last executing test programs: 1m47.78201564s ago: executing program 1 (id=184): r0 = socket$inet6(0xa, 0x3, 0x5) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmmsg(r0, &(0x7f00000006c0)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0x37}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0x108}, 0x12000000}], 0x2, 0xc040) 1m47.72187133s ago: executing program 1 (id=187): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) fsetxattr(r1, &(0x7f0000000040)=@known='com.apple.FinderInfo\x00', 0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0) ioctl$IOC_PR_PREEMPT(r5, 0x40046109, &(0x7f0000000040)={0xef}) 1m47.309149377s ago: executing program 1 (id=192): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0)={0x8}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) shutdown(r0, 0x1) openat$vimc2(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = io_uring_setup(0x3458, &(0x7f0000000080)={0x0, 0xffffeffa, 0x18, 0x2, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@ipv4={""/10, ""/2, @multicast2}}}, {{@in6}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8) 1m46.143853145s ago: executing program 1 (id=197): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x200000, &(0x7f0000000200), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") chdir(&(0x7f0000000400)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x82400, 0x196) lseek(r0, 0x8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getdents(r0, 0x0, 0x40) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sendmsg$sock(r1, &(0x7f0000000900)={&(0x7f0000000040)=@l2={0x1f, 0x7, @none, 0xd966}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000200)="e110df06a084df0f6458657b27c8b2bcc95212c87fb0f9b76ae336b055581dbd138e194612e96a2a89deb42649cf2ca6e509a3a95e0f2f2ea43c77918dc9c35b470f84f69ecba545fe1db2e1dc76386cf48ae6c272b88f8c72f9ac225e20a17492d501552840a4f9ad676bb9e49959ab7c8e1213f4e0b3eba7e51947384641a5006767787e671320dd56ee22decd633c079ea5616aa20cbe85fa7ef9955953750bdf130192b550fee7d8fed8ee7d6960842455a13adef87fb499624c5cf4c463fb3bbb", 0xc3}, {&(0x7f0000000340)="f8c70616463df59234f0a4f67813cc42e09e137e17f736360e9d3291034ccdd4625700d8325a1d5d45c9ffb86ebded816186359990fda5d9736bb07b84efd8e5eb7bae3d91c7ae4897edb371edcea62791ef0e12bf938f73f2d9de8565f2a36e24f21263e770d6201726b8ec8fb7a6be23d65b207d4616b72158315baac0103329a39d0e2de81afff56e8822206d9595d601402caeb08e254ada66d912f430d073d1ef570feee309eca069a103372eef91e23f3eb3b4aacacd1c0e8db5626ea6ae2473a8609c833244f67da4e25b88a461ce57795e95bea8dbbb53c6608ddd6d4288356f42008d54a350754333b04c89031b60c65d58cbafe9e3b8250e", 0xfd}, {&(0x7f0000000440)="ac28d3efcf64bd24382aa862c7b07d7cdedfcb2a8965d7dd77773ddfad85c20e133aaa57e697afe9c52a7bdb7446b92e49af66653f5a721b292b73eee4a3dd6f45f84e19e42a9a2577141183c28ce92c2ef8", 0x52}, {&(0x7f00000004c0)="79ca439018e312071977c4aed77804a960f1a1e01eec1df3b20a99b01fa8c6437efb29bec99a784861ee7c7dcfd16d96dd2235c72845f178bc0b4f4f6c8df63b073f37c2d77f6729c0f174a53b5aa6a7d57941e2142d79a291a52987ddb42608654700c6ff2e82e7162099191bc0f365fd83d671b226b23614719ed55361ea39ee66478e8b06019b80272dea60ec0a5b3b0cf615cf453989d2456dfab582e192a1202ec9352677995cf0f182b183cb7f41f2245b", 0xb4}, {&(0x7f0000000580)="39020f6a3e540eec3608abffc939910fdb4618919cbc35ba4d68333a1a7e15e3411828cfcd983429517bf1035ed0098fdc06fc0a2d3088643d2dd7dc7bad4fc9901f82d5effa91b166411f5e88734fcdc0348ae1f4340ed882aa0cfe33340e5b25d45b5862c1558ffbdf97ff3f13afef69c1876df0b1f8da2161dc40f2be81083536e35003b369626a3cb695a178a4cae150a1f7cbfdaa1fbeea4fd62475496d36d0e88264b34e193937496b1ac199926b45ffc91c9a419c96de855f277eebbe3a8dd44370753c3d397bb4", 0xcb}, {&(0x7f0000000680)="0dd17247489a4272618fd354ed5cb617ae266f3016fd2f2b8c9abaea6156d17ba9572db9a3b83fea0c91d075ab0cce32d62aaec74c82d3c1ef377f290cbf416af2282da8a8be8fb1fc6f88ba3beff646de736b63ea7a5ff43694500b100ef56d4575701f866b5702087729dfd09454d4133d3f2990ff258df6e5bd08dcc1c034d35ef847712ffec2e960152466578831d5167e3eb069c1c05f983e598784757114bc", 0xa2}, {&(0x7f0000000780)="6e920c193c26abc95c2abbef243622efd01d56163735947c066b66ad65ab13a5294851cd4e8d04612ea9b2fc6656ca7dd0ef5e425e98882de0ef08885086ad94965adcb8f77a2ad92a8906df8c4575dfb0e9c460851b91074428c2f7331f280a521341e3d31b5bb17cce7493868d7e979707cf699c96128baf33357fd7e661a5bb3989d13470342b436afff54be8d2e32a96f41014f61776710bfdb5be40ce60669e94b4543403007d72681c293d9f467d11f09c365def01c97bfc4879f49291d5da4bfe91cf5c0225de3aa7ce48b68c8020d9e49a19490d9ac97a4bac9a301a13b0", 0xe2}], 0x7}, 0x4040) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0b0000008b000000050000000900000001000000", @ANYRES32=0x1, @ANYBLOB="000000000096cf0000000700"/22, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000140), 0x0}, 0x20) 1m45.097391711s ago: executing program 1 (id=200): r0 = socket$kcm(0xa, 0x2, 0x73) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4010, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000011c0)=ANY=[], 0x6b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) close_range(0xffffffffffffffff, r2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x11) r6 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r6, 0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r6], 0x24, 0x3) timer_create(0x3, 0x0, &(0x7f0000044000)) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x0, 0x81) timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) 1m43.84372567s ago: executing program 1 (id=207): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x222, &(0x7f00000005c0)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file1\x00', 0x8801, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = socket$kcm(0x10, 0x0, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000280)={0x2}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000457003b0e000000000000fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b7330000000000000008f1000000000000ea7a288982d5337c364daf03bd400d66293b0a2b103dd93f"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x680, 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000200)="460fc76c8aa90f00d1480fc79a00f0ffffb9090b00000f3264f2f01944a6f066430f38819185e74025660f38804304670fc76a02440f060f01cf", 0x3a}], 0x1, 0x8, &(0x7f00000002c0), 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0xcfb, 0x0}, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x1d, 0x1e, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000250e000000000000ff03000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000001860000009000000000000000600000085000000b400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x80000001, 0x0, 0x0, 0x41000, 0x2a, '\x00', r6, 0x1b, r4, 0x8, &(0x7f00000004c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x8, 0x0, 0x7, 0x4}, 0x10, r7, 0x0, 0x1, &(0x7f0000000800), &(0x7f0000000840)=[{0x1, 0x5, 0x3, 0x8}], 0x10, 0xff}, 0x94) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@loopback={0xfec0ffffffffffff}, 0x46, r9}) 1m43.456061287s ago: executing program 32 (id=207): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x222, &(0x7f00000005c0)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file1\x00', 0x8801, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = socket$kcm(0x10, 0x0, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000280)={0x2}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000457003b0e000000000000fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b7330000000000000008f1000000000000ea7a288982d5337c364daf03bd400d66293b0a2b103dd93f"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x680, 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000200)="460fc76c8aa90f00d1480fc79a00f0ffffb9090b00000f3264f2f01944a6f066430f38819185e74025660f38804304670fc76a02440f060f01cf", 0x3a}], 0x1, 0x8, &(0x7f00000002c0), 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0xcfb, 0x0}, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x1d, 0x1e, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000250e000000000000ff03000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000001860000009000000000000000600000085000000b400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x80000001, 0x0, 0x0, 0x41000, 0x2a, '\x00', r6, 0x1b, r4, 0x8, &(0x7f00000004c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x8, 0x0, 0x7, 0x4}, 0x10, r7, 0x0, 0x1, &(0x7f0000000800), &(0x7f0000000840)=[{0x1, 0x5, 0x3, 0x8}], 0x10, 0xff}, 0x94) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@loopback={0xfec0ffffffffffff}, 0x46, r9}) 5.178629529s ago: executing program 2 (id=729): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000001440)=[{&(0x7f0000000080)="90d1a07ed121aae31dd2295a0ad54176e3d772dee6432633290618335b7c3d3d46594c52c7de96dfd70379bea56e8ce07f5824fc12d9f63140d051f069a9c9f010740b1bdce361599aff646138bf54521aecb24a8d5e30d767cd3408218e8c1e308ea720704cb5c2a2d35e6343c2f2903da088da28efe64a6e2a88380ad334437536aa891a1133dd5a84fcfe7f569defb349f99e269d87be6c2edcc1f4ad4eb943fac21cff9861e932e597a39934d648b4a4cb78f5ae", 0xb6}, {&(0x7f0000000180)="00ed6cc0e650653e448c21f4df503ab2ebc9743713ecb58b0b63ba39eda53fa644f0abac9d85e334b1ac5d99624a52b61f14628909d058abf54524ba1a30af1440e6c891a9b0e6140add27b8712bb6cfb1457c41de99dbd30159def9f4b295d508524aa18ef86b41af49c43d4afcf3ef4000", 0x72}, {&(0x7f0000000200)="1a85f7fc3588979f99c374a6745cf171d53bd6d8ae5db892090dd03159bd33400c36895283d6092ec0734a8cabf8988f3341016762", 0x35}, {&(0x7f0000000240)="665cf2d354901953183dccef3cc498cac63b826c10dcdb323f2c8a740168eef4494dbd7eb8c2101aa535ada4a6e03ae92b131c584ea3821fbdba25c8e4488bde3804e2f28ad66a949b940c771a027a108dd6a55821f3ea3087c8e1ea84fc02f8972a088e1c6151b8bd4b677fb8a26580af0791bc18fc86eeebba1ade020b7fee1044e3834f816e4869e205c2", 0x8c}, {&(0x7f0000000300)="340b0e6c6d4a891bee6a0749fb498e6e42872140b8e76a7137ab1c058771805fb9988c86bc11633aed50fc8d696a0465710fd8515f4474c1648fe70380e6fc40b2b86633785cb2e5eca6abfe186840179495515779c39a3046ab1924408f05e7f413578ce73a593f91058fc01c627a133a28228ad09b08f2e66ff342e37e3e2ce7665c8d33a4a68182fde12edc6448df75ad27941c6c753e14f1947fa561b3b27c537924244cedcb31a93154de334d01ab35e1d5be2bad06c5e1af4b63686c22b3ce1f4e511d130f7567d0d781aec48b9422c1b300dd1df2698625b895347d9a29951fe974bcf82246660b04aa797abe", 0xf0}, {&(0x7f0000000400)="f0c3a1af9f1f23c103ce82cd84749d0beb", 0x11}, {&(0x7f0000000440)="7caa7d23b53db8d0a466aa5ea9c103c689085b2bed996087d3fa647b0191f29a563bace32ff13cfd8cc274d27a2bfcb8a82a99fd99134cdeb512cea83a9cb2fa93e8c619f1d4d892f286d67296632770f3ccb43755ae7a4f55094206c442555b91d2508941dcb2bbbcb7a659d4cec5d33513935f6eb911140fe8437b6d2c5f941e8495b9b8802d7a321c274af6c64d299e7db88578ce7627bc86e90a1905f2a74b16c24f4d12ae6f83e3d511ad653183761db57f3b829fa7978d562e7965f16daf6d2745d566933ef98910c0f2a3e2366627b334c01345478e51d0a42dc4dcb94f32961199b9fd2272e476539ea237cd13c87b14b0aa8ab464ea7834693f6623cf5dda498ae8160eacbc787ffd76d0f9c6183e899bcf3f32e1323c50b7cab5edf611d13c157295637f6a256c0a1df2445213861362e893a17d3cca068f922782a693e5b3db9c1ecbcdc557b22c8a1e2043fdcaccdc9e97c8c7fe9442e0e1ed425f5ed4fe339e3de892dc2b83bfacacc6933cee5510b25d117555442c16e531ffc1861020c8d8be77861fc195dab1a120f9ae6c99399f7c6e2ceb825ac2527933154429b69ee00f8ebc52d74184dca023edf72fe790dd179663973b61f8e8bf71157cac769c9dfcb2e1c0b0e0fe156de4531e616a2853a5c0255fe69ef4964a63b96408e111245b25bc3c7964c19a391acd41c615b6fb6daf9fc55d9b77ea8f03ffbdfad0f3e3f78c5f9acc4ef395ec6de9b10d26acf25539c27adbc7d01b89df6e2ee9150b4994cbc704f3f05094e8a7577d368ad14aef308c148a0ee1c616158bb91f8bbedc625206964dbac93142c7a2ca55e9815e69a23f6ad043acbbbc9acbc0218009946e3c2e725c3e04e3a7764bbb89c297942610e2f6582c14b24602013f1f1e464db0ead4ea28be58129dd9295a83aa3315b6738a54c7fb318dab3508bfc85d6e12316ef4025e18beeac26cffc97c7e64182f6498fe589c83d93831f53e8170c44299d34e0af00f2fbdbcf485a8db1a30aeb20c9b253c1e0d5daa8c69e9d819ea56cdd7dd4da9dc6441c0e8e171e980af874c17aba547926ab441843190911427656af09274d70b00a96d0620b43d3552928b8f19b5c846b3e5029bdb11f6e28c40314ec3d23ace6bb351f0072162a9295090231d97a921b42d4d38d9ed8ed044ce6d6214026728b019942ade07cdd0354990c73d7ecbb7fa305511247d14dfd1976c155eb8e9ceba7cb483b30949bd4f49c7506e6bc21309b9d19e871cf79f342df7a57b0863624907f6991687538106daee2d279ef0b7507f95446d0f0d5e4652e08338e207f48550aeee32d38ca4fc05daf96c89453efaab2c22cbd3c7b01ca200c241c3821748309fcb6ee393922322540e29923706f461bd7d7a95c8a4f2ee26392b5cba17cfae7da33ad58312b867c4f9c35fa86c2ede75d52d0a288761be16086a82e7cb6f0bd72f7c607821f13ffcce87ced6cff3c01a8282cd2ad9d34e456c50ca96c75b20c956ba3c7b1f35310156ada9702f65b6160b550f0373ce84764d5f96fc6abbed471b7aa00345cbb17e0c27729edf12401c93e7d8d7c0b42dd5ef6109cdbe4de79d3ec231a3c1d226d12f8f3a80bae9445c23b19c1f5406e3148e54625b13a7f261281bbea6c9e9235d84ba05174529601c82523612115d692df5c47459bae89347380fc3f88ebdaff420ee0925b3b042ea79ae545495396b41096bc9c74922a12177de54955f4442b2e3b899ef96c98e33a00b8d01dadfd30c28f951518f19923be6d7fd3ffcb9a961b18ef358eba47be386630333f124ead5b8fc21786656f14b749fa9888ca09123ae07c31e6aa4a73dcd6dfdd13c638a134ad978dd058db0b49f2a5ee75b88865be1928ce8a32406ad3240935666760309dea45785d570259ef87d3e90b3fa1a9c21f2a628661ffd7279ab0bb42aaa36a21180fe7d9f8980463d48250e29533fbdefa42a4f80a350837850b9142f0103759401ca08ec6d3b346345134548a597063126fd831040f42a3b16aa8eea9756857287222ec85ebd8bfb891f06485bee306a748f2c54ea3ea46cb523a3c92629c553d9d8d7df2f64c59d83f811a3df01bbb0742edcd003f340a994d5f4ca8d3ce82eec1cfc399ec0274a285e0f07b4ce0133c7e908a20fafd6a8f6e45c854e9a2d999395e7dd3b5269165aefa72ff6fee34242415f7211831416486759a52ea153647189da679b4373abb0018ff45fb7993cdd107fd2674a2d2f35f303da49afc0863e4ca3b751a2aae707c4a50ecd3bfdcc3e4cc3b4b3e5facb02a5c6f272102206a4da729772f72defd9242ca66aa6052adf56ce715fa402c90a73ffe17899ac0db93af1aba16da73eb5ccd94a61035a223e71f96da384478a73498614cd1be466c822683ffd880fa5db19ef5a9c1663ade4250240087b5172d361e0ba7530dd9274414e793b887d679e58e476f0f859558d5a92c1238c88773aa24d1887f3900f12d04183c3651b5c673b9fdeeeebc1a33303612699bb437a803b6f6d71e1c3c5a821a4f13556e7e66cee73193543ba1ba2b848982026cb186bae85e19b38084e0c098b811433faf26bdec69ee8e1850cfe6120a4f5cee47f39b2dc6fc76be0928d2e9f9864a231052d74f0bc84aa604e799638473235290dea3bb5c9f8a3f4f9edb7b21aa5fe5a99758b32668395bf2ac9c245163fafc49becaa6090307df1dfa2bc5c5b2113432d28f2ce8768d37a3e9aa1de16b24e9fe7d10b324f4d6be1fe7ac3476a93417dc4c804fc812f693dd70df089873d7001bbb0904499913e27e3ac61c48bc04fb99998e18a33f9321f82bcc4c2f2c9be01cd20b288e67a668c5a20964700fd58f0ce8a7febf2af8e25b60c95e08178eda03206f6263734745d48c661cbc0e325b6cc9a8783cb5ba14c3755d5758e2fd9c39d090fb89943fb9694f37a9878fce5c44e117c5264e356e87c7de8da8f7555dd8fc85fa953dad10f7128fa9abe651d190ddd48ba913dc99fa77c96d0af483b4b27e989fa3e56b144f3e46174749a9c4b84fc926bacc8dce6363b4d2ac49db915a301cf316107d7f931b3a42ae05ab35b759c7c9fbf47c9baceef218ec3a64f4279202bcd1736285ab88b3e582fb95c36a6ab7619ff8b4a37204a3e77fa508e0d7f6a8ff66e925270e1b17f88fb7f6a5fdadfdd36ae409768063a7bd32330c318c40c97c303cca640d9bcae6f635f71fcb699f9fce9e9d488cacc1a04ea8545e263171194b80e93f5edd975d5de0988937b4bf550c24d9821416ec8a2d33c3597892d7a42f9fb3934c078a44fb017ac4061f5ee86a9929c5124ee863cbb05855cfef15e95d9587366fa4dbe6c9df491b145ca673d973e9b7443748a213479a8989a484db62b73008e48c9208705052f21b7155da3308211cde7ab2cf9949b65b5b632827406e4d02bf240c7cf3ff898ac8082c76d19428de3f892d34920af3f32942778eb672b285c47fc8fbaf366d75470ed10e851c29776d34fc3858b64e36920e1614012a37f4425d7fd581df9ab28830b9cf57a04517c3aa4f696c8ab44054c85406d662c31760bc397d6f53773f041b6da1e2bd747e4da7a9ac521b2fe58cec1cc494a55cbd3038e1385972c020aab671392c3224b6b02de62fd124e0a43430c8f8fe200747bcea332546322f5ce2f6bb8ae3c2c1bbbf1843a96196f187a61137ed4000f1ff771bb36873a14f553e77edc5145687e2a73902e3fe48b95c3b83bf09e720b9be43aa53f4b05592f753221cc1811cdbf37e41e3eafb7dfc9cc2ac7cef7e72b18a5c16243a5f67a60b4c63384e6575dcd4da8da1a574494d62774df2b1b48ea51fe0cf22d92af3dc84c10dde20a2930cbd0d8decd3e022eb1fe3efae84f3f03078a5b35c3382028b06766b34d0d08ef89b5807302c2f6d70f4e29523cfdfd51fd832fdeced6f07b06baa1c92400b530e6ff652c525a7d447aec116c84f2555431006f18d3ca7f7ee8a50444dbccd4958ceb1e41060ed5253982743a5d822515922c1c82675e7c7caee52321423ecf79697bb649765685273bbadac72ebc7be26df578a0f49ef68a6cce145a1068bdd498e9c48cbf200d7ff6586bf812945fd85d6c03e8660c496c1e100ead8cb3eb0a2ddd52034812873af1b9a2ac63c6144a0180b0886defc664202ac2194d7789847c3d94489effaa7cd75ea524c85e3ecbc3c89b6646b84bd6461bf2db1dc25ae45f95729614610b57d562955d930d7d29bf1499f866d344325069149b9d18d150d1ee36872e58d385dd669ae92853f2d91a7bf6474241ba8e838fd1f0c056408a35f6150328ee862fae9be2", 0xc00}], 0x7) r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed1"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000700000004"], 0x10}, 0x331e5c6805043cda) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r6, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) ioctl$SIOCAX25ADDFWD(r5, 0x89ea, &(0x7f0000000040)={@default, @default}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x7}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "1df872f69cd5ad2e80be65faf679fd0785e05c67e1d9d4b38a6a25ac4c873b68169bdfdedf99e8cafc45667421c8cc7b88b3378dd9a9465522abcb43b9248aeedfa4a311bb26e70ecfcc381a806b5e5f321c7367a5288f83f9623cd2f809dad054d3606ff723018bd84265e4c54b51670fa4fdb17b7882e7009f8635c9a2ec0a5e498e4b0c4ad7c501fc4872e7fd2876a42d852b0c542df1511fba83c1ff3faa9cc077c61649d4e9d9d4ccb7262b6137e0b65e06fa4a163546b5e3c79dce98e26d615e959d74e69bbfd74b775d0a5434291dd5f5a6c845099088d20c350472baf5cbe9fa6711cd6ce57afaae3534165ce0f4729ec1d36047dc650babf602cbff"}, @TCA_RED_PARMS={0x14, 0x1, {0x409, 0x0, 0x8001, 0x1c, 0x3, 0x19, 0x4}}]}}]}, 0x148}}, 0x0) 5.050813712s ago: executing program 2 (id=732): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000003780)=""/4097, 0x1001}, {&(0x7f00000001c0)=""/177, 0xb1}], 0x2}, 0x4}], 0x1, 0x40010000, 0x0) 4.932121183s ago: executing program 2 (id=737): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @remote, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 4.873367095s ago: executing program 2 (id=739): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) 4.412350102s ago: executing program 4 (id=748): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0a003300d0000000000000"], 0x48}}, 0x0) 4.352825792s ago: executing program 4 (id=749): socket$nl_route(0x10, 0x3, 0x0) socket(0x22, 0x2, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4800}, 0x20048000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 4.174209155s ago: executing program 4 (id=753): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x2e2e, 0x0, 0x0, 0x0, 0x0, 0x9, 0x401}}) 4.018034118s ago: executing program 4 (id=755): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000007000000fc7f0000cc"], 0x50) 3.581084814s ago: executing program 4 (id=765): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x9200}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 3.506327766s ago: executing program 5 (id=766): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={0x0}}, 0x0) recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)=""/63, 0x3f}], 0x1}, 0x3}], 0x1, 0x120, 0x0) 3.382268388s ago: executing program 5 (id=769): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 3.314874258s ago: executing program 5 (id=771): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@newtfilter={0x60, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x0, 0x2, 0x8}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0xc, 0x2}]}]}]}}]}, 0x60}}, 0x0) 3.096701612s ago: executing program 5 (id=774): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x8, 0x0, 0x0, 0x1000, {[@fastopen={0x22, 0x2}]}}}}}}}, 0x0) 2.994430963s ago: executing program 4 (id=776): sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0x20044000) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0) 2.893538445s ago: executing program 5 (id=778): syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0) 2.745874327s ago: executing program 5 (id=780): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x618e, 0x0) 1.705675573s ago: executing program 3 (id=794): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x4000010) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x5, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x800) 1.610280235s ago: executing program 3 (id=795): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) recvmmsg(r0, &(0x7f00000003c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000000380)}, 0x3}], 0x1, 0x12, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x77, '\x00', r1, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r3}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000540)={@private2, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, r5}) 904.962226ms ago: executing program 0 (id=796): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xf5}]}], {0x14}}, 0x5c}}, 0x0) 809.784537ms ago: executing program 0 (id=797): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10c}}, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, &(0x7f0000000300)=0x7, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000004c0)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2fe4691573a8afc79adaac5f0618cb457b14013f9e048cdec329a9e3343140213a41330b43e3290ef836c8839b303f0639a7561361247db2646977014051dcf3dc1246225f9aae3ca02943571bb39ecfdfa5b9ebc30a0476103c6133c7da6313848373c719a1f43ba5a765b8aa97caf7717fa063166951aa4e72d5616e6b42d6866fb308970430b2ff44c25b7dde2494389d1717c83f83ac7a632da0472bd6b0295b9f1fd1fc43099b1062bef744785158264f636cbf13926e7fcde7ebc1560a20961df3286df51b246ee7fe9474a8d51498bd90230bc89ea8dccb85035edd01aa93ed2f82297c3c3703990cb5201c7b92a04ea7abf9a36a488369142a9bfa42664d84860974fddbabed7eb509350917a3bbd427fe226bd1dd3420a7d71160b33a41a3578861d75e7e93c22ee94e9594258dc1883c2d749cad6e03b767555610c200efb5f104f91be7fb2513c97f3f279da2baedf7f91ed97ae33edef2ab348dded9df075b1ca5855866843aff902b6678075cb4a3d988ffd8ed61885400d1bcf6dc38c6be9b6428d4eba30711556510eb41b5c04590f11e393317a4fc938c0bdd7c344d58388b39ecdbe322344c5ec4ed178e1dd35182a00f3ac345bfeea9936b6a015151332962bd28c5e1dbcdd825d51c78ef6db73170d9cfd47f2ca210ce8c103d37be1c61427bd3cf1bb5bcf9888f6e1631f404e59b3c3c2a51f9cd8e0725459f9a531af19e2b533532f0b66fb5e9614d0895d35ccda358ac482a824fe67165bdaedcda5ddd86924c4fe5f22a043f92aed7a105fb54ec323273e660c6227fa74b76c2a020d42f167891cbaf960fc0288547f2d31dceff3787135659a65878e5df65ce0004104a665098be576ebaf3733b6ba57e40f40ac74aad7d8b41db0f55513389faa84b1ce0fafed7018bcc5a687118bfab115b7c4163fb22af534406206065acf06066a5fb65f0b928cd25838c0c1a7b06bc42e622f502e515b87426b2a184b593bf35a4d454dc56881bbda1b9350f956e086196447a5052288aa0556e638d292bfd1abad58ef5db98f92694b30c3eda5b25a44688b24eadf579616c034ef688fad705c3dc99aafda0f7bbb591fd20e0ff96e8941188b9676b833aa91ba5ab1cf7acbdf16f14c843dd3cfeedf8e7628051f361ba32849", 0x3fc}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000001c40)="0349", 0x2}], 0x1}}], 0x2, 0x8010) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) shutdown(r0, 0x1) 719.010719ms ago: executing program 3 (id=798): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003, {}, 0xfe}, 0x18) sendmmsg(r0, &(0x7f0000004300)=[{{0x0, 0x0, &(0x7f0000003480)=[{&(0x7f00000001c0)="9d", 0x1}], 0x1}}], 0x1, 0x20040855) 602.362041ms ago: executing program 3 (id=799): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'syztnl2\x00', 0x0, 0x4, 0x6, 0xcb, 0x18a, 0x29, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x7808, 0x80, 0x3}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f1, 0x0) 454.893343ms ago: executing program 0 (id=800): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x10000}, 0x10) write(r0, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000000000000000800040001000000", 0x24) recvmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8000) 366.957574ms ago: executing program 3 (id=801): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x28, r2, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="bb6d98cc162b"}]}, 0x28}}, 0x50) 310.347285ms ago: executing program 0 (id=802): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socket(0x400000000010, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x6) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000004c0)={@local, @empty, @val={@val={0x88a8, 0x7, 0x0, 0x4}, {0x8100, 0x1, 0x1, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xfc, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 252.198576ms ago: executing program 3 (id=803): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0) syz_fuse_handle_req(r0, &(0x7f0000002800)="d1f89c14e7f8640b43b1f1d1e00b2b0b3146d223d281c321953af4ade40d696d07f4b7d2ed1c1fd5691291056351901df48500519139568c88f49bb32801c2e3e2932895f1eb24b30efbab27313a3acab179fd6ce1f7150b0f0aae8cde4dd46b4f63cd60f647ea9bcf83f107e981a050f61f5d1bb5c7883f93269bba25e4122796c0f88ab27d913586d055f8c977ffcb05c85210f93cbad91499fedb2ab95e06bf009e54b422f66cef043560f4d77ae5c083cc67fcb0d3f10699aac8cceaf6d3b8f32e15555924edbc42b4ca3d2f4a92f5d30c18176c3abd17db4de2ef74472ffb637dd07460aeb7c882811c089217d88cbb5eec41d2be903e1c65cad2ad742f9ba8b512adab575f89d539492034ddfe4fd28205c8f27c52f0f631703d384634bfcad149ea9e842125062ac67006ca474be31f708b4f4f1e0c97a4eb2f26b671e172e251e8a6e9e1510bb74931aaf6b6ff84f8aefd63591f18f2ae8028985d78fcc5ed2d57bf595d3068e904387eeddd19bd359721a432bed0bff033cbca6acfddb6529fb11290bf1563b45034bd9b6c331091efef04303ca9942fcb64e56f3ff74d610e14c8f8a87e41582aebb272e5d6e945fdc7095bd181b93f13ddbdc18545f9cfc4db7f134c9ffa6add6727ab8755a06dca23d24a67658fda84321bb97fc475ace3b9912dad73f0ee6c8b2d6d58d7328ca63d1aeceb22a419fe4ec4c3b943051e9d276c559c33e6a45a97813bfcf80c7d79ebe04b1827878c4c8c2da2d598f9f3e444ae82f142716827dddcd94f8997d88a30be2a76432641125e28d5a0896b3e040a8b6805abc98da90844261468826b89f6cbac8d7b5eb6cd8a23f7c7ae9b99dfa6616f9dd10ac48e8c53a38ebfcee8c0ae1be1ee982515ce12a1ebf5d2d19022b4407a9bd062c453845ce75f54dd07e3d8079e19b3b116dc51f7a07d005ba682da13b73e3854bb60059fb021b8f4b9430629d408b32ccd3678bf1dc149a3493c44b2a52a5572c128957e0db8a4a214848b64bea6733bb48fc17a4e42474e2b1f47b507d038bb87a3fc32e7bf471685a61f736a414772cc1825e9342c58768640c83486dbf058050dd6c8a9843c106d1a4efa5e5b36deae71448e55f4ef2721d2d210ce075bdc52c97bd6c097a9a4120a507f6c99cd9054579c250cd5b207684deadf75f2f8c54349a57500625be7577fd6c81ca72111935f577c74c2bd1e9419344e2a3563b5a7d6026722469a30a061d123b45f93027a01c7d38863589118d25e333c07f5c3eb85d4dde937d8f1421b72035f8733754ef4793acdc8d1362ef08ac1e9f0246bfb478647ada002f809a3e63433d031e6d5e4f86218ace6a6221103608705719c3106b4659c377f7e3b6ae1777075ea45a68df2004deb6ef742c5971c23d409278be94c5de68153d93d1a2378f1b1656786ec896b72de0da8259a6f181be8829f9cb7cb98ce0b169e734e4a240508952f6ce3ca984eef7e0cd549996147fe56a0bb1598f015ab955df145a51d783397366084e53455840d5688cb9b7d2cdf8abbfcdf850a7de4073eada567d6ca989611c4910e692e44677a857eec2b654f8dc66b2be192786dce3b9780f9806652bdef013304a43dba3f8d15e5105414f6d1fb2a57dea02211fa311b489088a9802e36d649ada97d72a216f54ca6da090a51c01f5638a04f364a3cbf24bb374f644fda38856a7e0f5c3c9cd7b00555d105daf57561379cf1d77bce66d12de44f202a866a43a7a05a6e0910a1f0ab5b1341d8ae992ae9d95fa2c876db1bcd3635d7851f03dde1eddae6dcf95b182edab72a0521c88c8c3a8c2ad3c6ec2cc44321ce1550d51476e95a18ae5fdab801ef4f5a7a56580261d850f392929061ae5808ba390b2f7d8fe7325df9c07c39faadeeb0ee1ed95db7ccf49c9b93fca83e06be745156d422c8b936d65b8e7e76d9eeb2bbf19c1f9a59b8ee6b55d594d4794a869b2d3b37b0b936866894f00e6a90c788c22e0fb87d0ac53ce75e519765647deee2862552c77ceb75d419627e0627067ba24571807cbfae0bd959fa95cb14c2812a1ce41f76d2ad620c55df55f473e56cb219f7b13bed8cc4a98dddfda9d3b9b5650754f73c34bf00496993a1c4056aeb44e4160c3e2090d733604b2b13f40ae346b726a31365b7a230d8f66665dcb726594280678a258f8ddddfe69d424d62abe910db05c0efa5e773d0f6d8ef8c4c49926b46568a7a1321d996eacabb2f716539a020e34a02afc3bfead458287dd22c11e1c5f57cda7668853637dba0b2eb5e5318750b63c829ab0145c02d6bc05aef4113ee0ea0ba97c44d74cedcc89adff648eb5d7fe932a7a76c772b1e2e36c148dd3be951cfa0cfe11bc58635b38708fa1ff88f949eb15f4a4a3de71c33e2915c799d8204d7d1f9cf7c13c608e6ddf29e12b409028ee5edf37353df7982f67a120ff1871001094b1a3148ed5f4f75d9372aa21b2bb6e02b470336a2c20efee8af866032acd6dc56d1fa7a84dc314cafea1a7bba5fbae89e037a4a5597d2eefd153406d67ddbb3b4eeed6d981b229c2c1b76347b05d20835ecc979b697a2981f6785df853d3d5ce07c624136c805d4dc6c7419d68afe2ad4822aea38da761742b33de8394bcd2462518b35c6ef265eb2a9b130e5a3d669b55d457f92500a7b69156475e001989d55547fc831edf2afe2290591e902858914af73ad4e87ddb8ea3a719f435fe1c2839a39fe088ccc863e7c82e96b66e1b6d32ddbdc42bf2f6076b9e93ed2ec4b6ba6fce5dd3a8f5b3aa105aecf72a5cc9108d02a0b923de2d490ad90aed3a45c46d4594948e7b3f3cc7d153f4b2837ca378fb4af215657f016fd9c66395b98357c1d12a655ce07268beccb35acb3f928c1522bea5df98a0337c751308bfb361e68f3775c75e020ac9570283119264d4f8916c143ccc28d8e0709df356de6b6f35fccde79a677606b5b4d846fdad7c271fc5c2ae5f5e2fbcd6fbf21508a2615ab8f0208e276164bce80fb886b648b4cb085c7922a829c2bccdd850cec329870c866f7923c2c1cd59d6c2653263f7aa1f13d84c82575a021793ef875954ce8737c98abee465e780ab64f1d23da92828e62908543850e5730099eb34f5e47dee740581f596413b8e2711bbfc9d25e4a35b57416a741a60ba650b52ae2189cdd125f64565544f9e75bd8c2cbd898ed2dbdd704ee40d1746715eab4155a51289cf7d89a19ab7a355609dff8111c94f6cdf94a94c667508d7201eab7e86569b8b08bca2291cf3fb166df68f6d6da05398e8a1c0c5c66ca3cee621727a77f19b92927569ba44709302c1102683f338150989d971ea6d0151b69865e540ad4e5a186ad9fc8ce57a56ad114487c5ad99c0beae0fd49927c52380de839cc952f8e41e167006573b4ffc39ebec8f9f9fb4168386a78fe52c00cf3c3be6dbcd4ab32ac7cb8fdd1bae70a5c3da6f555aa6c8e6bd7e69e511bd5d87e39ee21f9035b0b14dd50b3c4e211794bfd7e8fbc48658044eab550f6b564d8f663c25ddb30233fb260e2d30bc9956f7293fd5532df2f74019f639c7313ca029280c513c2fc3c77dc4d0e7f5a9f273fda00349c28319743bc8f7eaeacc7f487bcf5866a55b2fa5b66e31964f090ac448a1ccd3b8cbc9735db5d7d1dd2f2bcdad1ee48b4f8a36688d8ddead1f166a5afb2efe12e943ce6ca41f1f45fe650536860881c28ff04a66ddce9cd19b4304c26e3238f114a1f4080999aaf6ff1f4b8b59ef5d54c10cd8a6598420949f1c0eff13259ba7da9f4c749b58f31f01627b780c2502cc6d1d82f68271e2bc945ddcb6784532e1aba414385096eeeb45afca0ddec570b16b476fbf7b4818275a05afe4beec9086e1c816ebf96608ed57a570c931577ca5b14c9359718b4b31b4789f291f5cb012f832e5763ba53521f58d3ee0a10930d3b4ea7747c5c751cfb476159287a9d371530e5d7cffa6ab09f049d2435960b0ad34f7890df22a3cfd6ce052b08409e67a1291f8459a59b988d7b97d2534f306d83656fd43313eebce1732837b6c22dc60a80d03c54b695b4efbf31381916c7da9644ef8e0f6739c98e7892ca89bf696715391c989c3bd53362e01b81d998e50e46fab088f9312465d200c034691b7e5dcb22ead3c3f3225f16a5588b2be09470e225290d8073dce5cd955d31e7acd452950505597f01c4b54a6f16f2e7d00ab182258f26e40bb70db783b2a10aae019f87708e1306e1957fcc081dac3659d603d4044c10b0a1fe61f4482e56d031d43fc355100a9dcf822db16d0895e554b439bd032e6103df725123da3fdd4a48b68863e6bb36e05343136e171d39d86168be30188bf1ebac4a1d748115167033149ac61bb4f8d4cad7f4c68c32de226b03fb42d24d5e37ba886fa357100644e64d869f6395e3d6d3768a30f53e2aca3688408807bd4818a2c5150f8ee770121a4a6402c7dc334a9ee5e876566d19867e45d4bdc73477ff7f543a23f38d5f0bf666219b0391e66457af4238c5bd9a05586333556f8972aca1def4507c4b073d1bc1c3051f0bf34f71673ccc1de9c69170c9fc5299ac733569cfde6a7bbb3cd60b601cfca16510bf7fbb26ffab3b674000844daf55fbf4ab48eade708cf70fdf901454acc8cc95c63fd2ee771bffaf19205e9a119b847931bcfb4c738e39701a3882cef4ff47b46b72ce26ac207a1ccaa253cd3ddae2b2eb61d5b9b3c8156928a169d7dbb2874b884c3b2097cb8ea92ce7fe70af90514c11887df33c4f7ec3d3ee6c327e7129b0188b0ca8c777451b17d8f489d547d711404bef72d1914f66a5676e9d716ede8c4282526419adb31d071d241db47a58bb55ee6ebcb67c82765a25e5e6fedc4c8d1d9b17e2b5bac5e0af3c63ea870ad8c5f9521390b660fc735d331e6eb326abde284256cdb381b4651d05f55807f4ad1b5b883bf6b55ee87285fad8de366f3248ae0b9c32bf85fc95d5bc19a716ac2a5f41e4e58d26bfdfa582be5d506f9929bfe7cea70184c81722ef7300f779d5d64c08a225a083d44ce75ced73f3a016f5047af67245bc8a81214024e905f383252cc0228085aa5fc184cbcb41db3eccede89480e0a1c1d1754cc3ffa53edc27c337ec86ae2f68c6225edb0027c1c5bf9aee1b94b62f6144e4631887272a36add32d908add308207559064cd61576f917db864845e5e89efcb27c80d259eb6fd5fca398da0c7e62fc423511bb8eb3969732c862de33448e95aa5e15d2028b84b3b8348a50abb39c5c10ac7fdc2034d1ceeae9870dc4486f48ac6aae573a775716ec380ed57665b9bf1c77f6869f720e428f8b94170b14c23786ff1cacf95a66ae631c70245bf264ce5078c3bddb4aaa7928eb6f1261d52e45ae5fde6f1b3bff90cd560c6c2f77ecfcf553db137051685c925be70def2be6c9bdd5825eac58d4c892a6d4ad5dcc078c6582ca140e5a75993e5ab7b487f31e5c601844f18f13039c099317f5e512eb9e054dcd8535106a9bd8977bf74254b68753b7f3a9b385d4a38ccaa17e029bd9ab4ff9b9b561b2a7e613ea05eb18a50fc231f32b79b9f32514469193a3d12269f58f3c932e501513e48e81774ad389275d9f00b4f8c677b8bb584b503201f83c7ad2e934e909f9ae1fc540f544dd2327fe1d8e3bb86984a252e2ffa88e2aed6d65a302d1883e51654fdb046d35270130fb9f8e4a4861d7278a07ee627fe272dcf99d294d7b1ce72f2f804cddfe4fa7aeb2c9543ef2665bf826c8ce0ca82dc7d4e57b7181b55a5d96ad83417b79376793235ed5a320a3ffac3a025aefa669450a6df20d830042034c0953836097c9461bc0d9c1446485692d1b9d5c991086f3f118a49bfe2a0888a5af8a868d880e31946dbd0c7ddcfcd27dcf5c62c9c5ff8fa9750d129f32e3c4f524eb3c31d5c9cb33fbcf52384a04a9f4faa216020e45be91181efeb7393d96b1f3ad8e9fadcffe49bec1bf36e70c2291475356ec5a416feb5d3b4f1331052271679d1186b338163682ac5b6bb79c64d6d0f8ddfec84d0d9870f45a64413f529c8dd93b358e66c9da2fd233e53b73ae2761f363ee69a38a0d7320a149c90c086e6a426abca5c461088747a2fb5006919ad7640aad79b1ec03cf6f49206f37382ad3105fcbd0e08d00815029d8cc3ca16472e58226f1def116bfab456c32a2a2323bb5a661eacb3b7c915d1eaa8c5aa8b1bf25c3a7bc9a2e047c499d8f2fbf2fe25606fc7f0ae5a539af68830b1955f82962f596e2ad0feb3e99b1982ffe3e553f102b4360b8e1d659575a8f713b8bb88d97dbcfd98f91c147a97e896646a47a43334569da8a01541b012063e0465c4122cb96b57484b0ab8c5f0c8f346c0766be69decf4e3ebef7f74f153ef8c6b6e9c5fe224e8f995f11c1867c5600cd7a345afacafec9076d4ccfca741fd41e445476d31f7cdf06b0d0cf596c755235408782a5e37abeb1f2dad79c83e59a1040c4b3b6a5a2acce9df0ebdb607c9c0549a4b16028595f7a9cd9da115dab0189f3d98b0dc2b8ddf6be4de2b38421a2071d91f14f8752c74df31fecb64de59dce09da2c3a1a2826446d982509baaa89b76379d8320bf3c1f76448e0ddc0889fe57ba756ab1403949cd2ca9ab520fa485576eca5acb471002a14a31e8d7f54c8c3edda8f416b0ae9d9fdfc445b54ed8fb34ed7c1d11b3c57a2c5ad92217ab2fdebafc195d09fee7a518e027ccf9d2e8de8cef1e0ad52144d82b65519495b8a5c314e85361adca8953dce587cf461a461dc9bbc0eb13a54144964930d80d8b4a015676f3efd10ccfd0ec5fe64deb93b5901b506581461bf2aaf04fa9f8118936c5e67e1cee60ccfc4f011ee2812eb9716af42b22c40d83c55d4e4c4838826cc34387a2085aa3e17219c78255ace7bb1fc30ec80676449084744c0887dc4e7696d25a544f3e4b365cc6ad800931d5787be99d678347ea4d6cdeab5662f6cbcb5fa80590e513c4ca96d73d378085026e0e7c71d968a670aefd48519e35beaeef9c67506db6f9b3edb62ef1b3b52b9c2db876b76101644e7dcf5a5056a8d916a0f69ea5bf096e7a4c2f8f1d0da29dbcef9d2ad1b82179ccd0ef95006b7a1d542a847e3e0f864d63434c15d6de4fecad18b788a867da5515e3d51871417bfd783d2dffd852953ea7113d3a61aac3c7c1a4efb449faa928456eb570e62d0ff9542a971b542d7c1fed9d633eb4a81499c105d0f73c5165badb54b0e83f8192d3d51d46ddd9908b04e9f57d5a4e6b65affee3799ae7cc51b4098f71e8ee947ffdeee4fd03095536376e1281ef8158fd1da4a39aebdad37fad75f6217bf45bfad16f2f1a80f5e8a3eea1141a56beb91319fe948bb44350a6e79959c140a5dad9955fb287aeba0a8a45d1fd8d692d30c96d01c9100e417082ae6edf62965fef7e190af60a99145925a307d1e11534d2a64484be3c6cd642432a2db66ba6d3ab1b7ea645edf4e54623d2ba0619bcc2a917cc2df8b0dbed096951947445ed5f08c626e1f9a5f566515bf106c48174f73587314b513962ed556fa7f16d8c6a953bcdda72f083a9b16357b3262c13cd500dfa09cc3d09240a7338514031768ea3053caa5166c8e4e090b3128464a88ccdc751d8ee1b3b1098997c9eaa2b3a13a47e43723a49e5d011dabb22c0d9605e48d5e26b90a47519536fd77c5260bc713e2b510fa6da698069f6c1df7a72462399d7dd288be19a0eab18adb072677268a306f19685c2d813564bab4ac90b7389c2fb87c0517e769577c081ced55572da71b40d18e4979b6b6290afcde4caa610166920549286dfa80197a10ff074b08d6b96c97110e36742fdbc5607f4c48ea9dd53301eecb5c25fce4eec9381b84e6b5af767c5bcca600149a3021c3f4aa237a0143363549a705c5768b5aa6ed51fd1ca9f0f9dd242f0df21f7c3eaf321fca97837d989ca101b5462d2dc248316c21339cb2b4e3451bb483390c09c958d474c6df2f2eac208ef704cbae5c9f6597c19ce48c4c9161c1b14622ed824b0e8669cbe6746051729fd2fcabb020190764a468c58ce369528bfca46cf8ec51ab69e711a53c4121476d2a5d2ceb19c332a5a86a52cabb246d2be739f361d97a6efc2c1d408b6f079ff5cbfdfa7ffb5da3af4611e42f876a44f8180ebadf8efe05645f3326fd1b1bb7f82753ee13e25c406469a6b103b9083ac06d590a48543240bca6e467eafc7069c97aa93a3a4ef61b6043383b6e990d174637d695893bd910f217c9c2465688eccd8a171cb5270fca2e002261f2e3e595f3484b67c0bbd7b50ea53a470e3935c0eafc6226521f0a15fc7cf5494b67fcfb705019a86a5972a9dd285bc50985947e42ca8519de25510db7ba6553419d4e368fe56c2a7acec8e77cd734f557a0f1b507e0869d2d5c9913c52fcd78b42b8f59ad3ae92226e292ea4439b5486629b739f4cca3d7f21cef79045427656fd1679dc5ab23686e13500dcb6284df60599ce81e2570d1cd5c7c2e0026640177bf1395fcf6e999acac08e3a993c3700ad891b1a68d5efc32a4b4f9cc8841e837e778c2500eb6cffc1b9970b2adf724839c7711ebbb2ee3e55f7aa97746d7538153589deafeef63eee6dfbd43fc72e0b763a0e4709da3deb26691303e99230a93c490029383b322099363ba3b2f76b4773c0c43907361b578cfb312cde55ea6de2f477c351ac82786d15b52f08a42385b2a3349116d34f8719264f79082d7c24165423a8e6764c53b922a0b3121cbb88976e6f53c455be77521bc1ad4997135ff24c520b2fa0002cbcc8eb8ee5cb33b1140dc811ee36816f47f23ff0b77d6680d597ec2fe77f5bfe1bb75c3eddb2356940c01e694da66d1c4fd78f7df5857111c01bb5e9954585e54086af287dc0ce861d921b378e9a2a9c9c5a37d9812595063643b1dae4afa57d884501ee0de2d7e39692ed5ecbd2ba1d9bf4e3f291cf0b1dfb809a2f915ae90bd5fbe76d5848752c298f34e69d8e95f6f3c8a8ef365d0927811b8a90c8f58836da07c058f71b01025af8c9829f761d71465d3d813e1e08a7d8f66dcb0f98daa19bb106fb9b25d49a35e8900e6de4502668cecbb9638c5b0d158317970e802be345ab3570f6a452e18da421fb4957429ec4b6c481b5393be9c7f1cea3d77ad1c935ce6cab01ed08f7f24e5b01d25105211d5e28b25d3a5fea30e3c4cd1289bc2606728f127574cdfed91d7c19d7381c3e532c92d7e532e74f3d24281cbf0f4e1908dd4f5cf145daeb21db6b34f2fe175aafd1c20224544c113f132cefe620bd99c5caff7b74d6acf8a1aae2fda5212ec64c80d647308439d5f90f6f481101599b539cd09a1bdfc510b6c9027c879f76bfd397dce9d3985ff01e62ee0455372960b68202412c6d5eb7b09c36f265b7b8b3822aa489dc169f8079e71dc96e0b75de2ade686761b067416e4915287dfdd6309946487a68115ee9d0bec73ffc63223e9463a30b819297d24824cb20724c6b524d58af1e03264e8e2b8dce59377c78dbd5ff5977782181aeaa8c2bd6d9f3d25ec566fa4a01eb5aeaeb6912acad55ca7336d28e305781bf128d6575dba16110d64c55ec9840f299e353fcc5628f248bd660f4dfa5f3a1bb7fbdac78ec727e87a134c98a98f405a4cd3773e79bd4f22bd3239a5fa8cd5806601e07241b25678f048b05bab6f8da56818f8dd9c97d001f4a7ea8beb3fa65ed7a951878bcef7e1da873e21ac6208cf0852c6cb297c10c84b74582bf59aaa11e7d8239997c9e7fd3c5bbee5b8466c17394fa61771aa10a3541f88419b16bb4fa36126745e99c292911d30ed0fa366dcd62c10879a6826609ab2b80b3a0c2de3d877805a564ce925916063c53d9698bb918eed2b49315fb83465a0db1a63a0528a887f5106dd054edbf381280989581c859a517573a6eb4946e0fcc61956fd5868fd37c788090fd7c3341028cf1bcb38ed595a4fd845ccd45558282c6e23d92d4268875f80ebad1c24f8d247595de2f8b83708b504f674447bc6fa1748b86fdfc971c9275baedda1348324c4dbde22d423744e2d537a4e28d95771b18302bc5d92f9e0ba6b1029a3e73761080a4e6e1b52a9ebe3538cb3e982586c23f0b0cfa78126198a0a496d96734880885e4aef7b35d90af287f9d5b18998fba69cf5a13b9153edc5f1c3cd0d181c1cecb4936a489f34682b056eaf5c57caea4a9ebd9fc7d842bc3850046f925dc430769863922ce5bea6709fa9bf7f21098097d7f47c74269b524c4194bceae0571fe968ebdda85a28fa5be7f794632189da179e248fdc237a3ba3fd53845e42db45747caa6cebf574e9abb75e3b33c1096e40e0e845385d6f961c56fd1c71f92ae31a0c9088b2100b457cf2f8b33ac984fe79ceeb65fde350f9c6229433aa20d226aeb7677e0e7e8002e3e220fb74d4a1bc07ca43fa23fcf9cbabe7799b5b8daeb63b35923c4a92d2c636d36d58e719e6855b57445a26072d716aba7b653dfcdee115b3310b0c8af8649337597c1ac8bcee8b0533cb458d165b4ca4ee72c60a49f4a7061aab09449a318a6dc1d5b1a4f2a7f82c5af241e1f0cbe3e9fd5079e385ec86bc978ca82aaf1de5b470dcbb06b5f0360142857a0519583e3a77a6fbdadfff48de440bb5c3dcb2c3e6624800fa7898ab00242b7109809d58e5aa8a25705266d9bb04f165f843f1c61c23b41f010ad67f80aa8e455385cf3ff89073dc9434ce9be78993d6c73a8adf4db6b540e7a9f60d8dbcf3133a8f5c5c59f8378f2e5aad07f31707fb9834c66d6d0ded8a8b2d984ff5b4bfe70bb6479aecf208beb8f4da7b23957ce77d574993e1a44de0b3a5cb245f0ebf8ea32a22472270798defec3deeb94a4d025d1fe276612ebfe0f4e6e639de1300d47e542fb032150ab0aded71ba693817feb9cb43beb6f3074c2d7bfb77b9b2783e0335449c9a9775ccf9060ab2468a6644ebddd41f70add6d2d24fb9dd377c4f0dce3439283f22075ff3973e4e70e0bdcb53001be03800392084d6768c3e8f7fad09b192a497a36f602d07655d3e6a7ccab561ab92c79506e1e06aad05975accc9b8b48c41da8bc611d331717ee312d77403f9f66ee9a81fa4e624cca690540dca722986dc740a919597f7836ee95b554d3c34db3443ee5b6908f8623b2c82f32b65c3e8c3c0e15c3065d09214ea6290b55bf5520ee92825d9c82745bb5368ddda47036390910e26470b96cfd7c4e7b0df89f897153fd5ab4302de65fcda1f48206346d6051a94d8e0c32b959d914c218f54813811d13d99ef6259f54c0e635c04f875772b38524e94fae3a73109f60d0b00c96c1809f37e8fb37e61620690b07d726d388e9ae5dbc3a1c3557d1e4288da0622d77081ab4cd00ce22243824c363ad1be5cb0ceaad6336a797d8ca6d988c4373b3c00667d651452d50f81a830ac6ebb71559590181eea67dce1599d13f2e778d69a40c2b736dcc7c36782c1788cdc8d5c3820d68093ea84d56daaeaac19c19724ed7d3ebc1b8c1e3092839314dc6eddd99dc0eede13dbcb7fd22d401df8eb7f679a04f785006d3b4c4012bf78b7e43b1b355a9f6d04ca0e86c32d44f73fa514d1e2b147464", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 157.011417ms ago: executing program 0 (id=804): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 50.221029ms ago: executing program 2 (id=805): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendto$inet6(r0, &(0x7f00000002c0)="8d079e610fbe244a038d49059170a53e9784e2e160093cd007d1903099d512ef21e2508d", 0x24, 0xc014, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x84}, 0x10) 46.591869ms ago: executing program 0 (id=806): ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000001880)={0x0, "275149094f22e6fe328e07700666d266"}) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xffffffc1) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x10, 0x7, 0x6, 0x5, 0x2, 0x3, 0x66047b47, 0x8, 0x2, 0x3, 0x2, 0x5, 0x7fffffff, 0xb, 0x2800000000000000], 0xdddd0000}) 0s ago: executing program 2 (id=807): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): 13][ T4720] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 91.294459][ T4229] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 91.363232][ T4750] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 91.371119][ T4750] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 91.385950][ T4750] F2FS-fs (loop4): invalid crc value [ 91.536666][ T4750] F2FS-fs (loop4): Found nat_bits in checkpoint [ 91.606471][ T4184] Bluetooth: hci3: Unknown advertising packet type: 0x4b00 [ 91.773607][ T4750] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 91.787961][ T4750] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 92.074231][ T4303] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 92.124940][ T26] audit: type=1804 audit(1751812102.454:4): pid=4750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.124" name="/newroot/18/bus/bus" dev="loop4" ino=455 res=1 errno=0 [ 92.132651][ T4766] nbd: must specify a device to reconfigure [ 92.206596][ T4766] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 92.343632][ T4303] usb 2-1: Using ep0 maxpacket: 32 [ 92.430040][ T4452] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 92.464451][ T4303] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.484162][ T4452] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 92.655349][ T4303] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 92.673241][ T4303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.688810][ T4303] usb 2-1: Product: syz [ 92.693175][ T4303] usb 2-1: Manufacturer: syz [ 92.698607][ T4303] usb 2-1: SerialNumber: syz [ 92.712049][ T4303] usb 2-1: config 0 descriptor?? [ 92.764676][ T4303] usb 2-1: bad CDC descriptors [ 92.770617][ T4303] usb 2-1: unsupported MDLM descriptors [ 92.890761][ T4775] loop0: detected capacity change from 0 to 40427 [ 92.956603][ T4775] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1ffff [ 92.982990][ T4775] F2FS-fs (loop0): invalid crc value [ 93.018813][ T21] usb 2-1: USB disconnect, device number 4 [ 93.048818][ T4775] F2FS-fs (loop0): Found nat_bits in checkpoint [ 93.131473][ T4775] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 93.273652][ T4303] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 93.328056][ T4792] rdma_op ffff88807ae799f0 conn xmit_rdma 0000000000000000 [ 93.523784][ T4303] usb 5-1: Using ep0 maxpacket: 32 [ 93.644906][ T4303] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 93.687438][ T4303] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.898541][ T4303] usb 5-1: config 0 descriptor?? [ 94.108448][ T4303] gspca_main: sunplus-2.14.0 probing 041e:400b [ 94.969941][ T4808] device lo entered promiscuous mode [ 94.974504][ T4810] loop3: detected capacity change from 0 to 1024 [ 95.037582][ T4808] device tunl0 entered promiscuous mode [ 95.065217][ T4810] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 95.084331][ T4810] EXT4-fs (loop3): orphan cleanup on readonly fs [ 95.100730][ T4808] device gre0 entered promiscuous mode [ 95.109650][ T4810] EXT4-fs error (device loop3): ext4_free_blocks:6223: comm syz.3.140: Freeing blocks not in datazone - block = 0, count = 4096 [ 95.148001][ T4810] EXT4-fs (loop3): 1 orphan inode deleted [ 95.237210][ T4808] device gretap0 entered promiscuous mode [ 95.241107][ T4810] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 95.260292][ T4808] device erspan0 entered promiscuous mode [ 95.326421][ T4808] device ip_vti0 entered promiscuous mode [ 95.351852][ T4808] device ip6_vti0 entered promiscuous mode [ 95.385072][ T4822] udc-core: couldn't find an available UDC or it's busy [ 95.401342][ T4822] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 95.428699][ T4808] device sit0 entered promiscuous mode [ 95.469662][ T4808] device ip6tnl0 entered promiscuous mode [ 95.493620][ T21] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 95.503050][ T4808] device ip6gre0 entered promiscuous mode [ 95.529113][ T4808] device syz_tun entered promiscuous mode [ 95.554129][ T4808] device ip6gretap0 entered promiscuous mode [ 95.580690][ T4808] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.589478][ T4808] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.603355][ T4808] device bridge0 entered promiscuous mode [ 95.628987][ T4808] device vcan0 entered promiscuous mode [ 95.635011][ T4303] gspca_sunplus: reg_r err -110 [ 95.640076][ T4303] sunplus: probe of 5-1:0.0 failed with error -110 [ 95.669605][ T4819] loop0: detected capacity change from 0 to 32768 [ 95.678848][ T4808] device bond0 entered promiscuous mode [ 95.685011][ T4808] device bond_slave_0 entered promiscuous mode [ 95.691456][ T4808] device bond_slave_1 entered promiscuous mode [ 95.714636][ T4808] device team0 entered promiscuous mode [ 95.720597][ T4808] device team_slave_0 entered promiscuous mode [ 95.727071][ T4808] device team_slave_1 entered promiscuous mode [ 95.750817][ T4808] device dummy0 entered promiscuous mode [ 95.776630][ T4819] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.143 (4819) [ 95.806998][ T4808] device nlmon0 entered promiscuous mode [ 95.819803][ T4808] device caif0 entered promiscuous mode [ 95.833389][ T4808] device batadv0 entered promiscuous mode [ 95.864134][ T4819] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.875166][ T4343] udevd[4343]: incorrect btrfs checksum on /dev/loop0 [ 95.886606][ T4808] device vxcan0 entered promiscuous mode [ 95.893877][ T21] usb 2-1: unable to get BOS descriptor or descriptor too short [ 95.903059][ T4808] device vxcan1 entered promiscuous mode [ 95.912471][ T4819] BTRFS error (device loop0): superblock checksum mismatch [ 95.928153][ T4808] device veth0 entered promiscuous mode [ 95.938890][ T4819] BTRFS error (device loop0): open_ctree failed: -22 [ 95.959399][ T4808] device veth1 entered promiscuous mode [ 95.973862][ T21] usb 2-1: config 9 has an invalid interface number: 73 but max is 0 [ 95.987173][ T21] usb 2-1: config 9 has no interface number 0 [ 95.994145][ T21] usb 2-1: config 9 interface 73 has no altsetting 0 [ 96.016731][ T4808] device wg0 entered promiscuous mode [ 96.028506][ T4343] udevd[4343]: incorrect btrfs checksum on /dev/loop0 [ 96.046939][ T4808] device wg1 entered promiscuous mode [ 96.050403][ T4824] rdma_op ffff88805fe0f9f0 conn xmit_rdma 0000000000000000 [ 96.072752][ T4808] device wg2 entered promiscuous mode [ 96.087780][ T4808] device veth0_to_bridge entered promiscuous mode [ 96.174398][ T4808] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.219201][ T4808] device veth1_to_bridge entered promiscuous mode [ 96.234130][ T21] usb 2-1: string descriptor 0 read error: -22 [ 96.247142][ T21] usb 2-1: New USB device found, idVendor=17a1, idProduct=0128, bcdDevice=6b.f1 [ 96.257573][ T4808] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.272336][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.274970][ T4808] device veth0_to_bond entered promiscuous mode [ 96.330770][ T4808] bond0: (slave bond_slave_0): Releasing backup interface [ 96.340705][ T21] gspca_main: t613-2.14.0 probing 17a1:0128 [ 96.349336][ T4808] device veth1_to_bond entered promiscuous mode [ 96.376810][ T4808] bond0: (slave bond_slave_1): Releasing backup interface [ 96.387714][ T4808] device veth0_to_team entered promiscuous mode [ 96.421441][ T4808] team0: Port device team_slave_0 removed [ 96.429991][ T4808] device veth1_to_team entered promiscuous mode [ 96.466138][ T4808] team0: Port device team_slave_1 removed [ 96.472440][ T4808] device veth0_to_batadv entered promiscuous mode [ 96.492263][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.506640][ T4808] device batadv_slave_0 entered promiscuous mode [ 96.524020][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 96.536405][ T4808] device veth1_to_batadv entered promiscuous mode [ 96.554448][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 96.562221][ T4808] device batadv_slave_1 entered promiscuous mode [ 96.580220][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 96.588625][ T21] gspca_t613: unknown sensor 0000 [ 96.593785][ T21] t613: probe of 2-1:9.73 failed with error -22 [ 96.601942][ T21] usb 2-1: USB disconnect, device number 5 [ 96.616954][ T4808] device xfrm0 entered promiscuous mode [ 96.642384][ T4808] device veth0_to_hsr entered promiscuous mode [ 96.675726][ T4808] device veth1_to_hsr entered promiscuous mode [ 96.706887][ T4808] device hsr0 entered promiscuous mode [ 96.727251][ T4808] device veth1_virt_wifi entered promiscuous mode [ 96.752423][ T4808] device veth0_virt_wifi entered promiscuous mode [ 96.761075][ T4808] device virt_wifi0 entered promiscuous mode [ 96.810492][ T4808] device vlan0 entered promiscuous mode [ 96.823777][ T4808] device vlan1 entered promiscuous mode [ 96.847831][ T4808] device macvlan0 entered promiscuous mode [ 96.869632][ T4808] device macvlan1 entered promiscuous mode [ 96.878607][ T4808] device ipvlan0 entered promiscuous mode [ 96.893745][ T4808] device ipvlan1 entered promiscuous mode [ 96.927859][ T4808] device macvtap0 entered promiscuous mode [ 96.949072][ T4808] device macsec0 entered promiscuous mode [ 96.979452][ T4808] device geneve0 entered promiscuous mode [ 96.999580][ T4808] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.009111][ T4808] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.019001][ T4808] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.028869][ T4808] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.038406][ T4808] device geneve1 entered promiscuous mode [ 97.059468][ T4808] device netdevsim0 entered promiscuous mode [ 97.081064][ T4808] device netdevsim1 entered promiscuous mode [ 97.104785][ T4808] device netdevsim2 entered promiscuous mode [ 97.129388][ T4808] device netdevsim3 entered promiscuous mode [ 97.150398][ T4808] device wlan0 entered promiscuous mode [ 97.169063][ T4808] device wlan1 entered promiscuous mode [ 97.190719][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 97.211358][ T23] usb 5-1: USB disconnect, device number 3 [ 97.227838][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 97.289913][ T4808] syz.2.138 (4808) used greatest stack depth: 19840 bytes left [ 97.299232][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 97.472894][ T4843] affs: No valid root block on device nbd2 [ 97.540660][ T4833] device syzkaller1 entered promiscuous mode [ 97.674361][ T4184] Bluetooth: hci1: Unknown advertising packet type: 0x4b00 [ 98.276378][ T3520] xfrm0 speed is unknown, defaulting to 1000 [ 98.292632][ T4830] infiniband syz1: set active [ 98.299445][ T4830] infiniband syz1: added xfrm0 [ 98.343883][ T4830] infiniband syz1: Couldn't open port 1 [ 98.422548][ T4830] RDS/IB: syz1: added [ 98.437597][ T4830] smc: adding ib device syz1 with port count 1 [ 98.477210][ T4830] smc: ib device syz1 port 1 has pnetid [ 98.498331][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 98.537584][ T3520] xfrm0 speed is unknown, defaulting to 1000 [ 98.702017][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 98.758426][ T4865] loop4: detected capacity change from 0 to 4096 [ 98.900788][ T4871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 98.908986][ T4871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 98.991142][ T4871] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.220062][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 99.326814][ T4873] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.912354][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 100.037432][ T4886] mmap: syz.2.164 (4886): VmData 37728256 exceed data ulimit 10. Update limits or use boot option ignore_rlimit_data. [ 100.097805][ T4830] xfrm0 speed is unknown, defaulting to 1000 [ 100.123628][ T23] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 100.388910][ T4891] loop2: detected capacity change from 0 to 4096 [ 100.546942][ T4891] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 100.563915][ T4891] ntfs3: loop2: Failed to load $Extend. [ 100.660010][ T4885] loop4: detected capacity change from 0 to 40427 [ 100.674369][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 100.695229][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 100.743219][ T4885] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff [ 100.772334][ T4885] F2FS-fs (loop4): invalid crc value [ 100.813980][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 100.842853][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 100.860009][ T4885] F2FS-fs (loop4): Found nat_bits in checkpoint [ 100.960882][ T4885] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 100.973861][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 101.003774][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 101.025644][ T4904] loop0: detected capacity change from 0 to 4096 [ 101.058226][ T4885] netlink: 'syz.4.162': attribute type 1 has an invalid length. [ 101.098798][ T4904] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 101.144262][ T4904] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 101.158719][ T4193] attempt to access beyond end of device [ 101.158719][ T4193] loop4: rw=2049, want=45104, limit=40427 [ 101.189789][ T4904] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 101.232058][ T4904] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 101.260463][ T23] usb 2-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 101.271284][ T4904] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 101.280177][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.306040][ T4904] ntfs: volume version 3.1. [ 101.308239][ T23] usb 2-1: Product: syz [ 101.325564][ T4904] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 101.348775][ T23] usb 2-1: Manufacturer: syz [ 101.354185][ T23] usb 2-1: SerialNumber: syz [ 101.360443][ T4904] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 101.372587][ T23] usb 2-1: config 0 descriptor?? [ 101.404685][ T4904] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 101.426191][ T4904] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 101.429050][ T23] ti_usb_3410_5052 2-1:0.0: TI USB 5052 2 port adapter converter detected [ 101.458294][ T4904] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 101.461578][ T23] ti_usb_3410_5052 2-1:0.0: missing endpoints [ 101.640875][ T4906] loop3: detected capacity change from 0 to 32768 [ 101.671278][ T4881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'. [ 101.738717][ T4881] netlink: 188 bytes leftover after parsing attributes in process `syz.1.161'. [ 101.814339][ T4906] XFS (loop3): Mounting V5 Filesystem [ 102.690416][ T4906] XFS (loop3): Ending clean mount [ 102.785668][ T4906] XFS (loop3): Quotacheck needed: Please wait. [ 102.958042][ T23] usb 2-1: USB disconnect, device number 6 [ 103.438072][ T4949] loop4: detected capacity change from 0 to 4096 [ 103.490795][ T4906] XFS (loop3): Quotacheck: Done. [ 103.539962][ T4949] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 103.559462][ T4949] ntfs3: loop4: Failed to load $Extend. [ 103.952608][ T4960] mmap: syz.2.183 (4960) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 104.400992][ T4185] XFS (loop3): Unmounting Filesystem [ 104.917129][ T4986] netlink: 104 bytes leftover after parsing attributes in process `syz.2.193'. [ 105.303614][ T3520] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 105.443838][ T4995] FAULT_INJECTION: forcing a failure. [ 105.443838][ T4995] name failslab, interval 1, probability 0, space 0, times 1 [ 105.456619][ T4995] CPU: 0 PID: 4995 Comm: syz.4.194 Not tainted 5.15.186-syzkaller #0 [ 105.464718][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.474793][ T4995] Call Trace: [ 105.478340][ T4995] [ 105.481282][ T4995] dump_stack_lvl+0x168/0x230 [ 105.485983][ T4995] ? show_regs_print_info+0x20/0x20 [ 105.491384][ T4995] ? load_image+0x3b0/0x3b0 [ 105.496024][ T4995] ? __might_sleep+0xf0/0xf0 [ 105.500630][ T4995] ? __lock_acquire+0x7c60/0x7c60 [ 105.505665][ T4995] should_fail+0x38c/0x4c0 [ 105.510106][ T4995] should_failslab+0x5/0x20 [ 105.514614][ T4995] slab_pre_alloc_hook+0x51/0xc0 [ 105.519733][ T4995] __kmalloc+0x6b/0x330 [ 105.523901][ T4995] ? tomoyo_realpath_from_path+0x118/0x610 [ 105.529900][ T4995] tomoyo_realpath_from_path+0x118/0x610 [ 105.535552][ T4995] ? finish_task_switch+0x12f/0x640 [ 105.541063][ T4995] tomoyo_path_number_perm+0x1d5/0x5d0 [ 105.546995][ T4995] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 105.552515][ T4995] security_file_ioctl+0x6c/0xa0 [ 105.557475][ T4995] __se_sys_ioctl+0x48/0x170 [ 105.562244][ T4995] do_syscall_64+0x4c/0xa0 [ 105.566771][ T4995] ? clear_bhb_loop+0x30/0x80 [ 105.571469][ T4995] ? clear_bhb_loop+0x30/0x80 [ 105.576680][ T4995] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.582584][ T4995] RIP: 0033:0x7f14d4819929 [ 105.587011][ T4995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.606697][ T4995] RSP: 002b:00007f14d263f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.615127][ T4995] RAX: ffffffffffffffda RBX: 00007f14d4a41160 RCX: 00007f14d4819929 [ 105.623101][ T4995] RDX: 0000200000000600 RSI: 00000000c06864ce RDI: 0000000000000003 [ 105.631246][ T4995] RBP: 00007f14d263f090 R08: 0000000000000000 R09: 0000000000000000 [ 105.639396][ T4995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.647410][ T4995] R13: 0000000000000000 R14: 00007f14d4a41160 R15: 00007ffd19906678 [ 105.655481][ T4995] [ 105.658513][ C0] vkms_vblank_simulate: vblank timer overrun [ 105.666575][ T4995] ERROR: Out of memory at tomoyo_realpath_from_path. [ 105.949384][ T4244] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 105.990888][ T5004] loop1: detected capacity change from 0 to 1024 [ 106.319363][ T5005] loop4: detected capacity change from 0 to 4096 [ 106.581097][ T3520] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 106.592750][ T3520] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 106.674039][ T3520] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 106.718833][ T3520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 106.743917][ T4244] usb 4-1: too many configurations: 166, using maximum allowed: 8 [ 106.752199][ T3520] usb 3-1: SerialNumber: syz [ 106.760508][ T5004] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.773306][ T5005] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 106.809002][ T5005] ntfs3: loop4: Failed to load $Extend. [ 106.823729][ T4244] usb 4-1: config index 0 descriptor too short (expected 1033, got 27) [ 106.833787][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.845286][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 106.933720][ T4244] usb 4-1: config index 1 descriptor too short (expected 1033, got 27) [ 106.953242][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.984491][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.079292][ T4244] usb 4-1: config index 2 descriptor too short (expected 1033, got 27) [ 107.123052][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.163147][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.174025][ T5016] FAULT_INJECTION: forcing a failure. [ 107.174025][ T5016] name failslab, interval 1, probability 0, space 0, times 0 [ 107.241742][ T5016] CPU: 1 PID: 5016 Comm: syz.4.199 Not tainted 5.15.186-syzkaller #0 [ 107.250054][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.253808][ T4244] usb 4-1: config index 3 descriptor too short (expected 1033, got 27) [ 107.260229][ T5016] Call Trace: [ 107.260254][ T5016] [ 107.260261][ T5016] dump_stack_lvl+0x168/0x230 [ 107.260292][ T5016] ? show_regs_print_info+0x20/0x20 [ 107.274881][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.275389][ T5016] ? load_image+0x3b0/0x3b0 [ 107.282626][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.285686][ T5016] ? __might_sleep+0xf0/0xf0 [ 107.285712][ T5016] ? __lock_acquire+0x7c60/0x7c60 [ 107.285735][ T5016] should_fail+0x38c/0x4c0 [ 107.285760][ T5016] should_failslab+0x5/0x20 [ 107.285775][ T5016] slab_pre_alloc_hook+0x51/0xc0 [ 107.285793][ T5016] __kmalloc+0x6b/0x330 [ 107.285807][ T5016] ? tomoyo_encode+0x27e/0x540 [ 107.285829][ T5016] tomoyo_encode+0x27e/0x540 [ 107.285848][ T5016] tomoyo_realpath_from_path+0x5cd/0x610 [ 107.355043][ T5016] tomoyo_path_number_perm+0x1d5/0x5d0 [ 107.360722][ T5016] ? verify_lock_unused+0x140/0x140 [ 107.366552][ T5016] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 107.372126][ T5016] ? ksys_write+0x1c7/0x250 [ 107.376890][ T5016] security_file_ioctl+0x6c/0xa0 [ 107.382062][ T5016] __se_sys_ioctl+0x48/0x170 [ 107.383806][ T4244] usb 4-1: config index 4 descriptor too short (expected 1033, got 27) [ 107.386775][ T5016] do_syscall_64+0x4c/0xa0 [ 107.386802][ T5016] ? clear_bhb_loop+0x30/0x80 [ 107.398743][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.399853][ T5016] ? clear_bhb_loop+0x30/0x80 [ 107.399884][ T5016] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 107.409401][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.415139][ T5016] RIP: 0033:0x7f14d4819929 [ 107.415168][ T5016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.415180][ T5016] RSP: 002b:00007f14d2681038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.415198][ T5016] RAX: ffffffffffffffda RBX: 00007f14d4a40fa0 RCX: 00007f14d4819929 [ 107.415209][ T5016] RDX: 00002000000004c0 RSI: 00000000000089f1 RDI: 0000000000000003 [ 107.415219][ T5016] RBP: 00007f14d2681090 R08: 0000000000000000 R09: 0000000000000000 [ 107.415227][ T5016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.415237][ T5016] R13: 0000000000000000 R14: 00007f14d4a40fa0 R15: 00007ffd19906678 [ 107.415259][ T5016] [ 107.418189][ T5016] ERROR: Out of memory at tomoyo_realpath_from_path. [ 107.508003][ T4244] usb 4-1: config index 5 descriptor too short (expected 1033, got 27) [ 107.561009][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.597436][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.693954][ T4244] usb 4-1: config index 6 descriptor too short (expected 1033, got 27) [ 107.715791][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.754048][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.853938][ T4244] usb 4-1: config index 7 descriptor too short (expected 1033, got 27) [ 107.874152][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.902416][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.928678][ T4244] usb 4-1: New USB device found, idVendor=07c0, idProduct=9512, bcdDevice=30.22 [ 107.953273][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.028793][ T4244] usb 4-1: config 0 descriptor?? [ 108.123627][ T4236] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 108.163007][ T5029] loop0: detected capacity change from 0 to 1024 [ 108.237861][ T3520] usb 3-1: 0:2 : does not exist [ 108.332557][ T5029] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 108.347471][ T4244] usb 4-1: string descriptor 0 read error: -71 [ 108.363798][ T5029] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.366765][ T4244] usb 4-1: USB disconnect, device number 2 [ 108.385919][ T3520] usb 3-1: USB disconnect, device number 4 [ 108.510366][ T5029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.205'. [ 108.523881][ T4236] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.563575][ T4236] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.593609][ T4236] usb 5-1: config 0 interface 0 has no altsetting 0 [ 108.617295][ T4474] udevd[4474]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 108.656925][ T5036] nbd: must specify a device to reconfigure [ 108.700222][ T5036] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 108.723898][ T4236] usb 5-1: New USB device found, idVendor=056a, idProduct=002a, bcdDevice= 0.00 [ 108.732968][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=172, SerialNumber=181 [ 108.754580][ T4236] usb 5-1: Product: syz [ 108.758864][ T4236] usb 5-1: SerialNumber: syz [ 108.821010][ T4236] usb 5-1: config 0 descriptor?? [ 108.980629][ T5044] loop0: detected capacity change from 0 to 4096 [ 109.004161][ T5046] loop2: detected capacity change from 0 to 2048 [ 109.058632][ T5049] xfrm0 speed is unknown, defaulting to 1000 [ 109.131745][ T5044] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 109.158143][ T5044] ntfs3: loop0: Failed to load $Extend. [ 109.232785][ T5058] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.213'. [ 109.248312][ T5058] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 109.262177][ T5058] openvswitch: netlink: Message has 1 unknown bytes. [ 109.353696][ T4244] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 109.444754][ T4236] usbhid 5-1:0.0: can't add hid device: -71 [ 109.451762][ T4236] usbhid: probe of 5-1:0.0 failed with error -71 [ 109.462063][ T4236] usb 5-1: USB disconnect, device number 4 [ 109.823822][ T4244] usb 4-1: config 1 has an invalid descriptor of length 118, skipping remainder of the config [ 109.843596][ T4244] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 109.861497][ T5058] loop2: detected capacity change from 0 to 40427 [ 109.914831][ T5049] chnl_net:caif_netlink_parms(): no params data found [ 109.924077][ T4244] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 109.933163][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 109.963833][ T4244] usb 4-1: SerialNumber: syz [ 110.119635][ T5049] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.199833][ T5049] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.214854][ T5049] device bridge_slave_0 entered promiscuous mode [ 110.271200][ T5049] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.381102][ T5074] loop3: detected capacity change from 0 to 512 [ 110.696095][ T5049] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.838696][ T5049] device bridge_slave_1 entered promiscuous mode [ 111.021092][ T5074] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6 [ 111.060455][ T5049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.091900][ T5065] loop0: detected capacity change from 0 to 32768 [ 111.103996][ T21] Bluetooth: hci2: command 0x0409 tx timeout [ 111.154840][ T5049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.362976][ T5074] loop3: detected capacity change from 0 to 1024 [ 111.436752][ T5049] team0: Port device team_slave_0 added [ 111.446199][ T5049] team0: Port device team_slave_1 added [ 111.446727][ T4244] usb 4-1: 0:2 : does not exist [ 111.515207][ T5065] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.538039][ T5049] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.593766][ T4244] usb 4-1: USB disconnect, device number 3 [ 111.623585][ T5049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.649581][ C0] vkms_vblank_simulate: vblank timer overrun [ 111.688722][ T5049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.722316][ T5049] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.722333][ T5049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.722354][ T5049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.839022][ T5049] device hsr_slave_0 entered promiscuous mode [ 111.848251][ T5049] device hsr_slave_1 entered promiscuous mode [ 111.856741][ T5049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 111.865790][ T5049] Cannot create hsr debugfs directory [ 111.900059][ T5087] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 111.920260][ T5087] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 111.931296][ T4474] udevd[4474]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.954780][ T5087] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 112.006590][ T5065] (syz.0.215,5065,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "commit=00000000@" or missing value [ 112.393725][ T4236] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 112.813854][ T4236] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 112.830555][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.841056][ T4236] usb 5-1: config 0 descriptor?? [ 112.885443][ T4236] cp210x 5-1:0.0: cp210x converter detected [ 112.967130][ T4181] ocfs2: Unmounting device (7,0) on (node local) [ 112.975274][ T5049] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 113.011039][ T5049] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 113.093217][ T5049] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 113.141198][ T5049] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 113.199903][ T1107] Bluetooth: hci2: command 0x041b tx timeout [ 113.443939][ T4236] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 113.489629][ T5123] sit0 speed is unknown, defaulting to 1000 [ 113.499288][ T5123] sit0 speed is unknown, defaulting to 1000 [ 113.506099][ T5123] sit0 speed is unknown, defaulting to 1000 [ 113.558899][ T4236] usb 5-1: cp210x converter now attached to ttyUSB0 [ 113.765452][ T5126] capability: warning: `syz.3.230' uses deprecated v2 capabilities in a way that may be insecure [ 114.226615][ T5128] netlink: 40 bytes leftover after parsing attributes in process `syz.4.224'. [ 114.245815][ T5049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.303388][ T5130] xt_addrtype: ipv6 does not support BROADCAST matching [ 114.355623][ T13] sit0 speed is unknown, defaulting to 1000 [ 114.357154][ T5049] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.352922][ T5123] infiniband syz2: set active [ 114.378034][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 114.379981][ T5123] infiniband syz2: added sit0 [ 114.393251][ T13] usb 5-1: USB disconnect, device number 5 [ 114.403243][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 114.430166][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 114.442171][ T13] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 114.449557][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 114.465377][ T5123] infiniband syz2: Couldn't open port 1 [ 114.465467][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.478125][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.493052][ T13] cp210x 5-1:0.0: device disconnected [ 114.500670][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 114.517315][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 114.549049][ T5123] RDS/IB: syz2: added [ 114.551585][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.553100][ T5123] smc: adding ib device syz2 with port count 1 [ 114.560164][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.574127][ T5123] smc: ib device syz2 port 1 has pnetid [ 114.962963][ T5136] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.970580][ T5136] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.060650][ T5144] binder: BINDER_SET_CONTEXT_MGR already set [ 115.097107][ T5144] binder: 5143:5144 ioctl 4018620d 200000000040 returned -16 [ 115.108787][ T5144] binder: 5143:5144 ioctl c0306201 2000000003c0 returned -14 [ 115.298944][ T21] Bluetooth: hci2: command 0x040f tx timeout [ 115.350984][ T5136] device bridge_slave_0 left promiscuous mode [ 115.359407][ T5136] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.418028][ T4187] Bluetooth: hci4: Unknown advertising packet type: 0x4b00 [ 115.721289][ T5136] device bridge_slave_1 left promiscuous mode [ 115.780186][ T5136] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.988763][ T5136] bond0: (slave bond_slave_0): Releasing backup interface [ 116.010538][ T5136] bond0: (slave bond_slave_1): Releasing backup interface [ 116.048511][ T5136] team0: Port device team_slave_0 removed [ 116.081601][ T5136] team0: Port device team_slave_1 removed [ 116.095789][ T5136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.116665][ T5136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.138783][ T5136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.162173][ T5136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.182117][ T5136] rdma_rxe: ignoring netdev event = 10 for xfrm0 [ 116.190161][ T5136] infiniband syz1: set down [ 116.459926][ T5136] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.469704][ T5136] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.479089][ T5136] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.489309][ T5136] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.590083][ T4244] sit0 speed is unknown, defaulting to 1000 [ 116.594521][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.610236][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.631080][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.661399][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.681444][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.697098][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.709279][ T5145] tap0: tun_chr_ioctl cmd 2147767519 [ 116.717168][ T23] xfrm0 speed is unknown, defaulting to 1000 [ 116.726568][ T5123] sit0 speed is unknown, defaulting to 1000 [ 116.736613][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.754587][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.764700][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 116.781378][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.790325][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 116.805633][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.816113][ T23] xfrm0 speed is unknown, defaulting to 1000 [ 116.818720][ T5049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 116.994777][ T5123] sit0 speed is unknown, defaulting to 1000 [ 117.162823][ T5123] sit0 speed is unknown, defaulting to 1000 [ 117.209357][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 117.222510][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 117.246232][ T5049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.343815][ T4236] Bluetooth: hci2: command 0x0419 tx timeout [ 117.376077][ T5154] loop0: detected capacity change from 0 to 32768 [ 117.390774][ T5123] sit0 speed is unknown, defaulting to 1000 [ 117.491170][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 117.501754][ T5154] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 117.507108][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 117.533944][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 117.561400][ T5154] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 117.574535][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 117.601749][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 117.614454][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 117.626056][ T5123] sit0 speed is unknown, defaulting to 1000 [ 117.627314][ T5049] device veth0_vlan entered promiscuous mode [ 117.654543][ T5049] device veth1_vlan entered promiscuous mode [ 117.688680][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 117.709726][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 117.741433][ T5049] device veth0_macvtap entered promiscuous mode [ 117.775595][ T5049] device veth1_macvtap entered promiscuous mode [ 117.829051][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.892137][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.921387][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.943481][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.962142][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.972283][ T5171] loop2: detected capacity change from 0 to 8192 [ 117.982138][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.007582][ T5049] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.025870][ T5123] sit0 speed is unknown, defaulting to 1000 [ 118.032163][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 118.046756][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 118.079474][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 118.109667][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.143038][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.188883][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.222805][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.284115][ T5174] nbd: must specify a device to reconfigure [ 118.313857][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.344107][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.381499][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.408525][ T5049] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.430010][ T5174] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 118.516483][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 118.545755][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.565386][ T5049] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.584335][ T5049] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.625751][ T5049] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.657035][ T5049] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.869152][ T4181] ocfs2: Unmounting device (7,0) on (node local) [ 118.925657][ T4330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.937315][ T4330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.036147][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.090091][ T4330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.140995][ T4330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.221132][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 119.695579][ T5191] loop5: detected capacity change from 0 to 1024 [ 119.784465][ T5191] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 119.831433][ T5191] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 119.912356][ T5191] JBD2: no valid journal superblock found [ 119.952970][ T5191] EXT4-fs (loop5): error loading journal [ 120.122960][ T5191] loop5: detected capacity change from 0 to 1024 [ 120.161735][ T5191] hfsplus: unable to parse mount options [ 120.292328][ T4187] Bluetooth: hci0: Unknown advertising packet type: 0x4b00 [ 120.640890][ T4236] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 120.943925][ T4236] usb 5-1: Using ep0 maxpacket: 16 [ 121.063764][ T4236] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.081510][ T4236] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.096486][ T4236] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 121.110733][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.129686][ T4236] usb 5-1: config 0 descriptor?? [ 121.139853][ T4191] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 121.151682][ T5207] loop5: detected capacity change from 0 to 2048 [ 121.184985][ T4191] FAT-fs (loop2): Filesystem has been set read-only [ 121.217242][ T5207] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051 [ 121.277933][ T5207] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 121.445654][ T5214] loop3: detected capacity change from 0 to 512 [ 121.459501][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 121.459515][ T26] audit: type=1800 audit(1751812132.782:5): pid=5207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.251" name="file1" dev="loop5" ino=1346 res=0 errno=0 [ 121.520014][ T5214] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (3675!=33349) [ 121.531156][ T5214] EXT4-fs (loop3): group descriptors corrupted! [ 121.663712][ T4236] usbhid 5-1:0.0: can't add hid device: -71 [ 121.669990][ T4236] usbhid: probe of 5-1:0.0 failed with error -71 [ 121.754442][ T4236] usb 5-1: USB disconnect, device number 6 [ 122.016581][ T5223] loop5: detected capacity change from 0 to 1024 [ 122.231761][ T5229] loop3: detected capacity change from 0 to 1024 [ 122.234218][ T5223] hfsplus: unable to parse mount options [ 122.267686][ T5219] netlink: 4 bytes leftover after parsing attributes in process `syz.5.255'. [ 123.198241][ T5235] netlink: 48 bytes leftover after parsing attributes in process `syz.4.261'. [ 123.459676][ T5229] loop3: detected capacity change from 0 to 32768 [ 124.353533][ C1] sched: RT throttling activated [ 124.384559][ T5229] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.258 (5229) [ 124.563307][ T5229] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.572741][ T5229] BTRFS info (device loop3): force zlib compression, level 3 [ 124.580264][ T5229] BTRFS info (device loop3): force clearing of disk cache [ 124.587471][ T5229] BTRFS info (device loop3): setting nodatasum [ 124.593675][ T5229] BTRFS info (device loop3): allowing degraded mounts [ 124.600452][ T5229] BTRFS info (device loop3): enabling disk space caching [ 124.607850][ T5229] BTRFS info (device loop3): disk space caching is enabled [ 124.615110][ T5229] BTRFS info (device loop3): has skinny extents [ 125.249752][ T5229] BTRFS error (device loop3): open_ctree failed: -12 [ 125.487743][ T5269] loop4: detected capacity change from 0 to 512 [ 125.762154][ T4343] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by udevd (4343) [ 126.182553][ T5281] loop0: detected capacity change from 0 to 2048 [ 126.248549][ T5281] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 126.353713][ T5281] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 126.433855][ T5297] loop5: detected capacity change from 0 to 2048 [ 126.598770][ T5300] rdma_op ffff888022b3a1f0 conn xmit_rdma 0000000000000000 [ 126.643948][ T26] audit: type=1800 audit(1751812137.972:6): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.270" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 126.897928][ T5304] loop5: detected capacity change from 0 to 4096 [ 127.187021][ T5304] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 127.211646][ T5304] ntfs3: loop5: Failed to load $Extend. [ 128.032814][ T5290] loop2: detected capacity change from 0 to 40427 [ 128.233748][ T5316] loop5: detected capacity change from 0 to 1024 [ 128.671657][ T5316] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 128.787363][ T5316] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.888713][ T5290] F2FS-fs (loop2): Found nat_bits in checkpoint [ 129.868475][ T5316] netlink: 12 bytes leftover after parsing attributes in process `syz.5.276'. [ 129.969495][ T5348] loop3: detected capacity change from 0 to 4096 [ 130.222130][ T5355] xt_connbytes: Forcing CT accounting to be enabled [ 130.251070][ T5348] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 130.284577][ T5348] ntfs3: loop3: Failed to load $Extend. [ 130.564974][ T5359] rdma_op ffff88807d04a9f0 conn xmit_rdma 0000000000000000 [ 130.768931][ T5353] loop0: detected capacity change from 0 to 8192 [ 131.628371][ T5353] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 131.690262][ T5353] REISERFS (device loop0): using ordered data mode [ 131.740261][ T5353] reiserfs: using flush barriers [ 131.834068][ T5353] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 131.867092][ T5353] REISERFS (device loop0): checking transaction log (loop0) [ 131.924955][ T5353] REISERFS (device loop0): Using rupasov hash to sort names [ 131.951736][ T5353] REISERFS (device loop0): using 3.5.x disk format [ 132.123350][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 132.166926][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 132.189472][ T5381] loop3: detected capacity change from 0 to 8192 [ 132.387569][ T5391] xt_CT: No such helper "snmp" [ 132.583998][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 132.740599][ T5397] loop2: detected capacity change from 0 to 4096 [ 132.747877][ T5353] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 132.791929][ T5353] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 132.803371][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.803454][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.855161][ T5397] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 132.870505][ T5397] ntfs3: loop2: Failed to load $Extend. [ 133.771013][ T5412] rdma_op ffff88802515a9f0 conn xmit_rdma 0000000000000000 [ 134.531502][ T5432] loop4: detected capacity change from 0 to 1024 [ 134.692183][ T5432] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 135.122908][ T5432] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.375299][ T5432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.311'. [ 135.477154][ T5446] loop2: detected capacity change from 0 to 64 [ 136.126724][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1) [ 136.179332][ T4185] FAT-fs (loop3): Filesystem has been set read-only [ 136.545249][ T5470] loop4: detected capacity change from 0 to 65 [ 136.620953][ T5470] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway [ 136.644279][ T5472] rdma_op ffff88802708b1f0 conn xmit_rdma 0000000000000000 [ 136.721557][ T5477] "syz.5.322" (5477) uses obsolete ecb(arc4) skcipher [ 137.046208][ T5482] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 137.231172][ T5286] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 137.239382][ T5284] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 137.350960][ T4187] Bluetooth: hci3: Unknown advertising packet type: 0x4b00 [ 137.831522][ T5497] loop0: detected capacity change from 0 to 64 [ 137.884858][ T5286] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 137.898059][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.928233][ T5286] usb 4-1: config 0 descriptor?? [ 137.984905][ T5286] cp210x 4-1:0.0: cp210x converter detected [ 138.048924][ T5500] loop0: detected capacity change from 0 to 1024 [ 138.101694][ T5500] EXT4-fs (loop0): filesystem is read-only [ 138.183711][ T5284] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 138.193572][ T5284] usb 6-1: config 0 has an invalid descriptor of length 116, skipping remainder of the config [ 138.204219][ T5286] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: 0 [ 138.211591][ T5284] usb 6-1: config 0 has no interface number 0 [ 138.217815][ T5286] cp210x 4-1:0.0: querying part number failed [ 138.224509][ T5284] usb 6-1: config 0 interface 126 altsetting 0 has an invalid endpoint with address 0xB7, skipping [ 138.236837][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 138.239880][ T5499] netlink: 48 bytes leftover after parsing attributes in process `syz.0.327'. [ 138.248131][ T5286] usb 4-1: cp210x converter now attached to ttyUSB0 [ 138.265333][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x4 has an invalid bInterval 151, changing to 4 [ 138.279218][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 35799, setting to 1023 [ 138.290579][ T5284] usb 6-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 138.303833][ T5284] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 138.312995][ T5284] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.330691][ T5284] usb 6-1: config 0 descriptor?? [ 138.364461][ T5486] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 138.475400][ T5284] snd-usb-audio: probe of 6-1:0.126 failed with error -2 [ 138.528641][ T4173] udevd[4173]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 138.686656][ T5507] netlink: 'syz.0.329': attribute type 4 has an invalid length. [ 138.699722][ T5507] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.329'. [ 138.711519][ T5486] udc-core: couldn't find an available UDC or it's busy [ 138.718720][ T5486] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 138.993748][ T4303] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 139.152464][ T5509] overlayfs: failed to get inode (-116) [ 139.160140][ T5509] overlayfs: failed to get inode (-116) [ 139.193651][ T4303] usb 1-1: device descriptor read/64, error -71 [ 139.483860][ T4303] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 139.699708][ T4303] usb 1-1: device descriptor read/64, error -71 [ 139.753645][ T4236] usb 6-1: USB disconnect, device number 2 [ 139.809141][ T5511] loop4: detected capacity change from 0 to 32768 [ 139.984148][ T5513] loop5: detected capacity change from 0 to 40427 [ 139.995037][ T5511] (syz.4.330,5511,0):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 140.000391][ T4303] usb usb1-port1: attempt power cycle [ 140.018263][ T5513] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 140.026496][ T5513] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 140.040164][ T5513] F2FS-fs (loop5): invalid crc value [ 140.046131][ T5511] (syz.4.330,5511,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 140.088718][ T5513] F2FS-fs (loop5): Found nat_bits in checkpoint [ 140.204880][ T4236] usb 4-1: USB disconnect, device number 4 [ 140.220428][ T5513] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 140.227894][ T5513] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 140.344609][ T4236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 140.419776][ T5526] 9pnet: Insufficient options for proto=fd [ 140.442037][ T4236] cp210x 4-1:0.0: device disconnected [ 140.447828][ T4303] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 140.539593][ T5529] FAULT_INJECTION: forcing a failure. [ 140.539593][ T5529] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 140.563678][ T4303] usb 1-1: device descriptor read/8, error -71 [ 140.602201][ T5529] CPU: 1 PID: 5529 Comm: syz.3.334 Not tainted 5.15.186-syzkaller #0 [ 140.610783][ T5529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.621090][ T5529] Call Trace: [ 140.624548][ T5529] [ 140.627562][ T5529] dump_stack_lvl+0x168/0x230 [ 140.632259][ T5529] ? show_regs_print_info+0x20/0x20 [ 140.637484][ T5529] ? load_image+0x3b0/0x3b0 [ 140.642117][ T5529] ? __lock_acquire+0x7c60/0x7c60 [ 140.647311][ T5529] should_fail+0x38c/0x4c0 [ 140.651764][ T5529] _copy_from_user+0x2e/0x170 [ 140.657521][ T5529] ip6_tnl_siocdevprivate+0x353/0xaa0 [ 140.663282][ T5529] ? ip6_tnl_start_xmit+0x1230/0x1230 [ 140.668864][ T5529] ? __mutex_trylock_common+0x14f/0x250 [ 140.674945][ T5529] ? __mutex_lock_common+0x431/0x2390 [ 140.681385][ T5529] ? full_name_hash+0x8e/0xe0 [ 140.687454][ T5529] dev_ifsioc+0xaf5/0xe70 [ 140.692173][ T5529] ? dev_ioctl+0xe50/0xe50 [ 140.696997][ T5529] ? full_name_hash+0x8e/0xe0 [ 140.702750][ T5529] dev_ioctl+0x5f9/0xe50 [ 140.707017][ T5529] ? get_user_ifreq+0xc7/0x170 [ 140.711915][ T5529] sock_ioctl+0x67b/0x6e0 [ 140.716710][ T5529] ? sock_poll+0x3f0/0x3f0 [ 140.721852][ T5529] ? bpf_lsm_file_ioctl+0x5/0x10 [ 140.726885][ T5529] ? security_file_ioctl+0x7c/0xa0 [ 140.732015][ T5529] ? sock_poll+0x3f0/0x3f0 [ 140.736433][ T5529] __se_sys_ioctl+0xfa/0x170 [ 140.741036][ T5529] do_syscall_64+0x4c/0xa0 [ 140.745452][ T5529] ? clear_bhb_loop+0x30/0x80 [ 140.750421][ T5529] ? clear_bhb_loop+0x30/0x80 [ 140.755207][ T5529] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 140.761112][ T5529] RIP: 0033:0x7fc0b3085929 [ 140.766135][ T5529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.786003][ T5529] RSP: 002b:00007fc0b0eed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.794564][ T5529] RAX: ffffffffffffffda RBX: 00007fc0b32acfa0 RCX: 00007fc0b3085929 [ 140.802661][ T5529] RDX: 00002000000004c0 RSI: 00000000000089f1 RDI: 0000000000000003 [ 140.810664][ T5529] RBP: 00007fc0b0eed090 R08: 0000000000000000 R09: 0000000000000000 [ 140.818912][ T5529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.826896][ T5529] R13: 0000000000000000 R14: 00007fc0b32acfa0 R15: 00007ffeb9e93588 [ 140.835021][ T5529] [ 140.838183][ C1] vkms_vblank_simulate: vblank timer overrun [ 140.892696][ T5533] device lo left promiscuous mode [ 140.917067][ T5533] device tunl0 left promiscuous mode [ 140.922538][ T5533] device gre0 left promiscuous mode [ 140.964027][ T5533] device gretap0 left promiscuous mode [ 140.986868][ T5533] device erspan0 left promiscuous mode [ 141.033689][ T4303] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 141.033733][ T1107] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 141.081452][ T5533] device ip_vti0 left promiscuous mode [ 141.134101][ T4303] usb 1-1: device descriptor read/8, error -71 [ 141.159671][ T5533] device ip6_vti0 left promiscuous mode [ 141.218652][ T5533] device sit0 left promiscuous mode [ 141.257534][ T5533] device ip6tnl0 left promiscuous mode [ 141.264244][ T4303] usb usb1-port1: unable to enumerate USB device [ 141.310171][ T5533] device ip6gre0 left promiscuous mode [ 141.345742][ T5533] device syz_tun left promiscuous mode [ 141.370927][ T5533] device ip6gretap0 left promiscuous mode [ 141.413958][ T1107] usb 6-1: Using ep0 maxpacket: 16 [ 141.426839][ T5533] device bridge0 left promiscuous mode [ 141.437480][ T5539] loop4: detected capacity change from 0 to 256 [ 141.463098][ T5533] device vcan0 left promiscuous mode [ 141.534366][ T1107] usb 6-1: config 0 has no interfaces? [ 141.540155][ T1107] usb 6-1: New USB device found, idVendor=1778, idProduct=ff00, bcdDevice= 0.00 [ 141.561267][ T5533] device bond0 left promiscuous mode [ 141.622905][ T5533] device team0 left promiscuous mode [ 141.643047][ T1107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.685460][ T5533] device dummy0 left promiscuous mode [ 141.830084][ T1107] usb 6-1: config 0 descriptor?? [ 141.877770][ T5539] FAT-fs (loop4): Directory bread(block 64) failed [ 141.910256][ T5533] device nlmon0 left promiscuous mode [ 141.986702][ T5539] FAT-fs (loop4): Directory bread(block 65) failed [ 142.089050][ T5539] FAT-fs (loop4): Directory bread(block 66) failed [ 142.104316][ T5533] device caif0 left promiscuous mode [ 142.279645][ T5539] FAT-fs (loop4): Directory bread(block 67) failed [ 142.417071][ T5539] FAT-fs (loop4): Directory bread(block 68) failed [ 142.452178][ T5533] device batadv0 left promiscuous mode [ 142.488579][ T5539] FAT-fs (loop4): Directory bread(block 69) failed [ 142.538217][ T5533] device vxcan0 left promiscuous mode [ 142.555929][ T5539] FAT-fs (loop4): Directory bread(block 70) failed [ 142.583137][ T5533] device vxcan1 left promiscuous mode [ 142.629793][ T5539] FAT-fs (loop4): Directory bread(block 71) failed [ 142.653308][ T5533] device veth0 left promiscuous mode [ 142.659731][ T1107] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 142.695789][ T5539] FAT-fs (loop4): Directory bread(block 72) failed [ 142.707299][ T5533] device veth1 left promiscuous mode [ 142.731463][ T5539] FAT-fs (loop4): Directory bread(block 73) failed [ 142.742242][ T5533] device wg0 left promiscuous mode [ 142.764868][ T5533] device wg1 left promiscuous mode [ 142.805473][ T5533] device wg2 left promiscuous mode [ 142.841854][ T5533] device veth0_to_bridge left promiscuous mode [ 142.873199][ T26] audit: type=1804 audit(1751812154.192:7): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.331" name="/newroot/18/bus/bus" dev="loop5" ino=456 res=1 errno=0 [ 142.923819][ T1107] usb 1-1: Using ep0 maxpacket: 16 [ 142.948065][ T5533] device bridge_slave_0 left promiscuous mode [ 143.040328][ T5533] device veth1_to_bridge left promiscuous mode [ 143.054292][ T1107] usb 1-1: config 0 has no interfaces? [ 143.125663][ T5533] device bridge_slave_1 left promiscuous mode [ 143.214431][ T1107] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 143.259671][ T5533] device veth0_to_bond left promiscuous mode [ 143.318771][ T1107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.367746][ T5533] device bond_slave_0 left promiscuous mode [ 143.459695][ T1107] usb 1-1: Product: syz [ 143.480768][ T5533] device veth1_to_bond left promiscuous mode [ 143.529692][ T1107] usb 1-1: Manufacturer: syz [ 143.581843][ T5533] device bond_slave_1 left promiscuous mode [ 143.597486][ T1107] usb 1-1: SerialNumber: syz [ 143.672313][ T5533] device veth0_to_team left promiscuous mode [ 143.720181][ T1107] r8152-cfgselector 1-1: config 0 descriptor?? [ 143.789672][ T5533] device team_slave_0 left promiscuous mode [ 143.902607][ T5533] device veth1_to_team left promiscuous mode [ 143.988509][ T5533] device team_slave_1 left promiscuous mode [ 144.057119][ T5533] device veth0_to_batadv left promiscuous mode [ 144.147826][ T5533] device batadv_slave_0 left promiscuous mode [ 144.196419][ T1107] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 144.219751][ T5533] device veth1_to_batadv left promiscuous mode [ 144.289859][ T5533] device batadv_slave_1 left promiscuous mode [ 144.340090][ T5533] device xfrm0 left promiscuous mode [ 144.381557][ T5533] device veth0_to_hsr left promiscuous mode [ 144.388777][ T5533] device veth1_to_hsr left promiscuous mode [ 144.396238][ T5533] device hsr0 left promiscuous mode [ 144.401584][ T5533] device veth1_virt_wifi left promiscuous mode [ 144.408197][ T5533] device veth0_virt_wifi left promiscuous mode [ 144.414843][ T5533] device virt_wifi0 left promiscuous mode [ 144.421533][ T5533] device vlan0 left promiscuous mode [ 144.427266][ T5533] device vlan1 left promiscuous mode [ 144.432889][ T5533] device macvlan0 left promiscuous mode [ 144.438653][ T5533] device macvlan1 left promiscuous mode [ 144.445147][ T5533] device ipvlan0 left promiscuous mode [ 144.450765][ T5533] device ipvlan1 left promiscuous mode [ 144.457932][ T5533] device macvtap0 left promiscuous mode [ 144.464309][ T5533] device macsec0 left promiscuous mode [ 144.477770][ T5533] device geneve0 left promiscuous mode [ 144.488813][ T5533] device geneve1 left promiscuous mode [ 144.497631][ T5533] device netdevsim0 left promiscuous mode [ 144.504576][ T5533] device netdevsim1 left promiscuous mode [ 144.510858][ T5533] device netdevsim2 left promiscuous mode [ 144.530163][ T5533] device netdevsim3 left promiscuous mode [ 144.537517][ T5533] device wlan0 left promiscuous mode [ 144.543131][ T5533] device wlan1 left promiscuous mode [ 144.549344][ T5538] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 144.582777][ T5547] syz.2.340 (5547): attempted to duplicate a private mapping with mremap. This is not supported. [ 144.845126][ T1107] usb 6-1: USB disconnect, device number 3 [ 145.581467][ T4452] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 145.623895][ T23] usb 1-1: USB disconnect, device number 7 [ 145.656512][ T4452] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 145.877186][ T5560] loop2: detected capacity change from 0 to 512 [ 145.968935][ T5560] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 146.079065][ T26] audit: type=1800 audit(1751812157.402:8): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.348" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 146.190162][ T26] audit: type=1800 audit(1751812157.452:9): pid=5560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.346" name="file1" dev="loop2" ino=26 res=0 errno=0 [ 146.667431][ T5563] loop0: detected capacity change from 0 to 32768 [ 146.825726][ T5563] gfs2: fsid=_: Trying to join cluster "lock_nolock", "_" [ 146.827340][ T5584] loop2: detected capacity change from 0 to 8 [ 146.850973][ T5563] gfs2: fsid=_: Now mounting FS (format 1801)... [ 147.123892][ T4187] Bluetooth: hci2: Unknown advertising packet type: 0x4b00 [ 147.171880][ T5563] gfs2: fsid=_.0: journal 0 mapped with 16 extents in 32ms [ 147.638760][ T5287] gfs2: fsid=_.0: jid=0, already locked for use [ 147.650682][ T5576] loop3: detected capacity change from 0 to 40427 [ 147.672124][ T5287] gfs2: fsid=_.0: jid=0: Looking at journal... [ 147.679254][ T5584] cifs: Unknown parameter '¥?éÊŠÄFýÔoŒÀÀâkcXIç©äઇÊN·:"]!­’Ž´iœbZÙ+' [ 148.174367][ T5576] F2FS-fs (loop3): Found nat_bits in checkpoint [ 148.496646][ T5287] gfs2: fsid=_.0: jid=0: Journal head lookup took 824ms [ 148.507219][ T5287] gfs2: fsid=_.0: jid=0: Done [ 148.516738][ T5563] gfs2: fsid=_.0: first mount done, others may mount [ 148.529329][ T5576] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 148.704740][ T4185] attempt to access beyond end of device [ 148.704740][ T4185] loop3: rw=2049, want=45112, limit=40427 [ 148.845246][ T5605] loop4: detected capacity change from 0 to 1024 [ 149.308551][ T5619] loop0: detected capacity change from 0 to 512 [ 149.337993][ T5619] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 149.400089][ T5619] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 149.424430][ T5619] System zones: 0-2, 18-18, 34-34 [ 149.569965][ T5619] EXT4-fs (loop0): mounted filesystem without journal. Opts: noquota,debug,jqfmt=vfsv0,noauto_da_alloc,resgid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 149.692265][ T5619] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.686634][ T5630] loop4: detected capacity change from 0 to 128 [ 150.835063][ T5629] fuse: Bad value for 'fd' [ 150.902949][ T5632] loop2: detected capacity change from 0 to 16 [ 151.105469][ T5629] netlink: 4 bytes leftover after parsing attributes in process `syz.5.364'. [ 151.324765][ T5635] loop2: detected capacity change from 0 to 16 [ 152.530178][ T5641] netlink: 'syz.5.367': attribute type 4 has an invalid length. [ 152.674115][ T5648] loop5: detected capacity change from 0 to 64 [ 152.718999][ T5650] loop4: detected capacity change from 0 to 64 [ 152.929805][ T5639] loop2: detected capacity change from 0 to 32768 [ 152.960070][ T5639] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.368 (5639) [ 153.121193][ T5639] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 153.213861][ T4187] Bluetooth: hci0: Unknown advertising packet type: 0x4b00 [ 153.314021][ T5639] BTRFS info (device loop2): setting nodatacow, compression disabled [ 153.723099][ T5639] BTRFS info (device loop2): force zlib compression, level 3 [ 153.767764][ T5639] BTRFS info (device loop2): turning off barriers [ 153.774341][ T5639] BTRFS info (device loop2): max_inline at 6 [ 153.782381][ T5639] BTRFS info (device loop2): enabling disk space caching [ 153.789861][ T5639] BTRFS info (device loop2): enabling ssd optimizations [ 153.796907][ T5639] BTRFS info (device loop2): using spread ssd allocation scheme [ 153.804689][ T5639] BTRFS info (device loop2): setting nodatacow [ 153.823789][ T5639] BTRFS error (device loop2): cannot disable free space tree [ 153.879404][ T5639] BTRFS error (device loop2): open_ctree failed: -22 [ 153.957695][ T5663] loop3: detected capacity change from 0 to 1024 [ 154.165170][ T5663] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 154.196498][ T5639] tipc: Started in network mode [ 154.201719][ T5639] tipc: Node identity , cluster identity 4711 [ 154.218442][ T5639] loop2: detected capacity change from 0 to 1024 [ 154.225528][ T5663] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.258421][ T5663] netlink: 12 bytes leftover after parsing attributes in process `syz.3.375'. [ 154.280055][ T5639] hfsplus: type requires a 4 character value [ 154.292200][ T5639] hfsplus: unable to parse mount options [ 154.654831][ T4236] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 154.755863][ T5679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.379'. [ 154.831836][ T5681] loop2: detected capacity change from 0 to 512 [ 155.044659][ T4236] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 155.073108][ T4236] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.110075][ T4236] usb 4-1: config 0 descriptor?? [ 155.183388][ T5690] netlink: 16 bytes leftover after parsing attributes in process `syz.5.385'. [ 155.195045][ T4236] cp210x 4-1:0.0: cp210x converter detected [ 155.275539][ T5692] loop4: detected capacity change from 0 to 2048 [ 155.345734][ T5692] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051 [ 155.388498][ T5692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 155.455555][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 155.463423][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 155.476505][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 155.486309][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 155.498225][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 155.506861][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 155.532782][ T26] audit: type=1800 audit(1751812166.852:10): pid=5692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.384" name="file1" dev="loop4" ino=1346 res=0 errno=0 [ 155.605912][ T5685] loop2: detected capacity change from 0 to 32768 [ 155.614514][ T4236] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 155.663861][ T4236] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: 0 [ 155.688338][ T4236] cp210x 4-1:0.0: GPIO initialisation failed: -5 [ 155.698514][ T4236] usb 4-1: cp210x converter now attached to ttyUSB0 [ 155.778360][ T5685] XFS (loop2): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 155.808848][ T5685] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 155.824815][ T5685] XFS (loop2): Mounting V5 Filesystem [ 155.871149][ T5711] loop5: detected capacity change from 0 to 8192 [ 155.890706][ T5673] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.377'. [ 155.957192][ T4236] usb 4-1: USB disconnect, device number 5 [ 156.013266][ T4236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 156.051029][ T5685] XFS (loop2): Ending clean mount [ 156.072817][ T4236] cp210x 4-1:0.0: device disconnected [ 156.079375][ T5685] XFS (loop2): Quotacheck needed: Please wait. [ 156.153811][ T5719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.390'. [ 156.307564][ T5685] XFS (loop2): Quotacheck: Done. [ 156.401339][ T5049] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1) [ 156.415162][ T5049] FAT-fs (loop5): Filesystem has been set read-only [ 156.737056][ T4191] XFS (loop2): Unmounting Filesystem [ 156.819125][ T5744] netlink: 48 bytes leftover after parsing attributes in process `syz.4.399'. [ 158.690698][ T5777] loop5: detected capacity change from 0 to 256 [ 158.931545][ T5773] loop3: detected capacity change from 0 to 8192 [ 159.042393][ T5777] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 159.181657][ T5781] loop2: detected capacity change from 0 to 2048 [ 159.273400][ T5781] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051 [ 159.362214][ T5764] loop4: detected capacity change from 0 to 40427 [ 159.369687][ T5781] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.418259][ T5764] F2FS-fs (loop4): build fault injection attr: rate: 5, type: 0x1ffff [ 159.523883][ T26] audit: type=1800 audit(1751812170.852:11): pid=5781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.398" name="file1" dev="loop2" ino=1346 res=0 errno=0 [ 159.663201][ T5786] rdma_op ffff88801f2549f0 conn xmit_rdma 0000000000000000 [ 159.742653][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1) [ 159.833870][ T4185] FAT-fs (loop3): Filesystem has been set read-only [ 159.850453][ T5790] xt_connbytes: Forcing CT accounting to be enabled [ 159.970698][ T5791] loop0: detected capacity change from 0 to 16 [ 160.038900][ T4343] udevd[4343]: incorrect erofs checksum on /dev/loop0 [ 160.065199][ T5791] erofs: (device loop0): erofs_superblock_csum_verify: invalid checksum 0x04a6c240, 0xc6d5fae7 expected [ 160.331219][ T5796] loop4: detected capacity change from 0 to 2048 [ 160.340523][ T5798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'. [ 160.371553][ T5796] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051 [ 160.445536][ T5796] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.517876][ T5784] loop5: detected capacity change from 0 to 32768 [ 161.153916][ T5285] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 161.236177][ T26] audit: type=1800 audit(1751812172.562:12): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.412" name="file1" dev="loop4" ino=1346 res=0 errno=0 [ 161.344028][ T5817] loop2: detected capacity change from 0 to 1024 [ 161.381373][ T5817] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 161.405476][ T5817] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 161.442476][ T5817] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (22856!=20869) [ 161.477973][ T5817] EXT4-fs (loop2): filesystem has both journal inode and journal device! [ 161.579644][ T5285] usb 4-1: config 0 has an invalid descriptor of length 78, skipping remainder of the config [ 161.610434][ T5285] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 161.610481][ T5285] usb 4-1: New USB device found, idVendor=0009, idProduct=0006, bcdDevice= 0.00 [ 161.610506][ T5285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.630954][ T5285] usb 4-1: config 0 descriptor?? [ 161.658408][ T5822] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 161.712420][ T5285] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 161.917586][ T5826] rdma_op ffff88807c99d9f0 conn xmit_rdma 0000000000000000 [ 162.233068][ T5830] loop0: detected capacity change from 0 to 2048 [ 162.250907][ T5823] loop5: detected capacity change from 0 to 4096 [ 162.289444][ T5830] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 162.334281][ T5823] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 162.347937][ T5830] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.403752][ T1107] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 162.416295][ T5823] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 162.441622][ T5823] ntfs3: loop5: mft corrupted [ 162.446576][ T5823] ntfs3: loop5: Failed to load $Extend. [ 162.601907][ T26] audit: type=1800 audit(1751812173.922:13): pid=5830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.421" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 162.783993][ T1107] usb 3-1: config 0 has an invalid interface number: 112 but max is 0 [ 162.823440][ T1107] usb 3-1: config 0 has no interface number 0 [ 162.829833][ T26] audit: type=1804 audit(1751812174.142:14): pid=5823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.417" name="/newroot/34/file1/bus" dev="loop5" ino=33 res=1 errno=0 [ 162.850548][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.878113][ T1107] usb 3-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6 [ 162.922058][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.097877][ T1107] usb 3-1: config 0 descriptor?? [ 163.136283][ T1107] usb-storage 3-1:0.112: USB Mass Storage device detected [ 163.140852][ T5832] loop4: detected capacity change from 0 to 40427 [ 163.168926][ T5832] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 163.176779][ T5832] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 163.437219][ T5828] udc-core: couldn't find an available UDC or it's busy [ 163.473422][ T5828] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 163.846177][ T1107] usb 3-1: USB disconnect, device number 5 [ 163.982608][ T5846] loop0: detected capacity change from 0 to 512 [ 163.991723][ T4236] usb 4-1: USB disconnect, device number 6 [ 164.147046][ T5846] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: writeback. [ 164.222903][ T5846] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.611652][ T5870] rdma_op ffff88807ec589f0 conn xmit_rdma 0000000000000000 [ 165.193710][ T5286] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 165.397199][ T5882] loop5: detected capacity change from 0 to 512 [ 165.862572][ T5882] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 166.123781][ T5882] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.213261][ T5286] usb 1-1: Using ep0 maxpacket: 16 [ 166.316151][ T5892] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma? [ 166.405386][ T5286] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 166.413651][ T5286] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.427853][ T5286] usb 1-1: config 0 has no interface number 0 [ 166.571456][ T5900] rdma_op ffff88805e6009f0 conn xmit_rdma 0000000000000000 [ 166.766247][ T5887] loop3: detected capacity change from 0 to 40427 [ 166.800881][ T5887] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 166.827949][ T5887] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 166.893059][ T5887] F2FS-fs (loop3): invalid crc value [ 166.987276][ T5887] F2FS-fs (loop3): Found nat_bits in checkpoint [ 167.016209][ T5286] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 167.025756][ T5286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.034379][ T5286] usb 1-1: Product: syz [ 167.041857][ T5286] usb 1-1: config 0 descriptor?? [ 167.043708][ T4303] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 167.063853][ T5286] usb 1-1: can't set config #0, error -71 [ 167.230270][ T5286] usb 1-1: USB disconnect, device number 8 [ 167.305968][ T5887] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 167.315425][ T5913] FAULT_INJECTION: forcing a failure. [ 167.315425][ T5913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.325104][ T5887] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 167.341580][ T5913] CPU: 0 PID: 5913 Comm: syz.4.447 Not tainted 5.15.186-syzkaller #0 [ 167.349998][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.362353][ T5913] Call Trace: [ 167.365746][ T5913] [ 167.368696][ T5913] dump_stack_lvl+0x168/0x230 [ 167.374985][ T5913] ? show_regs_print_info+0x20/0x20 [ 167.380208][ T5913] ? load_image+0x3b0/0x3b0 [ 167.384845][ T5913] ? __lock_acquire+0x7c60/0x7c60 [ 167.389902][ T5913] should_fail+0x38c/0x4c0 [ 167.394349][ T5913] _copy_to_user+0x2e/0x130 [ 167.399043][ T5913] simple_read_from_buffer+0xe3/0x150 [ 167.404703][ T5913] proc_fail_nth_read+0x19a/0x210 [ 167.409945][ T5913] ? proc_fault_inject_write+0x2f0/0x2f0 [ 167.415605][ T5913] ? fsnotify_perm+0x254/0x560 [ 167.420387][ T5913] ? proc_fault_inject_write+0x2f0/0x2f0 [ 167.426039][ T5913] vfs_read+0x2f6/0xcf0 [ 167.430216][ T5913] ? kernel_read+0x1e0/0x1e0 [ 167.434839][ T5913] ? __fget_files+0x40f/0x480 [ 167.439554][ T5913] ? mutex_lock_nested+0x17/0x20 [ 167.444609][ T5913] ? __fdget_pos+0x2bf/0x370 [ 167.449298][ T5913] ? ksys_read+0x71/0x250 [ 167.453644][ T5913] ksys_read+0x14d/0x250 [ 167.457905][ T5913] ? vfs_write+0xd00/0xd00 [ 167.462331][ T5913] ? lockdep_hardirqs_on+0x94/0x140 [ 167.467545][ T5913] do_syscall_64+0x4c/0xa0 [ 167.471970][ T5913] ? clear_bhb_loop+0x30/0x80 [ 167.476655][ T5913] ? clear_bhb_loop+0x30/0x80 [ 167.481347][ T5913] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 167.487247][ T5913] RIP: 0033:0x7f14d481833c [ 167.491674][ T5913] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.511377][ T5913] RSP: 002b:00007f14d2681030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.519813][ T5913] RAX: ffffffffffffffda RBX: 00007f14d4a40fa0 RCX: 00007f14d481833c [ 167.527882][ T5913] RDX: 000000000000000f RSI: 00007f14d26810a0 RDI: 0000000000000005 [ 167.535874][ T5913] RBP: 00007f14d2681090 R08: 0000000000000000 R09: 0000000000000000 [ 167.543860][ T5913] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 167.552124][ T5913] R13: 0000000000000000 R14: 00007f14d4a40fa0 R15: 00007ffd19906678 [ 167.560300][ T5913] [ 167.575502][ T145] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 167.583817][ T4303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.589106][ T145] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 167.640759][ T4303] usb 6-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 167.667291][ T5917] loop4: detected capacity change from 0 to 1024 [ 167.683922][ T4303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.724428][ T4303] usb 6-1: config 0 descriptor?? [ 167.770637][ T5917] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 167.810824][ T5917] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.849944][ T5917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.449'. [ 168.463872][ T4303] usbhid 6-1:0.0: can't add hid device: -71 [ 169.170602][ T4303] usbhid: probe of 6-1:0.0 failed with error -71 [ 169.194806][ T4303] usb 6-1: USB disconnect, device number 4 [ 169.410032][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 169.469082][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.543807][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.675087][ T5927] loop3: detected capacity change from 0 to 40427 [ 169.763674][ T1107] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 169.871299][ T5927] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 169.900280][ T5927] F2FS-fs (loop3): invalid crc value [ 170.000575][ T5927] F2FS-fs (loop3): Found nat_bits in checkpoint [ 170.061989][ T5927] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 170.131175][ T5927] F2FS-fs (loop3) : inject dquot initialize in f2fs_dquot_initialize of f2fs_unlink+0x204/0xba0 [ 170.173904][ T5927] overlayfs: cleanup of 'work/#3' failed (-3) [ 170.190370][ T5927] overlayfs: failed to resolve './file0': -2 [ 170.233828][ T1107] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 170.249761][ T1107] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 170.253602][ T5284] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 170.271357][ T4185] attempt to access beyond end of device [ 170.271357][ T4185] loop3: rw=2049, want=45112, limit=40427 [ 170.361454][ T5958] loop0: detected capacity change from 0 to 16 [ 170.386551][ T5958] erofs: (device loop0): mounted with root inode @ nid 36. [ 170.423893][ T1107] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 170.436505][ T1107] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.445395][ T1107] usb 5-1: Product: syz [ 170.449764][ T1107] usb 5-1: Manufacturer: syz [ 170.463782][ T1107] usb 5-1: SerialNumber: syz [ 170.476961][ T1107] usb 5-1: config 0 descriptor?? [ 170.869136][ T5284] usb 6-1: unable to get BOS descriptor or descriptor too short [ 171.395576][ T1107] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 171.434937][ T1107] usb 5-1: USB disconnect, device number 7 [ 171.480850][ T5284] usb 6-1: config 7 has an invalid interface number: 181 but max is 0 [ 171.498102][ T5284] usb 6-1: config 7 has no interface number 0 [ 171.513388][ T5966] loop2: detected capacity change from 0 to 1024 [ 171.520038][ T5284] usb 6-1: config 7 interface 181 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 32 [ 171.534317][ T5284] usb 6-1: config 7 interface 181 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 171.548256][ T5284] usb 6-1: config 7 interface 181 has no altsetting 0 [ 171.565291][ T4343] udevd[4343]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 171.650357][ T5972] loop0: detected capacity change from 0 to 64 [ 171.726124][ T5284] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=2a.3d [ 171.749156][ T5284] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.782429][ T5978] loop4: detected capacity change from 0 to 1024 [ 171.791684][ T5284] usb 6-1: Product: syz [ 171.797010][ T5284] usb 6-1: Manufacturer: syz [ 171.801812][ T5284] usb 6-1: SerialNumber: syz [ 171.888518][ T5950] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 171.967423][ T5978] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 171.983109][ T5978] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.999514][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.4.470'. [ 172.096729][ T5963] loop3: detected capacity change from 0 to 32768 [ 172.140909][ T5949] loop5: detected capacity change from 0 to 256 [ 172.230327][ T5963] XFS (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 172.247461][ T5963] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 172.375873][ T5949] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 172.411950][ T5963] XFS (loop3): Mounting V5 Filesystem [ 172.467884][ T5949] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 172.681746][ T6001] binder: BINDER_SET_CONTEXT_MGR already set [ 172.688207][ T6001] binder: 5998:6001 ioctl 4018620d 200000000040 returned -16 [ 174.394221][ T5284] port100 6-1:7.181: NFC: Could not find bulk-in or bulk-out endpoint [ 174.439655][ T5284] usb 6-1: USB disconnect, device number 5 [ 174.453796][ T4236] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 174.533891][ T5963] XFS (loop3): Ending clean mount [ 174.604896][ T6003] loop0: detected capacity change from 0 to 2048 [ 174.615428][ T5963] XFS (loop3): Quotacheck needed: Please wait. [ 174.674857][ T6003] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 174.697429][ T5963] XFS (loop3): Quotacheck: Done. [ 174.713995][ T4236] usb 5-1: Using ep0 maxpacket: 8 [ 174.737517][ T6003] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.756566][ T6005] loop5: detected capacity change from 0 to 2048 [ 174.768980][ T4185] XFS (loop3): Unmounting Filesystem [ 174.838722][ T4236] usb 5-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 174.859506][ T4236] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.873692][ T4236] usb 5-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 174.889151][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.942990][ T4236] usb 5-1: config 0 descriptor?? [ 175.278238][ T6000] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 175.381023][ T26] audit: type=1800 audit(1751812186.702:15): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.475" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 175.496769][ T6011] loop2: detected capacity change from 0 to 2048 [ 175.510395][ T4236] uclogic 0003:5543:0042.0001: unbalanced delimiter at end of report description [ 175.551039][ T4236] uclogic 0003:5543:0042.0001: parse failed [ 175.572687][ T4236] uclogic: probe of 0003:5543:0042.0001 failed with error -22 [ 175.582875][ T6011] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051 [ 175.617659][ T6011] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.695316][ T6017] FAULT_INJECTION: forcing a failure. [ 175.695316][ T6017] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.733470][ T13] usb 5-1: USB disconnect, device number 8 [ 175.756142][ T6017] CPU: 1 PID: 6017 Comm: syz.0.479 Not tainted 5.15.186-syzkaller #0 [ 175.764243][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.774307][ T6017] Call Trace: [ 175.777682][ T6017] [ 175.780620][ T6017] dump_stack_lvl+0x168/0x230 [ 175.785431][ T6017] ? show_regs_print_info+0x20/0x20 [ 175.790648][ T6017] ? load_image+0x3b0/0x3b0 [ 175.795174][ T6017] ? __lock_acquire+0x7c60/0x7c60 [ 175.800217][ T6017] should_fail+0x38c/0x4c0 [ 175.804654][ T6017] _copy_to_user+0x2e/0x130 [ 175.809172][ T6017] simple_read_from_buffer+0xe3/0x150 [ 175.814647][ T6017] proc_fail_nth_read+0x19a/0x210 [ 175.819781][ T6017] ? proc_fault_inject_write+0x2f0/0x2f0 [ 175.825554][ T6017] ? fsnotify_perm+0x254/0x560 [ 175.830487][ T6017] ? proc_fault_inject_write+0x2f0/0x2f0 [ 175.836252][ T6017] vfs_read+0x2f6/0xcf0 [ 175.840435][ T6017] ? kernel_read+0x1e0/0x1e0 [ 175.845237][ T6017] ? __fget_files+0x40f/0x480 [ 175.849976][ T6017] ? mutex_lock_nested+0x17/0x20 [ 175.855106][ T6017] ? __fdget_pos+0x2bf/0x370 [ 175.859710][ T6017] ? ksys_read+0x71/0x250 [ 175.863926][ T5284] Bluetooth: hci1: command 0x0406 tx timeout [ 175.864046][ T6017] ksys_read+0x14d/0x250 [ 175.874241][ T6017] ? vfs_write+0xd00/0xd00 [ 175.878763][ T6017] ? lockdep_hardirqs_on+0x94/0x140 [ 175.883977][ T6017] do_syscall_64+0x4c/0xa0 [ 175.888405][ T6017] ? clear_bhb_loop+0x30/0x80 [ 175.888690][ T6009] loop5: detected capacity change from 0 to 32768 [ 175.893086][ T6017] ? clear_bhb_loop+0x30/0x80 [ 175.893108][ T6017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 175.893127][ T6017] RIP: 0033:0x7ffa3433733c [ 175.914670][ T6017] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 175.922975][ T26] audit: type=1800 audit(1751812187.242:16): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.478" name="file1" dev="loop2" ino=1346 res=0 errno=0 [ 175.934272][ T6017] RSP: 002b:00007ffa3217f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 175.934295][ T6017] RAX: ffffffffffffffda RBX: 00007ffa34560080 RCX: 00007ffa3433733c [ 175.934307][ T6017] RDX: 000000000000000f RSI: 00007ffa3217f0a0 RDI: 0000000000000009 [ 175.934317][ T6017] RBP: 00007ffa3217f090 R08: 0000000000000000 R09: 0000000000000000 [ 175.934327][ T6017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.934337][ T6017] R13: 0000000000000000 R14: 00007ffa34560080 R15: 00007ffe2d81fd08 [ 175.976627][ T6009] XFS: ikeep mount option is deprecated. [ 175.978964][ T6017] [ 175.979042][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.017899][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.024721][ T4236] Bluetooth: hci0: command 0x0406 tx timeout [ 176.030885][ T4236] Bluetooth: hci4: command 0x0406 tx timeout [ 176.042060][ T4236] Bluetooth: hci3: command 0x0406 tx timeout [ 176.147329][ T6009] XFS (loop5): Mounting V5 Filesystem [ 176.243955][ T6030] loop2: detected capacity change from 0 to 1024 [ 176.259769][ T6009] XFS (loop5): Ending clean mount [ 176.269842][ T6009] XFS (loop5): Quotacheck needed: Please wait. [ 176.357338][ T6032] loop0: detected capacity change from 0 to 4096 [ 176.364474][ T6009] XFS (loop5): Quotacheck: Done. [ 176.481519][ T6036] device bridge_slave_1 left promiscuous mode [ 176.488508][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.517453][ T6035] loop2: detected capacity change from 0 to 1024 [ 176.517618][ T6036] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 176.542613][ T6009] netlink: 20 bytes leftover after parsing attributes in process `syz.5.477'. [ 176.565265][ T6032] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 176.612527][ T6032] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 176.629404][ T6032] ntfs3: loop0: Failed to load $LogFile. [ 176.681704][ T6046] "syz.4.487" (6046) uses obsolete ecb(arc4) skcipher [ 176.711004][ T6035] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none. [ 176.769603][ T6035] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.859102][ T6035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.482'. [ 176.939543][ T5049] XFS (loop5): Unmounting Filesystem [ 176.990912][ T6055] loop0: detected capacity change from 0 to 2048 [ 177.015814][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.045275][ T6055] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 177.148573][ T6055] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.303816][ T26] audit: type=1800 audit(1751812188.632:17): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.490" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 177.713919][ T147] Bluetooth: hci3: Unknown advertising packet type: 0x4b00 [ 179.131184][ T6077] nbd: must specify a device to reconfigure [ 179.217924][ T6077] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 179.470692][ T6092] "syz.5.499" (6092) uses obsolete ecb(arc4) skcipher [ 179.739563][ T6098] trusted_key: encrypted_key: insufficient parameters specified [ 180.070546][ C0] hrtimer: interrupt took 60515 ns [ 180.688113][ T6108] netlink: 'syz.3.503': attribute type 16 has an invalid length. [ 180.696142][ T6108] netlink: 'syz.3.503': attribute type 17 has an invalid length. [ 180.707374][ T6108] infiniband syz2: set active [ 180.712466][ T6108] infiniband syz2: set active [ 180.730693][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 180.740928][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 180.777577][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 180.788284][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 181.400636][ T6106] loop2: detected capacity change from 0 to 40427 [ 181.408492][ T4244] sit0 speed is unknown, defaulting to 1000 [ 181.424277][ T4244] sit0 speed is unknown, defaulting to 1000 [ 181.599753][ T6108] kAFS: unable to lookup cell '' [ 181.731627][ T6106] F2FS-fs (loop2): Found nat_bits in checkpoint [ 181.823478][ T6106] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 181.879666][ T6117] loop3: detected capacity change from 0 to 4096 [ 182.245653][ T4609] attempt to access beyond end of device [ 182.245653][ T4609] loop2: rw=1048577, want=79880, limit=40427 [ 182.333715][ T5284] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 182.348276][ T4609] attempt to access beyond end of device [ 182.348276][ T4609] loop2: rw=1048577, want=81920, limit=40427 [ 182.442692][ T4609] attempt to access beyond end of device [ 182.442692][ T4609] loop2: rw=1048577, want=52744, limit=40427 [ 182.492949][ T4609] attempt to access beyond end of device [ 182.492949][ T4609] loop2: rw=1048577, want=53248, limit=40427 [ 182.559099][ T4609] attempt to access beyond end of device [ 182.559099][ T4609] loop2: rw=1048577, want=57528, limit=40427 [ 182.581157][ T5284] usb 3-1: Using ep0 maxpacket: 8 [ 182.587331][ T6112] loop4: detected capacity change from 0 to 40427 [ 182.715449][ T6132] loop5: detected capacity change from 0 to 4096 [ 182.783365][ T6112] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 182.818921][ T6112] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 182.921705][ T6112] F2FS-fs (loop4): invalid crc value [ 182.958145][ T6132] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 182.975044][ T6132] ntfs3: loop5: Failed to load $Extend. [ 182.980778][ T6131] loop3: detected capacity change from 0 to 8192 [ 183.000981][ T6112] F2FS-fs (loop4): Found nat_bits in checkpoint [ 183.046976][ T5284] usb 3-1: too many endpoints for config 0 interface 0 altsetting 3: 64, using maximum allowed: 30 [ 183.079976][ T5284] usb 3-1: config 0 interface 0 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 64 [ 183.133581][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0 [ 183.185793][ T6137] netlink: 7986 bytes leftover after parsing attributes in process `syz.0.511'. [ 183.202639][ T6112] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 183.214296][ T6112] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 183.243493][ T6137] netlink: 6 bytes leftover after parsing attributes in process `syz.0.511'. [ 183.298300][ T6137] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 183.371698][ T5284] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=1b.62 [ 183.401883][ T5284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.415498][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1) [ 183.428421][ T5284] usb 3-1: Product: syz [ 183.432621][ T5284] usb 3-1: Manufacturer: syz [ 183.438174][ T5284] usb 3-1: SerialNumber: syz [ 183.444762][ T5284] usb 3-1: config 0 descriptor?? [ 183.455479][ T4185] FAT-fs (loop3): Filesystem has been set read-only [ 183.462155][ T26] audit: type=1804 audit(1751812194.782:18): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.506" name="/newroot/108/bus/bus" dev="loop4" ino=455 res=1 errno=0 [ 183.483072][ C1] vkms_vblank_simulate: vblank timer overrun [ 183.609936][ T4191] attempt to access beyond end of device [ 183.609936][ T4191] loop2: rw=2049, want=45104, limit=40427 [ 183.629403][ T6145] loop5: detected capacity change from 0 to 1024 [ 183.773724][ T5284] comedi comedi5: could not set alternate setting 3 in high speed [ 183.788030][ T5284] usbdux 3-1:0.0: driver 'usbdux' failed to auto-configure device. [ 183.818430][ T5284] usbdux: probe of 3-1:0.0 failed with error -71 [ 183.836259][ T5284] usb 3-1: USB disconnect, device number 6 [ 184.738117][ T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 184.749050][ T6152] loop5: detected capacity change from 0 to 4096 [ 184.794815][ T6158] nbd: must specify a device to reconfigure [ 184.796926][ T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 184.813362][ T6158] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 184.932980][ T6152] ntfs: volume version 3.1. [ 185.092730][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.515'. [ 185.303425][ T6169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.515'. [ 185.388252][ T6171] loop5: detected capacity change from 0 to 2048 [ 185.405541][ T6171] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051 [ 185.468741][ T6171] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.678337][ T6178] loop3: detected capacity change from 0 to 4096 [ 185.768684][ T6178] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 185.786959][ T6178] ntfs3: loop3: Failed to load $Extend. [ 186.154644][ T6191] netlink: 'syz.2.527': attribute type 10 has an invalid length. [ 186.181567][ T6191] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.199178][ T6191] bond0: (slave team0): Enslaving as an active interface with an up link [ 186.247579][ T26] audit: type=1800 audit(1751812197.572:19): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.521" name="file1" dev="loop5" ino=1346 res=0 errno=0 [ 186.267156][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.410813][ T6196] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 186.587055][ T6200] netlink: 52 bytes leftover after parsing attributes in process `syz.3.530'. [ 186.643776][ T5284] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 186.763926][ T6196] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 186.775382][ T6206] loop5: detected capacity change from 0 to 1024 [ 187.914330][ T5284] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 187.935346][ T147] Bluetooth: hci0: Unknown advertising packet type: 0x4b00 [ 187.936611][ T5284] usb 3-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 187.957928][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0 [ 187.965066][ T5284] usb 3-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 187.971976][ T6212] Invalid ELF header magic: != ELF [ 187.974539][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.991215][ T5284] usb 3-1: config 0 descriptor?? [ 188.023914][ T6191] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 188.248066][ T6223] netlink: 12 bytes leftover after parsing attributes in process `syz.5.538'. [ 188.964626][ T6191] udc-core: couldn't find an available UDC or it's busy [ 188.985571][ T6191] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 189.155031][ T5284] usbhid 3-1:0.0: can't add hid device: -71 [ 189.168192][ T5284] usbhid: probe of 3-1:0.0 failed with error -71 [ 189.242851][ T5284] usb 3-1: USB disconnect, device number 7 [ 189.293968][ T6220] loop3: detected capacity change from 0 to 32768 [ 189.337965][ T6220] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.537 (6220) [ 189.377361][ T6220] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 189.378115][ T6230] loop5: detected capacity change from 0 to 2048 [ 189.405202][ T6230] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051 [ 189.416330][ T6220] BTRFS info (device loop3): using free space tree [ 189.422860][ T6220] BTRFS info (device loop3): has skinny extents [ 189.433375][ T6230] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.648408][ T6220] BTRFS info (device loop3): enabling ssd optimizations [ 189.675009][ T5284] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 189.693332][ T145] BTRFS warning (device loop3): checksum verify failed on 5308416 wanted 0x77808b7ecca445f549ae3d233ea0eb27adb628f92d0be59092c566b0ee5e6744 found 0x302a3b924add460fed240ae73b9d10843c477edf9ba9d53510d70674944a70a8 level 0 [ 189.715509][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.946282][ T6261] loop0: detected capacity change from 0 to 4096 [ 190.015079][ T5284] usb 3-1: Using ep0 maxpacket: 32 [ 190.163774][ T5284] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 190.189173][ T5284] usb 3-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 190.195819][ T6269] loop4: detected capacity change from 0 to 7 [ 190.235448][ T4343] Dev loop4: unable to read RDB block 7 [ 190.241992][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0 [ 190.243715][ T4343] loop4: unable to read partition table [ 190.248815][ T5284] usb 3-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 190.273052][ T4343] loop4: partition table beyond EOD, truncated [ 190.279965][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.4.547'. [ 190.325129][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.372833][ T5284] usb 3-1: config 0 descriptor?? [ 190.405485][ T5284] usb 3-1: can't set config #0, error -71 [ 190.408223][ T5284] usb 3-1: USB disconnect, device number 8 [ 190.708336][ T6269] Dev loop4: unable to read RDB block 7 [ 190.718653][ T6269] loop4: unable to read partition table [ 190.733855][ T6269] loop4: partition table beyond EOD, truncated [ 190.737003][ T6267] loop0: detected capacity change from 0 to 32768 [ 190.745090][ T26] audit: type=1800 audit(1751812203.077:20): pid=6230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.540" name="file1" dev="loop5" ino=1346 res=0 errno=0 [ 190.785558][ T6269] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 190.789965][ T6267] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.548 (6267) [ 190.965495][ T6267] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 191.004509][ T6267] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 191.031301][ T6267] BTRFS info (device loop0): use zstd compression, level 3 [ 191.069534][ T6267] BTRFS info (device loop0): using free space tree [ 191.089832][ T6267] BTRFS info (device loop0): has skinny extents [ 191.254860][ T5283] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 191.978446][ T6307] nbd: must specify a device to reconfigure [ 192.026303][ T6307] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 192.105998][ T6310] loop3: detected capacity change from 0 to 8192 [ 192.125111][ T6267] BTRFS info (device loop0): enabling ssd optimizations [ 192.162630][ T6319] xt_l2tp: v2 sid > 0xffff: 262144 [ 192.203871][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.205780][ T26] audit: type=1800 audit(1751812204.537:21): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.556" name="bus" dev="loop3" ino=1048660 res=0 errno=0 [ 192.257879][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 192.313643][ T5283] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 192.390789][ T5283] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 192.406742][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.441997][ T5283] usb 3-1: config 0 descriptor?? [ 192.443830][ T4303] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 192.484026][ T6323] loop5: detected capacity change from 0 to 16 [ 192.560926][ T6326] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 192.584388][ T6323] cramfs: Unknown parameter 'ÿÿÿÿ' [ 192.824677][ T4303] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.837644][ T4303] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 192.861592][ T4303] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 193.044736][ T4303] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 193.065456][ T4303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.101831][ T4303] usb 5-1: Product: syz [ 193.121210][ T4303] usb 5-1: Manufacturer: syz [ 193.138491][ T5283] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 193.145779][ T4303] usb 5-1: SerialNumber: syz [ 193.177667][ T4303] usb 5-1: config 0 descriptor?? [ 193.189264][ T5283] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 193.255389][ T4303] usb 5-1: Found UVC 34.00 device syz (8086:0b5b) [ 193.269333][ T4303] usb 5-1: No valid video chain found. [ 193.515531][ T6340] udc-core: couldn't find an available UDC or it's busy [ 193.550709][ T6340] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 193.629505][ T6274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'. [ 193.656937][ T1107] usb 3-1: USB disconnect, device number 9 [ 193.713970][ T6342] loop5: detected capacity change from 0 to 512 [ 193.776328][ T6342] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 193.807642][ T6342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02c, mo2=0002] [ 193.818991][ T6342] System zones: 1-12 [ 193.825077][ T6342] EXT4-fs (loop5): orphan cleanup on readonly fs [ 193.831640][ T6342] EXT4-fs error (device loop5): ext4_read_inode_bitmap:168: comm syz.5.566: Inode bitmap for bg 0 marked uninitialized [ 193.847065][ T6342] EXT4-fs (loop5): Remounting filesystem read-only [ 193.855304][ T6342] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 194.225635][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.236292][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.935540][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.571'. [ 195.082352][ T6358] loop3: detected capacity change from 0 to 8192 [ 196.160301][ T13] usb 5-1: USB disconnect, device number 9 [ 196.173628][ T26] audit: type=1800 audit(1751812208.447:22): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.569" name="bus" dev="loop3" ino=1048661 res=0 errno=0 [ 197.153777][ T6382] loop4: detected capacity change from 0 to 32768 [ 197.206932][ T6388] loop0: detected capacity change from 0 to 32768 [ 197.990936][ T6402] loop3: detected capacity change from 0 to 1024 [ 198.073212][ T6388] XFS (loop0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 198.086408][ T6388] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 198.113350][ T6388] XFS (loop0): Mounting V5 Filesystem [ 198.154296][ T6414] netlink: 6 bytes leftover after parsing attributes in process `syz.5.585'. [ 198.163242][ T6414] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 198.410463][ T6388] XFS (loop0): Ending clean mount [ 198.422523][ T6388] XFS (loop0): Quotacheck needed: Please wait. [ 198.506192][ T4279] hfsplus: found bad thread record in catalog [ 198.526136][ T6388] XFS (loop0): Quotacheck: Done. [ 198.547602][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.580'. [ 198.552887][ T6423] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 198.570195][ T6423] 9pnet: Insufficient options for proto=fd [ 198.682642][ T4181] XFS (loop0): Unmounting Filesystem [ 199.458828][ T6435] nbd: must specify a device to reconfigure [ 199.524347][ T6439] tipc: Started in network mode [ 199.539190][ T4303] hid-generic 0005:0C45:1012.0003: item fetching failed at offset 0/1 [ 199.618473][ T6439] tipc: Node identity 5, cluster identity 4 [ 199.642974][ T4303] hid-generic: probe of 0005:0C45:1012.0003 failed with error -22 [ 199.658321][ T6439] tipc: Node number set to 5 [ 199.726344][ T6435] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 199.967329][ T6457] device bond0 entered promiscuous mode [ 199.983473][ T6457] device bond_slave_0 entered promiscuous mode [ 199.994055][ T6457] device bond_slave_1 entered promiscuous mode [ 200.013485][ T6457] device bond0 left promiscuous mode [ 200.022250][ T6457] device bond_slave_0 left promiscuous mode [ 200.036915][ T6457] device bond_slave_1 left promiscuous mode [ 200.326864][ T6473] tipc: Started in network mode [ 200.348329][ T6473] tipc: Node identity daa3b3d480e8, cluster identity 4711 [ 200.384843][ T6473] tipc: Enabled bearer , priority 0 [ 200.486601][ T6479] device syzkaller0 entered promiscuous mode [ 200.520932][ T6472] tipc: Resetting bearer [ 200.620342][ T6472] tipc: Disabling bearer [ 200.668953][ T6489] netlink: 152 bytes leftover after parsing attributes in process `syz.0.590'. [ 200.743030][ T6499] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 200.890541][ T6504] xfrm0 speed is unknown, defaulting to 1000 [ 201.266162][ T6504] sit0 speed is unknown, defaulting to 1000 [ 201.870930][ T6566] netlink: 232 bytes leftover after parsing attributes in process `syz.5.632'. [ 201.912475][ T6569] netlink: 'syz.3.634': attribute type 10 has an invalid length. [ 201.946622][ T6569] netlink: 32 bytes leftover after parsing attributes in process `syz.3.634'. [ 202.009768][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.635'. [ 202.606988][ T147] Bluetooth: hci2: link tx timeout [ 202.612604][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 202.822565][ T147] Bluetooth: hci2: link tx timeout [ 202.827879][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 202.876202][ T147] Bluetooth: hci2: link tx timeout [ 202.881432][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 203.023122][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.206402][ T147] Bluetooth: hci2: link tx timeout [ 203.211622][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 203.231147][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.283119][ T6634] netlink: 20 bytes leftover after parsing attributes in process `syz.0.656'. [ 203.334506][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.390756][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.436110][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.463275][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.484131][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.497046][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.523169][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.547952][ T6631] batman_adv: batadv0: Adding interface: ipvlan2 [ 203.562650][ T6631] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.642532][ T6631] batman_adv: batadv0: Interface activated: ipvlan2 [ 203.680287][ T6653] netlink: 44 bytes leftover after parsing attributes in process `syz.0.658'. [ 203.750184][ T147] Bluetooth: hci2: link tx timeout [ 203.755386][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 204.078442][ T147] Bluetooth: hci2: link tx timeout [ 204.083724][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 204.093209][ T6680] device syzkaller0 entered promiscuous mode [ 204.123845][ T6686] tipc: Enabled bearer , priority 0 [ 204.161926][ T6683] device syzkaller0 entered promiscuous mode [ 204.172563][ T6678] tipc: Resetting bearer [ 204.209192][ T6678] tipc: Disabling bearer [ 204.232875][ T147] Bluetooth: hci2: link tx timeout [ 204.238079][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 204.357943][ T147] Bluetooth: hci2: link tx timeout [ 204.363136][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 204.585925][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.673'. [ 204.703708][ T1107] Bluetooth: hci2: command 0x0406 tx timeout [ 204.753351][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.771196][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.790505][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.820069][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.830443][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.851838][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.871341][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.882912][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.903903][ T147] Bluetooth: hci2: link tx timeout [ 204.909149][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 204.918474][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.930562][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.941421][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.952136][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.962096][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.972964][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.983245][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2 [ 204.993284][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.004000][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.043699][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.678'. [ 205.063718][ T6711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'. [ 205.103503][ T6711] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.113647][ T6711] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.122601][ T6711] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.131610][ T6711] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.848066][ T6759] netlink: 20 bytes leftover after parsing attributes in process `syz.5.697'. [ 205.874409][ T6761] netlink: 72 bytes leftover after parsing attributes in process `syz.3.695'. [ 206.411680][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.711'. [ 206.423214][ T6796] team0: Mode changed to "broadcast" [ 206.808924][ T6817] device netdevsim0 entered promiscuous mode [ 206.915000][ T6828] tipc: Started in network mode [ 206.936584][ T6828] tipc: Node identity 080211000001, cluster identity 4711 [ 206.949707][ T6828] tipc: Enabled bearer , priority 0 [ 206.959676][ T6828] device syzkaller0 entered promiscuous mode [ 206.981779][ T6828] tipc: Resetting bearer [ 207.286071][ T9] tipc: Resetting bearer [ 207.387341][ T6850] xfrm0 speed is unknown, defaulting to 1000 [ 207.446552][ T6858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'. [ 207.680747][ T147] Bluetooth: hci2: link tx timeout [ 207.687848][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 207.713268][ T6874] netlink: 32 bytes leftover after parsing attributes in process `syz.4.748'. [ 207.755468][ T6850] sit0 speed is unknown, defaulting to 1000 [ 208.006958][ T13] tipc: Node number set to 134418688 [ 208.014405][ T6889] netdevsim netdevsim4: Firmware load for '..' refused, path contains '..' component [ 208.531224][ T6915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.764'. [ 208.725411][ T6922] device syzkaller0 entered promiscuous mode [ 208.748135][ T6922] tipc: Started in network mode [ 208.753302][ T6922] tipc: Node identity 2ea10154fd53, cluster identity 4711 [ 208.761800][ T6922] tipc: Enabled bearer , priority 0 [ 208.771650][ T6920] tipc: Resetting bearer [ 208.792814][ T6920] tipc: Disabling bearer [ 208.864429][ T6932] netlink: 4 bytes leftover after parsing attributes in process `syz.5.771'. [ 208.902892][ T147] Bluetooth: hci2: link tx timeout [ 208.911346][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 209.129078][ T147] Bluetooth: hci2: link tx timeout [ 209.134892][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 209.198557][ T6947] xfrm0 speed is unknown, defaulting to 1000 [ 209.864338][ T6954] xfrm0 speed is unknown, defaulting to 1000 [ 209.912302][ T6947] sit0 speed is unknown, defaulting to 1000 [ 210.335152][ T6954] sit0 speed is unknown, defaulting to 1000 [ 210.738675][ T147] Bluetooth: hci2: link tx timeout [ 210.744045][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 211.791105][ T147] Bluetooth: hci2: link tx timeout [ 211.796392][ T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 212.117447][ T7019] page:ffffea000155acc0 refcount:4 mapcount:1 mapping:ffff88801b760350 index:0x0 pfn:0x556b3 [ 212.128931][ T7019] memcg:ffff88807b13c000 [ 212.133965][ T7019] aops:shmem_aops ino:4a0 [ 212.138321][ T7019] flags: 0xfff00000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 212.148251][ T7019] raw: 00fff00000080015 ffffea00015f7e08 ffffea000173c708 ffff88801b760350 [ 212.156848][ T7019] raw: 0000000000000000 0000000000000000 0000000400000000 ffff88807b13c000 [ 212.165418][ T7019] page dumped because: VM_BUG_ON_PAGE(page_mapped(page)) [ 212.172420][ T7019] page_owner tracks the page as allocated [ 212.178816][ T7019] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 7020, ts 212107677242, free_ts 211993373604 [ 212.194259][ T7019] get_page_from_freelist+0x1b77/0x1c60 [ 212.199989][ T7019] __alloc_pages+0x1e1/0x470 [ 212.204953][ T7019] alloc_pages_vma+0x393/0x7c0 [ 212.209704][ T7019] shmem_alloc_and_acct_page+0x427/0xb70 [ 212.215339][ T7019] shmem_getpage_gfp+0x14f4/0x2d40 [ 212.220464][ T7019] shmem_read_mapping_page_gfp+0x96/0x100 [ 212.226188][ T7019] udmabuf_create+0x878/0x1540 [ 212.230941][ T7019] udmabuf_ioctl+0x1d1/0x2c0 [ 212.235607][ T7019] __se_sys_ioctl+0xfa/0x170 [ 212.240189][ T7019] do_syscall_64+0x4c/0xa0 [ 212.245064][ T7019] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 212.250949][ T7019] page last free stack trace: [ 212.255607][ T7019] free_unref_page_prepare+0x637/0x6c0 [ 212.261240][ T7019] free_unref_page_list+0x122/0x7e0 [ 212.266520][ T7019] release_pages+0x184b/0x1bb0 [ 212.271268][ T7019] tlb_finish_mmu+0x164/0x2e0 [ 212.275925][ T7019] exit_mmap+0x3a6/0x5f0 [ 212.280157][ T7019] __mmput+0x115/0x3b0 [ 212.284298][ T7019] exit_mm+0x567/0x6c0 [ 212.288394][ T7019] do_exit+0x5a1/0x20a0 [ 212.292567][ T7019] do_group_exit+0x12e/0x300 [ 212.297180][ T7019] get_signal+0x6ca/0x12c0 [ 212.301781][ T7019] arch_do_signal_or_restart+0xc1/0x1300 [ 212.307670][ T7019] exit_to_user_mode_loop+0x9e/0x130 [ 212.313140][ T7019] exit_to_user_mode_prepare+0xb1/0x140 [ 212.318863][ T7019] syscall_exit_to_user_mode+0x16/0x40 [ 212.324320][ T7019] do_syscall_64+0x58/0xa0 [ 212.328819][ T7019] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 212.334786][ T7019] ------------[ cut here ]------------ [ 212.340241][ T7019] kernel BUG at mm/filemap.c:166! [ 212.345271][ T7019] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 212.351577][ T7019] CPU: 1 PID: 7019 Comm: syz.0.806 Not tainted 5.15.186-syzkaller #0 [ 212.359663][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.369796][ T7019] RIP: 0010:unaccount_page_cache_page+0x75c/0x870 [ 212.376295][ T7019] Code: e8 29 5b da ff 4c 89 f7 48 c7 c6 40 fd 12 8a e8 aa db 0d 00 0f 0b e8 13 5b da ff 4c 89 f7 48 c7 c6 80 fd 12 8a e8 94 db 0d 00 <0f> 0b 48 85 ed 75 59 e8 f8 5a da ff eb 5d e8 f1 5a da ff 4c 89 f7 [ 212.395978][ T7019] RSP: 0018:ffffc9000350f688 EFLAGS: 00010046 [ 212.402037][ T7019] RAX: bc9e526baf044300 RBX: 0000000000000000 RCX: ffff88807cad3b80 [ 212.409998][ T7019] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff [ 212.418832][ T7019] RBP: 1ffffd40002ab599 R08: dffffc0000000000 R09: ffffed1017224f24 [ 212.426977][ T7019] R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffea000155acc0 [ 212.435036][ T7019] R13: dffffc0000000000 R14: ffffea000155acc0 R15: ffffea000155acc8 [ 212.443153][ T7019] FS: 000055558ade5500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 212.452082][ T7019] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 212.458675][ T7019] CR2: 00002000000000c8 CR3: 000000004f727000 CR4: 00000000003506e0 [ 212.466642][ T7019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 212.474614][ T7019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 212.482672][ T7019] Call Trace: [ 212.485938][ T7019] [ 212.488858][ T7019] __delete_from_page_cache+0xbf/0x6b0 [ 212.494311][ T7019] ? _raw_spin_lock_irq+0x7a/0xe0 [ 212.499332][ T7019] ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30 [ 212.506342][ T7019] ? _raw_spin_lock_irq+0xab/0xe0 [ 212.511438][ T7019] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 212.516798][ T7019] ? unmap_mapping_page+0x26b/0x320 [ 212.521978][ T7019] ? page_mapping+0x30e/0x440 [ 212.526638][ T7019] delete_from_page_cache+0x121/0x190 [ 212.532015][ T7019] truncate_inode_page+0x8d/0xb0 [ 212.536941][ T7019] shmem_undo_range+0x49b/0x1840 [ 212.541869][ T7019] ? __lock_acquire+0x13ad/0x7c60 [ 212.546885][ T7019] ? shmem_truncate_range+0xa0/0xa0 [ 212.552108][ T7019] ? do_raw_spin_lock+0x11d/0x280 [ 212.557123][ T7019] ? __rwlock_init+0x140/0x140 [ 212.561890][ T7019] shmem_evict_inode+0x20d/0xa00 [ 212.566902][ T7019] ? _raw_spin_unlock+0x24/0x40 [ 212.571925][ T7019] ? inode_wait_for_writeback+0x1b0/0x200 [ 212.577634][ T7019] ? shmem_free_in_core_inode+0xb0/0xb0 [ 212.583193][ T7019] ? do_raw_spin_lock+0x11d/0x280 [ 212.588728][ T7019] ? bit_waitqueue+0x30/0x30 [ 212.593439][ T7019] ? do_raw_spin_unlock+0x11d/0x230 [ 212.598633][ T7019] ? shmem_free_in_core_inode+0xb0/0xb0 [ 212.604178][ T7019] evict+0x485/0x870 [ 212.608071][ T7019] ? proc_nr_inodes+0x320/0x320 [ 212.612921][ T7019] ? do_raw_spin_unlock+0x11d/0x230 [ 212.618102][ T7019] ? _raw_spin_unlock+0x24/0x40 [ 212.623114][ T7019] __dentry_kill+0x431/0x650 [ 212.627709][ T7019] dentry_kill+0xb8/0x290 [ 212.632029][ T7019] dput+0xd8/0x1a0 [ 212.636013][ T7019] __fput+0x5ee/0x930 [ 212.640593][ T7019] task_work_run+0x125/0x1a0 [ 212.646045][ T7019] exit_to_user_mode_loop+0x10f/0x130 [ 212.651435][ T7019] exit_to_user_mode_prepare+0xb1/0x140 [ 212.657381][ T7019] syscall_exit_to_user_mode+0x16/0x40 [ 212.663187][ T7019] do_syscall_64+0x58/0xa0 [ 212.667736][ T7019] ? clear_bhb_loop+0x30/0x80 [ 212.672425][ T7019] ? clear_bhb_loop+0x30/0x80 [ 212.677092][ T7019] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 212.682978][ T7019] RIP: 0033:0x7ffa34338929 [ 212.687383][ T7019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.706982][ T7019] RSP: 002b:00007ffe2d81fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 212.715393][ T7019] RAX: 0000000000000000 RBX: 0000000000033c5b RCX: 00007ffa34338929 [ 212.723648][ T7019] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 212.731789][ T7019] RBP: 00007ffa34561ba0 R08: 0000000000000001 R09: 0000000c2d82015f [ 212.739761][ T7019] R10: 00007ffa341aa000 R11: 0000000000000246 R12: 00007ffa3455ffac [ 212.748178][ T7019] R13: 00007ffa3455ffa0 R14: ffffffffffffffff R15: 00007ffe2d81ff80 [ 212.756263][ T7019] [ 212.759297][ T7019] Modules linked in: [ 212.763297][ T7019] ---[ end trace d4089e20a5919f3f ]--- [ 212.768742][ T7019] RIP: 0010:unaccount_page_cache_page+0x75c/0x870 [ 212.775149][ T7019] Code: e8 29 5b da ff 4c 89 f7 48 c7 c6 40 fd 12 8a e8 aa db 0d 00 0f 0b e8 13 5b da ff 4c 89 f7 48 c7 c6 80 fd 12 8a e8 94 db 0d 00 <0f> 0b 48 85 ed 75 59 e8 f8 5a da ff eb 5d e8 f1 5a da ff 4c 89 f7 [ 212.794865][ T7019] RSP: 0018:ffffc9000350f688 EFLAGS: 00010046 [ 212.801014][ T7019] RAX: bc9e526baf044300 RBX: 0000000000000000 RCX: ffff88807cad3b80 [ 212.809661][ T7019] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff [ 212.817986][ T7019] RBP: 1ffffd40002ab599 R08: dffffc0000000000 R09: ffffed1017224f24 [ 212.826164][ T7019] R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffea000155acc0 [ 212.834669][ T7019] R13: dffffc0000000000 R14: ffffea000155acc0 R15: ffffea000155acc8 [ 212.842726][ T7019] FS: 000055558ade5500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 212.851650][ T7019] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 212.858233][ T7019] CR2: 00002000000000c8 CR3: 000000004f727000 CR4: 00000000003506e0 [ 212.866279][ T7019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 212.874241][ T7019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 212.882571][ T7019] Kernel panic - not syncing: Fatal exception [ 212.888854][ T7019] Kernel Offset: disabled [ 212.893173][ T7019] Rebooting in 86400 seconds..