last executing test programs: 20.924137202s ago: executing program 0 (id=51): syz_clone3(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0xffffffffffffff6b, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x2, 0xb, 0x0, 0x1, 0x4, 0x7, 0x42, 0x2, 0xe, 0xffff, 0x1000}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 17.238829405s ago: executing program 0 (id=61): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 13.376160582s ago: executing program 0 (id=68): openat$nvme_fabrics(0xffffff9c, 0x0, 0x210000, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) readv(r0, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000400)=""/103, 0x67}], 0x2) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) shutdown(r0, 0x1) 12.742227283s ago: executing program 1 (id=70): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) connect$llc(r0, &(0x7f0000000040)={0x1a, 0x304, 0x0, 0x0, 0xa, 0x9, @broadcast}, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) connect$llc(r1, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random='\x00\x00\x00\x00\x00\a'}, 0x10) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) 12.664460871s ago: executing program 3 (id=72): openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000780)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x1020001, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000200)={0x1, 0x0, 0x8000000000, 0x100000000007}) 12.148441515s ago: executing program 0 (id=73): read$msr(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10040, &(0x7f0000000380)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@nouid32}]}, 0xfd, 0x269, &(0x7f0000000780)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzSkDwEkpvTXssvYReWgo9pW0O6aXQhh4aemgPW3Znt2ySDW33b9n5fGCYmbz35r0J832zLMxsAJk1GRGzEZGPiKmIKEZE0lrh7XSZbOxulLYXI6rVL+4m9XrpfqrZbiIiKhHxUUShWba29c3e/Z3P3vtjtfju/1tflwZ1fq3293Y/P/h3/vczcx+uXb56ez6J2Sg3ylrPo5eSNn8rJBGv9KOz50RSGPYIeBoLv56+Vsv9qxHxTj3/xcg1IvvnygsXivHBPye1/evOldcHOVag96rVYu0eWKkCmZOLiHIkuemISLdzuenp9DP89fx47qfllV+mflxeXfph2DMV0CvlSHY/PTd2duJI/m/l0/wDo6scsfvlwuaN2vZBftijAfqm9dv2N9JVLf9T362/H/IPmSP/kF3yD9kl/zACOsyu/EN2dZP/F/s0JmAw3P9hhBWbG5W2xfIP2SX/MKL+a/fU6WHyD9nVmn8AIFuqY8N+AhkYlmHPPwAAAAAAAAAAAAAAAAAAwHEbpe3F5jKoPi/+HbH/SUQU2vWfr/8ecfNt4+P3klq1x5K0WVe+favLA3TpVM+evi511Oqlm73qvzOX3uzPcX87vHviP2d9KaJSqzxTKBy//pLG9de5l59QXvy+yw6e0dG3An781WD7P+rh5nD7n9uJOF+bf2bazT+5eK2+bj//lFtfsdyhnx90eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5lEAAAD//4oibec=") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x1ca440, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat(0xffffffffffffff9c, 0x0, 0x143042, 0x4) 11.285172558s ago: executing program 1 (id=75): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 11.11379441s ago: executing program 4 (id=76): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd000000100001000c0808004149014006040800", 0x58}], 0x1) 10.001047187s ago: executing program 0 (id=77): syz_mount_image$udf(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00a49ecdde7828e1aafa4aca170f7ab2cadbac60175f6ab85d2709542d6960b11a2a387e69774fc920c6b622ab30e803008bc0b2e6a4c58d6b38dba9cdb8dcb30c313386e9ed22acbd604ca4b0616853f87e31f5645e7db06b93c9ec5a32d1fdae209ccffc5ce2b6ebbdff24f4fcef831998129a4918191c4ac59d8a62741133927809ebb2a83ef939019b38cbc6a3cbcbcb0acc4157e4ab6d55ec3d50fe6615d0f540baffeb5fd79b3072aee3af551a61ef5aeb982740385618720a66b0df6be665fc801fb63db5fabf38a9f9701068db705aff83cab3f3c72f49eeadc56a8b23ec6ea5dd271efdc94b6eceedb11b5b7a95448537"], 0x1, 0x5bd, &(0x7f0000000680)="$eJzs3U9sHFcdB/Dfm3jtdRonmzR1CwR1paoqCiKKHdomNhKYGFeIqLFwHBFOmHgTlvpPZCfIqQD1BgckxIEDBySEhBSBQIgj4kBPcEDcgXt74OIDEhIHhGZ21ruxt8Sqs3Fdfz5SvLNvfvPmzRwifffNvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOLzX5g6P5b2exQAAABAP70+9+Xz4/I/AAAAfKhdM/8PAAAAAAAAAAddiiy+Fym+NLmZjhXvW6pXmiv3NuanZ3ofNpyKI48U9fm/6tj4hU+//MqrF9uv///4x+0jcXXu2lT98urynbXG+npjsT6/0ry5utjYdQ97PX67s8UNqC+/cW/x1q31+vi5Cw/t3qi9M/TUaG3y4sSNWrt2fnpmZq6rZqDyvs++gyc8AAAADrfByOL1SPH2n3+TRiIii71n4Ud8dtBvw1HL83dxEfPTM8WFLDUXVu7mO2fbQbhWXmtpsJ2Rn0AW35OfRZzKxzoo0QMAALB7lSIFp3jtd5vpeEQcaefgTxYLA773gfUnOMge8nGeiYgX4gBkdgAAANhnQ5HFTyPF8olqnMgz834PCAAAAHjsBiKLVyPFvyY3U614HiAizs5Pz9SvXK9/ceXWalftbCpn1A/69wOeJM8mAAAA8AFQjSxGiif+N9PJ/R4MAAAA0BfDkcVfI8XHnv9Wsa5cFOvSn5i8NDg+1r3C3LOP6CevPRcRz+zyO/mVcq3B2TSbUvb4rwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDZShl8d9I8Z3r9U5jLUUWkdpvq/mf2fS54/szRAAAAAAAAADgUVIWP44UP6lspiwiNmrvDD01Wpu8OHGjdiSOFA8BpO76q3PXpuqXV5fvrDXW1xuL9fmV5s3VxcZuT1e90ly5tzE/PdOXi3mk4T6Pf7h6efXO/bXm7W/c7bn/aHXq6+t31xZu9t4dw1GPONLdcrYY8Pz0TDHopebCSnHobNrtiAEAACCikrL4T6R4sf4gbeXO1vP/A603nTT6i89E3l6obs+fxecGx4vPDVrbJyYvVcZf6t7uGVnPFoE6D7gzc13NA5Wdpfk5U8piKlK8O/FcMbIUR2NHZo5W3Uik+OFXz5R12WDUItrd1lo93mouNc7ntT+KFKdvtGujqK2WtU93asfy2qG832sP1w6Xtac7teN57Uyk+MdrvWuf6dReyGs3IsWDB/V27dG8dqSsHe3Unru5urTY61YCAAAAAAAAcHhVUha/ihR//EM9tefGB1rzzzvn/7/d+S7AW9s7eo85/73O/9e62t4q5/V/kI/im88Vc/nF/H+t9/z/VKT4y9UzZV1r7n2w3H+y+NuZ/78eKd5efbh2qKw91akd2/WNBQAAgA+QPP+fiRTf/9PvB9rZuMz/ZQLvnf8/OrCtoz7l/5Ndbfk51++/+cbC0lJjzYYNGza2Nvb+fyEAAHzY5fm/ESl+/re/b813l/n/WOtdJ///+7ud/D+xvaM+5f9TXW0T5VqElYGI6t3lO5XRiOr6/Tc/1VxeuN243VgZu/TK+MXx82MvVwbbc/udrT3fKgAAADiw8vw/Fyl+/c9fbq13t5v5/6PbO+pT/n+6qy0/Z2fSb8+XDgAAAIdGnv8vRYqvPP/brXXpH87/ndSe5//2+v+feKH12vnNgP7k/9NdbbXyvDs+ewAAAAAAAAAAAAAAAAAAAIADrpKyeClSvPjuQBop23az/t/i9o769P3/0a62xXgyv/+355sKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcSllk0YwUH392M302b/haxLHuVwAAAODA+18AAAD//0qnGWg=") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0xfece) unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100001) truncate(&(0x7f0000000180)='./file1\x00', 0x4) 8.71734477s ago: executing program 1 (id=78): r0 = creat(&(0x7f0000000180)='./file0\x00', 0x10) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) creat(&(0x7f0000000100)='./file0\x00', 0x180) dup2(r1, r3) 8.614910719s ago: executing program 0 (id=79): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000007dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=""/124, 0x7c}, 0x9}], 0x1, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f00000001c0)=0x3fd, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0xc6}]}}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 8.566901332s ago: executing program 3 (id=80): unshare(0x22020600) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r3, @ANYRES32=r1, @ANYBLOB="1200000006"], 0x10) 8.563944884s ago: executing program 4 (id=81): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000001c0)={'ip6gretap0\x00', 0x400}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 8.504266065s ago: executing program 2 (id=82): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@getchain={0x24, 0x66, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x3, 0xe}, {0x8}, {0x2, 0xc}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x4, 0x6}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x6d48}]}}]}, 0x44}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 6.201842294s ago: executing program 32 (id=79): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000007dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=""/124, 0x7c}, 0x9}], 0x1, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f00000001c0)=0x3fd, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0xc6}]}}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 6.146852855s ago: executing program 1 (id=84): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000200)={0x40, 0x15}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 6.10824954s ago: executing program 2 (id=85): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000040)={0x51, 0x2000, 0x0, {0x2, 0xa}, {0x1}, @ramp={0x2, 0xbb, {0xffff, 0x4, 0x4, 0x3}}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 6.104061364s ago: executing program 3 (id=86): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x8}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@newtfilter={0x60, 0x28, 0x575ac7824d421509, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r3, {0xa}, {0x6}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x34, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_ct={0x2c, 0x6, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x40) 6.048751041s ago: executing program 4 (id=87): clock_nanosleep(0xfffffff2, 0xca9a3b, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14) fcntl$setsig(r0, 0xa, 0x13) fcntl$setlease(r0, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 4.824728615s ago: executing program 2 (id=88): r0 = socket(0x1e, 0x80004, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg(r2, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/179, 0x3514}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) recvfrom$inet6(r2, &(0x7f0000000000)=""/40, 0x28, 0x20, 0x0, 0x0) 4.678692643s ago: executing program 4 (id=89): socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet(0xa, 0x801, 0x84) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xc0}, &(0x7f00000002c0)=0x0, &(0x7f0000000640)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r0, 0x47bc, 0x20, 0x0, 0x0, 0x0) 3.388044024s ago: executing program 4 (id=90): r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18) socket$inet(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000009c0)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000500, 0x0, 0x0, 0x200000000530, 0x200000000560], 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000001000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x138) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) 3.172419525s ago: executing program 2 (id=91): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x2}, @TCA_FLOW_KEYS={0x8, 0x1, 0x6d48}]}}]}, 0x44}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.053640335s ago: executing program 3 (id=92): r0 = socket(0x2b, 0x1, 0x0) r1 = syz_io_uring_setup(0x10e, &(0x7f0000001280)={0x0, 0xafe0, 0x10000, 0x0, 0x110}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0}) io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) io_setup(0x206, &(0x7f0000000200)=0x0) io_submit(r5, 0x47f, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f00000003c0)="951aa14bd6f68579cac67c83bf8d4500e5cea1bb1596d4ee6645fa16fa7cacb9214070a622a2c57b89075f59b85c7b5b2c41edc9d2cd5a2c95ed1c2cf72425be9c1a2df1b60a309bc3228d7e85b300f0d7a042a40166b9208e9d2e423c32ad8e47adedf5dc425c6bcb031fb2230835d41afc23476eae602bad3246417e5ac757", 0x80}]) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0xfeffffff, r0, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1) 2.151421985s ago: executing program 2 (id=93): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000280)={[{@file_umask={'file_umask', 0x3d, 0xa288}}, {@file_umask={'file_umask', 0x3d, 0x7f}}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@part={'part', 0x3d, 0x3}}, {@codepage={'codepage', 0x3d, 'cp857'}}]}, 0x1, 0x2fe, &(0x7f0000001100)="$eJzs3U1vE0ccx/HfrO3EaaJ0m6Sq1EurtJHaS9S0PVS9uKp87b2nqm3sSBFWEEmQgAsm4oh4Adx5C7wILiDeAHDhxAvIbdHMzq7X9nidCDubhO9HsjWenYf/sE8zK5EVgE/Wn+3XT395Zz9Gqqkm6XcpktSU6pK+1FfN2wfH+8e9bqesoZqrYT9GaU0zVmb3oBuqauu5Gl5sf9W1UszDfCRJ8sebqoNA5dzZHxBJi/48dNubFxzXrIwOri99U1EolSn+G5hTneqOVisMBwBwCfj7f+RvEysuyyiKpC1/27/S9/9Rp1UHMFu/9sayktIKhfu/m90lxu7fz92mwXrPLeHs9ihbJZ4lmMbI7wWlR9bQHMyEV5Vvk5SPJVra269re/eBOpFO1PIKFTbcdyc9dDNTot0MrE1LTG6tob8+S0djZ5RLo5uzkPb2e91FmwjEv36+Hj+eeW5emn9MrCfq5PO/emLsbnJ7Kh7ZU1HDxv/T5BaXXS1bSn7Z32q1oqEiX7hOvvY9eFNG2QyvSIptZg8I+nkEgThPsoTre03DjxXS0e2EOjCDxtdDteL813hd19fGUK2aPxK2d2/2Sh+lzEc2RPPY/G029V7P1C7M/yMb35YKZ2bZpd64kv7ISMezEC5ZdyXjsTtHP099m0fgLZ57bJDO+bTskf7Xb1o9unvvRq3X6x7axH+BxK2VQ+NzGg+lYJn5J2oqKaP+IMfdPO4nyVlbTuYZ/I8zbdBeP/Ice/qECtuzLM+JLno3Xb9EXaFN7RcqOyDnmsimLjNp0E60JmyayzUKl8yRyXa6zxibxOKas/Muk67/3Ezez+rcdcZ+xSXz9PJFpoZa3MlXcMNTwbXQ3GXK2mB58gqu0OPPE9aMbs313Q/S94VMo9IeYxfntWHaeqV/ef4PAAAAAAAAAAAAAAAAAABw1VzE/1ioeowAAAAAAAAAAAAAAAAAAAAAAFx1Z3//79LgTU2hvxHv3v8bT33/79ALgP2Lonj/L1CNDwEAAP//FJB9Ww==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x800, 0x0) getdents64(r0, &(0x7f00000004c0)=""/55, 0x37) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x380201a, 0x0, 0xfd, 0x0, &(0x7f00000000c0)) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') 2.001930287s ago: executing program 4 (id=94): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x31) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) 1.901643313s ago: executing program 1 (id=95): sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="ea49500d08a8b14f96bfa88d9b25da204fdf5b6905619bc8f657224d2f9d6f943ecf1a54bccd6f380c312c0220557d3074ded0d656314d2f3f2bd8b4a2eb231f36275edb225b95eb26d0de0ea6309a66db0d"], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) syz_open_pts(r0, 0x2) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$usbmon(r2, &(0x7f0000000340)=""/126, 0x7e) 1.788250165s ago: executing program 3 (id=96): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0xb149, 0x42, 0x0, 0x0) 1.155914517s ago: executing program 3 (id=97): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) syz_usb_connect$cdc_ncm(0x0, 0x7a, 0x0, 0x0) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {0x0, 0x0, 0x1}, 0xfd}, 0x18) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)=@mpls_getnetconf={0x14, 0x52, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}}, 0x40000) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0x0, 0xf}, {0xb4f1e1afdc2f4fb0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4000040}, 0x0) 1.021006423s ago: executing program 2 (id=98): r0 = socket$nl_route(0x10, 0x3, 0x0) close(0x3) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2}, 0x18) sendmmsg(r1, &(0x7f000000a200)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="220733d69b211bb4a3f85730728e28424ba4cda255348a19dfc31da6b47d7904126212e0e8502fb4f3dadbbdfa5c952f12a9036dae3d2b0fc75a7bee726dc4c93d91e404a7c235d50738b60402190afaa9e06aff5bdd9087ac06c98060dd3ce9d5871751f599848cefda4e3893ed17b43fadafd1e859e9376358372d4f3cb3a0bf0fe13d15f63fee7e5753f3b19ae14a1226f1d0e748b0b0fc15af257611a13d40cc6aa716bd2733d9395d32fafe82dccc3b211e02659298134932c7c7d1033958c52744bb6adcf202f058a68249", 0xce}, {&(0x7f0000000400)="73fd5418cdbef924ba442463287fbdde2ab7da9d2b26d6b741a60e2aba6555bff157db432a06da33ed74145ddfec5146fe85c31fd70ec45ce1d1fe8dbf85f5e9eed99d6adec3a8a271e9fa501ef5898da20a50c603fbb5af49e0c36b53c91e33ccd527e2ba5edab0f61b9833642fcc839ced7b2ae3c5ab3c565aa52b38f42b865e07775777066808b3a7c4e70e4c05717bc6da503324a9ab9e13b738908b5e9f5b080b464098931a725cfbf8403017399050e250f8cb8b99bd8e5b138dcd386b324e381a36f63aac6099b8aa3979408d4f9db909a8d353a3dc533e2b558cd5921dbf0b33760bb481ffd108e820e871b6e19a87f8141e990d94de13dd8faee04b4e732b122fc85beb7f0163f169e9744ce609ea57fdaafd954cd8562ab91b47176ed0548096ca08ad7264c40f882894a2dbfa9bbc37bdc253a477eb4ae52faa1e6632bfc950b0209bb048349ea50d3527fbbc31a706ffe7c566551ca79d4b0e1359275f044cfbf90cd8497ed033fa064e58f0c11a1a8d18cf53866d4d7b232fb54ed86ea9654440deabd4e8ca66061633ba34a298732ba9605fe31a530f5198aa3e1d1c0fda4c036dc845c835b1959dc0b13cf15c75f58c6ef62f56588d7043c03cfeff1f7b0792e514ac00c9d7570ac95037f6fa4f0cfd7263649bd2b5342320f74ef89799307f596d5db41c683f615da96eb5a5b802fa8ecf3764f6ffd5271e66b382e0e14b81f145c22d4f90306ef02c8c8921521e46b23f72b2fdd2b4fc9a3eb6f03207ada71244714e67cbf65c138215e612a8c9a4420aa45fc39164f5cfc4f9fc014fcfd10b856c3ebd4e1e877046aaee29a642b211f356cb7ed483eda92450d5ff66ff23a20a8bb845265a2939cb34c48a2b22b33bb3e774383588b9f7a53333eb20f4c1054368e34d3acc692d3b12f746b729a122b0aa62a74f5bf0040d589f815c1bce1b4a5934384998df3ab48fe41f0b90fb4d4d8cb01bfecfc86a96d91facba50a5828a8f62bb8759f3dfaeb728e3e42744e83fbad739bd03de69d1c78f6d01b714b11a284caa1ebba69fe7d29e2cbc43db1e6d249545a7c6debd66b5b5f53d4c1d6cebcb2fa427160eb86e48047aab6ce43f7fa0d5bb1dc99ba03e65a7bf178ccba74cf71dec7712414b38f7bf98065a518366839ca4f4a1887ad28d495c1d5c4aa413128d80ab031bd7694cf1101fe9dd65e99849ce6b2e69d6e371bd1df1022e32125747356748d0d3b30fa7d2aa6394707a60b572606d7297091fb45a5534cf269f77f6fc61c92b94f141f06ba8e347667c2fb2c87de5eacf60fadc48f7d7c5516be44807b48583ecc13e00a58143e134706700d28357ac38611494311b049dd497cc5ce315051e215a57f33939d320f808f8dcdedeb60f42b71d618e272506f0bc28843d3fd337989d74600299ab187395347c5bfbb665e5bc03e27978c0b0a464355a47da458690f957122beac9bb139b4223bd156ad74bb76e6880823e52f9eb806aad122892ebd8355ff6cb15ff2e0ce7cad2219a333999318f59c986b4bee11b9f05e355fe32e98732015f17eb19db77088c55d321828bec2dd25ba0da232717e8dafed91f96636d930f3c38b46da4c5541ae963e30e89a341af805176d9e1c9c88068bd81f4acf0325d24fa76dacbff3b88615699f08ded43403b7aeecdd2bbec00e60555317a4e24828ba9e8b9a737621d8ba12fa83c963d67a5a5e5ebbf29ac272cad91786c269fc053ce3f50bb0c05926ccefcc4548d42142efbd86460ec4516aa48e34b54af6319b8c948b69a1fd0d49930d844f13cf5bd1e67c662cdca6dc5f4daf11a75a123ed0a740dfe3014515917a2b01d691803cd7c8f4c46a2fefeab1608498503df514da7c62692b3c2b927b0f09164b367a260aee0c619575891e98ec8391a0b385d4b9ca4a421e2766047cbc11264e89f7d704e7c83d7e50b1c2fa3648c90cb8f66d93f40df5ac3fdd206a3997a5efb0a2cab9c07e00165c2b1cb2c2baf1b06493c4809d1d5dd5c7e6dbc22f1385482f54d4fb96e9e8aec587fe68b7d2d033c7efe622918e0d8661c89582f50db39a3376c1684b9dcfb10ef6cca665c75e2b7e468e7cb3a15604b759b0d949f459b982181f5f423f5dfc8b209665c9763ed0545f9ebf77661559312b4c2fc9518434530f75bf17d1ab39be227845a1d1c9982f2e27601009c36c9ce9cf11da012532e09d23ef2a749a5ca8df867", 0x62c}, {0x0, 0xe}], 0x3, &(0x7f0000002480)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x60000800) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) 0s ago: executing program 1 (id=99): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x0, 0x7, 0x6590000, 0x10001, 0x0, 0x0, 0x7fff, 0x7, 0x0, 0x0, 0x0, 0x5}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.15.207' (ED25519) to the list of known hosts. [ 201.148913][ T5778] cgroup: Unknown subsys name 'net' [ 201.282163][ T5778] cgroup: Unknown subsys name 'cpuset' [ 201.298610][ T5778] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 229.615348][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.622206][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.858843][ T5778] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 260.625048][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 260.635095][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 260.646661][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 260.656473][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 260.664208][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 260.673762][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 260.681732][ T5818] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 260.691068][ T5818] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 260.700794][ T5818] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 260.712991][ T5818] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 260.720693][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 260.724453][ T5818] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 260.731799][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 260.738300][ T5818] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 260.749289][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 260.751253][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 260.758215][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 260.778468][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 260.788771][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 260.802098][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 260.812742][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 260.821882][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 260.832324][ T5808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 260.845061][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 260.862355][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 262.261642][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 262.529041][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 262.875430][ T5814] Bluetooth: hci4: command tx timeout [ 262.881143][ T5814] Bluetooth: hci0: command tx timeout [ 262.955677][ T5814] Bluetooth: hci2: command tx timeout [ 262.961382][ T5814] Bluetooth: hci1: command tx timeout [ 262.972234][ T5804] Bluetooth: hci3: command tx timeout [ 262.999590][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 263.429000][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.438530][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.446535][ T5806] bridge_slave_0: entered allmulticast mode [ 263.456499][ T5806] bridge_slave_0: entered promiscuous mode [ 263.490173][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 263.518297][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.526137][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.533973][ T5806] bridge_slave_1: entered allmulticast mode [ 263.543967][ T5806] bridge_slave_1: entered promiscuous mode [ 263.561844][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 263.776104][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.924385][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.206564][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.214396][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.224210][ T5800] bridge_slave_0: entered allmulticast mode [ 264.234026][ T5800] bridge_slave_0: entered promiscuous mode [ 264.345709][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.353372][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.361426][ T5800] bridge_slave_1: entered allmulticast mode [ 264.371645][ T5800] bridge_slave_1: entered promiscuous mode [ 264.576111][ T5806] team0: Port device team_slave_0 added [ 264.631458][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.639223][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.647141][ T5801] bridge_slave_0: entered allmulticast mode [ 264.657015][ T5801] bridge_slave_0: entered promiscuous mode [ 264.684587][ T5806] team0: Port device team_slave_1 added [ 264.750380][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.761922][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.771957][ T5801] bridge_slave_1: entered allmulticast mode [ 264.781849][ T5801] bridge_slave_1: entered promiscuous mode [ 264.886768][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 264.907546][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.956087][ T49] Bluetooth: hci0: command tx timeout [ 264.956285][ T5814] Bluetooth: hci4: command tx timeout [ 265.038282][ T5814] Bluetooth: hci1: command tx timeout [ 265.044141][ T49] Bluetooth: hci3: command tx timeout [ 265.046216][ T5804] Bluetooth: hci2: command tx timeout [ 265.211347][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.221736][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.229631][ T5803] bridge_slave_0: entered allmulticast mode [ 265.239400][ T5803] bridge_slave_0: entered promiscuous mode [ 265.252950][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 265.260399][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 265.286939][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 265.339566][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.347490][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.355890][ T5805] bridge_slave_0: entered allmulticast mode [ 265.365859][ T5805] bridge_slave_0: entered promiscuous mode [ 265.390172][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.401868][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.409997][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.417999][ T5803] bridge_slave_1: entered allmulticast mode [ 265.427740][ T5803] bridge_slave_1: entered promiscuous mode [ 265.441421][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 265.448766][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 265.475301][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 265.495138][ T5800] team0: Port device team_slave_0 added [ 265.521533][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.529387][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.537511][ T5805] bridge_slave_1: entered allmulticast mode [ 265.547262][ T5805] bridge_slave_1: entered promiscuous mode [ 265.566438][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.660175][ T5800] team0: Port device team_slave_1 added [ 265.724474][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.749507][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.996350][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.046534][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.053847][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.080802][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.096947][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.104156][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.130649][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.189849][ T5801] team0: Port device team_slave_0 added [ 266.207902][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.286648][ T5806] hsr_slave_0: entered promiscuous mode [ 266.299613][ T5806] hsr_slave_1: entered promiscuous mode [ 266.331297][ T5803] team0: Port device team_slave_0 added [ 266.346333][ T5801] team0: Port device team_slave_1 added [ 266.444669][ T5805] team0: Port device team_slave_0 added [ 266.464849][ T5805] team0: Port device team_slave_1 added [ 266.480339][ T5803] team0: Port device team_slave_1 added [ 266.610188][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.617809][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.644421][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.802935][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.810404][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.837034][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.903620][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.911067][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.937634][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.003257][ T5800] hsr_slave_0: entered promiscuous mode [ 267.013660][ T5800] hsr_slave_1: entered promiscuous mode [ 267.022783][ T5800] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.030733][ T5800] Cannot create hsr debugfs directory [ 267.040090][ T5804] Bluetooth: hci0: command tx timeout [ 267.050393][ T5804] Bluetooth: hci4: command tx timeout [ 267.116338][ T5814] Bluetooth: hci2: command tx timeout [ 267.122159][ T5804] Bluetooth: hci1: command tx timeout [ 267.126678][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.130393][ T5804] Bluetooth: hci3: command tx timeout [ 267.134919][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.168419][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.183806][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.191219][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.217891][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.330053][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.337498][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.365562][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.670863][ T5805] hsr_slave_0: entered promiscuous mode [ 267.683473][ T5805] hsr_slave_1: entered promiscuous mode [ 267.692071][ T5805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.700016][ T5805] Cannot create hsr debugfs directory [ 267.787505][ T5801] hsr_slave_0: entered promiscuous mode [ 267.797943][ T5801] hsr_slave_1: entered promiscuous mode [ 267.806643][ T5801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.814415][ T5801] Cannot create hsr debugfs directory [ 268.180413][ T5803] hsr_slave_0: entered promiscuous mode [ 268.190890][ T5803] hsr_slave_1: entered promiscuous mode [ 268.200370][ T5803] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 268.209392][ T5803] Cannot create hsr debugfs directory [ 269.044178][ T5806] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 269.115050][ T49] Bluetooth: hci4: command tx timeout [ 269.120822][ T5804] Bluetooth: hci0: command tx timeout [ 269.162140][ T5806] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 269.195306][ T5804] Bluetooth: hci3: command tx timeout [ 269.201043][ T5804] Bluetooth: hci2: command tx timeout [ 269.207054][ T49] Bluetooth: hci1: command tx timeout [ 269.246049][ T5806] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 269.323156][ T5806] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 269.454442][ T5800] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 269.528024][ T5800] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 269.551552][ T5800] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 269.575158][ T5800] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 269.810535][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 269.853542][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 269.879864][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 269.904240][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 270.041246][ T5801] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 270.142771][ T5801] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 270.172296][ T5801] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 270.291843][ T5801] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 270.462473][ T5803] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 270.590563][ T5803] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 270.644615][ T5803] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 270.729631][ T5803] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 270.858356][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.038658][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.155796][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.163451][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.241397][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.249171][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.282846][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.429524][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.527535][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.535268][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.683010][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.690754][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.850993][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.915869][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.157932][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.178396][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.304027][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.311795][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.331137][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.339207][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.475098][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.482779][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.501997][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.509782][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.656261][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.950399][ T5801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 272.978664][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 273.128964][ T5805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 273.141413][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 273.219010][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.226853][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 273.528908][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.536675][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 273.685070][ T5803] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 273.695979][ T5803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 274.533198][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 274.864006][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.309156][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.317750][ T5806] veth0_vlan: entered promiscuous mode [ 275.429520][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.467676][ T5806] veth1_vlan: entered promiscuous mode [ 275.578725][ T5800] veth0_vlan: entered promiscuous mode [ 275.706204][ T5800] veth1_vlan: entered promiscuous mode [ 275.938086][ T5806] veth0_macvtap: entered promiscuous mode [ 275.968174][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.022899][ T5806] veth1_macvtap: entered promiscuous mode [ 276.072084][ T5805] veth0_vlan: entered promiscuous mode [ 276.211329][ T5800] veth0_macvtap: entered promiscuous mode [ 276.255955][ T5805] veth1_vlan: entered promiscuous mode [ 276.289577][ T5800] veth1_macvtap: entered promiscuous mode [ 276.308956][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.438170][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.561936][ T5806] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.571322][ T5806] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.580722][ T5806] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.590020][ T5806] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.691260][ T5803] veth0_vlan: entered promiscuous mode [ 276.722598][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.828359][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.854473][ T5803] veth1_vlan: entered promiscuous mode [ 276.872718][ T5805] veth0_macvtap: entered promiscuous mode [ 276.939508][ T5800] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.949782][ T5800] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.961398][ T5800] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.971212][ T5800] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.004423][ T5805] veth1_macvtap: entered promiscuous mode [ 277.234600][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.261184][ T5803] veth0_macvtap: entered promiscuous mode [ 277.331203][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.373775][ T5803] veth1_macvtap: entered promiscuous mode [ 277.439550][ T5805] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.449000][ T5805] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.458345][ T5805] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.467614][ T5805] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.723395][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.845486][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.923958][ T5803] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.936178][ T5803] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.945478][ T5803] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.954564][ T5803] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.848514][ T5801] veth0_vlan: entered promiscuous mode [ 278.999130][ T5801] veth1_vlan: entered promiscuous mode [ 279.381532][ T5801] veth0_macvtap: entered promiscuous mode [ 279.456654][ T5801] veth1_macvtap: entered promiscuous mode [ 279.682491][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 279.832692][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 279.926574][ T5801] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.937291][ T5801] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.946593][ T5801] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.955804][ T5801] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.442121][ T4360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.450453][ T4360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.660484][ T3776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.668948][ T3776] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.924048][ T1878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.932354][ T1878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.142069][ T1878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.150462][ T1878] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.220245][ T5806] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 285.381803][ T1878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.390234][ T1878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.701460][ T4167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.711452][ T4167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.904157][ T2975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.913316][ T2975] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.278395][ T3437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.286764][ T3437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.115622][ T5992] process 'syz.0.6' launched './file1' with NULL argv: empty string added [ 288.093872][ T5995] loop3: detected capacity change from 0 to 32768 [ 288.103651][ T5995] ======================================================= [ 288.103651][ T5995] WARNING: The mand mount option has been deprecated and [ 288.103651][ T5995] and is ignored by this kernel. Remove the mand [ 288.103651][ T5995] option from the mount to silence this warning. [ 288.103651][ T5995] ======================================================= [ 288.248664][ T5995] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 288.299533][ T5995] OCFS2: ERROR (device loop3): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has invalid tree depth 312 in extent list [ 288.319179][ T5995] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 288.329407][ T5995] OCFS2: File system is now read-only. [ 288.335278][ T5995] (syz.3.7,5995,0):ocfs2_find_leaf:1948 ERROR: status = -30 [ 288.342902][ T5995] (syz.3.7,5995,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 288.351588][ T5995] (syz.3.7,5995,0):ocfs2_get_clusters:634 ERROR: status = -30 [ 288.359495][ T5995] (syz.3.7,5995,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -30 [ 288.368267][ T5995] (syz.3.7,5995,0):ocfs2_read_virt_blocks:997 ERROR: status = -30 [ 288.379205][ T5995] (syz.3.7,5995,0):ocfs2_read_dir_block:511 ERROR: status = -30 [ 288.441695][ T5995] OCFS2: ERROR (device loop3): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 288.458954][ T5995] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 288.469318][ T5995] (syz.3.7,5995,0):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 288.633994][ T5800] ocfs2: Unmounting device (7,3) on (node local) [ 289.719272][ T4167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.728320][ T4167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.991770][ T2975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.000306][ T2975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.076970][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 291.083880][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.133243][ T6020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 292.081847][ T6031] binder: 6030:6031 ioctl c0306201 200000000040 returned -14 [ 292.536850][ T6037] syz.0.18 uses obsolete (PF_INET,SOCK_PACKET) [ 292.930420][ T6041] loop4: detected capacity change from 0 to 1024 [ 293.267148][ T6041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.959469][ T5801] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.473730][ T6058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26'. [ 295.878854][ T6066] loop3: detected capacity change from 0 to 32768 [ 295.895826][ T6066] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.28 (6066) [ 295.925317][ T6066] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 295.936877][ T6066] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 295.948564][ T6066] BTRFS info (device loop3): disk space caching is enabled [ 295.961436][ T6066] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 296.328299][ T6066] BTRFS info (device loop3): rebuilding free space tree [ 296.367447][ T6087] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 296.413771][ T6066] BTRFS info (device loop3): disabling free space tree [ 296.421265][ T6066] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 296.432640][ T6066] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 296.713783][ T6093] loop4: detected capacity change from 0 to 128 [ 297.198304][ T30] audit: type=1800 audit(1750639244.584:2): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.33" name="bus" dev="loop4" ino=1048600 res=0 errno=0 [ 297.263252][ T6095] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 297.270817][ T6095] overlayfs: failed to set xattr on upper [ 297.277187][ T6095] overlayfs: ...falling back to redirect_dir=nofollow. [ 297.290091][ T6095] overlayfs: ...falling back to uuid=null. [ 297.456173][ T5800] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 297.576020][ T6101] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 297.616429][ T6100] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 297.659594][ T6099] syz.4.33: attempt to access beyond end of device [ 297.659594][ T6099] loop4: rw=0, sector=121, nr_sectors = 552 limit=128 [ 299.471616][ T6115] loop4: detected capacity change from 0 to 512 [ 299.906311][ T6115] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.919751][ T6115] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.001922][ T6124] loop0: detected capacity change from 0 to 128 [ 300.023127][ T6123] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 300.055646][ T6124] EXT4-fs: Ignoring removed nobh option [ 300.196786][ T6124] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 300.285962][ T6124] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 300.811807][ T5801] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.055153][ T5806] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 301.205588][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 301.505416][ T24] usb 2-1: config 0 has an invalid interface number: 98 but max is 0 [ 301.513996][ T24] usb 2-1: config 0 has no interface number 0 [ 301.520767][ T24] usb 2-1: config 0 interface 98 has no altsetting 0 [ 301.557698][ T6139] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 301.662839][ T24] usb 2-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 301.673710][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.697012][ T24] usb 2-1: Product: syz [ 301.707328][ T24] usb 2-1: Manufacturer: syz [ 301.712237][ T24] usb 2-1: SerialNumber: syz [ 301.793468][ T24] usb 2-1: config 0 descriptor?? [ 302.063235][ T24] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 302.235958][ T5804] Bluetooth: hci1: command tx timeout [ 302.251830][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 302.636274][ T24] usb 2-1: reset high-speed USB device number 2 using dummy_hcd [ 303.165612][ T24] usb 2-1: failed to restore interface 98 altsetting 4 (error=-71) [ 303.203471][ T24] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 303.211609][ T24] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 303.251131][ T42] usb 2-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 303.260661][ T42] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 303.317879][ T24] usb 2-1: USB disconnect, device number 2 [ 303.627226][ T6156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.53'. [ 303.669067][ T5908] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 303.914063][ T5908] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.924792][ T5908] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 303.934009][ T5908] usb 1-1: config 1 has no interface number 0 [ 303.947341][ T5908] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.960745][ T5908] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 304.114271][ T5908] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 304.124242][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.133718][ T5908] usb 1-1: Product: syz [ 304.138252][ T5908] usb 1-1: Manufacturer: syz [ 304.148300][ T5908] usb 1-1: SerialNumber: syz [ 305.436193][ T5908] cdc_ncm 1-1:1.1: bind() failure [ 305.630901][ T5908] usb 1-1: USB disconnect, device number 2 [ 305.738236][ T6170] loop3: detected capacity change from 0 to 32768 [ 305.755172][ T6170] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.57 (6170) [ 305.798982][ T6170] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 305.810122][ T6170] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 305.819618][ T6170] BTRFS info (device loop3): disk space caching is enabled [ 305.827253][ T6170] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 306.054611][ T6170] BTRFS info (device loop3): rebuilding free space tree [ 306.112999][ T6170] BTRFS info (device loop3): disabling free space tree [ 306.121048][ T6170] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 306.131549][ T6170] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 306.225520][ T1624] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 306.653105][ T1624] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 306.663605][ T1624] usb 5-1: config 0 interface 0 has no altsetting 0 [ 306.730995][ T1624] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 306.741602][ T1624] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 306.750287][ T1624] usb 5-1: Product: syz [ 306.754792][ T1624] usb 5-1: Manufacturer: syz [ 306.759643][ T1624] usb 5-1: SerialNumber: syz [ 306.867416][ T1624] usb 5-1: config 0 descriptor?? [ 306.914351][ T1624] usb 5-1: selecting invalid altsetting 0 [ 307.211622][ T1624] usb 5-1: USB disconnect, device number 2 [ 307.331934][ T11] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 307.472173][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 307.545387][ T11] usb 1-1: Using ep0 maxpacket: 32 [ 307.622137][ T11] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 307.635464][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.643800][ T11] usb 1-1: Product: syz [ 307.649666][ T11] usb 1-1: Manufacturer: syz [ 307.654560][ T11] usb 1-1: SerialNumber: syz [ 307.801441][ T11] usb 1-1: config 0 descriptor?? [ 307.880227][ T5800] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 307.930579][ T11] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 308.920732][ T30] audit: type=1804 audit(1750639256.324:3): pid=6206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.65" name="file0" dev="ramfs" ino=7089 res=1 errno=0 [ 308.976793][ T6201] loop2: detected capacity change from 0 to 2048 [ 309.005340][ T5908] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 309.123190][ T6208] loop1: detected capacity change from 0 to 128 [ 309.133851][ T6201] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 309.142392][ T6201] UDF-fs: Scanning with blocksize 512 failed [ 309.215139][ T5908] usb 4-1: Using ep0 maxpacket: 16 [ 309.258866][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.276142][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.288284][ T5908] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 309.301833][ T5908] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 309.311400][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.356428][ T11] gspca_stk1135: reg_w 0xf err -71 [ 309.362947][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.376346][ T11] gspca_stk1135: Sensor write failed [ 309.378974][ T5908] usb 4-1: config 0 descriptor?? [ 309.381849][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.395573][ T11] gspca_stk1135: Sensor write failed [ 309.401181][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.407953][ T11] gspca_stk1135: Sensor read failed [ 309.413465][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.420150][ T11] gspca_stk1135: Sensor read failed [ 309.425794][ T11] gspca_stk1135: Detected sensor type unknown (0x0) [ 309.432777][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.439515][ T11] gspca_stk1135: Sensor read failed [ 309.445156][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.451729][ T11] gspca_stk1135: Sensor read failed [ 309.457535][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.464089][ T11] gspca_stk1135: Sensor write failed [ 309.475367][ T11] gspca_stk1135: serial bus timeout: status=0x00 [ 309.481960][ T11] gspca_stk1135: Sensor write failed [ 309.489402][ T11] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 309.655266][ T6201] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 309.723134][ T6208] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 309.836483][ T6208] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 309.925542][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.933202][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.941134][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.948869][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.956989][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.970989][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.988172][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 309.998369][ T5908] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 310.059231][ T11] usb 1-1: USB disconnect, device number 3 [ 310.076160][ T6203] Zero length message leads to an empty skb [ 310.202579][ T5908] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0001/input/input5 [ 310.455732][ T5908] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 310.634150][ T5908] usb 4-1: USB disconnect, device number 2 [ 311.179998][ T5803] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 312.003235][ T6228] capability: warning: `syz.4.71' uses 32-bit capabilities (legacy support in use) [ 312.168321][ T6215] fido_id[6215]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 312.237325][ T6230] loop0: detected capacity change from 0 to 128 [ 312.430619][ T6230] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 312.546579][ T6230] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.867328][ T6232] getblk(): invalid block size 1024 requested [ 312.873697][ T6232] logical block size: 4096 [ 312.879082][ T6232] CPU: 0 UID: 0 PID: 6232 Comm: syz.0.73 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 312.879238][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.879337][ T6232] Call Trace: [ 312.879411][ T6232] [ 312.879465][ T6232] __dump_stack+0x26/0x30 [ 312.879669][ T6232] dump_stack_lvl+0x1df/0x270 [ 312.879863][ T6232] dump_stack+0x1e/0x25 [ 312.880038][ T6232] bdev_getblk+0xb25/0xb40 [ 312.880269][ T6232] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 312.880494][ T6232] ext4_getblk+0x36f/0xdf0 [ 312.880663][ T6232] ext4_bread_batch+0x95/0x6d0 [ 312.880826][ T6232] ? __cond_resched+0x15/0x130 [ 312.881029][ T6232] __ext4_find_entry+0x20c5/0x3a90 [ 312.881323][ T6232] ? ext4_fname_prepare_lookup+0x536/0x5f0 [ 312.881554][ T6232] ext4_lookup+0x18b/0xbe0 [ 312.881768][ T6232] ? kmsan_get_metadata+0xfb/0x160 [ 312.881953][ T6232] ? __pfx_ext4_lookup+0x10/0x10 [ 312.882130][ T6232] lookup_one_qstr_excl_raw+0x207/0x5b0 [ 312.882311][ T6232] filename_create+0x2e3/0x700 [ 312.882507][ T6232] do_symlinkat+0x88/0xbd0 [ 312.882711][ T6232] __x64_sys_symlink+0xcf/0x140 [ 312.882899][ T6232] x64_sys_call+0x3a03/0x3db0 [ 312.883082][ T6232] do_syscall_64+0xd9/0x210 [ 312.883222][ T6232] ? irqentry_exit+0x16/0x60 [ 312.883342][ T6232] ? clear_bhb_loop+0x40/0x90 [ 312.883488][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.883635][ T6232] RIP: 0033:0x7f2104d8e929 [ 312.883752][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.883866][ T6232] RSP: 002b:00007f2105c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 312.884014][ T6232] RAX: ffffffffffffffda RBX: 00007f2104fb6080 RCX: 00007f2104d8e929 [ 312.884112][ T6232] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000200000000540 [ 312.884199][ T6232] RBP: 00007f2104e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 312.884286][ T6232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 312.884388][ T6232] R13: 0000000000000001 R14: 00007f2104fb6080 R15: 00007ffcaa6f5358 [ 312.884520][ T6232] [ 313.319154][ T5806] getblk(): invalid block size 1024 requested [ 313.327015][ T5806] logical block size: 4096 [ 313.331769][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 313.331923][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.332012][ T5806] Call Trace: [ 313.332064][ T5806] [ 313.332116][ T5806] __dump_stack+0x26/0x30 [ 313.332293][ T5806] dump_stack_lvl+0x1df/0x270 [ 313.332477][ T5806] dump_stack+0x1e/0x25 [ 313.332636][ T5806] bdev_getblk+0xb25/0xb40 [ 313.332847][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.333073][ T5806] ext4_getblk+0x36f/0xdf0 [ 313.333236][ T5806] ext4_bread+0x4a/0x360 [ 313.333374][ T5806] __ext4_read_dirblock+0x11c/0xe20 [ 313.333560][ T5806] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 313.333785][ T5806] htree_dirblock_to_tree+0x129/0x14c0 [ 313.334008][ T5806] ? stack_depot_save_flags+0x35/0x7b0 [ 313.334183][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.334400][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.334601][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.334813][ T5806] ext4_htree_fill_tree+0x1a3a/0x1c80 [ 313.335051][ T5806] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 313.335252][ T5806] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 313.335443][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.335645][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.335864][ T5806] ext4_readdir+0x5687/0x6b90 [ 313.336055][ T5806] ? __rcu_read_unlock+0x6d/0xd0 [ 313.336213][ T5806] ? aa_file_perm+0x24c/0x18d0 [ 313.336393][ T5806] ? aa_file_perm+0x378/0x18d0 [ 313.336559][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.336770][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.336988][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.337208][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.337473][ T5806] ? __pfx_ext4_readdir+0x10/0x10 [ 313.337634][ T5806] iterate_dir+0x719/0x920 [ 313.337836][ T5806] __se_sys_getdents64+0x17e/0x550 [ 313.338036][ T5806] ? __pfx_filldir64+0x10/0x10 [ 313.338233][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.338456][ T5806] __x64_sys_getdents64+0x97/0xe0 [ 313.338655][ T5806] x64_sys_call+0x16c4/0x3db0 [ 313.338873][ T5806] do_syscall_64+0xd9/0x210 [ 313.339018][ T5806] ? irqentry_exit+0x16/0x60 [ 313.339137][ T5806] ? clear_bhb_loop+0x40/0x90 [ 313.339285][ T5806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.339428][ T5806] RIP: 0033:0x7f2104dc1293 [ 313.339527][ T5806] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 72 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 313.339660][ T5806] RSP: 002b:00007ffcaa6f34b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 313.339824][ T5806] RAX: ffffffffffffffda RBX: 0000555565af2600 RCX: 00007f2104dc1293 [ 313.339928][ T5806] RDX: 0000000000008000 RSI: 0000555565af2600 RDI: 0000000000000005 [ 313.340031][ T5806] RBP: 0000555565af25d4 R08: 0000000000000000 R09: 0000000000000000 [ 313.340120][ T5806] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 313.340214][ T5806] R13: 0000000000000010 R14: 0000555565af25d0 R15: 00007ffcaa6f5770 [ 313.340345][ T5806] [ 313.651955][ T5806] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz-executor: error -12 reading directory block [ 313.676078][ T5806] getblk(): invalid block size 1024 requested [ 313.682400][ T5806] logical block size: 4096 [ 313.689027][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 313.689184][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.689268][ T5806] Call Trace: [ 313.689320][ T5806] [ 313.689373][ T5806] __dump_stack+0x26/0x30 [ 313.689575][ T5806] dump_stack_lvl+0x1df/0x270 [ 313.689791][ T5806] dump_stack+0x1e/0x25 [ 313.689950][ T5806] bdev_getblk+0xb25/0xb40 [ 313.690147][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.690346][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.690564][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.690782][ T5806] __ext4_get_inode_loc+0x79f/0x1ad0 [ 313.690950][ T5806] ? filter_irq_stacks+0x12c/0x190 [ 313.691175][ T5806] ext4_reserve_inode_write+0x1b1/0x570 [ 313.691377][ T5806] ? ext4_dirty_inode+0x190/0x210 [ 313.691550][ T5806] __ext4_mark_inode_dirty+0xc6/0x970 [ 313.691781][ T5806] ? __ext4_journal_start_sb+0x264/0x610 [ 313.691982][ T5806] ext4_dirty_inode+0x190/0x210 [ 313.692179][ T5806] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 313.692348][ T5806] __mark_inode_dirty+0x2d6/0x1090 [ 313.692505][ T5806] ? kmsan_get_metadata+0xfb/0x160 [ 313.692739][ T5806] touch_atime+0x915/0xa30 [ 313.692934][ T5806] iterate_dir+0x7d8/0x920 [ 313.693156][ T5806] __se_sys_getdents64+0x17e/0x550 [ 313.693359][ T5806] ? __pfx_filldir64+0x10/0x10 [ 313.693554][ T5806] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.693777][ T5806] __x64_sys_getdents64+0x97/0xe0 [ 313.693991][ T5806] x64_sys_call+0x16c4/0x3db0 [ 313.694191][ T5806] do_syscall_64+0xd9/0x210 [ 313.694344][ T5806] ? irqentry_exit+0x16/0x60 [ 313.694477][ T5806] ? clear_bhb_loop+0x40/0x90 [ 313.694648][ T5806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.694802][ T5806] RIP: 0033:0x7f2104dc1293 [ 313.694911][ T5806] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 72 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 313.695041][ T5806] RSP: 002b:00007ffcaa6f34b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 313.695178][ T5806] RAX: ffffffffffffffda RBX: 0000555565af2600 RCX: 00007f2104dc1293 [ 313.695282][ T5806] RDX: 0000000000008000 RSI: 0000555565af2600 RDI: 0000000000000005 [ 313.695374][ T5806] RBP: 0000555565af25d4 R08: 0000000000000000 R09: 0000000000000000 [ 313.695467][ T5806] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 313.695564][ T5806] R13: 0000000000000010 R14: 0000555565af25d0 R15: 00007ffcaa6f5770 [ 313.695701][ T5806] [ 313.964057][ T5806] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Out of memory [ 313.981198][ T5806] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 313.991715][ T5806] EXT4-fs (loop0): I/O error while writing superblock [ 313.998895][ T5806] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz-executor: mark_inode_dirty error [ 314.012617][ T5806] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 314.012637][ T6210] EXT4-fs error (device loop0): ext4_wait_block_bitmap:584: comm ext4lazyinit: Cannot read block bitmap - block_group = 0, block_bitmap = 3 [ 314.035990][ T5806] EXT4-fs (loop0): I/O error while writing superblock [ 314.150154][ T6210] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 314.159086][ T6210] EXT4-fs (loop0): I/O error while writing superblock [ 314.194525][ T6024] Buffer I/O error on dev loop0, logical block 0, async page read [ 314.202872][ T6024] Buffer I/O error on dev loop0, logical block 3, async page read [ 314.356570][ T6024] Buffer I/O error on dev loop0, logical block 0, async page read [ 314.365015][ T6024] Buffer I/O error on dev loop0, logical block 3, async page read [ 314.374799][ T6024] Buffer I/O error on dev loop0, logical block 0, async page read [ 314.389659][ T6024] Buffer I/O error on dev loop0, logical block 3, async page read [ 314.473013][ T4360] getblk(): invalid block size 1024 requested [ 314.479634][ T4360] logical block size: 4096 [ 314.488161][ T4360] CPU: 0 UID: 0 PID: 4360 Comm: kworker/u8:32 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 314.488306][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.488428][ T4360] Workqueue: writeback wb_workfn (flush-7:0) [ 314.488638][ T4360] Call Trace: [ 314.488690][ T4360] [ 314.488741][ T4360] __dump_stack+0x26/0x30 [ 314.488911][ T4360] dump_stack_lvl+0x1df/0x270 [ 314.489104][ T4360] dump_stack+0x1e/0x25 [ 314.489264][ T4360] bdev_getblk+0xb25/0xb40 [ 314.489453][ T4360] ? kmsan_get_metadata+0xfb/0x160 [ 314.489649][ T4360] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.489854][ T4360] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.490068][ T4360] __ext4_get_inode_loc+0x79f/0x1ad0 [ 314.490212][ T4360] ? ext4_write_inode+0x351/0x930 [ 314.490356][ T4360] ? filter_irq_stacks+0x49/0x190 [ 314.490549][ T4360] ext4_write_inode+0x44b/0x930 [ 314.490714][ T4360] ? __pfx_ext4_write_inode+0x10/0x10 [ 314.490864][ T4360] ? __pfx_ext4_write_inode+0x10/0x10 [ 314.491039][ T4360] __writeback_single_inode+0x88f/0x1190 [ 314.491252][ T4360] writeback_sb_inodes+0xaa9/0x1c90 [ 314.491515][ T4360] ? kmsan_get_metadata+0xfb/0x160 [ 314.491768][ T4360] wb_writeback+0x4ce/0xc00 [ 314.491965][ T4360] ? queue_io+0x411/0x790 [ 314.492139][ T4360] wb_workfn+0x397/0x1910 [ 314.492291][ T4360] ? kmsan_get_metadata+0xfb/0x160 [ 314.492520][ T4360] ? __pfx_wb_workfn+0x10/0x10 [ 314.492665][ T4360] process_scheduled_works+0xb91/0x1d80 [ 314.492932][ T4360] worker_thread+0xedf/0x1590 [ 314.493192][ T4360] kthread+0xd5c/0xf00 [ 314.493329][ T4360] ? __pfx_worker_thread+0x10/0x10 [ 314.493577][ T4360] ? __pfx_kthread+0x10/0x10 [ 314.493725][ T4360] ret_from_fork+0x1e3/0x310 [ 314.493870][ T4360] ? __pfx_kthread+0x10/0x10 [ 314.494022][ T4360] ret_from_fork_asm+0x1a/0x30 [ 314.494243][ T4360] [ 314.519004][ T6024] Buffer I/O error on dev loop0, logical block 0, async page read [ 314.602676][ T5806] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 314.846806][ T6239] input: syz0 as /devices/virtual/input/input6 [ 314.853528][ T6239] input: failed to attach handler leds to device input6, error: -6 [ 314.921343][ T5806] EXT4-fs (loop0): I/O error while writing superblock [ 315.366600][ T1878] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.563511][ T1878] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.799714][ T1878] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.026962][ T1878] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.620691][ T1878] bridge_slave_1: left allmulticast mode [ 316.626884][ T1878] bridge_slave_1: left promiscuous mode [ 316.633662][ T1878] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.680837][ T1878] bridge_slave_0: left allmulticast mode [ 316.687727][ T1878] bridge_slave_0: left promiscuous mode [ 316.694431][ T1878] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.387252][ T1878] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.415768][ T1878] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.447956][ T1878] bond0 (unregistering): Released all slaves [ 318.048279][ T1878] hsr_slave_0: left promiscuous mode [ 318.081440][ T1878] hsr_slave_1: left promiscuous mode [ 318.089928][ T1878] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.098282][ T1878] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.119283][ T1878] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 318.127538][ T1878] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.209798][ T6263] netlink: 2036 bytes leftover after parsing attributes in process `syz.2.85'. [ 318.215225][ T1878] veth1_macvtap: left promiscuous mode [ 318.219300][ T6263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.85'. [ 318.225169][ T1878] veth0_macvtap: left promiscuous mode [ 318.240043][ T1878] veth1_vlan: left promiscuous mode [ 318.246212][ T1878] veth0_vlan: left promiscuous mode [ 318.282432][ T6261] netlink: 28 bytes leftover after parsing attributes in process `syz.3.86'. [ 318.326371][ T1624] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 318.825153][ T1624] usb 2-1: Using ep0 maxpacket: 16 [ 318.855546][ T1624] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 318.907968][ T1624] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 318.917796][ T1624] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.926323][ T1624] usb 2-1: Product: syz [ 318.930774][ T1624] usb 2-1: Manufacturer: syz [ 318.935784][ T1624] usb 2-1: SerialNumber: syz [ 319.148323][ T1624] usb 2-1: config 0 descriptor?? [ 319.176921][ T1624] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 319.186939][ T1624] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 319.754348][ T1878] team0 (unregistering): Port device team_slave_1 removed [ 319.849691][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 319.863243][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 319.888403][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 319.894225][ T1624] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 319.917244][ T1878] team0 (unregistering): Port device team_slave_0 removed [ 320.135570][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 320.148430][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 321.095699][ T1624] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 321.104095][ T1624] em28xx 2-1:0.0: board has no eeprom [ 321.358183][ T1624] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 321.367783][ T1624] em28xx 2-1:0.0: dvb set to bulk mode. [ 321.375772][ T5858] em28xx 2-1:0.0: Binding DVB extension [ 321.537796][ T1624] usb 2-1: USB disconnect, device number 3 [ 321.546704][ T1624] em28xx 2-1:0.0: Disconnecting em28xx [ 322.015324][ T5858] em28xx 2-1:0.0: Registering input extension [ 322.036054][ T1624] em28xx 2-1:0.0: Closing input extension [ 322.251353][ T6294] loop2: detected capacity change from 0 to 64 [ 322.276473][ T1624] em28xx 2-1:0.0: Freeing device [ 322.318204][ T5804] Bluetooth: hci4: command tx timeout [ 322.695741][ T6274] chnl_net:caif_netlink_parms(): no params data found [ 323.478413][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 324.199405][ T6301] loop4: detected capacity change from 0 to 8192 [ 324.435209][ T5804] Bluetooth: hci4: command tx timeout [ 324.441726][ T6315] ===================================================== [ 324.451080][ T6315] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 [ 324.459684][ T6315] _copy_to_user+0xcc/0x120 [ 324.464463][ T6315] copy_siginfo_to_user+0x3f/0x140 [ 324.470017][ T6315] x64_setup_rt_frame+0x1392/0x2590 [ 324.476258][ T6315] arch_do_signal_or_restart+0x63c/0xbf0 [ 324.481719][ C1] vcan0: j1939_tp_rxtimer: 0xffff888012c75600: rx timeout, send abort [ 324.482121][ T6315] exit_to_user_mode_loop+0xec/0x330 [ 324.491234][ C1] vcan0: j1939_tp_rxtimer: 0xffff888012c75400: rx timeout, send abort [ 324.496016][ T6315] do_syscall_64+0x1e3/0x210 [ 324.509683][ T6315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.511342][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888012c75600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 324.515886][ T6315] [ 324.515917][ T6315] Uninit was created at: [ 324.530810][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888012c75400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 324.556991][ T6315] kmem_cache_free+0x2a1/0xec0 [ 324.562001][ T6315] inotify_free_mark+0x3c/0x50 [ 324.567289][ T6315] fsnotify_mark_destroy_workfn+0x320/0x600 [ 324.573493][ T6315] process_scheduled_works+0xb91/0x1d80 [ 324.579559][ T6315] worker_thread+0xedf/0x1590 [ 324.584520][ T6315] kthread+0xd5c/0xf00 [ 324.588977][ T6315] ret_from_fork+0x1e3/0x310 [ 324.593815][ T6315] ret_from_fork_asm+0x1a/0x30 [ 324.599172][ T6315] [ 324.601641][ T6315] Bytes 12-15 of 48 are uninitialized [ 324.607393][ T6315] Memory access of size 48 starts at ffff88804dc6fdf0 [ 324.614341][ T6315] Data copied to user address 00007f8bcfdf5bb0 [ 324.620934][ T6315] [ 324.623424][ T6315] CPU: 0 UID: 0 PID: 6315 Comm: syz.1.99 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 324.639592][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 324.651230][ T6315] ===================================================== [ 324.658662][ T6315] Disabling lock debugging due to kernel taint [ 324.665121][ T6315] Kernel panic - not syncing: kmsan.panic set ... [ 324.671765][ T6315] CPU: 0 UID: 0 PID: 6315 Comm: syz.1.99 Tainted: G B 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(undef) [ 324.685536][ T6315] Tainted: [B]=BAD_PAGE [ 324.689862][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 324.700130][ T6315] Call Trace: [ 324.703586][ T6315] [ 324.706687][ T6315] __dump_stack+0x26/0x30 [ 324.711306][ T6315] dump_stack_lvl+0x53/0x270 [ 324.716164][ T6315] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 324.722310][ T6315] dump_stack+0x1e/0x25 [ 324.726753][ T6315] panic+0x4bd/0xd50 [ 324.730987][ T6315] kmsan_report+0x31c/0x320 [ 324.735803][ T6315] ? kmsan_internal_check_memory+0x16c/0x230 [ 324.742069][ T6315] ? kmsan_copy_to_user+0xf1/0x190 [ 324.747561][ T6315] ? _copy_to_user+0xcc/0x120 [ 324.752498][ T6315] ? copy_siginfo_to_user+0x3f/0x140 [ 324.758038][ T6315] ? x64_setup_rt_frame+0x1392/0x2590 [ 324.763694][ T6315] ? arch_do_signal_or_restart+0x63c/0xbf0 [ 324.769762][ T6315] ? exit_to_user_mode_loop+0xec/0x330 [ 324.775455][ T6315] ? do_syscall_64+0x1e3/0x210 [ 324.780427][ T6315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.786723][ T6315] ? stack_depot_save_flags+0x35/0x7b0 [ 324.792404][ T6315] ? kmsan_get_metadata+0xfb/0x160 [ 324.797770][ T6315] ? kmsan_internal_check_memory+0x9c/0x230 [ 324.803934][ T6315] ? copy_fpstate_to_sigframe+0x126f/0x13d0 [ 324.810125][ T6315] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 324.816208][ T6315] ? kmsan_get_metadata+0xfb/0x160 [ 324.821569][ T6315] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 324.827662][ T6315] kmsan_internal_check_memory+0x16c/0x230 [ 324.833762][ T6315] kmsan_copy_to_user+0xf1/0x190 [ 324.838960][ T6315] _copy_to_user+0xcc/0x120 [ 324.843695][ T6315] copy_siginfo_to_user+0x3f/0x140 [ 324.849038][ T6315] x64_setup_rt_frame+0x1392/0x2590 [ 324.854550][ T6315] arch_do_signal_or_restart+0x63c/0xbf0 [ 324.860506][ T6315] exit_to_user_mode_loop+0xec/0x330 [ 324.866030][ T6315] do_syscall_64+0x1e3/0x210 [ 324.870829][ T6315] ? irqentry_exit+0x16/0x60 [ 324.875604][ T6315] ? clear_bhb_loop+0x40/0x90 [ 324.880510][ T6315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.886616][ T6315] RIP: 0033:0x7f8bd1f8e929 [ 324.891198][ T6315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.911028][ T6315] RSP: 002b:00007f8bcfdf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 324.919670][ T6315] RAX: 0000000000007000 RBX: 00007f8bd21b5fa0 RCX: 00007f8bd1f8e929 [ 324.927822][ T6315] RDX: 000000000000fdbc RSI: 0000200000000500 RDI: 0000000000000004 [ 324.935983][ T6315] RBP: 00007f8bd2010b39 R08: 0000000000000000 R09: 0000000000000000 [ 324.944138][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.952281][ T6315] R13: 0000000000000000 R14: 00007f8bd21b5fa0 R15: 00007ffe2c674cc8 [ 324.960463][ T6315] [ 324.963981][ T6315] Kernel Offset: disabled [ 324.968411][ T6315] Rebooting in 86400 seconds..