last executing test programs: 15m29.600412617s ago: executing program 4 (id=711): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x183341, 0x60) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) read$FUSE(r1, 0x0, 0x0) 15m28.345762855s ago: executing program 4 (id=722): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r2 = memfd_create(&(0x7f00000004c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g&\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05N\xb9\x1dOr\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) close(0x3) fcntl$addseals(r2, 0x409, 0x7) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000001c0)={r2, 0x1, 0x0, 0x8000}) r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5803, 0x800, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r3, 0x80003519, 0x0, 0x0, 0x0, 0x0) 15m27.76528718s ago: executing program 4 (id=725): ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x1) ioctl$TCXONC(0xffffffffffffffff, 0x4b3a, 0x2) 15m27.426654971s ago: executing program 4 (id=729): r0 = syz_open_dev$I2C(&(0x7f0000000280), 0x0, 0x149000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2002c841}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) vmsplice(r1, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r0, 0x0, 0x20000004) setpgid(r2, 0x0) setpgid(0x0, r2) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001) 15m26.866510108s ago: executing program 4 (id=733): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000800)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 15m26.230397623s ago: executing program 4 (id=737): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) poll(&(0x7f0000009b00)=[{}], 0x20, 0x72) 15m24.727502639s ago: executing program 32 (id=737): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) poll(&(0x7f0000009b00)=[{}], 0x20, 0x72) 3m50.162034113s ago: executing program 3 (id=3937): openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340), 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xb4) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1, 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) 3m46.438377124s ago: executing program 3 (id=3947): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = dup(r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xdb, @empty}}, 0xffb, 0x203, 0xffff18b6, 0x6, 0x330, 0x8, 0xdb}, 0x9c) sendmsg$inet6(r0, &(0x7f0000000540)={&(0x7f0000000000)={0xa, 0x4e24, 0x8004, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7fff}, 0x1c, &(0x7f0000000440)=[{0x0}], 0x1}, 0x40054) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e24, @loopback}}, 0xabb8, 0x67, 0xa4f, 0xc4, 0x4e, 0xffffff85, 0xa9}, 0x9c) 3m45.644815697s ago: executing program 0 (id=3948): socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_io_uring_setup(0x17aa, &(0x7f0000000080)={0x0, 0x374e, 0x0, 0x2, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000640)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0x7fffffff, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x1f, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r0, 0x22ce, 0x1d, 0x0, 0x0, 0x0) 3m43.614934151s ago: executing program 0 (id=3951): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000f40), 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x8, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {}, {0xfff2, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newtfilter={0x60, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x30, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14, 0x20, [0xffffffff, 0xff, 0x0, 0xff]}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK={0x6}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4040000}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m43.478715734s ago: executing program 3 (id=3952): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000"], 0x68}}, 0x64000004) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 3m42.80677309s ago: executing program 0 (id=3953): mknod$loop(0x0, 0x1000, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0xfffffffc) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 3m42.293352093s ago: executing program 0 (id=3955): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0xc480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x2) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x300) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) syz_clone3(0x0, 0x0) getpgid(0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) 3m40.91189381s ago: executing program 0 (id=3957): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) close(0xffffffffffffffff) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xfffffffffffffff4, 0x1000, 0x8, 0x0, 0x5, 0x7}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0xfffffe64, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x5, 0x6, 0x40, 0x5, 0x100, 0xfff, 0xffff9efc, 0xffff7f79}}}}]}, 0x58}}, 0x4010804) 3m40.433705222s ago: executing program 3 (id=3959): fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000640)}], 0x2}}], 0x1, 0x2090) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0000f5"], 0xfd1) 3m39.878793764s ago: executing program 0 (id=3960): sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) io_setup(0x3, &(0x7f0000008240)) 3m37.554104263s ago: executing program 33 (id=3960): sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) io_setup(0x3, &(0x7f0000008240)) 3m37.512733291s ago: executing program 1 (id=3962): r0 = socket$phonet(0x23, 0x2, 0x1) r1 = dup(r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000001000), r1) 3m37.396737959s ago: executing program 3 (id=3964): mknod$loop(0x0, 0x1000, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0xfffffffc) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 3m36.54718152s ago: executing program 1 (id=3965): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x80000}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xcc}}, 0x0) 3m35.999015955s ago: executing program 3 (id=3966): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000001c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") ioprio_set$pid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) write(0xffffffffffffffff, &(0x7f0000000a00)="c7", 0x1) sendfile(0xffffffffffffffff, r0, 0x0, 0x3ffff) 3m35.622740948s ago: executing program 1 (id=3968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x8, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0) 3m34.407932881s ago: executing program 1 (id=3969): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) close(0xffffffffffffffff) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xfffffffffffffff4, 0x1000, 0x8, 0x0, 0x5, 0x7}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0xfffffe64, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x5, 0x6, 0x40, 0x5, 0x100, 0xfff, 0xffff9efc, 0xffff7f79}}}}]}, 0x58}}, 0x4010804) 3m32.785649646s ago: executing program 1 (id=3971): openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340), 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xb4) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1, 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) 3m31.507784752s ago: executing program 1 (id=3973): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0x101, 0x0) close(r5) close(r3) socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r3, 0x0, 0x1100000000f334, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) 3m20.244116229s ago: executing program 34 (id=3966): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000001c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") ioprio_set$pid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) write(0xffffffffffffffff, &(0x7f0000000a00)="c7", 0x1) sendfile(0xffffffffffffffff, r0, 0x0, 0x3ffff) 3m16.165227567s ago: executing program 35 (id=3973): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0x101, 0x0) close(r5) close(r3) socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r3, 0x0, 0x1100000000f334, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) 24.859511351s ago: executing program 6 (id=4413): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, 0x0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000540)={'filter\x00', 0x0, 0x0, 0x0, [0xa652, 0x8, 0x9, 0xffffffff, 0x10000005, 0x100000000], 0x0, 0x0}, 0x78) 23.722452409s ago: executing program 6 (id=4419): socket(0x10, 0x803, 0x0) ftruncate(0xffffffffffffffff, 0x2007ffc) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e23, 0x5, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x44}}, 0x7}, 0x1c) 22.262161495s ago: executing program 6 (id=4423): fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2090) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c00"], 0xfd1) 20.082367543s ago: executing program 6 (id=4432): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0xc480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x2) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x300) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) syz_clone3(0x0, 0x0) getpgid(0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) 17.28930672s ago: executing program 6 (id=4441): socket$netlink(0x10, 0x3, 0xf) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f00000010c0)=ANY=[], 0x1, 0x2d0, &(0x7f00000004c0)="$eJzs3T9rLFUUAPAz+y8bLXYRG0VwQAur8KKlTVZ5gpBKWBsbF18eyG54kMCCEY2p8gW0FMFPYWtn7TcQtBTskiIyMjsz2d1kN67kn+T9fk1O7r1n5tx7YVPtyaev7Q6fPEvi6OS3aLeTqG3FVpwm0Y1aVL6JkwAAHo7TLIu/sohoFr8nK2c2ardXFQBwm4q//4X7rgUAuBt//PjOV73t7ccfpWk7Xukcj/tJROwej/vFfO9pfB6j2IlH0YmziOxcEX/w4fbjaKS5bry5ezjuj+ee3/sz1if5m9GJ7uL8zbRQ5vcj8p/NeCHS6D1tVo/qxMuL899ekB/9Vrz1xkz9G9GJXz+LZzGKJ5HnTvO/3kzT97PvTr78JH9Nnp/Uor82WVdaj8jqd3YpAAAAAAAAAAAAAAAAAAAAAAA8eBtpmhTteyb9e/Khsv9O/Wwyv5FWuvP9eYr8837BRX+gLMoWPYdZfF/113mUpmlWLpzmN+LVRjTuZ9cAAAAAAAAAAAAAAAAAAADw/7L/xcFwMBrt7F07qA8Ho6obQPW1/mpN/T8+cGtm5PU4GA7qFx44s3ht+dTFYLbbQF7rlYuj0YgbOJZ/D+Ln9byeJWt+KOstR+qr7TQP1qaX+3GZXl3Mje7ipffOK0zLqeqQh4OkeNfymtvV1E+zU61YuYwkmRuZ3O1oZy+bHNRZNn+n7bnDnE61lr3i2yTfxUqnkV9N68WFU39nWbbadt79vbijciSZtNhY7S6aZbBwg3nQvnzvvyx/4NKPjPp1P3MAAAAAAAAAAAAAAAAAAIDF5r84fcHRlam1WysKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO7Y9P//V0E7IuZHLgWHZfJVa8qgFXv797xFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngP/BAAA//+TA0R/") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000080), 0x4) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) r4 = syz_open_pts(r0, 0x0) r5 = dup3(r4, r0, 0x0) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000140)=0x12) 17.266062597s ago: executing program 7 (id=4442): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f00000002c0), 0x1, 0x51a, &(0x7f0000000f00)="$eJzs3c9vI1cdAPCvnThxfnSTlh4AQbu0hQWt1km8bVT1AOWIUCVEjyBtQ+KNothxFDulCXtIz1yRqMSJHvkDOPfEgRsXBDcuywGJHxFog8TBaMaTrDdrb6xNYqfx5yON5r2ZWX+/L868t36O/QIYWTcj4iAiJiLig4iYy47nsi3ebW/JdY8OH6weHT5YzUWr9f4/c+n55Fh0/JvETPaYxYj44acRP8k9Hbext7+5Uq1WdrL6QrO2vdDY27+zUVtZr6xXtsrl5aXlxbfvvlW+sLa+WpvISl99+IeDb/0sSWs2O9LZjovUbnrhJE5iPCK+fxnBhmAsa8/EsBPhueQj4qWIeC29/+diLH02AYDrrNWai9ZcZx0AuO7y6RxYLl/K5gJmI58vldpzeC/HdL5abzRv36/vbq2158rmo5C/v1GtLGZzhfNRyCX1pbT8uF4+Vb8bES9GxC8mp9J6abVeXRvmf3wAYITNnBr//zPZHv8BgGuuOOwEAICB6zH+Hww6DwBgcLz+B4DRY/wHgNFTTL/DYWrYaQAAA+T1PwCMHuM/AIyUH7z3XrK1jrLvv177cG93s/7hnbVKY7NU210trdZ3tkvr9fp6+p09tbMer1qvby+9GbsfzX97u9FcaOzt36vVd7ea99Lv9b5XKaRX+WQBAAzTi69+9udcMiK/M5Vu0bGWQ2GomQGXLT/sBIChGetRBq4/q33B6DrHa3zTA3BNdFmi9wnF6PIBoVar1bq8lIBLdutL5v9hVHXM//srYBgx5vxhdJn/h9HVauX6XfM/+r0QALjazPEDPd7/fynb/yZ7c+DHa6ev+OQyswIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICr7Xj931K2Fvhs5POlUsQLETEfhdz9jWplMSJuRMSfJguTSX1pyDkDAOeV/1suW//r1twbs0+cemXmpDgRET/91fu//Gil2dz5Y8RE7l+Tx8ebn2THy4PPHgA42/E4ne47Xsg/OnywerwNMp+/fzciiu34R4cTcXQSfzzG030xChEx/e9cVm/LdcxdnMfBxxHxxW7tz8VsOgfSXvn0dPwk9gsDjZ9/In4+PdfeJz+LL1xALjBqPkv6n3e73X/5uJnuu9//xbSHOr+s/0seavUo7QMfxz/u/8Z69H83+43x5u++1y5NPX3u44gvj0ccxz7q6H+O4+d6xH+jz/h/+corr/U61/p1xK3oHr8z1kKztr3Q2Nu/s1FbWa+sV7bK5eWl5cW3775VXkjnqBd6jwb/eOf2jV7nkvZP94hfPKP9X++z/Z/+74Mffe0Z8b/5erf4+Xj5GfGTMfEbfcZfmf5tsde5JP5aj/af9fzf7jP+w7/uP7VsOAAwPI29/c2VarWy86zCjaOIs675XBaiv4t/n/2wrkTOI11InoUrkEbXwnc6jszEJcaa6HEz/vz19q/pZETnL3ar9VyxevUYFzHrBlwFJzd9RPx32MkAAAAAAAAAAAAAAABdDeLTUcNuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANfX/wMAAP//jMfJaQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/'}, 0x51) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe2(&(0x7f0000000040), 0x0) 15.159517759s ago: executing program 5 (id=4447): openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340), 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) mkdir(0x0, 0xb4) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000040)=0x1, 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, 0x0, 0x0) setsockopt$inet6_opts(r4, 0x29, 0x36, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x80800) openat$cgroup_ro(r3, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0) 13.85877275s ago: executing program 7 (id=4450): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20) shutdown(r0, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b1, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x16, 0x1}) io_uring_enter(r3, 0xd44, 0x44c1, 0x7, 0x0, 0x0) 13.738143181s ago: executing program 6 (id=4451): socket$nl_route(0x10, 0x3, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x4000845) ioprio_set$uid(0x3, 0x0, 0x0) r1 = syz_io_uring_setup(0x1ca0, &(0x7f0000000380)={0x0, 0x60d1, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x28, 0x0, 0x0) 13.410423325s ago: executing program 2 (id=4453): connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000300000006"], 0x34c}}, 0x0) 13.410097053s ago: executing program 5 (id=4454): socket$inet6(0xa, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) io_setup(0x1, &(0x7f0000000380)=0x0) io_submit(r5, 0x0, &(0x7f0000002700)) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x192}}, 0x20}}, 0x0) 11.506923225s ago: executing program 8 (id=4457): syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0xb4) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1, 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) 10.694557564s ago: executing program 2 (id=4458): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0) 10.654063973s ago: executing program 5 (id=4459): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000380)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback={0x5f000000}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x1, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 10.344094858s ago: executing program 8 (id=4460): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x4090}, 0x4040) 9.22711334s ago: executing program 5 (id=4461): socket$netlink(0x10, 0x3, 0xf) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f00000010c0)=ANY=[], 0x1, 0x2d0, &(0x7f00000004c0)="$eJzs3T9rLFUUAPAz+y8bLXYRG0VwQAur8KKlTVZ5gpBKWBsbF18eyG54kMCCEY2p8gW0FMFPYWtn7TcQtBTskiIyMjsz2d1kN67kn+T9fk1O7r1n5tx7YVPtyaev7Q6fPEvi6OS3aLeTqG3FVpwm0Y1aVL6JkwAAHo7TLIu/sohoFr8nK2c2ardXFQBwm4q//4X7rgUAuBt//PjOV73t7ccfpWk7Xukcj/tJROwej/vFfO9pfB6j2IlH0YmziOxcEX/w4fbjaKS5bry5ezjuj+ee3/sz1if5m9GJ7uL8zbRQ5vcj8p/NeCHS6D1tVo/qxMuL899ekB/9Vrz1xkz9G9GJXz+LZzGKJ5HnTvO/3kzT97PvTr78JH9Nnp/Uor82WVdaj8jqd3YpAAAAAAAAAAAAAAAAAAAAAAA8eBtpmhTteyb9e/Khsv9O/Wwyv5FWuvP9eYr8837BRX+gLMoWPYdZfF/113mUpmlWLpzmN+LVRjTuZ9cAAAAAAAAAAAAAAAAAAADw/7L/xcFwMBrt7F07qA8Ho6obQPW1/mpN/T8+cGtm5PU4GA7qFx44s3ht+dTFYLbbQF7rlYuj0YgbOJZ/D+Ln9byeJWt+KOstR+qr7TQP1qaX+3GZXl3Mje7ipffOK0zLqeqQh4OkeNfymtvV1E+zU61YuYwkmRuZ3O1oZy+bHNRZNn+n7bnDnE61lr3i2yTfxUqnkV9N68WFU39nWbbadt79vbijciSZtNhY7S6aZbBwg3nQvnzvvyx/4NKPjPp1P3MAAAAAAAAAAAAAAAAAAIDF5r84fcHRlam1WysKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO7Y9P//V0E7IuZHLgWHZfJVa8qgFXv797xFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngP/BAAA//+TA0R/") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000080), 0x4) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) r4 = syz_open_pts(r0, 0x0) r5 = dup3(r4, r0, 0x0) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000140)=0x12) 9.125896687s ago: executing program 7 (id=4462): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1000}, 0x1c) 9.008077546s ago: executing program 8 (id=4463): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0xffffffffffffff2d, 0x2, 0x1, 0x0, 0x10}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x0) 8.569786161s ago: executing program 2 (id=4464): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 7.95983256s ago: executing program 8 (id=4465): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r1) setuid(0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48040}, 0x4004000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x4050}, 0x8804) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffcffff03400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x3c, 0x0, 0x8, 0x103, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6004}]}, 0x3c}}, 0x0) 7.770758581s ago: executing program 7 (id=4466): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x40, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x40}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="280000000306010100000000000000000a0000030900020073797a32000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x800) 6.668002015s ago: executing program 2 (id=4467): unshare(0x60400) r0 = open(0x0, 0x2c102, 0x6e) sendfile(r0, r0, 0x0, 0x800000009) fallocate(0xffffffffffffffff, 0x8, 0x4000, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24008040) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='vxcan1\x00', 0x10) bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x2, 0x0, 0x33, r1}, 0x10) 6.138234877s ago: executing program 8 (id=4468): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="e00000001000090500000000000000006f6d8864d22a3f2ffaa46c88bca90000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce28715f5f28"], 0xe0}], 0x1}, 0x40040) 6.111189999s ago: executing program 7 (id=4469): socket$inet6(0xa, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) io_setup(0x1, &(0x7f0000000380)=0x0) io_submit(r5, 0x0, &(0x7f0000002700)) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x192}}, 0x20}}, 0x0) 5.426863232s ago: executing program 5 (id=4470): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x4, {0x2, 0x0, 0x0, 0x0, 0x0, 0x8}, [@NDA_MASTER={0x8, 0x9, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x20000080) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2], 0x24}}, 0x0) 4.907283529s ago: executing program 2 (id=4471): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000380)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback={0x5f000000}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x1, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 4.176152487s ago: executing program 8 (id=4472): socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002040)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000002000)={&(0x7f0000000640)=@newtaction={0x1984, 0x30, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [{0x29c, 0x1, [@m_csum={0x1a0, 0x8, 0x0, 0x0, {{0x9}, {0x74, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x10000000, 0x3, 0x6}, 0x38}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x9, 0x4, 0x8, 0x56}, 0x6c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xfff, 0x9, 0x8, 0x80000001, 0xa}, 0x25}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7b28d10c, 0xe1c, 0x0, 0x4, 0xc6}}}]}, {0x103, 0x6, "2127646f04335b3cdcf6ecb02333b6440cd3fb167b079e53d8c9923f751d99b332c7e18edd4934e5ae146eb786c474711ba79cbb4fafc0594e31f57cb2cc9170e067a60cd3346da851797201b290c952c8221d50c838a1d66a13637b3d1eaf8a491dd8e43be76c4fdf32a9a73196c3d800998c216dfcf1cf6a95016aee6c7a1bdf45e73f7caa71e52e554265fb44b397990fbfa98c0fd27f4a84e7ef8a5c2a893d01946b71d68c402135b8d822394ff14d34521bace5fcadce3d09a8dcf2bd026cc16ddbc8150a369814a6c0cd5867eb2ef7852c774bfe6e1889b1a266ed818167ba77277d37f657671973d90d6f07adac18d408837d15c8ea8b284524ed1e"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_simple={0xf8, 0x1b, 0x0, 0x0, {{0xb}, {0x88, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x5f, 0x8, 0x4, 0x6d, 0x7}}, @TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x6, 0x1, 0x1ff, 0x7}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x2, 0x20000000, 0xd29}}, @TCA_DEF_PARMS={0x18, 0x2, {0xd, 0x5, 0x2, 0x7fff, 0x4}}, @TCA_DEF_DATA={0x9, 0x3, 'syz0\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x3, 0x4ce9, 0x4, 0x100, 0x6c}}]}, {0x46, 0x6, "e30ff9c39266ca36ebf6ee07c8bace143c52d06bd7101126193e29e7bef854136a4f501d4013a63554245201f0919f8cd459631dd3944b49573822ebd4a3d338127a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, {0x16d4, 0x1, [@m_vlan={0xa8, 0x1a, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xec9}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x3, 0x3414, 0x0, 0x9f6, 0xffffffff}, 0x1}}]}, {0x58, 0x6, "65affafa75546e218df4b87d9a12a5cd3e546645d7add90f1bb3161dc3ed014e05c783d137d8db763dd1e12ab38cabb15ae3c5aa7740cbbb88c9786e6113cd96fc440a651650e08b065c2b2e6183ba15d20ef2e4"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_mirred={0xd8, 0x12, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x7, 0xffffffffffffffff, 0x1023, 0x2}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x40000, 0x4, 0x2, 0x3, 0x7f}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xffffffff, 0xa000000, 0x2, 0x0, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x5d, 0x10000000, 0x5, 0xe}, 0x1}}]}, {0x2b, 0x6, "1de174f6d4fd2c99655df033eb4aa8b5c69e193780568a59d783aa443aaddb6280cc1dfff90823"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ife={0x160, 0xf, 0x0, 0x0, {{0x8}, {0x8c, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x79, 0x1, 0x2, 0x3, 0x34a}, 0x1}}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_SKBMARK={0x8, 0x1, @val=0x2}, @IFE_META_PRIO={0x8, 0x3, @val=0x3}]}, @TCA_IFE_PARMS={0x1c, 0x1, {{0xfffffacb, 0x8, 0x6, 0x401, 0x8}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x2, 0x2, 0x6, 0x80}, 0x1}}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0xaf, 0x6, "07bd673b369267faee453ef09075ef21eb086fa4f9510b868bc191c00dd64186186dbf57fbc059b436f9f3ca085842311bc5f314f0e8af566b4556966e4cc4a4111ac7c6b3f55a7e1d0a920c465cb4816745501dcb03090504d6e601945a210c75d892f1d0cd724506ab4b0de14e5d8c1fc7f80de25d50351df9544ad76b0f2658210f27679d48453c4e8d2cfcaf3c0b734f9feb9efceb44cc40a172f63c566c9bc987a38c6bc8ff08a722"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_nat={0x1054, 0x19, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x24, 0x53, 0xffffffffffffffff, 0x8, 0x7}, @loopback, @local, 0xffffffff}}]}, {0x1004, 0x6, "91527c0a0b2df3d1adfa2445867b389f8de3df6f54c50e95e2e8c27fdf7764a145290416e0c5e9caf2801502123b9573a121b3e9ae50c1aa675d5272c28d3b4ad1e9c00fd178bd8b2e389ae518f45f19524bb109553bc20cfacdb8e89cdb77a387b4493e83c26315273f0b6fe0b5014c8af1009e3ea2854de6e0d090296cc85aedb4cc1f4c1b96ee4fcf56783bbdbeaa192761ce128eb69ac401ca9a52d0dae0ddc11b9af8dd8a1b3a23767b0487ae2e733692484e31f78b17963f30c827a7704fb3ac19fc11d958d42c3064cead7296687284974ab028df6d5d99a19fc2a7faf8b26cb6589956a65d5fe82aed1821a39f45f9a97b6cbe15ef10ab5112c415be1633dd0599d3740c349a0195e1d4c18b818af5a62b31cc596449dcefc5f9d399c7f29d3a0d7e653a1d664fdce482798be8e15c0b98863d6de2c4786bb90a92ad293c7f3fad2d58f4c2c9645c29ae367b597fbe2592c95ff63735f601214e87c6134190f0f9e5b1b22ee6d6288c962c82291276dbff9199a59b3faccbc6dc755a01c0eaf46946fac87e02a6c3a51a5578b158f923b6ba685b9361e91e3fefb319283631f3db58ea6a1b2c471ab81dd3e3e5e197019c8d38ab28b0fb086dd455217379e2de552f805517375d373daa85f8a56dad0063d37de87e2d4d408c354abadba4c112c3466065ebe1ac398d3ebe933fc4f20d294fd6ad12f9296fce7983e9a3a8ec1c4b750dbe2f189aa8d6e8108bbe1131970864dab38fc0886d7b67a069c9fc197886769a47f881a0518cd5376f881b22f9ded68b78cc64c138fb7436b81ad2d5ffa06a26fb8ac94cdd664689c48e7707bb0ff9586ffd734de48d8f28c7ced58ac953859b0cf15b7a7d7d59ee14aaf2b0e5b6087a939af166b59ff13771ac2e2856a0e95b8c26b141bf065c4f177cb4aa99442bf06225d1746951e06427617167ca9c744696932d4601129e080664da3f872f9d65e438d414e3f630c15a982f201bc400a25feb3320dcbe6f21df1374182080db7c6736e8c786a4060572ac728cf91cfac2ccb8d5a689fe4bdf64e13c73d3a07ae02566b57cff09671e9c545a5febebb36b10d188752df77da8f72035f03a4d420025546f4863cf7e59603f6a2a2da8e2bcafdfc025561aeefd08dc4d936329af5507a492223f1333d02f22f5d27a92347de9d8b58fae501c18d6fe137b516c5f7f150b361a5ea17b04a0f76c7ca18f83058c0afe082eb84f1aa951c37cb5fb1fdfff56ce4b407650f3b507472dbe641b4298faeacd4b37197c2053083ac1dcde563e519f1cfbc998097953fbf457c69c1fb22b8a2d9e18875bbea61f97f994fc6b7dcb8a2f685099651c47f4cb396ce05093cb0efca07922b2eb6d0e0a20ac5ea53d9e98fee7b834ca22a0fe6982677ba3fb69dcac6ca0f97eb7caa59643b48455552da1f3e578b164089b13304e2c8ae5fc51add0341cdd4b037dec5cfc78235f93c1cd91e3024d9f1b700314466acd98185cb1a6860d5576ffcdec6a8e0126cb3bdd2d01b28b65a8d9ac9d5f56a98a1441e851cbaf7dd2c710f41402fbca68e28fe201255d28d406bb7eeb2fc6c6791daf2ea6def147b107c2b1280385056a37954d926c839659b8e3a56a3b022b9567d780f61fd715adc07cd029410b94ef940ffcbb22c8bf6ed296f22908db2c03d9e0079d7c8241535c97f15ab603511e0c1d25786fbb2d404e299430e9eb7f2f085cd94607acc23eae0f0ef7d98142e773ea8531c49c91b0945f1a9664ab0907eacceee0570443084b46d74a97adad57ddc8ccde46fd4d0520df28327033b7fa1be98274a2068381b7c8e2da9a5fec926f1dd16591c665de38e3329d0720fc1a824ac6e1a95052232cb29089239421e734ce0023384b8c13c723715ae68788c3f2831083b6fffe6bca8a15207100d08aaf7af66450d5179b6e1b6a5400edaf3579b318582f1cdbd0cb27f16f267c09c79f711e7709ae70a011462cdc56ac68c219175673e987719361953138cd65b1819c0b6aa236330be6dde271a2a4d34012d96cc48b6973e5d845d0a96d7b743aab18e51621fc1dfd46f354036efc458757ab161c2da7280a48e99fec10e6e40a5e2f5e2a25867dfdb5f3b6573cb63d9d847f6ed4527cfcb60ed1e7685457418a5f453b6b0adc219d4c829e41cba25d49cd0a0953fa7c5e84a8c4c6ffc02b052f2278e773b2dcf3a0e89dfebdae14073f3c263a2ccd060be818c9a5f23dbeb47ea25821e3c5c862841c45ccb1f90b8a0fc4e29eabac90d9440bca92c9089d9a0bde18202404682fb06274659d456e9d8ab6860128c6996db2639fec08c75078110ec83a80aa3b31697aec3c2a05b5904aa1dffb22c5fd1703e6a0de33976b57d233fef744572575ed1a6c0e32918f77efc5c2855d3552b305d2f6d2f7749e6e3c23a1bc6ee9e99247eb94c4bbd93441ee575b478cf51243cf0409a57d06f402afbfecf8a988b13d81c32b8f0a2813117a7236af5549fd9c2bbe32c4df98474b2d32947c29f71b3c6b88a4c311702f844464404dd9e78d1d74fae474f9f8cff37b56ea3081c2b5aa9ed3d258f7e8abaa35377f522d7a5f9e314ef8abf6972f56efb327ab6cf06a98bc7c77e43b57e8c7bb696e46023ac90b6bcf621c1748a7b8e2ed8daf7cf1aaddde65ebf3c43a3b559527c79b95c70aecb0682b574038a55b30fad35767ba8cfe4bea46d18a10e84c9393598f1c2afa8d55962c7dc54d9ad6787f70e01f5b108a2bcb0a1139191ef41bc5b60f7afb5723e1b7a4822ea39160029e40b8e9ad0a6a4f74ee6126f8614da4b6d6ba149d06c46212128633e2553d098dc879be95a483e4e04b3682d3b35cc5c9d6426b920f23d1e3585cc8d88dc493177da0528b7d098309a1a367846c885d079f5908936a0015b0594e318ce4692f5d49576ed5058a64674ee7e2f53d574a266c065e29eac0f28873bf69ddcdb6096496aa77b4f85d5425044fe8add5cddb6f21fcfde8ed20a68d64df389399722701a5d951de5b6758ee6ea4e8b9a6f185edf6e0a9f9502e86a32ceab4ef3f6a780e0e3b4d72baaad44d67e9055440e498563500256dc57416158f390e48c466eeebb53c54e58d7ea99a63de76d0d8aa9b5a1d1b8cb0345495f65dd31ad6b42ad233e5db13e22a0886551c42c89d411c16899f697f831abdcdee61f7287770735c6cf157644fcf703e4e4f3d8ce973a0dfe889eb3ebbaca76984bf7ecded2b858fc3c01b9a9107fc3d3ef28aed574f7d8a569cdbd5a53f82db7adb991806f3a9abfec30d43f125b1eba974152765ced2c18aa4d54c8119d48f6d0ccbeed6f8ed16361f168f10666c831e187de77def47283f14ebf47551241b86eae4e730f803ff6feb4bf3182558a94a50754f6817ddd6674e7ec1defbcf623c62679cb7ac22476f1d78a35fa3ef0259fb23d3609a75a2f7603cb6ad10ecf9cdf95e8035ab2f98bf01a1f0900681f18df9cb90f70f80d05d31b7761ef1f84e0cb77b261e88ba97290a9a0d378e13b980e9210d552c49519ace7ba21ecfda70b2ad5d7b6df97116eae007230b8166a714c0eb0710c30406b5fc0d825edc24076bcc148b26c0eb1f4fc8a8474e46d7727396f898ece1464a45d23a16f1b4e9b4e2c0212e7fb7521bca0f8688e00f8ef7cadb02917a53975f82b8d7ab49b588c4fe2fa8f77da3d75f8a04636bf104feb5daa38f9fa232bdb6ec798ba89f333850dc7ae0557541825fa6df6776717ed42dbd2a516854b8550a9ec9f3de5e183a090299810233d2473b20bfbd53c6696037b124445dda0ef649b4767ca28e1f967775186500a116a3da38a1d8f0ae0a6511fe1ce10b5503869ebabcff8adeb1ac0e566d325f296a368175368395d28549e7bcb1a034cd0f0da88e0ab3935d6515b6e56b9e114cbfa45860d51ced5dc9a427d89bb3b1bb5291c74cea0674e880987c374dcf33cb77b2efbcf250f20fdd86bf6b4942e463d05b463d6a55597ba3dccdd047b0cf4d17b37a3020e61d40f93b3fd12488bf6f9bcddbbb338e09a39ddd7d58c1047902edb00450d91d267bbaf4d7133bbb916a1d82c0e875421e17986e837459717ccb27c1807707141cb09c707642676837a5f2ccd9fb81b50cb6f45a4e095642575cfd6454cdac0ce4030f04e47e18c0e7d10693d2e0f60c3e6c9bf8cd437c131a55c7252d68ca068c08faa3b490f2ffe2f0e93fe3ee24954d41d326ebfbe20411035802f68a05b018b0365af75fcbbc9a7607419ed0f4f86191a1e88649244d58e1ef567dc507ad13374c676eb2093ffeabc1629bb89c8bc9fe49c27121361ce85ceaea51c9eedb977a6a72267503dec6434b48102173686ee3082b9377e670616d1e678450d7778de78f5d5cb7f15406fb97694e48abc305ec1b6aedec2e9ff6b8e0b1b7bcc2579a8b0a45f13d44c9153d06f365005e5c7c039fc25fa328c6e251553dd18991bc9165ef0be2196df25e5e12710753b11e06d19a5053376395e7eef70e96e8810a961c44eb242a0be8bcabf35ce60ca558569a8bd40214260f3d8aa8661dd64361fd436b50d371d21cb54d137e11a7f373a5bf414b802f704775247348e5c3559b06cc1600e3164d4b58ca5963a1bf7de30e31ea3f5d90e1cef06dbe43625d8d47becaf1d899ab8d812767d8390af441a93b32cdc4dc86180ae0154f9b9b3d918c3ad3635bc08d024272ebe389a40ec879b9482779c893a862083179cdbd46a4093af42defe844171a3d707bc6f68e046bd5f2fc4643c85602a0c69fefc923659921ce904342899fe05b484aa8fea2c2373f1b23867c3f0c77958cf0f6b05751506b598a5f2da9e50d2ab2ad9b7a3cdfea383441bddb29ca3c3f75128ca2283acf5eff0cd92278c0230582bcd2caca778bae33f9c144e62e84eaa95bf7acc02accd3118e62e83ed0b87a5b0c694f9319627996b2eec52ce24fe8dd0f94f519bc10244230b78de797a7ed67f04c4367786251fa2665093a59a5a7552ead304dcb62e71e35cebe7551c89ff70190235869ccb45ac3bf1c16bea8d7ef8c05a2d5faceb236d68254cf86fbfac954328abfd2dfce0dfa4e56a3911445cbeed913a9bee129efa31fd8945043d91072189db13e069bdcdcb3380c926ffc2dc6f88cfd3c17a2215a6af84c0854ae62283ba765ae2e976b90026479a6883c45329c71ec7d5ab2aa8d4afc7f1ed3bae1d4001724c0c03474851dd61319477a481a31eb51b46cd2c8929e75cd7dd038d6df60d54eeb3fbc7a6afac55018b6dbe534748e8d211216b878ebff88b043c1f09dc1f80a1ca6cf73d3ee051005b20acf98def2e050aac769a19408321f41adfa4f16e7a737c2e1be9383eff17d7f96e4768735c5720e7e96e64b8f152215509bb115bad6a621fd73f338e2e5858e52485d1f6767ba66101faa9630ef3274f6ea6d9dad9648a08df38156b1c417fb1f6d123af5e05bd9abe50ddd65a3efeade9e2e8f99908dcd12132f00afb96241b09754d4752bf9fdd08cb5755ec68eb9d6d466d1edcea7784a70e637f11057e86afdfec37839f2e802fac6518f66bb187420ced7aa3a6536a2da2356dea4e2270434ae9247bc2dfbb561636e62ee2e57b7f50f11c0f0bc895fce0ed566cbcf1e97d7c5a8833ae70d0d4dbdad84653073fe268d321651c4612d3a3ef52b0bff45d0b1e64d19495b88ff5ad20097eb1d2f64b76b131ad1cb89df08267dbed26f5eb6c087f13e227696c2ed97b5fbb014820252b74051ac51204278582a32be990dbfac935ed5e4a279338cd6db77b29dff"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_skbedit={0x13c, 0x14, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xe1f, 0x4, 0x6, 0x9, 0x7}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x10001}]}, {0xe7, 0x6, "62f9e180691b8e2545f9fbea2ee7bb38764c4c4485c2c8d891159c7af45d2a847eee9b0ffc075fabb93906226e207e81bf126d0e32687e789e4f21262aed6db831c2ff1f93ab770bbb853a7549deba26a5b1fe72d90990fc8578a914b13298787fe95765ce3d9d5172a79c4a3ca3a73495205c3f2a6233102ce85d051366f06736c745cd72be68d8bb6457b2e2025bfd5d6e8b69f28a72ec067adcec7c65a8ce823da38d032b909c9e5716a1e254ed15a01b6609ed2b872b76429b01bbc802e8d997ef1b137cc143ba1cda2c3bd49932f12206358486f0e8de80c5d2fb8fd54a96d190"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_nat={0x168, 0x17, 0x0, 0x0, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x101, 0x1, 0x1, 0x65c8}, @empty, @dev={0xac, 0x14, 0x14, 0x11}}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe861, 0x9, 0x10000000, 0xe5, 0xfffff3a8}, @remote, @multicast2, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x8, 0x6, 0xf879, 0x2}, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x6, 0x5, 0x5, 0x9}, @empty, @remote, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x5, 0x8, 0x3, 0x6}, @local, @broadcast, 0xffffffff, 0x1}}]}, {0x75, 0x6, "ed9000dae36bd078b7f1455c6ce8f840b5ed6b22d63b7a1a9a93ac8bf895f11af26d097b4c65ec70d0f7668322758443bda93850a84a7b0477a16febdb27a25f9392d3705797d9f4f7c306102373c3ccf8a123ca0a49ab0906d5bec21067c15be40103e426c4876989d65413ef934a2afc"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbedit={0xf8, 0xa, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x9}]}, {0xc3, 0x6, "e21d60df55770f44681bc4fba224494991fa27b3f5df7d405f67528cb875a1cdf9d285ebb3941a5d203151b106a5011ce5e75b5bd40c7a9ef398319b2146f1b451baea7549eac0f79aa774dd19c9fc72a0cf883c3ab7e021f113d0e5eef084873781a51dcc87e32a944170b66e0aafd36935ae106dceb3b1cc472d41a2ad3e87f3a5547e576b01f64a16b8390d9b3e1b0be45ee676b9dd521f21522438c16d976194e64c315d54ea67cc16144f8ace42d073e4fa82691341701bc80d5c8537"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x1984}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2000002}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x6, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1cb98379cbe8a848bfd58677dea8b8c4243d00000f7ff071f68e5013e2988852da00002e0009002500001a0000c589308a03f70c7af4b48419672400cd5219b4fe07424e1fae1ede"], 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x4084) rename(0x0, &(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a050000000000000000000100fffc0900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000000014000480080002400000000008000140000000000900010073797a300000000068000000060a011500000000000000000100000040000480240001800b00010072656a65637400001400028008000140000000020500425d0b902eb429bc0180080001006f7366000c000280080001400000001408000b40000000000900010073797a3000000000140000001110010000000000000000000000000a"], 0xf0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) sendmsg$rds(r4, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x40) mkdir(&(0x7f0000000300)='./bus\x00', 0x54) close_range(r2, r2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 3.69778352s ago: executing program 5 (id=4473): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000200)=@req={0xc, 0x0, 0x4, 0x8a6}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010"], 0x48) setresuid(0x0, 0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) writev(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}, {0x0}, {&(0x7f0000000540)="0741418221c937001726fb712b292bd4692b71691b001cbc614d3b665acdc9cea0f707df6db8d1ca14666efbce7441758966b6218062e93df05b02247cbb78aee3", 0x41}], 0x3) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e40)={0x18, 0x10, &(0x7f0000000cc0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000643200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007041af64090aac40d6600000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 242.80111ms ago: executing program 7 (id=4474): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0) 0s ago: executing program 2 (id=4475): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0xffffffffffffff2d, 0x2, 0x1, 0x0, 0x10}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x0) kernel console output (not intermixed with test programs): 4059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 924.361304][T14115] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3183'. [ 924.416817][T14059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 924.748348][T14059] team0: Port device team_slave_0 added [ 924.853675][T14059] team0: Port device team_slave_1 added [ 925.157616][T14123] tipc: Enabling of bearer rejected, already enabled [ 925.197233][T14059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 925.262153][T14059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 925.422196][T14059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 925.507810][T14059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 925.572304][T14059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 925.695803][T14125] kAFS: No cell specified [ 925.783147][T14059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 925.844706][T14127] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 925.924112][T14127] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 926.148997][ T5071] Bluetooth: hci3: command tx timeout [ 926.402443][T14059] hsr_slave_0: entered promiscuous mode [ 926.427943][T14059] hsr_slave_1: entered promiscuous mode [ 926.459324][T14059] debugfs: 'hsr0' already exists in 'hsr' [ 926.501443][T14059] Cannot create hsr debugfs directory [ 926.897419][T14141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3195'. [ 926.993150][T14142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3195'. [ 927.139507][T14144] loop0: detected capacity change from 0 to 1024 [ 927.176674][T14144] EXT4-fs: Ignoring removed oldalloc option [ 927.238097][T14144] EXT4-fs: Ignoring removed bh option [ 927.417560][T14144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 927.431597][T14139] loop3: detected capacity change from 0 to 8192 [ 927.551008][T14139] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 927.595541][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 927.595609][ T29] audit: type=1804 audit(1771230762.818:27): pid=14144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3196" name="/newroot/56/file1/bus" dev="loop0" ino=18 res=1 errno=0 [ 927.735601][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 927.811312][T14139] FAT-fs (loop3): Filesystem has been set read-only [ 927.850558][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 927.871044][ T29] audit: type=1800 audit(1771230762.918:28): pid=14139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3193" name="file2" dev="loop3" ino=1048629 res=0 errno=0 [ 927.938322][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.072483][ T1977] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 928.073909][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.181351][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.217134][ T5071] Bluetooth: hci3: command tx timeout [ 928.223270][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.223413][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.223538][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.223662][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.285654][T14139] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 928.310380][T14059] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 928.372951][ T1977] usb 1-1: config 1 has an invalid descriptor of length 57, skipping remainder of the config [ 928.435199][ T1977] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 928.484120][ T1977] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 928.610454][ T1977] usb 1-1: New USB device found, idVendor=e725, idProduct=a4a1, bcdDevice= 0.40 [ 928.646759][ T1977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 928.657004][ T1977] usb 1-1: Product: syz [ 928.691151][T14059] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 928.714375][ T1977] usb 1-1: Manufacturer: syz [ 928.719181][ T1977] usb 1-1: SerialNumber: syz [ 928.790469][ T1977] cdc_ncm 1-1:1.0: skipping garbage [ 928.820287][ T1977] cdc_ncm 1-1:1.0: skipping garbage [ 928.860528][ T1977] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 928.886137][ T1977] cdc_ncm 1-1:1.0: bind() failure [ 928.985289][T14161] tipc: Enabling of bearer rejected, already enabled [ 929.147219][T14059] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 929.534192][T14059] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 930.195727][ T1977] usb 1-1: USB disconnect, device number 15 [ 930.270456][T14059] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 930.319891][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 930.407229][T14059] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 930.507053][T14059] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 930.633672][T14059] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 931.870784][T14192] tipc: Enabling of bearer rejected, already enabled [ 932.105372][T14194] netlink: 'syz.1.3212': attribute type 27 has an invalid length. [ 932.162367][T14196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3213'. [ 932.665343][T14194] bridge0: port 2(bridge_slave_1) entered disabled state [ 932.675137][T14194] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.383462][T14194] batadv_slave_0: left promiscuous mode [ 933.435556][T14194] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 934.111555][T14059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 934.199574][T12602] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.255385][T12602] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.266114][T12602] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.276870][T12602] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.569445][T14059] 8021q: adding VLAN 0 to HW filter on device team0 [ 934.794175][ T2953] bridge0: port 1(bridge_slave_0) entered blocking state [ 934.801628][ T2953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 934.995846][ T7087] bridge0: port 2(bridge_slave_1) entered blocking state [ 935.003504][ T7087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 935.448807][T14232] netlink: 'syz.5.3225': attribute type 1 has an invalid length. [ 935.479479][T14059] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 935.593699][T14234] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3227'. [ 935.884591][T14232] 8021q: adding VLAN 0 to HW filter on device bond1 [ 936.780198][T14249] netlink: 'syz.5.3232': attribute type 27 has an invalid length. [ 937.499004][T14256] loop1: detected capacity change from 0 to 1024 [ 937.529682][T14059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 937.584065][T14256] EXT4-fs: Ignoring removed bh option [ 937.589793][T14256] EXT4-fs: Ignoring removed orlov option [ 937.662877][T14256] EXT4-fs: Ignoring removed i_version option [ 937.669318][T14256] ext4: Bad value for 'stripe' [ 938.263477][T14059] veth0_vlan: entered promiscuous mode [ 938.308913][T14059] veth1_vlan: entered promiscuous mode [ 938.443062][T14262] loop3: detected capacity change from 0 to 512 [ 938.488562][T14262] EXT4-fs: Ignoring removed mblk_io_submit option [ 938.618754][T14262] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 938.697307][T14059] veth0_macvtap: entered promiscuous mode [ 938.733697][T14262] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.3238: attempt to clear invalid blocks 2 len 1 [ 938.763248][T14059] veth1_macvtap: entered promiscuous mode [ 938.804120][T14262] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 938.807575][T14262] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1315: group 0, [ 938.817291][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 938.817396][ C0] EXT4-fs (loop3): initial error at time 1771230774: ext4_clear_blocks:876: inode 13 [ 938.817554][ C0] EXT4-fs (loop3): last error at time 1771230774: ext4_clear_blocks:876: inode 13 [ 938.860264][T14262] block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 939.055542][T14262] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.3238: invalid indirect mapped block 1819239214 (level 0) [ 939.093985][T14059] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 939.106203][T14272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3242'. [ 939.163391][T14262] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 939.164855][T14262] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.3238: invalid indirect mapped block 1819239214 (level 1) [ 939.236158][T14272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3242'. [ 939.269324][T14059] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 939.277153][T14262] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 939.278301][T14274] netlink: 'syz.5.3244': attribute type 27 has an invalid length. [ 939.287020][T14262] EXT4-fs (loop3): 1 truncate cleaned up [ 939.309343][T14262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 939.378780][T13877] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.409019][T13877] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.448421][T13877] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.476613][T13877] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.649711][T13730] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 941.275853][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 941.303295][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 941.633099][T14307] netlink: 'syz.3.3254': attribute type 27 has an invalid length. [ 941.738158][T14309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3255'. [ 941.857022][T14312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3255'. [ 942.158825][T14307] bridge0: port 2(bridge_slave_1) entered disabled state [ 942.168536][T14307] bridge0: port 1(bridge_slave_0) entered disabled state [ 942.595747][T14323] netlink: 560 bytes leftover after parsing attributes in process `syz.5.3260'. [ 942.794216][T14307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 942.850427][T14307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 943.125328][T14327] loop0: detected capacity change from 0 to 1024 [ 943.157657][T14327] EXT4-fs: Ignoring removed bh option [ 943.166464][T14327] EXT4-fs: Ignoring removed orlov option [ 943.181440][T14327] EXT4-fs: Ignoring removed i_version option [ 943.189922][T14327] ext4: Bad value for 'stripe' [ 943.478052][T14307] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 943.670896][T12602] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 943.702340][T12602] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 943.723919][T12602] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 943.752423][T12602] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 944.082063][T14333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3264'. [ 944.787182][T14346] tipc: Started in network mode [ 944.799081][T14346] tipc: Node identity f257a47f9109, cluster identity 4711 [ 944.819543][T14346] tipc: Enabled bearer , priority 0 [ 944.846283][T14347] syzkaller0: entered promiscuous mode [ 944.862681][T14347] syzkaller0: entered allmulticast mode [ 944.954703][T14346] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3268'. [ 945.049928][T14347] tipc: Resetting bearer [ 945.144108][T14345] tipc: Resetting bearer [ 945.226278][T14345] tipc: Disabling bearer [ 945.939639][T14360] loop1: detected capacity change from 0 to 1024 [ 945.967940][T14360] EXT4-fs: Ignoring removed bh option [ 945.992474][T14360] EXT4-fs: Ignoring removed orlov option [ 945.998339][T14360] EXT4-fs: Ignoring removed i_version option [ 946.062649][T14360] ext4: Bad value for 'stripe' [ 946.125359][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3272'. [ 946.503350][T14366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3274'. [ 946.639693][T14366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3274'. [ 946.945921][T13877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.002420][T13877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.139790][T14374] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3267'. [ 947.402762][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.411750][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.515674][T14378] kAFS: No cell specified [ 948.492301][ T1977] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 948.666701][ T1977] usb 2-1: Using ep0 maxpacket: 8 [ 948.728488][ T1977] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 948.766964][ T1977] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 948.824526][ T1977] usb 2-1: config 0 has no interface number 0 [ 948.831029][ T1977] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 948.872343][ T1977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.939707][ T1977] usb 2-1: config 0 descriptor?? [ 949.050933][ T1977] ldusb 2-1:0.55: Interrupt in endpoint not found [ 949.218595][T11426] usb 2-1: USB disconnect, device number 5 [ 949.885401][T14395] loop2: detected capacity change from 0 to 1024 [ 949.935427][T14395] EXT4-fs: Ignoring removed bh option [ 949.966931][T14395] EXT4-fs: Ignoring removed orlov option [ 949.993852][T14395] EXT4-fs: Ignoring removed i_version option [ 950.061501][T14397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3285'. [ 950.092783][T14395] ext4: Bad value for 'stripe' [ 950.178230][T14397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3285'. [ 950.189512][T14395] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3284'. [ 950.895806][T14402] kAFS: No cell specified [ 952.464010][T14423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3298'. [ 952.532914][T11426] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 952.546110][T14423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3298'. [ 952.595159][T14422] loop2: detected capacity change from 0 to 1024 [ 952.637669][T14422] EXT4-fs: Ignoring removed bh option [ 952.671268][T14422] EXT4-fs: Ignoring removed orlov option [ 952.691270][T14422] EXT4-fs: Ignoring removed i_version option [ 952.702912][T11426] usb 2-1: Using ep0 maxpacket: 8 [ 952.720935][T14422] ext4: Bad value for 'stripe' [ 952.742259][T11426] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 952.750556][T11426] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 952.800899][T14422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3297'. [ 952.817524][T11426] usb 2-1: config 0 has no interface number 0 [ 952.842994][T11426] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 952.883101][T11426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.925644][T11426] usb 2-1: config 0 descriptor?? [ 952.998337][T11426] ldusb 2-1:0.55: Interrupt in endpoint not found [ 953.200630][ T1977] usb 2-1: USB disconnect, device number 6 [ 955.055283][T14450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3310'. [ 955.182992][T14452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3311'. [ 955.210097][T14450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3310'. [ 955.440090][T14454] loop0: detected capacity change from 0 to 1024 [ 955.461065][T14454] EXT4-fs: Ignoring removed bh option [ 955.473415][T14454] EXT4-fs: Ignoring removed orlov option [ 955.479425][T14454] EXT4-fs: Ignoring removed i_version option [ 955.512869][T14454] ext4: Bad value for 'stripe' [ 955.592119][T14454] netlink: 'syz.0.3312': attribute type 13 has an invalid length. [ 955.692959][T14454] gretap0: refused to change device tx_queue_len [ 955.706835][T14454] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 956.355528][T11426] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 956.466196][T14466] netlink: 620 bytes leftover after parsing attributes in process `syz.0.3318'. [ 956.532444][T11426] usb 2-1: Using ep0 maxpacket: 8 [ 956.570043][T11426] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 956.602066][T11426] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 956.638257][T11426] usb 2-1: config 0 has no interface number 0 [ 956.682458][T11426] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 956.708776][T11426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 956.753684][T11426] usb 2-1: config 0 descriptor?? [ 956.818756][T11426] ldusb 2-1:0.55: Interrupt in endpoint not found [ 957.032342][T11426] usb 2-1: USB disconnect, device number 7 [ 957.806438][T14483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3326'. [ 957.867744][T14485] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3326'. [ 958.180343][T14487] netlink: 'syz.5.3328': attribute type 13 has an invalid length. [ 958.226676][T14487] gretap0: refused to change device tx_queue_len [ 958.252577][T14487] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 958.710137][T13173] Bluetooth: hci0: command 0x0406 tx timeout [ 959.700691][T14514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3342'. [ 959.767646][T14514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3342'. [ 960.322562][T14520] loop3: detected capacity change from 0 to 1024 [ 960.372781][T14520] EXT4-fs: Ignoring removed bh option [ 960.378555][T14520] EXT4-fs: Ignoring removed orlov option [ 960.432417][T14520] EXT4-fs: Ignoring removed i_version option [ 960.474817][T14520] ext4: Bad value for 'stripe' [ 960.519496][T14520] netlink: 'syz.3.3345': attribute type 13 has an invalid length. [ 960.565033][T14520] gretap0: refused to change device tx_queue_len [ 960.606027][T14520] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 961.262398][T14533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3350'. [ 961.938878][T14546] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3356'. [ 962.100584][T14548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3356'. [ 963.768516][T14561] loop3: detected capacity change from 0 to 1024 [ 963.869467][T14561] EXT4-fs: Ignoring removed bh option [ 963.962781][T14561] EXT4-fs: Ignoring removed orlov option [ 963.968656][T14561] EXT4-fs: Ignoring removed i_version option [ 964.054643][T14561] ext4: Bad value for 'stripe' [ 964.178176][T14561] netlink: 'syz.3.3362': attribute type 13 has an invalid length. [ 964.377542][T14561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3362'. [ 964.594808][T14566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3365'. [ 966.158241][T14585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3371'. [ 966.247167][T14585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3371'. [ 967.322273][T11426] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 967.474451][T14604] loop0: detected capacity change from 0 to 1024 [ 967.508429][T14604] EXT4-fs: Ignoring removed bh option [ 967.526441][T11426] usb 2-1: Using ep0 maxpacket: 8 [ 967.549948][T14604] EXT4-fs: Ignoring removed orlov option [ 967.561564][T11426] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 967.576767][T14604] EXT4-fs: Ignoring removed i_version option [ 967.628533][T14604] ext4: Bad value for 'stripe' [ 967.633358][T11426] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 967.666556][T14610] tipc: Started in network mode [ 967.668402][T11426] usb 2-1: config 0 has no interface number 0 [ 967.691468][T14610] tipc: Node identity 764c6fa5acdc, cluster identity 4711 [ 967.698896][T11426] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 967.699037][T11426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.726190][T11426] usb 2-1: config 0 descriptor?? [ 967.755644][T14604] netlink: 'syz.0.3377': attribute type 13 has an invalid length. [ 967.778265][T11426] ldusb 2-1:0.55: Interrupt in endpoint not found [ 967.785650][T14604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3377'. [ 967.829599][T14610] tipc: Enabled bearer , priority 0 [ 967.899740][T14611] syzkaller0: entered promiscuous mode [ 967.975370][T11426] usb 2-1: USB disconnect, device number 8 [ 967.981820][T14611] syzkaller0: entered allmulticast mode [ 968.135203][T14610] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3379'. [ 968.174123][T14610] tipc: Resetting bearer [ 968.248872][T14608] tipc: Resetting bearer [ 968.268526][T14608] tipc: Disabling bearer [ 968.277070][T14616] loop2: detected capacity change from 0 to 1024 [ 968.404440][T14616] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0003] [ 968.443177][T14616] System zones: 1-12 [ 968.462651][T14616] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 969.207661][T14059] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 969.793614][T14636] syzkaller0: entered promiscuous mode [ 969.799373][T14636] syzkaller0: entered allmulticast mode [ 969.961773][T14641] netlink: 'syz.5.3391': attribute type 13 has an invalid length. [ 970.016666][T14641] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3391'. [ 970.520516][T14651] loop1: detected capacity change from 0 to 1024 [ 970.555271][T14651] EXT4-fs: Ignoring removed orlov option [ 970.690782][T14651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.790936][ T29] audit: type=1800 audit(1771230806.008:29): pid=14651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3392" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 970.912285][ T29] audit: type=1804 audit(1771230806.008:30): pid=14651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3392" name="/newroot/82/file1/bus" dev="loop1" ino=18 res=1 errno=0 [ 970.968540][T11426] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 971.182245][T11426] usb 4-1: Using ep0 maxpacket: 8 [ 971.215950][T11426] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 971.252101][T11426] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 971.309623][T11426] usb 4-1: config 0 has no interface number 0 [ 971.344343][T11426] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 971.376812][T14663] EXT4-fs error (device loop1): mb_free_blocks:2047: group 0, inode 15: block 97:freeing already freed block (bit 6); block bitmap corrupt. [ 971.410934][T11426] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 971.484276][T11426] usb 4-1: config 0 descriptor?? [ 971.553692][T11426] ldusb 4-1:0.55: Interrupt in endpoint not found [ 971.793468][T13448] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 971.822361][T11426] usb 4-1: USB disconnect, device number 14 [ 972.852742][T14684] netlink: 'syz.5.3404': attribute type 13 has an invalid length. [ 974.826330][T14719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3419'. [ 974.894862][T14719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3419'. [ 975.074897][T14722] loop3: detected capacity change from 0 to 1024 [ 975.111289][T14722] EXT4-fs: Ignoring removed bh option [ 975.139684][T14722] EXT4-fs: Ignoring removed orlov option [ 975.164449][T14722] EXT4-fs: Ignoring removed i_version option [ 975.170892][T14722] ext4: Bad value for 'stripe' [ 975.172610][T14727] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3422'. [ 975.277474][T14722] netlink: 'syz.3.3421': attribute type 13 has an invalid length. [ 976.925178][T14749] loop1: detected capacity change from 0 to 512 [ 976.966092][T14749] EXT4-fs: Ignoring removed oldalloc option [ 977.014378][T14749] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 977.014468][T14752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3433'. [ 977.014679][T14749] EXT4-fs: error: could not find journal device path [ 977.183537][T14752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3433'. [ 977.987483][T14766] loop1: detected capacity change from 0 to 764 [ 977.995136][T14769] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3438'. [ 978.089156][T14766] rock: directory entry would overflow storage [ 978.107127][T14766] rock: sig=0x4654, size=5, remaining=4 [ 979.072670][T14779] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3441'. [ 979.175114][T13173] Bluetooth: hci1: command 0x0406 tx timeout [ 979.396420][T14784] kAFS: No cell specified [ 980.223730][T14799] tipc: Enabling of bearer rejected, failed to enable media [ 981.362869][T14809] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 981.384985][T14809] batadv_slave_0: entered promiscuous mode [ 981.942506][T14819] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3454'. [ 982.194911][T14823] kAFS: No cell specified [ 983.259813][T14813] loop2: detected capacity change from 0 to 1764 [ 983.439102][T14840] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 983.553960][T14848] tipc: Enabled bearer , priority 0 [ 983.606928][T14848] syzkaller0: entered promiscuous mode [ 983.627010][T14848] syzkaller0: entered allmulticast mode [ 983.762549][T14848] tipc: Resetting bearer [ 983.830974][T14845] tipc: Resetting bearer [ 983.950816][T14845] tipc: Disabling bearer [ 984.594989][T14862] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3468'. [ 984.653073][T14863] kAFS: No cell specified [ 985.596237][T14869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 985.654924][T14869] batadv_slave_0: entered promiscuous mode [ 989.460913][T11426] IPVS: starting estimator thread 0... [ 989.572291][T14928] IPVS: using max 240 ests per chain, 12000 per kthread [ 990.300295][T14938] tipc: Enabling of bearer rejected, failed to enable media [ 990.428169][T14945] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3497'. [ 991.578390][T14954] loop3: detected capacity change from 0 to 512 [ 991.774242][T14954] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 991.900455][T14954] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 991.928725][T14963] tipc: Started in network mode [ 991.952936][T14963] tipc: Node identity 02f049369bee, cluster identity 4711 [ 992.003355][T14963] tipc: Enabled bearer , priority 0 [ 992.019190][T14964] syzkaller0: entered promiscuous mode [ 992.051846][T14964] syzkaller0: entered allmulticast mode [ 992.131437][T14963] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3513'. [ 992.219445][T14963] tipc: Resetting bearer [ 992.265038][T14957] tipc: Resetting bearer [ 992.329074][T14957] tipc: Disabling bearer [ 992.369049][T13730] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.484400][T14968] syzkaller0: entered promiscuous mode [ 992.573560][T14968] syzkaller0: entered allmulticast mode [ 992.959518][T11426] IPVS: starting estimator thread 0... [ 993.072311][T14978] IPVS: using max 240 ests per chain, 12000 per kthread [ 993.424467][T14984] kAFS: No cell specified [ 994.836928][T15004] tipc: Enabled bearer , priority 0 [ 994.924841][T15009] syzkaller0: entered promiscuous mode [ 994.934816][T15009] syzkaller0: entered allmulticast mode [ 994.986497][T15004] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3521'. [ 995.086232][T15009] tipc: Resetting bearer [ 995.148708][T15003] tipc: Resetting bearer [ 995.357848][T15003] tipc: Disabling bearer [ 995.623101][T15015] syzkaller0: entered promiscuous mode [ 995.628774][T15015] syzkaller0: entered allmulticast mode [ 995.856547][T15018] kAFS: No cell specified [ 997.807102][T15047] loop2: detected capacity change from 0 to 2048 [ 997.838690][T15047] EXT4-fs: Ignoring removed mblk_io_submit option [ 997.995143][T15047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 998.073286][T15047] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 998.424170][T15056] tipc: Enabled bearer , priority 0 [ 998.501731][T15056] syzkaller0: entered promiscuous mode [ 998.507824][T15056] syzkaller0: entered allmulticast mode [ 998.552971][T14059] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 998.565753][T15056] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3540'. [ 998.589201][T15056] tipc: Resetting bearer [ 998.631693][T15055] tipc: Resetting bearer [ 998.797519][T15055] tipc: Disabling bearer [ 1000.964499][T15101] loop2: detected capacity change from 0 to 764 [ 1001.006839][T15101] rock: directory entry would overflow storage [ 1001.026370][T15101] rock: sig=0x4654, size=5, remaining=4 [ 1001.236316][T15107] tipc: Enabled bearer , priority 0 [ 1001.283637][T15105] syzkaller0: entered promiscuous mode [ 1001.289308][T15105] syzkaller0: entered allmulticast mode [ 1001.486471][T15105] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3557'. [ 1001.564413][T15106] tipc: Resetting bearer [ 1001.596266][T15104] tipc: Resetting bearer [ 1001.626504][T15104] tipc: Disabling bearer [ 1002.715916][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1002.725042][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1004.594169][T15160] tipc: Enabling of bearer rejected, failed to enable media [ 1004.647286][T15160] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3572'. [ 1004.820597][T15162] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3573'. [ 1004.863725][T15162] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3573'. [ 1005.017229][T15164] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3574'. [ 1005.427637][T15170] syzkaller0: entered promiscuous mode [ 1005.446515][T15170] syzkaller0: entered allmulticast mode [ 1006.080107][T15186] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3582'. [ 1006.598645][T15193] tipc: Enabled bearer , priority 0 [ 1006.640166][T15193] syzkaller0: entered promiscuous mode [ 1006.686750][T15193] syzkaller0: entered allmulticast mode [ 1006.758966][T15193] tipc: Resetting bearer [ 1006.780472][T15192] tipc: Resetting bearer [ 1006.815342][T15192] tipc: Disabling bearer [ 1006.985706][ T29] audit: type=1326 audit(1771230842.208:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15187 comm="syz.3.3583" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64f6c code=0x7fc00000 [ 1007.301699][T15206] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3589'. [ 1007.329650][T15206] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3589'. [ 1007.526765][T15208] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3590'. [ 1008.199166][T15216] loop3: detected capacity change from 0 to 764 [ 1008.291145][T15216] rock: directory entry would overflow storage [ 1008.321614][T15216] rock: sig=0x4654, size=5, remaining=4 [ 1009.219801][T15234] tipc: Enabling of bearer rejected, failed to enable media [ 1009.892517][T13173] Bluetooth: hci5: command 0x0406 tx timeout [ 1010.372857][T15252] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3603'. [ 1010.595087][T15256] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3606'. [ 1010.657921][T15256] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1011.139874][T15264] loop0: detected capacity change from 0 to 512 [ 1011.185701][T15264] EXT4-fs: Ignoring removed mblk_io_submit option [ 1011.291739][T15264] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1011.332620][T15264] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 1011.403686][T15264] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #13: comm syz.0.3609: attempt to clear invalid blocks 2 len 1 [ 1011.481040][T15264] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 1011.482053][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 1011.497914][ C1] EXT4-fs (loop0): initial error at time 1771230846: ext4_clear_blocks:876: inode 13 [ 1011.507729][ C1] EXT4-fs (loop0): last error at time 1771230846: ext4_clear_blocks:876: inode 13 [ 1011.520284][T15264] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1011.567150][T15264] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.3609: invalid indirect mapped block 1819239214 (level 0) [ 1011.602156][T15264] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 1011.611300][T15264] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.3609: invalid indirect mapped block 1819239214 (level 1) [ 1011.802178][T15264] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 1011.819571][T15264] EXT4-fs (loop0): 1 truncate cleaned up [ 1011.844171][T15264] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1012.188593][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1012.853929][T15287] tipc: Enabled bearer , priority 0 [ 1012.956871][T15287] syzkaller0: entered promiscuous mode [ 1012.972025][T15287] syzkaller0: entered allmulticast mode [ 1013.074660][T15287] tipc: Resetting bearer [ 1013.163715][T15285] tipc: Resetting bearer [ 1013.265157][T15285] tipc: Disabling bearer [ 1013.457595][T15305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3621'. [ 1013.776254][T15307] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3622'. [ 1014.942864][T15332] tipc: Enabling of bearer rejected, failed to enable media [ 1014.977204][T15334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3634'. [ 1014.988252][T15332] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3633'. [ 1015.043209][T15334] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1015.595340][T15347] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3637'. [ 1016.292644][T15353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3639'. [ 1017.147436][T15370] tipc: Enabled bearer , priority 0 [ 1017.169083][T15370] syzkaller0: entered promiscuous mode [ 1017.203527][T15370] syzkaller0: entered allmulticast mode [ 1017.244338][T15370] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3647'. [ 1017.273283][T15374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3648'. [ 1017.302038][T15370] tipc: Resetting bearer [ 1017.333319][T15369] tipc: Resetting bearer [ 1017.405493][T15369] tipc: Disabling bearer [ 1017.511395][T15374] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1018.013482][T15385] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3653'. [ 1018.177469][T15388] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3654'. [ 1018.999259][T15407] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3660'. [ 1019.075282][T15407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3660'. [ 1019.333400][T15412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3662'. [ 1019.583340][T15412] bond1: entered allmulticast mode [ 1019.668001][T15417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3664'. [ 1019.689677][T15418] tipc: Enabling of bearer rejected, failed to enable media [ 1020.907880][ T29] audit: type=1326 audit(1771230856.108:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15423 comm="syz.0.3668" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7fc00000 [ 1021.172427][T15445] __nla_validate_parse: 3 callbacks suppressed [ 1021.172500][T15445] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3675'. [ 1021.254790][T15445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3675'. [ 1021.462994][T15450] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3678'. [ 1021.516408][T15450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3678'. [ 1021.552225][T15450] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3678'. [ 1021.968176][T15456] tipc: Enabling of bearer rejected, failed to enable media [ 1022.072723][T15456] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3679'. [ 1022.253310][T15461] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1022.684866][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3683'. [ 1022.760996][T15465] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3683'. [ 1024.606311][T15481] tc_dump_action: action bad kind [ 1024.802550][T15482] tipc: Enabling of bearer rejected, failed to enable media [ 1025.019514][T15483] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3690'. [ 1025.045801][ T29] audit: type=1326 audit(1771230860.268:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15474 comm="syz.5.3689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7fc00000 [ 1026.034252][T15499] tipc: Enabling of bearer rejected, failed to enable media [ 1026.102855][T15499] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3697'. [ 1026.313841][T15503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3695'. [ 1026.557414][T15510] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3700'. [ 1026.645235][T15510] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3700'. [ 1028.525540][ T29] audit: type=1326 audit(1771230863.738:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15518 comm="syz.3.3704" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64f6c code=0x7fc00000 [ 1028.977732][T15531] tipc: Enabling of bearer rejected, failed to enable media [ 1029.124615][T15535] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3708'. [ 1029.982988][T15539] tipc: Enabling of bearer rejected, failed to enable media [ 1030.147877][T15542] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3710'. [ 1030.479362][T15547] loop0: detected capacity change from 0 to 512 [ 1030.566065][T15547] EXT4-fs: Ignoring removed i_version option [ 1030.609940][T15547] EXT4-fs: Ignoring removed bh option [ 1030.825810][T15553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3715'. [ 1030.863007][T15553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3715'. [ 1030.883931][T15547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1030.991141][T15547] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1031.651614][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1033.589571][T15579] tipc: Enabling of bearer rejected, failed to enable media [ 1033.741592][T15582] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3724'. [ 1034.732427][ T29] audit: type=1326 audit(1771230869.948:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15584 comm="syz.3.3723" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64f6c code=0x7fc00000 [ 1035.634612][T15600] tipc: Enabling of bearer rejected, failed to enable media [ 1035.740263][T15602] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3727'. [ 1035.929543][T15604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 1035.979026][T15604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 1037.548811][T15626] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3739'. [ 1037.676802][T15630] tipc: Enabling of bearer rejected, failed to enable media [ 1037.886456][T15630] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3736'. [ 1039.455367][T15644] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3740'. [ 1039.641599][T15648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3740'. [ 1040.095247][ T29] audit: type=1400 audit(1771230875.318:36): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=15642 comm="syz.0.3740" [ 1040.385481][T15652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3742'. [ 1040.438915][T15652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3742'. [ 1040.780598][T15656] tipc: Enabling of bearer rejected, failed to enable media [ 1040.944586][T15663] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3744'. [ 1043.010269][T15685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3753'. [ 1045.264468][T15700] tipc: Enabled bearer , priority 0 [ 1045.303004][T15701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3758'. [ 1045.323541][T15700] syzkaller0: entered promiscuous mode [ 1045.329198][T15700] syzkaller0: entered allmulticast mode [ 1045.343310][T15701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3758'. [ 1045.394696][T15700] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3760'. [ 1045.452945][T15698] tipc: Resetting bearer [ 1045.522481][T15706] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3762'. [ 1045.527512][T15698] tipc: Disabling bearer [ 1045.825046][ T5071] Bluetooth: hci3: command 0x0406 tx timeout [ 1046.993603][T15720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3768'. [ 1048.147451][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3773'. [ 1048.189040][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3773'. [ 1048.543322][T15734] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3774'. [ 1049.214028][T15738] tipc: Enabling of bearer rejected, failed to enable media [ 1049.363835][T15740] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3775'. [ 1051.347091][T15751] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3781'. [ 1051.572956][T15755] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3783'. [ 1051.644577][T15755] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3783'. [ 1052.007195][T15763] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3785'. [ 1052.049034][T15763] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3785'. [ 1052.425832][T15771] tipc: Enabling of bearer rejected, failed to enable media [ 1052.544371][T15774] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3788'. [ 1053.744915][T15792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3794'. [ 1054.058909][T15797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3796'. [ 1054.103879][T15797] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3796'. [ 1054.210839][T15797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3796'. [ 1055.598412][T15820] tipc: Enabling of bearer rejected, failed to enable media [ 1056.643040][T15838] __nla_validate_parse: 5 callbacks suppressed [ 1056.643113][T15838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3811'. [ 1056.697026][T15838] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3811'. [ 1056.753146][T15840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3811'. [ 1056.812138][T15840] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3811'. [ 1057.966205][T15852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3815'. [ 1057.982758][T15852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3815'. [ 1058.779213][T15864] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3821'. [ 1059.334100][T15870] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3822'. [ 1059.797227][T15873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3825'. [ 1059.853603][T15873] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3825'. [ 1061.884033][T15894] __nla_validate_parse: 2 callbacks suppressed [ 1061.884112][T15894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3830'. [ 1061.972534][T15894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3830'. [ 1063.278796][T15903] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3831'. [ 1063.696192][T15907] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3834'. [ 1064.151393][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1064.158712][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1064.935287][T15920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3837'. [ 1065.062526][T15920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3837'. [ 1065.441613][T15931] loop0: detected capacity change from 0 to 128 [ 1065.491648][T15933] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3838'. [ 1066.286056][T15940] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3843'. [ 1066.539569][T15942] loop0: detected capacity change from 0 to 512 [ 1066.878827][T15942] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1067.049663][T15942] ext4 filesystem being mounted at /207/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1067.229410][T15942] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1067.348703][T15953] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 1067.388443][T15953] EXT4-fs (loop0): This should not happen!! Data will be lost [ 1067.388443][T15953] [ 1067.421332][T15953] EXT4-fs (loop0): Total free blocks count 0 [ 1067.456923][T15953] EXT4-fs (loop0): Free/Dirty block details [ 1067.467385][T15953] EXT4-fs (loop0): free_blocks=65281 [ 1067.485173][T15953] EXT4-fs (loop0): dirty_blocks=1 [ 1067.502673][T15953] EXT4-fs (loop0): Block reservation details [ 1067.543158][T15953] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 1067.914870][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1067.924571][T15959] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3848'. [ 1067.936631][T15960] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3849'. [ 1068.268093][T15967] 9p: Bad value for 'wfdno' [ 1069.262714][T15973] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3855'. [ 1069.315238][T15974] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3855'. [ 1069.573696][T15981] syzkaller0: entered promiscuous mode [ 1069.579367][T15981] syzkaller0: entered allmulticast mode [ 1069.650878][T15982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3856'. [ 1069.664322][T15981] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3858'. [ 1069.696597][T15982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3856'. [ 1069.832760][T15982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3856'. [ 1069.890074][T15982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3856'. [ 1070.255695][T15988] tipc: Failed to remove unknown binding: 66,0,0/0:2313850954/2313850956 [ 1070.287035][T15988] tipc: Failed to remove unknown binding: 66,0,0/0:2313850954/2313850955 [ 1070.365020][T15991] tipc: Failed to remove unknown binding: 66,0,0/0:2313850954/2313850956 [ 1070.374000][T15991] tipc: Failed to remove unknown binding: 66,0,0/0:2313850954/2313850955 [ 1070.437005][T15992] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3859'. [ 1071.133329][T16000] 9p: Bad value for 'wfdno' [ 1072.709501][T16014] syzkaller0: entered promiscuous mode [ 1072.743158][T16014] syzkaller0: entered allmulticast mode [ 1072.997594][T16030] __nla_validate_parse: 3 callbacks suppressed [ 1072.997665][T16030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3873'. [ 1073.122474][T16030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3873'. [ 1073.132804][T16035] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1074.426540][T16049] 9p: Bad value for 'rfdno' [ 1074.533401][T16055] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3880'. [ 1075.674787][T16066] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3885'. [ 1076.148071][T16076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1076.205518][T16076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1076.288486][T16076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1076.351215][T16076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1076.388989][T16081] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3888'. [ 1077.277945][T16085] loop0: detected capacity change from 0 to 512 [ 1077.356127][T13173] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1077.374313][T13173] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1077.391780][T13173] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1077.413516][T13173] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1077.429185][T13173] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1077.581420][T16085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1077.617356][T16085] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1077.783416][T16093] 9p: Bad value for 'rfdno' [ 1078.050436][T16096] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3893'. [ 1078.084368][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1079.045761][T16104] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3898'. [ 1079.102203][T16104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3898'. [ 1079.506876][T13173] Bluetooth: hci4: command tx timeout [ 1079.521347][T16086] chnl_net:caif_netlink_parms(): no params data found [ 1079.934830][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3900'. [ 1079.985706][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3900'. [ 1080.090136][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3900'. [ 1080.102543][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3900'. [ 1081.433061][T16131] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3902'. [ 1081.576646][T13173] Bluetooth: hci4: command tx timeout [ 1081.597699][T16086] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.612540][T16086] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.620503][T16086] bridge_slave_0: entered allmulticast mode [ 1081.635301][T16086] bridge_slave_0: entered promiscuous mode [ 1081.885914][T16134] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3905'. [ 1081.926869][T16086] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.935201][T16086] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.970570][T16086] bridge_slave_1: entered allmulticast mode [ 1082.009282][T16086] bridge_slave_1: entered promiscuous mode [ 1082.480771][T16086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1082.570075][T16086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1082.875912][T16086] team0: Port device team_slave_0 added [ 1082.925996][T16086] team0: Port device team_slave_1 added [ 1083.100569][T16146] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3909'. [ 1083.146800][T16146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3909'. [ 1083.471068][T16086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.499799][T16086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.587920][T16086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.654906][T13173] Bluetooth: hci4: command tx timeout [ 1083.713879][ T1094] bridge_slave_1: left allmulticast mode [ 1083.719733][ T1094] bridge_slave_1: left promiscuous mode [ 1083.750160][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.913936][ T1094] bridge_slave_0: left allmulticast mode [ 1083.919775][ T1094] bridge_slave_0: left promiscuous mode [ 1083.990174][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.344126][ T1094] ip6gretap0 (unregistering): left promiscuous mode [ 1084.650069][ T1094] dvmrp1 (unregistering): left allmulticast mode [ 1085.348707][ T1094] bond0 (unregistering): left promiscuous mode [ 1085.393640][ T1094] bond_slave_0: left promiscuous mode [ 1085.400140][ T1094] bond_slave_1: left promiscuous mode [ 1085.735762][T13173] Bluetooth: hci4: command tx timeout [ 1086.063988][ T1094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1086.205196][ T1094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1086.250993][ T1094] bond0 (unregistering): Released all slaves [ 1086.319348][ T1094] bond1 (unregistering): Released all slaves [ 1086.492676][T16086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1086.536873][T16086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1086.633440][T16086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1086.882578][ T1094] tipc: Disabling bearer [ 1086.925374][ T1094] tipc: Left network mode [ 1087.359942][T16170] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3917'. [ 1087.916871][T16086] hsr_slave_0: entered promiscuous mode [ 1088.006560][T16086] hsr_slave_1: entered promiscuous mode [ 1088.065082][T16086] debugfs: 'hsr0' already exists in 'hsr' [ 1088.070987][T16086] Cannot create hsr debugfs directory [ 1089.516579][ T1094] hsr_slave_0: left promiscuous mode [ 1089.535678][ T1094] hsr_slave_1: left promiscuous mode [ 1089.560864][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1089.747166][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1090.079132][T16200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3928'. [ 1090.129370][T16200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3928'. [ 1090.223187][T16203] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3928'. [ 1090.272686][T16203] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3928'. [ 1091.024525][ T1094] team0 (unregistering): Port device team_slave_1 removed [ 1091.120848][ T1094] team0 (unregistering): Port device team_slave_0 removed [ 1093.532823][T16230] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3931'. [ 1095.268153][T16086] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1095.529390][T16086] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1095.726811][T16086] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1095.889235][T16086] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1096.393145][T16253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3941'. [ 1096.438645][T16253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3941'. [ 1096.498577][T16253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3941'. [ 1096.528997][T16253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3941'. [ 1097.243986][T16086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1097.420533][T16086] 8021q: adding VLAN 0 to HW filter on device team0 [ 1097.549291][ T7087] bridge0: port 1(bridge_slave_0) entered blocking state [ 1097.556981][ T7087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1097.678468][ T7087] bridge0: port 2(bridge_slave_1) entered blocking state [ 1097.686002][ T7087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1098.605334][T16272] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3946'. [ 1099.637800][T16086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1101.659659][T16086] veth0_vlan: entered promiscuous mode [ 1101.771558][T16086] veth1_vlan: entered promiscuous mode [ 1102.153349][T16086] veth0_macvtap: entered promiscuous mode [ 1102.201329][T16086] veth1_macvtap: entered promiscuous mode [ 1102.383633][T16302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3952'. [ 1102.391001][T16086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1102.544488][T16086] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1102.650894][T16302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3952'. [ 1102.671038][T13877] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.712650][T13877] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.768782][T13877] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.775226][T16305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3952'. [ 1102.810696][ T53] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.824658][T16307] loop0: detected capacity change from 0 to 2048 [ 1102.983496][T16305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3952'. [ 1103.012404][T16307] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1103.217228][T16307] EXT4-fs (loop0): shut down requested (2) [ 1103.265874][T16315] EXT4-fs (loop0): shut down requested (0) [ 1104.564531][T13171] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1104.757118][T13877] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1105.657056][T13877] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.306640][T13877] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.608025][T13877] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1107.344711][T13877] bridge_slave_1: left allmulticast mode [ 1107.350564][T13877] bridge_slave_1: left promiscuous mode [ 1107.404537][T13877] bridge0: port 2(bridge_slave_1) entered disabled state [ 1107.575389][T13877] bridge_slave_0: left allmulticast mode [ 1107.581257][T13877] bridge_slave_0: left promiscuous mode [ 1107.604802][T13877] bridge0: port 1(bridge_slave_0) entered disabled state [ 1108.119924][ T5071] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1108.134945][ T5071] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1108.144397][ T5071] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1108.158731][ T5071] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1108.191758][ T5071] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1108.905470][T13877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1108.952983][T13877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1108.975176][T13877] bond0 (unregistering): Released all slaves [ 1109.000863][T13877] bond1 (unregistering): Released all slaves [ 1109.902232][T13877] tipc: Left network mode [ 1110.293060][ T5071] Bluetooth: hci0: command tx timeout [ 1110.445758][ T2953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1110.477712][ T2953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1111.445027][T16375] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3969'. [ 1112.112591][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1112.143996][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1112.373282][ T5071] Bluetooth: hci0: command tx timeout [ 1114.452183][ T5071] Bluetooth: hci0: command tx timeout [ 1114.548166][T13877] hsr_slave_0: left promiscuous mode [ 1114.607511][T13877] hsr_slave_1: left promiscuous mode [ 1114.615911][T13877] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1114.654893][T13877] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1114.671057][T13877] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1116.532553][ T5071] Bluetooth: hci0: command tx timeout [ 1125.128237][T13173] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1125.145199][T13173] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1125.163238][T13173] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1125.179865][T13173] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1125.199096][T13173] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1125.601148][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1125.612182][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1126.620302][T13877] veth1_macvtap: left promiscuous mode [ 1126.626400][T13877] veth0_macvtap: left promiscuous mode [ 1126.645329][T13877] veth1_vlan: left promiscuous mode [ 1126.663014][T13877] veth0_vlan: left promiscuous mode [ 1127.262649][T13173] Bluetooth: hci2: command tx timeout [ 1127.954705][T16408] tipc: Failed to remove unknown binding: 66,0,0/0:2672889490/2672889492 [ 1127.994013][T16408] tipc: Failed to remove unknown binding: 66,0,0/0:2672889490/2672889491 [ 1129.323692][ T5071] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1129.332369][ T5071] Bluetooth: hci2: command tx timeout [ 1129.342773][ T5071] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1129.368505][ T5071] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1129.379799][T13877] team0 (unregistering): Port device team_slave_1 removed [ 1129.393101][ T5071] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1129.418401][ T5071] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1129.748743][T13877] team0 (unregistering): Port device team_slave_0 removed [ 1130.285600][T16394] netlink: 176 bytes leftover after parsing attributes in process `syz.1.3973'. [ 1130.423564][T16346] chnl_net:caif_netlink_parms(): no params data found [ 1131.412390][ T5071] Bluetooth: hci2: command tx timeout [ 1131.502486][ T5071] Bluetooth: hci6: command tx timeout [ 1133.115555][T16346] bridge0: port 1(bridge_slave_0) entered blocking state [ 1133.168432][T16346] bridge0: port 1(bridge_slave_0) entered disabled state [ 1133.235894][T16346] bridge_slave_0: entered allmulticast mode [ 1133.285506][T16346] bridge_slave_0: entered promiscuous mode [ 1133.497000][ T5071] Bluetooth: hci2: command tx timeout [ 1133.573760][ T5071] Bluetooth: hci6: command tx timeout [ 1133.613637][T16346] bridge0: port 2(bridge_slave_1) entered blocking state [ 1133.621214][T16346] bridge0: port 2(bridge_slave_1) entered disabled state [ 1133.702960][T16346] bridge_slave_1: entered allmulticast mode [ 1133.773701][T16346] bridge_slave_1: entered promiscuous mode [ 1133.891571][T13877] IPVS: stop unused estimator thread 0... [ 1133.897710][T16413] chnl_net:caif_netlink_parms(): no params data found [ 1134.364995][T16404] chnl_net:caif_netlink_parms(): no params data found [ 1134.372705][T16451] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3984'. [ 1134.737055][T16346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.874482][T16346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1134.876847][T16454] tipc: Failed to remove unknown binding: 66,0,0/0:119720417/119720419 [ 1134.944204][T16454] tipc: Failed to remove unknown binding: 66,0,0/0:119720417/119720418 [ 1135.063121][T16451] bond1: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1135.128324][T16451] bond1 (unregistering): Released all slaves [ 1135.658327][ T5071] Bluetooth: hci6: command tx timeout [ 1136.742708][T16346] team0: Port device team_slave_0 added [ 1136.834337][T16346] team0: Port device team_slave_1 added [ 1137.222684][T16346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1137.229847][T16346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1137.363065][T16346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1137.421234][T16346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1137.462695][T16346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1137.572852][T16346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1137.734870][ T5071] Bluetooth: hci6: command tx timeout [ 1138.134347][T16413] bridge0: port 1(bridge_slave_0) entered blocking state [ 1138.162370][T16413] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.170305][T16413] bridge_slave_0: entered allmulticast mode [ 1138.205877][T16413] bridge_slave_0: entered promiscuous mode [ 1138.475923][T16413] bridge0: port 2(bridge_slave_1) entered blocking state [ 1138.483876][T16413] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.524236][T16413] bridge_slave_1: entered allmulticast mode [ 1138.544509][T16413] bridge_slave_1: entered promiscuous mode [ 1138.699575][T16346] hsr_slave_0: entered promiscuous mode [ 1138.750757][T16346] hsr_slave_1: entered promiscuous mode [ 1138.777428][T16346] debugfs: 'hsr0' already exists in 'hsr' [ 1138.790658][T16481] tipc: Failed to remove unknown binding: 66,0,0/0:1936497588/1936497590 [ 1138.792044][T16346] Cannot create hsr debugfs directory [ 1138.822507][T16481] tipc: Failed to remove unknown binding: 66,0,0/0:1936497588/1936497589 [ 1139.104426][T16404] bridge0: port 1(bridge_slave_0) entered blocking state [ 1139.124928][T16404] bridge0: port 1(bridge_slave_0) entered disabled state [ 1139.189278][T16404] bridge_slave_0: entered allmulticast mode [ 1139.203133][T16404] bridge_slave_0: entered promiscuous mode [ 1139.229038][T16404] bridge0: port 2(bridge_slave_1) entered blocking state [ 1139.282680][T16404] bridge0: port 2(bridge_slave_1) entered disabled state [ 1139.290651][T16404] bridge_slave_1: entered allmulticast mode [ 1139.343068][T16404] bridge_slave_1: entered promiscuous mode [ 1139.945099][T16489] netlink: 'syz.5.3997': attribute type 6 has an invalid length. [ 1139.992338][T16489] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3997'. [ 1140.062301][T16491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3996'. [ 1140.077597][T16413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1140.138367][T16404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1140.811268][T16491] bond1: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1140.993616][T16491] bond1 (unregistering): Released all slaves [ 1141.421019][T16413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1141.574957][T16404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1142.168413][T16413] team0: Port device team_slave_0 added [ 1142.250917][T16404] team0: Port device team_slave_0 added [ 1142.349833][T16404] team0: Port device team_slave_1 added [ 1142.653691][T16413] team0: Port device team_slave_1 added [ 1142.749521][T16518] tipc: Failed to remove unknown binding: 66,0,0/0:1678418560/1678418562 [ 1142.783312][T16518] tipc: Failed to remove unknown binding: 66,0,0/0:1678418560/1678418561 [ 1142.828189][T16518] tipc: Failed to remove unknown binding: 66,0,0/0:1678418560/1678418562 [ 1142.861436][T16518] tipc: Failed to remove unknown binding: 66,0,0/0:1678418560/1678418561 [ 1143.244642][T16404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1143.262910][T16404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1143.326278][T16404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1143.507621][T16413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1143.519244][T16413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1143.572158][T16413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1143.646877][T16404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1143.685273][T16404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1143.735486][T16404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1143.765272][T16413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1143.795429][T16413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1143.861266][T16524] loop5: detected capacity change from 0 to 1024 [ 1143.868487][T16413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1143.965831][T16524] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0003] [ 1143.979157][T16524] System zones: 1-12 [ 1144.014338][T16524] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1144.391297][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1144.804012][T16533] loop5: detected capacity change from 0 to 2048 [ 1144.884716][T16533] loop5: p1 < > p4 [ 1144.891170][T16404] hsr_slave_0: entered promiscuous mode [ 1144.907202][T16533] loop5: p4 size 8388608 extends beyond EOD, truncated [ 1144.938569][T16404] hsr_slave_1: entered promiscuous mode [ 1144.949976][T16404] debugfs: 'hsr0' already exists in 'hsr' [ 1145.002197][T16404] Cannot create hsr debugfs directory [ 1145.238464][T16413] hsr_slave_0: entered promiscuous mode [ 1145.293927][T16413] hsr_slave_1: entered promiscuous mode [ 1145.329901][T16413] debugfs: 'hsr0' already exists in 'hsr' [ 1145.369110][T16413] Cannot create hsr debugfs directory [ 1145.910803][T16346] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1145.959579][T16417] udevd[16417]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 1145.979738][T16346] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1146.158875][T16546] tipc: Failed to remove unknown binding: 66,0,0/0:2621417594/2621417596 [ 1146.192434][T16546] tipc: Failed to remove unknown binding: 66,0,0/0:2621417594/2621417595 [ 1146.252342][T16546] tipc: Failed to remove unknown binding: 66,0,0/0:2621417594/2621417596 [ 1146.261084][T16546] tipc: Failed to remove unknown binding: 66,0,0/0:2621417594/2621417595 [ 1146.424020][T16346] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1146.904884][T16346] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1147.888860][T13876] bridge_slave_1: left allmulticast mode [ 1147.898737][T13876] bridge_slave_1: left promiscuous mode [ 1147.918289][T13876] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.955587][T13876] bridge_slave_0: left allmulticast mode [ 1147.961442][T13876] bridge_slave_0: left promiscuous mode [ 1147.973448][T13876] bridge0: port 1(bridge_slave_0) entered disabled state [ 1148.366136][T13876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1148.404485][T13876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1148.417633][T13876] bond0 (unregistering): Released all slaves [ 1148.625652][T16566] team0: entered promiscuous mode [ 1148.630979][T16566] team_slave_0: entered promiscuous mode [ 1148.679094][T16566] team_slave_1: entered promiscuous mode [ 1148.787584][T13876] tipc: Left network mode [ 1149.560066][T13876] hsr_slave_0: left promiscuous mode [ 1149.573993][T13876] hsr_slave_1: left promiscuous mode [ 1149.597445][T13876] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1149.614852][T13876] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1149.670232][T16579] tipc: Failed to remove unknown binding: 66,0,0/0:1397500074/1397500076 [ 1149.702390][T16579] tipc: Failed to remove unknown binding: 66,0,0/0:1397500074/1397500075 [ 1149.730536][T16579] tipc: Failed to remove unknown binding: 66,0,0/0:1397500074/1397500076 [ 1149.747773][T16579] tipc: Failed to remove unknown binding: 66,0,0/0:1397500074/1397500075 [ 1150.081186][T13876] team0 (unregistering): Port device team_slave_1 removed [ 1150.161037][T13876] team0 (unregistering): Port device team_slave_0 removed [ 1150.947437][T16404] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1151.093687][T16404] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1151.188380][T16404] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1151.415215][T16404] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1151.519055][T13876] IPVS: stop unused estimator thread 0... [ 1151.812993][T16346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1151.924973][T16413] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1152.054616][T16413] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1152.205018][T16413] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1152.391623][T16413] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1152.579469][T16346] 8021q: adding VLAN 0 to HW filter on device team0 [ 1152.687270][T16602] loop5: detected capacity change from 0 to 128 [ 1152.690322][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 1152.701137][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1152.794137][T16602] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1152.849117][T16602] ext4 filesystem being mounted at mnt:[4026534981] supports timestamps until 2038-01-19 (0x7fffffff) [ 1152.887547][ T7087] bridge0: port 2(bridge_slave_1) entered blocking state [ 1152.895290][ T7087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1152.984269][T16602] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1154.672436][T16404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1154.941717][T16413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1155.138148][T16404] 8021q: adding VLAN 0 to HW filter on device team0 [ 1155.368485][T13877] bridge0: port 1(bridge_slave_0) entered blocking state [ 1155.376150][T13877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1155.476573][T16413] 8021q: adding VLAN 0 to HW filter on device team0 [ 1155.579402][T13877] bridge0: port 2(bridge_slave_1) entered blocking state [ 1155.586972][T13877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1155.867766][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 1155.875424][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1156.015956][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1156.023652][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1156.663088][T16346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1158.450223][T16649] loop5: detected capacity change from 0 to 128 [ 1158.767679][T16649] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1158.908125][T16649] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1159.081472][T16653] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4032'. [ 1159.488998][T16086] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1159.855014][T16413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1159.985343][T16404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1160.808641][T16346] veth0_vlan: entered promiscuous mode [ 1161.011102][T16346] veth1_vlan: entered promiscuous mode [ 1161.787162][T16346] veth0_macvtap: entered promiscuous mode [ 1161.953185][T16346] veth1_macvtap: entered promiscuous mode [ 1162.305425][T16346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1162.522385][T16346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1162.763019][ T7087] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.796001][ T7087] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.818637][ T7087] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.005019][ T7087] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.173295][T16413] veth0_vlan: entered promiscuous mode [ 1164.182706][T16703] netlink: 116 bytes leftover after parsing attributes in process `syz.5.4039'. [ 1164.209004][T16404] veth0_vlan: entered promiscuous mode [ 1164.450865][T16404] veth1_vlan: entered promiscuous mode [ 1164.521646][T16413] veth1_vlan: entered promiscuous mode [ 1165.356040][T16413] veth0_macvtap: entered promiscuous mode [ 1165.470499][T16413] veth1_macvtap: entered promiscuous mode [ 1165.530681][T16404] veth0_macvtap: entered promiscuous mode [ 1165.846167][T16404] veth1_macvtap: entered promiscuous mode [ 1165.982443][T16413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1166.344082][T16413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1166.634270][T13876] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.666703][T13876] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.860358][T13876] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1166.887753][T13876] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.030074][T16404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1167.261167][T16404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1167.583771][ T53] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.652773][ T53] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.719160][ T53] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.869370][ T53] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1169.502462][ T5071] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1169.526015][ T5071] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1169.543936][ T5071] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1169.578094][ T5071] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1169.606237][ T5071] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1170.748424][T16759] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4047'. [ 1171.732134][T13173] Bluetooth: hci1: command tx timeout [ 1172.646865][T16785] loop5: detected capacity change from 0 to 1024 [ 1172.874061][T16785] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1172.989020][T16747] chnl_net:caif_netlink_parms(): no params data found [ 1173.566636][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1173.689152][ T135] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1173.814702][T13173] Bluetooth: hci1: command tx timeout [ 1174.237098][ T135] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.786474][ T135] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1175.151301][ T135] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1175.559535][T16817] loop5: detected capacity change from 0 to 1024 [ 1175.640928][T16817] EXT4-fs: Ignoring removed oldalloc option [ 1175.704620][T16817] EXT4-fs: Ignoring removed bh option [ 1175.827940][T16747] bridge0: port 1(bridge_slave_0) entered blocking state [ 1175.835766][T16747] bridge0: port 1(bridge_slave_0) entered disabled state [ 1175.845330][T16747] bridge_slave_0: entered allmulticast mode [ 1175.865466][T16747] bridge_slave_0: entered promiscuous mode [ 1175.887378][T16817] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1175.909369][T13173] Bluetooth: hci1: command tx timeout [ 1175.912013][T16747] bridge0: port 2(bridge_slave_1) entered blocking state [ 1175.922829][T16747] bridge0: port 2(bridge_slave_1) entered disabled state [ 1175.933053][T16747] bridge_slave_1: entered allmulticast mode [ 1175.980720][T16747] bridge_slave_1: entered promiscuous mode [ 1176.418422][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1176.540652][T16747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1176.878800][T16747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1177.613629][T16747] team0: Port device team_slave_0 added [ 1177.751511][T13876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1177.780196][T13876] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1177.806687][T16747] team0: Port device team_slave_1 added [ 1177.832724][ T135] bridge_slave_1: left allmulticast mode [ 1177.838551][ T135] bridge_slave_1: left promiscuous mode [ 1177.872897][ T135] bridge0: port 2(bridge_slave_1) entered disabled state [ 1177.959601][ T135] bridge_slave_0: left allmulticast mode [ 1177.966045][ T135] bridge_slave_0: left promiscuous mode [ 1177.982032][T13173] Bluetooth: hci1: command tx timeout [ 1178.018760][ T135] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.317968][T16832] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4056'. [ 1179.179752][ T135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1179.243835][ T135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1179.311421][ T135] bond0 (unregistering): Released all slaves [ 1179.394994][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1179.432177][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1179.949396][ T135] hsr_slave_0: left promiscuous mode [ 1179.994955][ T135] hsr_slave_1: left promiscuous mode [ 1180.015175][ T135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1180.047977][ T135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1180.118722][T16843] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4061'. [ 1180.155117][ T135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1180.163134][ T135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1180.422729][ T135] veth1_macvtap: left promiscuous mode [ 1180.428452][ T135] veth0_macvtap: left promiscuous mode [ 1180.456173][ T135] veth1_vlan: left promiscuous mode [ 1180.486194][ T135] veth0_vlan: left promiscuous mode [ 1182.189883][ T135] team0 (unregistering): Port device team_slave_1 removed [ 1182.257937][ T135] team0 (unregistering): Port device team_slave_0 removed [ 1182.750720][T16747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1182.785457][T16747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1182.862083][T16747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1182.909141][T16747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1182.944686][T16747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1183.032948][T16747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1183.082208][T12602] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1183.082287][T12602] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1183.583006][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1183.591003][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1183.735368][T16857] loop5: detected capacity change from 0 to 512 [ 1183.844558][T16747] hsr_slave_0: entered promiscuous mode [ 1183.906150][T16747] hsr_slave_1: entered promiscuous mode [ 1183.925564][T16747] debugfs: 'hsr0' already exists in 'hsr' [ 1183.931470][T16747] Cannot create hsr debugfs directory [ 1185.029711][T16871] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3979'. [ 1185.080387][T16872] program syz.5.4069 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1186.414844][T16884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4070'. [ 1186.487541][T16886] loop7: detected capacity change from 0 to 128 [ 1187.064826][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1187.071439][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1188.428485][T16747] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1188.520036][T16747] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1188.673581][T16747] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1188.809998][T16747] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1189.264527][T16921] geneve2: entered promiscuous mode [ 1190.391319][T16933] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4084'. [ 1190.731025][T16747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1190.775750][T16937] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1191.021355][T16747] 8021q: adding VLAN 0 to HW filter on device team0 [ 1191.249669][T13877] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.257363][T13877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1191.484173][T13877] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.491973][T13877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1191.595346][T16944] netlink: 'syz.5.4089': attribute type 6 has an invalid length. [ 1191.626240][T16944] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4089'. [ 1192.440546][T16951] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4088'. [ 1192.508713][T16747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1193.081262][T16962] loop7: detected capacity change from 0 to 128 [ 1193.269665][T16962] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1193.345748][T16959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1193.365991][T16962] ext4 filesystem being mounted at /7/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1193.442638][T16959] batadv_slave_0: entered promiscuous mode [ 1193.928577][T16404] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1194.878933][T16747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1195.476782][T16986] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4096'. [ 1195.731130][T16980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4093'. [ 1198.155121][T17010] loop7: detected capacity change from 0 to 512 [ 1198.158382][T16747] veth0_vlan: entered promiscuous mode [ 1198.299813][T16747] veth1_vlan: entered promiscuous mode [ 1198.517128][T17010] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1199.003152][T16747] veth0_macvtap: entered promiscuous mode [ 1199.275559][T16747] veth1_macvtap: entered promiscuous mode [ 1199.358038][T17015] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4102'. [ 1200.911420][T16747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1201.331666][T16747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1201.584782][T13876] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.631742][ T7087] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.738733][ T7087] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.778329][T13877] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1202.039809][T17043] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4108'. [ 1204.452410][T17046] Bluetooth: hci4: command 0x0406 tx timeout [ 1205.243243][T17071] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4114'. [ 1205.308466][T17069] tipc: Failed to remove unknown binding: 66,0,0/0:2665338098/2665338099 [ 1205.383227][T17073] nft_compat: unsupported protocol 0 [ 1206.817416][T17091] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4119'. [ 1206.856101][T17088] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4117'. [ 1209.287958][T17119] loop5: detected capacity change from 0 to 256 [ 1209.969461][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1210.022038][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.435001][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1210.485494][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.749969][T17131] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4126'. [ 1211.495641][T17134] loop8: detected capacity change from 0 to 256 [ 1211.688708][T17134] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1211.723829][T17137] tipc: Enabling of bearer rejected, failed to enable media [ 1211.967712][T17142] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4128'. [ 1214.475268][T17165] loop7: detected capacity change from 0 to 512 [ 1214.933061][T17165] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.4133: invalid indirect mapped block 4294967295 (level 1) [ 1215.141976][T17165] loop7: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1215.151950][ C1] EXT4-fs (loop7): error count since last fsck: 1 [ 1215.167911][ C1] EXT4-fs (loop7): initial error at time 1771231050: ext4_free_branches:1023: inode 11 [ 1215.177959][ C1] EXT4-fs (loop7): last error at time 1771231050: ext4_free_branches:1023: inode 11 [ 1215.211114][T17165] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.4133: invalid indirect mapped block 4294967295 (level 1) [ 1215.502174][T17165] loop7: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1215.571264][T17165] EXT4-fs (loop7): 2 truncates cleaned up [ 1215.762479][T17165] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1215.873120][T17182] loop5: detected capacity change from 0 to 512 [ 1216.065547][T17165] EXT4-fs error (device loop7): ext4_get_parent:1832: inode #11: comm syz.7.4133: bad parent inode number: 3 [ 1216.124140][T17182] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 1216.284039][T17182] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1216.381273][T17186] loop6: detected capacity change from 0 to 256 [ 1216.490805][T17182] EXT4-fs error (device loop5): ext4_do_update_inode:5569: inode #16: comm syz.5.4138: corrupted inode contents [ 1216.555627][T17182] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 1216.561947][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 1216.577931][ C0] EXT4-fs (loop5): initial error at time 1771231051: ext4_do_update_inode:5569: inode 16 [ 1216.588137][ C0] EXT4-fs (loop5): last error at time 1771231051: ext4_do_update_inode:5569: inode 16 [ 1216.598686][T17182] EXT4-fs (loop5): Remounting filesystem read-only [ 1216.606703][T17182] EXT4-fs (loop5): 1 truncate cleaned up [ 1216.627826][ T53] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1216.642133][ T53] Quota error (device loop5): write_blk: dquota write failed [ 1216.734476][ T53] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries [ 1216.774348][T17171] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 1216.842306][ T53] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1216.919963][ T53] Quota error (device loop5): write_blk: dquota write failed [ 1216.963486][ T53] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list [ 1217.019672][ T53] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started [ 1217.099653][ T53] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 1217.123182][ T53] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1217.174079][T17182] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1217.294516][T16404] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1217.746634][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1218.936245][T17205] tipc: Enabling of bearer rejected, failed to enable media [ 1219.177995][T17210] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4143'. [ 1221.325798][T17237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4152'. [ 1221.961326][T17245] loop6: detected capacity change from 0 to 512 [ 1222.280025][T17245] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 1222.300562][T17245] EXT4-fs (loop6): orphan cleanup on readonly fs [ 1222.537751][T17245] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #16: comm syz.6.4153: corrupted inode contents [ 1222.632020][T17245] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 1222.641945][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 1222.657913][ C1] EXT4-fs (loop6): initial error at time 1771231057: ext4_do_update_inode:5569: inode 16 [ 1222.668261][ C1] EXT4-fs (loop6): last error at time 1771231057: ext4_do_update_inode:5569: inode 16 [ 1222.702044][T17245] EXT4-fs (loop6): Remounting filesystem read-only [ 1222.709419][T17245] EXT4-fs (loop6): 1 truncate cleaned up [ 1222.787254][ T53] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1222.859817][ T53] Quota error (device loop6): write_blk: dquota write failed [ 1222.955865][ T53] Quota error (device loop6): remove_free_dqentry: Can't write block (5) with free entries [ 1223.010876][ T53] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1223.128825][ T53] Quota error (device loop6): write_blk: dquota write failed [ 1223.175614][ T53] Quota error (device loop6): free_dqentry: Can't move quota data block (5) to free list [ 1223.248848][ T53] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started [ 1223.322123][ T53] Quota error (device loop6): v2_write_file_info: Can't write info structure [ 1223.372718][ T53] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1223.423004][T17245] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1223.587005][T17263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4154'. [ 1223.867003][T16747] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1223.996114][T17263] IPv6: sit1: Disabled Multicast RS [ 1224.571665][T17268] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4161'. [ 1224.698060][T17271] tipc: Enabling of bearer rejected, failed to enable media [ 1224.907610][T17278] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4158'. [ 1226.622068][T17290] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4163'. [ 1226.631142][T17290] bond0: Unable to set down delay as MII monitoring is disabled [ 1227.454204][T17301] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4168'. [ 1227.896481][T17304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4165'. [ 1229.854343][ T29] audit: type=1326 audit(1771231065.068:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17320 comm="syz.7.4172" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7fc00000 [ 1230.719466][T17332] tipc: Enabling of bearer rejected, failed to enable media [ 1230.920387][T17338] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4176'. [ 1234.303948][T17366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4181'. [ 1234.508161][T17366] bond0: Unable to set down delay as MII monitoring is disabled [ 1236.033407][T17384] tipc: Enabling of bearer rejected, failed to enable media [ 1236.238736][T17388] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4189'. [ 1237.872352][T17407] IPv4: Oversized IP packet from 127.202.26.0 [ 1241.567455][T17437] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.069842][T17437] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.756896][T17455] loop5: detected capacity change from 0 to 128 [ 1242.884839][T17455] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1243.031204][T17455] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1243.753089][T17449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1243.823079][T17463] loop6: detected capacity change from 0 to 512 [ 1243.844626][T17449] batadv_slave_0: entered promiscuous mode [ 1243.933224][T17463] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1244.031218][T17463] EXT4-fs (loop6): 1 truncate cleaned up [ 1244.101100][T17463] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1244.688536][T17437] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.774328][T16747] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1245.249661][T16086] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1245.727369][T17437] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1247.513253][ T2953] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.747851][ T7087] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1248.112635][ T53] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1248.481461][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1248.488746][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1248.557264][ T53] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1250.249245][T17520] netlink: 2 bytes leftover after parsing attributes in process `syz.7.4220'. [ 1250.269769][T17513] loop8: detected capacity change from 0 to 128 [ 1250.537700][ T5789] Bluetooth: hci2: command 0x0406 tx timeout [ 1250.884095][T17513] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1250.978642][T17513] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1251.668549][T16413] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1251.824099][T17532] tipc: Started in network mode [ 1251.829319][T17532] tipc: Node identity 9625350320b4, cluster identity 4711 [ 1251.923080][T17532] tipc: Enabled bearer , priority 0 [ 1252.039474][T17532] tipc: Disabling bearer [ 1252.894493][T17541] loop7: detected capacity change from 0 to 2048 [ 1252.955189][T17541] EXT4-fs: Ignoring removed nobh option [ 1253.247544][T17541] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1253.420094][T17541] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1253.954660][T17555] netlink: 'syz.6.4234': attribute type 10 has an invalid length. [ 1254.019213][T17558] netlink: 'syz.6.4234': attribute type 10 has an invalid length. [ 1254.187761][T17555] team0: Port device dummy0 added [ 1254.273783][T16404] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1254.330461][T17558] team0: Port device dummy0 removed [ 1254.495710][T17558] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1255.119216][T17568] loop5: detected capacity change from 0 to 128 [ 1255.265455][T17568] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1255.407380][T17568] ext4 filesystem being mounted at /110/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1255.657380][ T5789] Bluetooth: hci6: command 0x0406 tx timeout [ 1255.700863][T17576] loop7: detected capacity change from 0 to 512 [ 1255.803505][T17576] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 1255.906227][T17576] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.4242: bad orphan inode 131083 [ 1255.981414][T17576] loop7: lost filesystem error report for type 5 error -117 [ 1255.981921][ C0] EXT4-fs (loop7): error count since last fsck: 1 [ 1255.996228][ C0] EXT4-fs (loop7): initial error at time 1771231091: ext4_orphan_get:1417 [ 1256.005093][ C0] EXT4-fs (loop7): last error at time 1771231091: ext4_orphan_get:1417 [ 1256.093227][T17576] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1256.116473][T16086] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1256.478070][T16404] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1257.183922][T17593] netlink: 128 bytes leftover after parsing attributes in process `syz.8.4248'. [ 1258.558221][T17606] netlink: 'syz.8.4255': attribute type 27 has an invalid length. [ 1259.485263][T17606] bridge0: port 2(bridge_slave_1) entered disabled state [ 1259.495061][T17606] bridge0: port 1(bridge_slave_0) entered disabled state [ 1259.693881][T11422] IPVS: starting estimator thread 0... [ 1259.812238][T17620] IPVS: using max 240 ests per chain, 12000 per kthread [ 1260.553423][T17606] batadv_slave_0: left promiscuous mode [ 1260.634379][T17606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1261.666787][T17619] tipc: Started in network mode [ 1261.678314][T17619] tipc: Node identity ac1414aa, cluster identity 4711 [ 1261.721987][T17619] tipc: Enabled bearer , priority 10 [ 1261.755588][T13876] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.786632][T13876] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.836005][T13876] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.862320][T13876] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.841860][T11422] tipc: Node number set to 2886997162 [ 1264.160217][T17651] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4275'. [ 1264.242055][T11459] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 1264.432333][T11459] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1264.459528][T11459] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.505131][T11459] usb 9-1: Product: syz [ 1264.519636][T11459] usb 9-1: Manufacturer: syz [ 1264.539211][T11459] usb 9-1: SerialNumber: syz [ 1264.828470][T11459] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1264.868697][T11459] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32 [ 1264.952136][T11459] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1265.020220][T11459] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -32 [ 1265.112722][T11459] usb 9-1: USB disconnect, device number 2 [ 1266.354699][T17669] netlink: 'syz.6.4282': attribute type 27 has an invalid length. [ 1267.976112][T17669] bridge0: port 2(bridge_slave_1) entered disabled state [ 1267.985798][T17669] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.068761][T17687] loop5: detected capacity change from 0 to 1024 [ 1269.241625][T17687] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1269.745341][T17669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1269.860749][T17669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1270.494396][T17697] netlink: 'syz.7.4289': attribute type 13 has an invalid length. [ 1271.277417][T17679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1271.291164][T17679] 8021q: adding VLAN 0 to HW filter on device team0 [ 1271.329331][T17679] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1272.194397][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1272.994378][T17697] bridge0: port 2(bridge_slave_1) entered disabled state [ 1273.004210][T17697] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.557026][T17697] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1273.631187][T17697] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1274.281062][T13876] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.313924][ T2953] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.377028][ T2953] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.422797][ T2953] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.456885][ T2953] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.494328][T13877] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.530125][T13877] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.570608][T13877] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.958406][T17723] loop5: detected capacity change from 0 to 512 [ 1275.175954][T17723] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1275.245269][T17723] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1275.723062][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1275.878678][T17734] netlink: 72 bytes leftover after parsing attributes in process `syz.7.4304'. [ 1276.679586][T17746] loop6: detected capacity change from 0 to 512 [ 1276.841459][T17746] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 1276.910222][T17746] EXT4-fs (loop6): orphan cleanup on readonly fs [ 1277.047752][T17746] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #16: comm syz.6.4310: corrupted inode contents [ 1277.084044][T17746] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 1277.093395][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 1277.109392][ C0] EXT4-fs (loop6): initial error at time 1771231112: ext4_do_update_inode:5569: inode 16 [ 1277.119603][ C0] EXT4-fs (loop6): last error at time 1771231112: ext4_do_update_inode:5569: inode 16 [ 1277.130645][T17746] EXT4-fs (loop6): Remounting filesystem read-only [ 1277.145757][T17746] EXT4-fs (loop6): 1 truncate cleaned up [ 1277.166279][T13877] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1277.243537][T13877] Quota error (device loop6): write_blk: dquota write failed [ 1277.251098][T13877] Quota error (device loop6): remove_free_dqentry: Can't write block (5) with free entries [ 1277.352439][T13877] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1277.414122][T13877] Quota error (device loop6): write_blk: dquota write failed [ 1277.430523][T13877] Quota error (device loop6): free_dqentry: Can't move quota data block (5) to free list [ 1277.472803][T13877] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started [ 1277.500562][T17759] netlink: 24 bytes leftover after parsing attributes in process `syz.8.4315'. [ 1277.557675][T13877] Quota error (device loop6): v2_write_file_info: Can't write info structure [ 1277.607346][T13877] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1277.635481][T17759] bond1: entered allmulticast mode [ 1277.645939][T17746] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1278.044322][T16747] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1278.509973][T17770] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4319'. [ 1280.369761][T17792] loop8: detected capacity change from 0 to 512 [ 1280.433017][T17791] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4327'. [ 1280.508102][T17792] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 1280.543773][T17792] EXT4-fs (loop8): orphan cleanup on readonly fs [ 1280.735126][T17792] EXT4-fs error (device loop8): ext4_do_update_inode:5569: inode #16: comm syz.8.4328: corrupted inode contents [ 1280.795981][T17791] bond2: entered allmulticast mode [ 1280.814598][T17792] loop8: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 1280.820959][T17792] EXT4-fs (loop8): Remounting filesystem read-only [ 1280.830495][ C0] EXT4-fs (loop8): error count since last fsck: 1 [ 1280.830582][ C0] EXT4-fs (loop8): initial error at time 1771231116: ext4_do_update_inode:5569: inode 16 [ 1280.830732][ C0] EXT4-fs (loop8): last error at time 1771231116: ext4_do_update_inode:5569: inode 16 [ 1280.951232][T17792] EXT4-fs (loop8): 1 truncate cleaned up [ 1280.972427][T13876] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1281.008247][T13876] Quota error (device loop8): write_blk: dquota write failed [ 1281.053702][T13876] Quota error (device loop8): remove_free_dqentry: Can't write block (5) with free entries [ 1281.121972][T13876] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1281.187379][T13876] Quota error (device loop8): write_blk: dquota write failed [ 1281.222395][T13876] Quota error (device loop8): free_dqentry: Can't move quota data block (5) to free list [ 1281.274499][T13876] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 1281.324508][T17792] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1281.718015][T16413] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1282.162932][T17813] netlink: 72 bytes leftover after parsing attributes in process `syz.6.4333'. [ 1283.473531][T17829] netlink: 'syz.6.4343': attribute type 13 has an invalid length. [ 1283.917540][T17835] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4346'. [ 1286.752336][T17868] loop5: detected capacity change from 0 to 1024 [ 1286.836066][T17868] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1287.364517][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1287.482533][T17877] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4362'. [ 1287.867205][T17884] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4365'. [ 1288.148908][T17890] loop8: detected capacity change from 0 to 128 [ 1289.207794][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.207794][T12602] loop8: rw=1, sector=145, nr_sectors = 8 limit=128 [ 1289.282234][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.282234][T12602] loop8: rw=1, sector=161, nr_sectors = 8 limit=128 [ 1289.322354][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.322354][T12602] loop8: rw=1, sector=177, nr_sectors = 8 limit=128 [ 1289.402655][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.402655][T12602] loop8: rw=1, sector=193, nr_sectors = 8 limit=128 [ 1289.512795][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.512795][T12602] loop8: rw=1, sector=217, nr_sectors = 8 limit=128 [ 1289.571450][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.571450][T12602] loop8: rw=1, sector=233, nr_sectors = 8 limit=128 [ 1289.600506][T17900] loop7: detected capacity change from 0 to 512 [ 1289.632189][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.632189][T12602] loop8: rw=1, sector=249, nr_sectors = 8 limit=128 [ 1289.682280][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.682280][T12602] loop8: rw=1, sector=265, nr_sectors = 8 limit=128 [ 1289.732348][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.732348][T12602] loop8: rw=1, sector=281, nr_sectors = 8 limit=128 [ 1289.776800][T12602] kworker/u8:1: attempt to access beyond end of device [ 1289.776800][T12602] loop8: rw=1, sector=297, nr_sectors = 8 limit=128 [ 1289.824227][T17900] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 1290.042556][T17900] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.4369: bad orphan inode 131083 [ 1290.113887][T17900] loop7: lost filesystem error report for type 5 error -117 [ 1290.122027][ C1] EXT4-fs (loop7): error count since last fsck: 1 [ 1290.136318][ C1] EXT4-fs (loop7): initial error at time 1771231125: ext4_orphan_get:1417 [ 1290.145113][ C1] EXT4-fs (loop7): last error at time 1771231125: ext4_orphan_get:1417 [ 1290.215935][T17900] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1290.782996][T17915] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4376'. [ 1291.234192][T16404] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1292.081551][T17929] loop8: detected capacity change from 0 to 256 [ 1294.144099][T17948] loop8: detected capacity change from 0 to 512 [ 1294.246344][T17948] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 1294.419977][T17951] loop5: detected capacity change from 0 to 512 [ 1294.456373][T17948] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.4390: bad orphan inode 131083 [ 1294.563993][T17948] loop8: lost filesystem error report for type 5 error -117 [ 1294.571925][ C1] EXT4-fs (loop8): error count since last fsck: 1 [ 1294.586074][ C1] EXT4-fs (loop8): initial error at time 1771231129: ext4_orphan_get:1417 [ 1294.594885][ C1] EXT4-fs (loop8): last error at time 1771231129: ext4_orphan_get:1417 [ 1294.614061][T17948] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1294.690043][T17951] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.4391: couldn't read orphan inode 26 (err -116) [ 1294.862439][T17951] loop5: lost filesystem error report for type 5 error -116 [ 1294.868954][T17951] EXT4-fs (loop5): Remounting filesystem read-only [ 1294.876684][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 1294.876771][ C0] EXT4-fs (loop5): initial error at time 1771231130: ext4_orphan_get:1396 [ 1294.876890][ C0] EXT4-fs (loop5): last error at time 1771231130: ext4_orphan_get:1396 [ 1295.054421][T17951] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1295.075650][T16413] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1295.122397][T17951] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1295.552779][T17961] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4392'. [ 1295.625711][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1296.034319][T17965] loop5: detected capacity change from 0 to 256 [ 1296.642107][ T5789] Bluetooth: hci1: command 0x0406 tx timeout [ 1298.115389][T17986] loop5: detected capacity change from 0 to 512 [ 1298.182719][T17986] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1298.289135][T17986] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.4404: bad orphan inode 131083 [ 1298.385617][T17986] loop5: lost filesystem error report for type 5 error -117 [ 1298.391928][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 1298.406273][ C0] EXT4-fs (loop5): initial error at time 1771231133: ext4_orphan_get:1417 [ 1298.415088][ C0] EXT4-fs (loop5): last error at time 1771231133: ext4_orphan_get:1417 [ 1298.446870][T17986] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1298.890960][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1299.777161][T18005] loop5: detected capacity change from 0 to 256 [ 1301.073964][T18016] loop5: detected capacity change from 0 to 2048 [ 1301.223887][T18016] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1301.433809][T18016] EXT4-fs (loop5): shut down requested (2) [ 1301.698361][T18026] loop8: detected capacity change from 0 to 512 [ 1301.762777][T18026] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 1301.864222][T18026] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.4420: bad orphan inode 131083 [ 1301.985177][T18026] loop8: lost filesystem error report for type 5 error -117 [ 1301.988370][T18026] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1302.116244][T16086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1302.569223][T16413] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1303.668856][T18045] loop8: detected capacity change from 0 to 256 [ 1305.326152][T18058] loop6: detected capacity change from 0 to 2048 [ 1305.632467][T18065] loop8: detected capacity change from 0 to 512 [ 1305.696105][T18065] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 1305.804352][T18065] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.4434: bad orphan inode 131083 [ 1305.822221][T18065] loop8: lost filesystem error report for type 5 error -117 [ 1305.825214][T18065] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1305.969968][T18058] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1306.133759][T18058] EXT4-fs (loop6): shut down requested (2) [ 1306.445170][T16413] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1306.508970][T18075] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4436'. [ 1307.159782][T18083] loop8: detected capacity change from 0 to 512 [ 1307.344561][T18083] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1307.387809][T18083] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1307.509234][T16747] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1308.132817][T16413] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1308.597432][T18093] loop6: detected capacity change from 0 to 256 [ 1308.886663][T18099] loop7: detected capacity change from 0 to 512 [ 1309.674122][T18099] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1309.853951][T18099] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1309.942283][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1309.948931][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1309.961111][T18107] tipc: Started in network mode [ 1310.002592][T18107] tipc: Node identity 000000005f0000000000000000000001, cluster identity 4711 [ 1310.082315][T18107] tipc: Enabling of bearer rejected, failed to enable media [ 1310.677384][T18116] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4449'. [ 1310.877850][T16404] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1311.477719][T18119] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4452'. [ 1312.159355][T18126] netlink: 'syz.2.4453': attribute type 29 has an invalid length. [ 1312.435875][T18126] netlink: 592 bytes leftover after parsing attributes in process `syz.2.4453'. [ 1312.661047][T18129] netlink: 'syz.2.4453': attribute type 29 has an invalid length. [ 1314.920233][T18145] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4458'. [ 1316.371109][T18155] loop5: detected capacity change from 0 to 256 [ 1317.788482][T18161] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4465'. [ 1319.946901][T18175] batadv_slave_0: entered promiscuous mode [ 1320.233769][T18181] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4470'. [ 1324.586041][T18185] 9pnet_virtio: no channels available for device syz [ 1324.761433][ T53] ===================================================== [ 1324.769157][ T53] BUG: KMSAN: uninit-value in __inet_bind+0x8a4/0xf20 [ 1324.776507][ T53] __inet_bind+0x8a4/0xf20 [ 1324.781061][ T53] inet_bind+0x12c/0x1a0 [ 1324.789118][ T53] kernel_bind+0xd6/0x130 [ 1324.794805][ T53] rds_tcp_conn_path_connect+0x952/0xff0 [ 1324.800689][ T53] rds_connect_worker+0x353/0x4d0 [ 1324.806341][ T53] process_scheduled_works+0xb21/0x1e30 [ 1324.812481][ T53] worker_thread+0xede/0x1580 [ 1324.817319][ T53] kthread+0x53f/0x600 [ 1324.821617][ T53] ret_from_fork+0x20f/0x910 [ 1324.827517][ T53] ret_from_fork_asm+0x1a/0x30 [ 1324.832473][ T53] [ 1324.834829][ T53] Uninit was stored to memory at: [ 1324.840001][ T53] kernel_bind+0x92/0x130 [ 1324.844569][ T53] rds_tcp_conn_path_connect+0x952/0xff0 [ 1324.850642][ T53] rds_connect_worker+0x353/0x4d0 [ 1324.855981][ T53] process_scheduled_works+0xb21/0x1e30 [ 1324.861704][ T53] worker_thread+0xede/0x1580 [ 1324.866681][ T53] kthread+0x53f/0x600 [ 1324.870860][ T53] ret_from_fork+0x20f/0x910 [ 1324.875639][ T53] ret_from_fork_asm+0x1a/0x30 [ 1324.880510][ T53] [ 1324.882915][ T53] Uninit was stored to memory at: [ 1324.891276][ T53] rds_tcp_conn_path_connect+0xaf8/0xff0 [ 1324.898024][ T53] rds_connect_worker+0x353/0x4d0 [ 1324.903243][ T53] process_scheduled_works+0xb21/0x1e30 [ 1324.908946][ T53] worker_thread+0xede/0x1580 [ 1324.914648][ T53] kthread+0x53f/0x600 [ 1324.918883][ T53] ret_from_fork+0x20f/0x910 [ 1324.923736][ T53] ret_from_fork_asm+0x1a/0x30 [ 1324.928651][ T53] [ 1324.930992][ T53] Uninit was created at: [ 1324.936781][ T53] kmem_cache_alloc_noprof+0x37b/0x1270 [ 1324.942987][ T53] rds_tcp_conn_alloc+0x7b/0xbb0 [ 1324.947993][ T53] __rds_conn_create+0x267f/0x34e0 [ 1324.953243][ T53] rds_conn_create_outgoing+0x5d/0x80 [ 1324.958697][ T53] rds_sendmsg+0x2684/0x4d70 [ 1324.963467][ T53] ____sys_sendmsg+0xfe7/0x1080 [ 1324.968391][ T53] ___sys_sendmsg+0x271/0x3b0 [ 1324.973497][ T53] __sys_sendmsg+0x1aa/0x300 [ 1324.978155][ T53] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 1324.983916][ T53] ia32_sys_call+0x1e4a/0x4360 [ 1324.992048][ T53] __do_fast_syscall_32+0x17f/0x3f0 [ 1324.997517][ T53] do_fast_syscall_32+0x37/0x80 [ 1325.003515][ T53] do_SYSENTER_32+0x1f/0x30 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1325.008158][ T53] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1325.014677][ T53] [ 1325.017055][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 1325.026595][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1325.036934][ T53] Workqueue: krds_cp_wq#2/0 rds_connect_worker [ 1325.043292][ T53] ===================================================== [ 1325.050262][ T53] Disabling lock debugging due to kernel taint [ 1325.392273][ T53] Kernel panic - not syncing: kmsan.panic set ... [ 1325.398940][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G B syzkaller #0 PREEMPT(full) [ 1325.410062][ T53] Tainted: [B]=BAD_PAGE [ 1325.414294][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1325.424483][ T53] Workqueue: krds_cp_wq#2/0 rds_connect_worker [ 1325.430901][ T53] Call Trace: [ 1325.434273][ T53] [ 1325.437294][ T53] __dump_stack+0x26/0x30 [ 1325.441795][ T53] dump_stack_lvl+0x50/0x1c0 [ 1325.446541][ T53] ? dump_stack+0x12/0x25 [ 1325.451060][ T53] dump_stack+0x1e/0x25 [ 1325.455389][ T53] vpanic+0x7b4/0x1430 [ 1325.459755][ T53] panic+0x15d/0x160 [ 1325.463861][ T53] kmsan_report+0x31a/0x320 [ 1325.468543][ T53] ? __msan_warning+0x1b/0x30 [ 1325.473374][ T53] ? __inet_bind+0x8a4/0xf20 [ 1325.478108][ T53] ? inet_bind+0x12c/0x1a0 [ 1325.482658][ T53] ? kernel_bind+0xd6/0x130 [ 1325.487323][ T53] ? rds_tcp_conn_path_connect+0x952/0xff0 [ 1325.493303][ T53] ? rds_connect_worker+0x353/0x4d0 [ 1325.498689][ T53] ? process_scheduled_works+0xb21/0x1e30 [ 1325.504575][ T53] ? worker_thread+0xede/0x1580 [ 1325.509689][ T53] ? kthread+0x53f/0x600 [ 1325.514106][ T53] ? ret_from_fork+0x20f/0x910 [ 1325.519032][ T53] ? ret_from_fork_asm+0x1a/0x30 [ 1325.524170][ T53] ? kmsan_get_metadata+0xf1/0x160 [ 1325.529474][ T53] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1325.535490][ T53] ? __rcu_read_unlock+0x6c/0xd0 [ 1325.540806][ T53] ? inet_addr_type_table+0x33b/0x560 [ 1325.546387][ T53] ? kmsan_get_metadata+0xf1/0x160 [ 1325.551703][ T53] __msan_warning+0x1b/0x30 [ 1325.556455][ T53] __inet_bind+0x8a4/0xf20 [ 1325.561061][ T53] inet_bind+0x12c/0x1a0 [ 1325.565466][ T53] ? __pfx_inet_bind+0x10/0x10 [ 1325.570394][ T53] kernel_bind+0xd6/0x130 [ 1325.574904][ T53] ? rds_tcp_tune+0x834/0xe60 [ 1325.579716][ T53] ? kmsan_get_metadata+0xf1/0x160 [ 1325.585013][ T53] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1325.591016][ T53] rds_tcp_conn_path_connect+0x952/0xff0 [ 1325.596822][ T53] ? kmsan_get_metadata+0xf1/0x160 [ 1325.602156][ T53] ? __pfx_rds_tcp_conn_path_connect+0x10/0x10 [ 1325.608467][ T53] rds_connect_worker+0x353/0x4d0 [ 1325.613699][ T53] ? __pfx_rds_connect_worker+0x10/0x10 [ 1325.619441][ T53] process_scheduled_works+0xb21/0x1e30 [ 1325.625207][ T53] worker_thread+0xede/0x1580 [ 1325.630092][ T53] kthread+0x53f/0x600 [ 1325.634272][ T53] ? __pfx_worker_thread+0x10/0x10 [ 1325.639538][ T53] ? __pfx_kthread+0x10/0x10 [ 1325.644216][ T53] ret_from_fork+0x20f/0x910 [ 1325.648884][ T53] ? __switch_to+0x51c/0x750 [ 1325.653720][ T53] ? __pfx_kthread+0x10/0x10 [ 1325.658400][ T53] ret_from_fork_asm+0x1a/0x30 [ 1325.663270][ T53] [ 1325.666797][ T53] Kernel Offset: disabled [ 1325.671164][ T53] Rebooting in 86400 seconds..