. [ 426.019643][ T9554] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 426.022182][ T9554] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 426.024516][ T9554] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 426.165512][ T9554] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 426.702584][ T9554] bond3: (slave geneve2): making interface the new active one [ 426.719364][ T9554] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 426.789635][ T9552] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 426.872246][ T9563] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1464'. [ 427.251621][ T9571] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 428.557673][ T9587] tipc: Enabling of bearer rejected, failed to enable media [ 432.817361][ T9632] serio: Serial port pts0 [ 433.520743][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.539274][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 434.919785][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 434.919797][ T27] audit: type=1326 audit(1149.844:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 434.930650][ T27] audit: type=1326 audit(1149.854:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.011120][ T27] audit: type=1326 audit(1149.934:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.035229][ T27] audit: type=1326 audit(1149.954:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.044746][ T27] audit: type=1326 audit(1149.964:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.056648][ T27] audit: type=1326 audit(1149.984:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff91b5b354 code=0x7ffc0000 [ 435.062991][ T27] audit: type=1326 audit(1149.984:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.084144][ T27] audit: type=1326 audit(1149.984:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.090913][ T27] audit: type=1326 audit(1149.984:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.410434][ T27] audit: type=1326 audit(1149.984:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x7ffc0000 [ 435.814136][ T9661] batman_adv: batadv0: Removing interface: dummy0 [ 435.851543][ T9661] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.853707][ T9661] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.863301][ T9661] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.869486][ T9661] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.872277][ T9661] batman_adv: batadv0: Interface deactivated: macsec1 [ 435.874278][ T9661] batman_adv: batadv0: Removing interface: macsec1 [ 436.413738][ T4315] Bluetooth: Wrong link type (-22) [ 437.202049][ T9693] tipc: Enabling of bearer rejected, failed to enable media [ 437.573714][ T9702] loop5: detected capacity change from 0 to 1024 [ 437.636048][ T9702] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 438.889648][ T7906] EXT4-fs (loop5): unmounting filesystem. [ 439.171429][ T9732] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1509'. [ 439.320056][ T9738] binder: 9737:9738 tried to acquire reference to desc 0, got 1 instead [ 439.338923][ T9738] binder: 9737:9738 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 439.358734][ T9738] binder: 9738 RLIMIT_NICE not set [ 439.363677][ T9738] binder: 9738 RLIMIT_NICE not set [ 439.371152][ T9738] binder: 9738 RLIMIT_NICE not set [ 439.413184][ T4603] binder: undelivered TRANSACTION_COMPLETE [ 443.489442][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1531'. [ 443.501998][ T9792] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 447.901376][ T9829] netlink: 'syz.3.1542': attribute type 1 has an invalid length. [ 447.962487][ T9829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 447.975024][ T9829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 447.985339][ T9829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 447.987873][ T9829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 447.991245][ T9829] bond3: (slave geneve2): making interface the new active one [ 447.993849][ T9829] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 448.011160][ T9829] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1542'. [ 448.014147][ T9829] 8021q: adding VLAN 0 to HW filter on device bond3 [ 448.021479][ T27] kauditd_printk_skb: 25 callbacks suppressed [ 448.021489][ T27] audit: type=1326 audit(1162.944:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.4.1540" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff91b5ce28 code=0x0 [ 448.054298][ T4427] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 448.063331][ T9832] netlink: 'syz.2.1543': attribute type 11 has an invalid length. [ 452.328498][ T9876] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1567'. [ 452.350094][ T9876] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1567'. [ 452.423958][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1558'. [ 452.428182][ T9880] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1558'. [ 452.530163][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1558'. [ 452.877140][ T9892] netlink: 'syz.2.1561': attribute type 4 has an invalid length. [ 453.875813][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1563'. [ 455.580691][ T9920] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1564'. [ 455.825237][ T9943] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 455.834972][ T9943] tipc: Resetting bearer [ 455.843290][ T9943] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 455.846897][ T9943] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 456.393600][ T9944] loop5: detected capacity change from 0 to 64 [ 456.437192][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.437192][ T9944] loop5: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 456.440732][ T9944] Buffer I/O error on dev loop5, logical block 65, lost async page write [ 456.443066][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.443066][ T9944] loop5: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 456.446696][ T9944] Buffer I/O error on dev loop5, logical block 66, lost async page write [ 456.448866][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.448866][ T9944] loop5: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 456.452356][ T9944] Buffer I/O error on dev loop5, logical block 67, lost async page write [ 456.454554][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.454554][ T9944] loop5: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 456.458029][ T9944] Buffer I/O error on dev loop5, logical block 68, lost async page write [ 456.460148][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.460148][ T9944] loop5: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 456.463511][ T9944] Buffer I/O error on dev loop5, logical block 72, lost async page write [ 456.466162][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.466162][ T9944] loop5: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 456.469712][ T9944] Buffer I/O error on dev loop5, logical block 73, lost async page write [ 456.471919][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.471919][ T9944] loop5: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 456.475629][ T9944] Buffer I/O error on dev loop5, logical block 76, lost async page write [ 456.477915][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.477915][ T9944] loop5: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 456.481493][ T9944] Buffer I/O error on dev loop5, logical block 77, lost async page write [ 456.485078][ T9944] syz.5.1569: attempt to access beyond end of device [ 456.485078][ T9944] loop5: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 458.236585][ T9966] netlink: 'syz.1.1578': attribute type 4 has an invalid length. [ 458.281113][ T4603] lo speed is unknown, defaulting to 1000 [ 458.977240][ T9971] 9pnet_fd: Insufficient options for proto=fd [ 463.073336][T10012] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1592'. [ 463.559051][T10025] binder: 10024:10025 tried to acquire reference to desc 0, got 1 instead [ 463.568004][T10025] binder: 10024:10025 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 463.571848][T10025] binder: 10025 RLIMIT_NICE not set [ 463.573414][T10025] binder: 10025 RLIMIT_NICE not set [ 463.617959][T10025] binder: 10025 RLIMIT_NICE not set [ 463.619512][T10025] binder: 10024:10025 got transaction with invalid parent offset or type [ 463.621962][T10025] binder: 10024:10025 transaction reply to 10024:10025 failed 86/29201/-22, size 96-24 line 3448 [ 463.624850][T10025] binder: send failed reply for transaction 85 to 10024:10025 [ 463.641453][ T4466] binder: undelivered TRANSACTION_ERROR: 29190 [ 463.643355][ T4466] binder: undelivered TRANSACTION_COMPLETE [ 463.645204][ T4466] binder: undelivered TRANSACTION_ERROR: 29201 [ 467.260026][ T4315] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 467.338788][ T4315] Bluetooth: hci2: Injecting HCI hardware error event [ 467.344660][ T4315] Bluetooth: hci2: hardware error 0x00 [ 467.547583][T10057] netlink: 'syz.4.1594': attribute type 4 has an invalid length. [ 471.143611][ T4322] Bluetooth: hci3: Malformed Event: 0x48 [ 471.905172][ T4315] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 475.390604][T10133] netlink: 'syz.5.1620': attribute type 4 has an invalid length. [ 483.183198][T10187] lo speed is unknown, defaulting to 1000 [ 483.679141][T10199] netlink: 'syz.3.1639': attribute type 4 has an invalid length. [ 490.640520][T10281] netlink: 'syz.5.1655': attribute type 8 has an invalid length. [ 491.827768][T10298] Error parsing options; rc = [-22] [ 493.145958][T10304] netlink: 'syz.1.1658': attribute type 1 has an invalid length. [ 493.371551][T10304] 8021q: adding VLAN 0 to HW filter on device bond4 [ 494.616328][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 494.618081][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 494.849562][T10312] bond4: (slave veth9): Enslaving as an active interface with a down link [ 495.796670][T10304] device veth1 entered promiscuous mode [ 495.798867][T10304] device veth1 left promiscuous mode [ 495.803221][T10304] bond4: (slave vlan2): making interface the new active one [ 495.806419][T10304] device veth1 entered promiscuous mode [ 495.808577][T10304] device vlan2 entered promiscuous mode [ 495.810255][T10304] bond4: (slave vlan2): Enslaving as an active interface with an up link [ 495.813053][ T4877] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 495.920586][T10303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.968321][T10340] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1672'. [ 496.110958][T10349] xt_CT: You must specify a L4 protocol and not use inversions on it [ 500.267300][T10383] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1682'. [ 501.342807][T10398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1689'. [ 501.351310][T10398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1689'. [ 502.829281][T10417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 504.982382][ T27] audit: type=1326 audit(1219.904:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.2.1699" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x0 [ 505.071167][T10450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1701'. [ 505.343066][T10463] xt_bpf: check failed: parse error [ 510.598747][T10511] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 512.176623][T10523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1724'. [ 513.546087][T10550] lo speed is unknown, defaulting to 1000 [ 515.613736][T10560] netlink: 'syz.2.1725': attribute type 1 has an invalid length. [ 516.319316][T10560] bond3 (unregistering): Released all slaves [ 522.650671][T10635] netlink: 'syz.3.1739': attribute type 1 has an invalid length. [ 523.759868][T10650] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1741'. [ 523.762641][T10650] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.765091][T10650] IPv6: NLM_F_CREATE should be set when creating new route [ 529.072595][T10702] netlink: 'syz.2.1755': attribute type 1 has an invalid length. [ 529.090765][T10669] could not allocate digest TFM handle sha1-ssse3 [ 529.168997][T10705] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 529.179539][T10705] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 529.266744][T10705] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 529.269333][T10705] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 529.274320][T10705] bond3: (slave geneve3): making interface the new active one [ 529.280200][T10705] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 530.615359][T10712] loop5: detected capacity change from 0 to 256 [ 531.167058][T10712] FAT-fs (loop5): Directory bread(block 64) failed [ 531.169038][T10712] FAT-fs (loop5): Directory bread(block 65) failed [ 531.170941][T10712] FAT-fs (loop5): Directory bread(block 66) failed [ 531.172838][T10712] FAT-fs (loop5): Directory bread(block 67) failed [ 531.174952][T10712] FAT-fs (loop5): Directory bread(block 68) failed [ 531.176761][T10712] FAT-fs (loop5): Directory bread(block 69) failed [ 531.178532][T10712] FAT-fs (loop5): Directory bread(block 70) failed [ 531.180302][T10712] FAT-fs (loop5): Directory bread(block 71) failed [ 531.182088][T10712] FAT-fs (loop5): Directory bread(block 72) failed [ 531.183853][T10712] FAT-fs (loop5): Directory bread(block 73) failed [ 533.368176][ T11] device vlan2 left promiscuous mode [ 533.386992][ T27] audit: type=1326 audit(1248.314:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 533.397294][ T27] audit: type=1326 audit(1248.324:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 533.791273][T10739] loop5: detected capacity change from 0 to 4096 [ 534.083312][ T27] audit: type=1326 audit(1248.984:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.083344][T10739] ntfs: volume version 3.1. [ 534.170233][ T27] audit: type=1326 audit(1248.994:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.192488][ T27] audit: type=1326 audit(1248.994:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.224939][ T27] audit: type=1326 audit(1248.994:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.274076][ T27] audit: type=1326 audit(1248.994:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.280258][ T27] audit: type=1326 audit(1248.994:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.287188][ T27] audit: type=1326 audit(1249.084:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.293011][ T27] audit: type=1326 audit(1249.084:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10737 comm="syz.2.1772" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 534.351236][T10743] lo speed is unknown, defaulting to 1000 [ 534.399139][T10745] netlink: 'syz.5.1762': attribute type 1 has an invalid length. [ 534.428138][T10745] device veth5 entered promiscuous mode [ 534.432175][T10745] bond1: (slave veth5): Enslaving as a backup interface with a down link [ 547.049486][T10873] netlink: 'syz.3.1794': attribute type 10 has an invalid length. [ 554.276339][T10944] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1815'. [ 556.815995][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 556.818210][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 559.009102][T10977] loop5: detected capacity change from 0 to 1024 [ 559.081629][T10977] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 564.056134][ T7906] EXT4-fs (loop5): unmounting filesystem. [ 566.417690][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 566.417825][ T27] audit: type=1326 audit(1281.324:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11052 comm="syz.2.1843" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 567.097052][ T27] audit: type=1326 audit(1281.324:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11052 comm="syz.2.1843" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 567.113488][ T27] audit: type=1326 audit(1282.024:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11052 comm="syz.2.1843" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 567.119717][ T27] audit: type=1326 audit(1282.024:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11052 comm="syz.2.1843" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 567.180602][ T27] audit: type=1326 audit(1282.024:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11052 comm="syz.2.1843" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bf5ce28 code=0x7ffc0000 [ 570.045346][T11063] netlink: 'syz.4.1845': attribute type 10 has an invalid length. [ 570.047833][T11063] wlan1: mtu greater than device maximum [ 570.049318][T11063] bond0: (slave wlan1): Error -22 calling dev_set_mtu [ 571.484916][T11093] dlm: non-version read from control device 36 [ 571.510094][T11095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1851'. [ 579.401958][T11168] tipc: Enabling of bearer rejected, failed to enable media [ 579.545153][T11147] netlink: 'syz.5.1865': attribute type 10 has an invalid length. [ 579.573441][T11147] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 581.052257][T11187] tipc: Enabling of bearer rejected, failed to enable media [ 581.939637][T11188] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1877'. [ 581.943869][T11188] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1877'. [ 584.159490][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1887'. [ 584.177892][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1887'. [ 589.896400][T11262] loop5: detected capacity change from 0 to 256 [ 589.959869][T11262] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 589.962922][T11262] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 589.984666][T11262] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 594.450905][T11299] netlink: 'syz.1.1906': attribute type 10 has an invalid length. [ 594.482048][T11299] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 596.120754][T11324] delete_channel: no stack [ 596.320157][T11311] device syzkaller0 entered promiscuous mode [ 597.911314][T11317] tipc: Enabled bearer , priority 0 [ 597.928204][T11331] tipc: Resetting bearer [ 597.965478][T11331] tipc: Resetting bearer [ 598.685542][T11331] tipc: Disabling bearer [ 604.278279][T11373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1923'. [ 604.345444][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1923'. [ 615.179313][T11489] tipc: Enabling of bearer rejected, failed to enable media [ 616.724724][T11504] loop5: detected capacity change from 0 to 1024 [ 617.505317][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 617.507200][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 617.548444][T11504] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 618.481036][ T7906] EXT4-fs (loop5): unmounting filesystem. [ 621.319107][T11554] loop5: detected capacity change from 0 to 256 [ 621.348041][T11554] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 621.353523][T11554] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 621.460084][T11560] tipc: Enabling of bearer rejected, failed to enable media [ 621.535927][T11554] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 621.538144][T11554] UDF-fs: Scanning with blocksize 512 failed [ 622.532552][T11554] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 622.917931][T11554] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 623.040069][T11564] netlink: 'syz.1.1973': attribute type 10 has an invalid length. [ 623.315483][T11585] netlink: 'syz.2.1974': attribute type 10 has an invalid length. [ 624.903403][T11610] ptrace attach of "./syz-executor exec"[7906] was attempted by "./syz-executor exec"[11610] [ 630.235364][T11655] tipc: Enabled bearer , priority 0 [ 630.242744][T11655] device syzkaller0 entered promiscuous mode [ 631.344361][T11664] tipc: Resetting bearer [ 631.360151][T11646] tipc: Resetting bearer [ 634.927999][T11646] tipc: Disabling bearer [ 636.182580][T11701] loop5: detected capacity change from 0 to 256 [ 636.301816][T11701] exfat: Deprecated parameter 'namecase' [ 636.416479][T11701] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d) [ 639.129614][T11717] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 639.132643][T11717] Mem abort info: [ 639.133653][T11717] ESR = 0x0000000086000006 [ 639.135009][T11717] EC = 0x21: IABT (current EL), IL = 32 bits [ 639.136699][T11717] SET = 0, FnV = 0 [ 639.137759][T11717] EA = 0, S1PTW = 0 [ 639.138884][T11717] FSC = 0x06: level 2 translation fault [ 639.140537][T11717] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000128466000 [ 639.142548][T11717] [0000000000000000] pgd=0800000116f6b003, p4d=0800000116f6b003, pud=08000001181d8003, pmd=0000000000000000 [ 639.145991][T11717] Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP [ 639.147961][T11717] Modules linked in: [ 639.148999][T11717] CPU: 0 PID: 11717 Comm: syz.1.2010 Not tainted 6.1.147-syzkaller #0 [ 639.151243][T11717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.153921][T11717] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 639.156095][T11717] pc : 0x0 [ 639.156893][T11717] lr : bond_xdp_xmit+0x27c/0x45c [ 639.158289][T11717] sp : ffff800021ab7220 [ 639.159431][T11717] x29: ffff800021ab72e0 x28: 000000000000000f x27: ffff800021ab7248 [ 639.161618][T11717] x26: dfff800000000000 x25: ffff800012b2fcb8 x24: ffff0000cd728000 [ 639.163845][T11717] x23: fffffbffeff92150 x22: ffff0000d0c34000 x21: fffffbffeff92150 [ 639.166107][T11717] x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000 [ 639.168385][T11717] x17: 0000000000000000 x16: ffff8000082d0ec4 x15: 0000000000000002 [ 639.170664][T11717] x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000 [ 639.172859][T11717] x11: 0000000000004ffc x10: ffff800022169000 x9 : ffff800021ab7280 [ 639.174995][T11717] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 639.177133][T11717] x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000001 [ 639.179290][T11717] x2 : ffff800021ab72a0 x1 : 0000000000000001 x0 : ffff0000cd728000 [ 639.181449][T11717] Call trace: [ 639.182358][T11717] 0x0 [ 639.183145][T11717] bq_xmit_all+0xab0/0xf10 [ 639.184427][T11717] __dev_flush+0xc4/0x18c [ 639.185571][T11717] xdp_do_flush+0x14/0x28 [ 639.186772][T11717] bpf_test_run_xdp_live+0x10e0/0x1544 [ 639.188321][T11717] bpf_prog_test_run_xdp+0x560/0xb88 [ 639.189717][T11717] bpf_prog_test_run+0x2dc/0x364 [ 639.191104][T11717] __sys_bpf+0x4ec/0x634 [ 639.192259][T11717] __arm64_sys_bpf+0x80/0x98 [ 639.193549][T11717] invoke_syscall+0x98/0x2bc [ 639.194868][T11717] el0_svc_common+0x138/0x258 [ 639.196163][T11717] do_el0_svc+0x58/0x13c [ 639.197364][T11717] el0_svc+0x58/0x138 [ 639.198494][T11717] el0t_64_sync_handler+0x84/0xf0 [ 639.199891][T11717] el0t_64_sync+0x18c/0x190 [ 639.201110][T11717] Code: bad PC value [ 639.202187][T11717] ---[ end trace 0000000000000000 ]--- [ 639.248824][T11723] tipc: Enabling of bearer rejected, failed to enable media [ 639.790966][T11717] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 639.793066][T11717] SMP: stopping secondary CPUs [ 639.794382][T11717] Kernel Offset: disabled [ 639.795586][T11717] CPU features: 0x080000,02070084,26017203 [ 639.797181][T11717] Memory Limit: none [ 640.351023][T11717] Rebooting in 86400 seconds..