last executing test programs: 10m4.2392065s ago: executing program 4 (id=87): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(0x0, 0x7) syz_open_dev$cec(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0xfffffffe, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x192}}, 0x20}}, 0x0) 10m2.775976038s ago: executing program 4 (id=91): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000003c0)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, &(0x7f0000000140)=""/92}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f00000002c0)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) add_key$user(&(0x7f0000000140), 0x0, 0x0, 0x0, 0xfffffffffffffffb) connect$vsock_stream(r1, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096, 0xeeef0000}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x40900, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x8001) 10m1.855889139s ago: executing program 4 (id=98): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f00000003c0)='cpuset.mem_hardwall\x00', 0x2, 0x0) sendfile(r4, r4, 0x0, 0x9c) 10m0.845020382s ago: executing program 4 (id=101): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setresuid(0xee01, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x845, &(0x7f00000005c0)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_lower}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@discard}, {@fat=@check_strict}, {@shortname_mixed}, {@shortname_winnt}, {@rodir}, {@shortname_win95}, {@fat=@sys_immutable}, {@utf8}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x300, 0x0, 0x103ff}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff000000000000210085000000360000009500070000000000b83f3584230b8f5ec8921327291cf4880dd3a91af830f8a476ba1b51d4eb67103b000000000000000000000000000000640f9922d207e93470686f20ad"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 10m0.16791296s ago: executing program 4 (id=107): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8) r0 = gettid() timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000)=0x0) timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3) fcntl$setsig(r3, 0xa, 0x12) timer_delete(r1) poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8) dup2(r3, r4) fcntl$setown(r3, 0x8, r2) tkill(r2, 0x13) 9m59.661229106s ago: executing program 4 (id=113): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40}) socket$inet6_sctp(0xa, 0x5, 0x84) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r1, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 9m58.622125028s ago: executing program 32 (id=113): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40}) socket$inet6_sctp(0xa, 0x5, 0x84) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r1, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 8m11.594016805s ago: executing program 0 (id=491): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@loopback, @in=@loopback, 0x0, 0xdbc, 0xfffe, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x1, 0x0, 0x1000000000000000}, 0x400, 0x0, 0x1}, {{@in=@empty, 0x20000000, 0x32}, 0xa, @in=@empty, 0x3507, 0x4, 0x0, 0xb7, 0x0, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x20) 8m9.790433727s ago: executing program 0 (id=495): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) waitid(0x0, r2, 0x0, 0x8, 0x0) r3 = getpgrp(r2) waitid(0x1000000000000000, r3, 0x0, 0x4, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0) 8m8.71286255s ago: executing program 0 (id=497): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000004) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m6.828720464s ago: executing program 0 (id=502): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setresuid(0xee01, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x845, &(0x7f00000005c0)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_lower}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@discard}, {@fat=@check_strict}, {@shortname_mixed}, {@shortname_winnt}, {@rodir}, {@shortname_win95}, {@fat=@sys_immutable}, {@utf8}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x300, 0x0, 0x103ff}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff000000000000210085000000360000009500070000000000b83f3584230b8f5ec8921327291cf4880dd3a91af830f8a476ba1b51d4eb67103b000000000000000000000000000000640f9922d207e93470686f20ad"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 8m6.544579867s ago: executing program 0 (id=506): process_madvise(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)='m[', 0xfffffffffffffdc5}], 0x1, 0x2, 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001740)={&(0x7f00000002c0)={0x14, 0x28, 0x1, 0x70bd2d, 0x25dfdbff, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4051}, 0x20000800) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="500000002600030500"/20, @ANYRES32=0x0, @ANYBLOB], 0x50}}, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r0, &(0x7f0000000980)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4004000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x8e, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x58, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x16, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x2}, @md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}, @window={0x3, 0x3}, @generic={0x22, 0x9, "da64345379e89f"}, @sack={0x5, 0x16, [0xa, 0x10, 0x6, 0xfffffff9, 0x7]}, @timestamp={0x8, 0xa, 0x80}, @eol]}}}}}}}}, 0x0) set_mempolicy(0x8000, &(0x7f0000000080)=0x1, 0x7fc) 8m5.965231704s ago: executing program 0 (id=510): sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, 0x0, 0x20048000) r0 = socket$l2tp(0x2, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 8m5.062945325s ago: executing program 33 (id=510): sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, 0x0, 0x20048000) r0 = socket$l2tp(0x2, 0x2, 0x73) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 15.991496895s ago: executing program 6 (id=1865): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188) read$hiddev(r3, &(0x7f0000000080)=""/39, 0x27) 13.999857399s ago: executing program 6 (id=1870): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$vim2m(0x0, 0x1, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, 0x0) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_FLAGS={0x8}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0) 11.283285822s ago: executing program 6 (id=1877): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xa1641000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0xa000200) semget$private(0x0, 0x4000, 0x0) 9.129028868s ago: executing program 1 (id=1882): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) 7.792216715s ago: executing program 1 (id=1885): openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) readv(r3, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/252, 0xfc}], 0x1) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0) 7.245162381s ago: executing program 2 (id=1886): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x0, 0x1000}], 0x0) io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$VHOST_RESET_OWNER(r4, 0xaf02, 0x0) 7.127047453s ago: executing program 5 (id=1887): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xa1641000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sched_setscheduler(0x0, 0x5, 0x0) unshare(0xa000200) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) 6.379970702s ago: executing program 1 (id=1888): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sched_setscheduler(0x0, 0x5, 0x0) unshare(0xa000200) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) 6.252216344s ago: executing program 6 (id=1889): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0)={0x77359400}, 0x0, 0xfffffffd) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, 0x0, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x178, 0x194, 0x194, 0x178, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'sit0\x00', 'ip6_vti0\x00', {}, {}, 0x6, 0x0, 0x4a}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x74020000}, [@common=@inet=@ecn={{0x28}, {0x10, 0x20, 0x5, 0x8}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0xffff, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) 6.244821643s ago: executing program 2 (id=1891): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="9802"], 0x298) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x13c) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r3 = open(&(0x7f0000000180)='./file1\x00', 0x800, 0x70) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x40, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', 0x0) unlinkat(r3, &(0x7f0000000000)='./file1\x00', 0x0) unlink(&(0x7f0000000040)='./file1\x00') 5.469202513s ago: executing program 1 (id=1892): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={0x44, r2, 0x101, 0x0, 0x80000, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x800, 0x1, 0x0, 0x0, {0x0, 0x39c, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x1}, 0x401, 0x0, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x884}, 0x4804) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xbfff, 0x0, "ec28a144f13d7607"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x0, 0x3, "0062ba7d820000a75e0000000000fcff00"}) io_setup(0xb, 0x0) io_getevents(0x0, 0x1, 0x0, &(0x7f0000000000), 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r3 = syz_open_pts(r0, 0x0) r4 = dup3(r3, r0, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x44) 5.468988633s ago: executing program 5 (id=1893): fanotify_init(0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) userfaultfd(0x801) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x6a, &(0x7f0000000340)={@random="6ea88d319b8c", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x43, 0x4e22, 0x8}}}}}, 0x0) 5.136282147s ago: executing program 3 (id=1894): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0000d63f9a8eecdeb60ddb0700000000", 0x20) 4.327952457s ago: executing program 2 (id=1895): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r1 = syz_open_dev$media(0x0, 0x0, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x600, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 4.301449837s ago: executing program 5 (id=1896): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 3.662115335s ago: executing program 6 (id=1897): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f00000001c0), 0x1, 0x2) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000200)={0x8098f909, 0x0, "7e54ff56c7e323330b5f23870ded65694a4e99d00e4d41f29f9a582ca04eca1d"}) msgsnd(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0xb, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$ocfs2(&(0x7f0000004840), &(0x7f00000001c0)='./bus\x00', 0x8c0, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x7, 0x4430, &(0x7f0000000240)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0) sendfile(r3, r2, 0x0, 0x578410eb) 3.507980267s ago: executing program 1 (id=1898): write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x800, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[], 0x20}}, 0x40000) recvfrom(r1, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 3.504045997s ago: executing program 3 (id=1899): socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) socket(0x10, 0x803, 0x0) socket(0x1, 0x803, 0x0) socket$packet(0x11, 0x2, 0x300) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 2.323347151s ago: executing program 5 (id=1900): prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/221, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) umount2(0x0, 0x7) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000e40), 0x80801, 0x0) write$tun(r2, 0x0, 0x15a) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x3, 0x0, 0x1}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) unshare(0x400) 2.297437302s ago: executing program 1 (id=1901): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xa1641000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0xa000200) semget$private(0x0, 0x4000, 0x0) 2.254120042s ago: executing program 3 (id=1902): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xa1641000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sched_setscheduler(0x0, 0x5, 0x0) unshare(0xa000200) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) 1.425741463s ago: executing program 2 (id=1903): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sched_setscheduler(0x0, 0x5, 0x0) unshare(0xa000200) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) 1.408544833s ago: executing program 6 (id=1904): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 1.359681633s ago: executing program 5 (id=1905): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(0x0) 801.23044ms ago: executing program 2 (id=1906): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, 0x0, 0x6a98047402e98331}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x4886) socket$can_bcm(0x1d, 0x2, 0x2) socket$rds(0x15, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) inotify_init1(0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x5, 0x2}) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 617.344382ms ago: executing program 3 (id=1907): mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='.\x00', 0x0, 0x0) open(&(0x7f0000000300)='./file1\x00', 0x14907e, 0x2e) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) mknodat$loop(r2, &(0x7f0000000100)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x10000, 0x0) renameat2(r3, &(0x7f00000004c0)='./bus\x00', r1, &(0x7f0000000500)='./file0\x00', 0x0) 465.795094ms ago: executing program 3 (id=1908): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() connect$unix(0xffffffffffffffff, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 329.388916ms ago: executing program 2 (id=1909): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188) read$hiddev(r3, &(0x7f0000000080)=""/39, 0x27) 165.073898ms ago: executing program 3 (id=1910): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x111000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$set_reqkey_keyring(0xe, 0x4) request_key(&(0x7f0000001380)='user\x00', &(0x7f00000013c0)={'syz', 0x3}, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=@bridge_getneigh={0x20, 0x1e, 0xb7b6511a36acb75d, 0x0, 0x0, {0x7, 0x0, 0x0, r4}}, 0x20}}, 0x0) 0s ago: executing program 5 (id=1911): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) kernel console output (not intermixed with test programs): tman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.846170][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 336.892111][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 337.702994][ T7653] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.064270][ T7653] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.091933][ T8118] loop2: detected capacity change from 0 to 512 [ 338.096384][ T7653] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.123878][ T7653] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.163967][ T8122] netlink: 'syz.5.913': attribute type 1 has an invalid length. [ 338.243316][ T8122] 8021q: adding VLAN 0 to HW filter on device bond2 [ 338.261161][ T8118] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,min_batch_time=0x000000000000002f,dioread_lock,,errors=continue. Quota mode: writeback. [ 338.285887][ T8118] ext4 filesystem being mounted at /194/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 338.369409][ T8127] device vlan2 entered promiscuous mode [ 338.375008][ T8127] device bond2 entered promiscuous mode [ 338.520345][ T8122] bond2: (slave gretap1): making interface the new active one [ 338.529054][ T8122] device gretap1 entered promiscuous mode [ 338.543951][ T8122] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 338.544826][ T8135] loop6: detected capacity change from 0 to 2048 [ 338.759712][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 338.807125][ T8135] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 338.907451][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 339.569986][ T3040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.634898][ T3040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.856883][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 339.901780][ T3040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.200013][ T3040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.529903][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 340.738045][ T8161] netlink: 8 bytes leftover after parsing attributes in process `syz.6.921'. [ 341.771909][ T8183] loop1: detected capacity change from 0 to 64 [ 341.792048][ T8177] loop6: detected capacity change from 0 to 512 [ 342.812387][ T8192] minix_free_block (loop1:1): bit already cleared [ 343.263382][ T8192] minix_free_block (loop1:4): bit already cleared [ 343.736478][ T8192] minix_free_block (loop1:3): bit already cleared [ 343.756579][ T8192] minix_free_block (loop1:2): bit already cleared [ 343.791279][ T8192] minix_free_block (loop1:1): bit already cleared [ 343.945690][ T8198] overlayfs: statfs failed on './file0' [ 344.091848][ T8209] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 344.140526][ T8211] netlink: 24 bytes leftover after parsing attributes in process `syz.1.934'. [ 344.922365][ T8217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.934'. [ 346.730420][ T21] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz1 [ 346.774463][ T8245] netlink: 41326 bytes leftover after parsing attributes in process `syz.6.940'. [ 347.033604][ T8249] fido_id[8249]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 347.906382][ T21] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 348.182846][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 348.182913][ T26] audit: type=1400 audit(1749225819.114:151): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=8252 comm="syz.6.947" [ 348.744252][ T8265] netlink: 'syz.1.949': attribute type 1 has an invalid length. [ 348.900361][ T8269] loop5: detected capacity change from 0 to 256 [ 348.968503][ T8265] 8021q: adding VLAN 0 to HW filter on device bond1 [ 349.171593][ T8269] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 349.219908][ T8269] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 349.296622][ T8269] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 349.359350][ C0] MPTCP: addr_signal error, add_addr=2, echo=1 [ 349.460557][ C0] MPTCP: addr_signal error, add_addr=2, echo=1 [ 349.718224][ T8292] snd_aloop snd_aloop.0: control 0:0:0:syz0:0 is already present [ 350.575308][ T8299] loop1: detected capacity change from 0 to 1024 [ 350.736574][ T8309] loop5: detected capacity change from 0 to 8 [ 350.863747][ T8307] binder: 8304:8307 ioctl c0306201 2000000003c0 returned -14 [ 351.081270][ T8306] loop6: detected capacity change from 0 to 2048 [ 351.156392][ T8309] SQUASHFS error: xz decompression failed, data probably corrupt [ 351.164417][ T8309] SQUASHFS error: Failed to read block 0x108: -5 [ 351.171121][ T8309] SQUASHFS error: Unable to read metadata cache entry [106] [ 351.178626][ T8309] SQUASHFS error: Unable to read inode 0x11f [ 351.579034][ T8299] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 351.723827][ T8314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.964'. [ 351.771785][ T8306] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 352.552014][ T5919] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 353.246538][ T5919] usb 4-1: Using ep0 maxpacket: 32 [ 353.426690][ T5919] usb 4-1: config 3 has an invalid interface number: 227 but max is 0 [ 353.426732][ T5919] usb 4-1: config 3 has no interface number 0 [ 353.640246][ T8343] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 354.350359][ T5919] usb 4-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=8a.99 [ 354.359658][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.367763][ T5919] usb 4-1: Product: syz [ 354.371955][ T5919] usb 4-1: Manufacturer: syz [ 354.376615][ T5919] usb 4-1: SerialNumber: syz [ 354.428731][ T5919] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state. [ 354.467562][ T5919] cxusb: set interface failed [ 354.486663][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 354.524574][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 355.380715][ T8353] x_tables: ip_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 355.607919][ T5919] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R)) [ 355.617623][ T5919] usb 4-1: media controller created [ 355.800344][ T8360] loop5: detected capacity change from 0 to 8 [ 356.388198][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 356.480489][ T5919] DVB: Unable to find symbol lgdt330x_attach() [ 356.489679][ T5919] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)' [ 356.576585][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 356.582626][ T5919] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected. [ 356.642999][ T5919] usb 4-1: USB disconnect, device number 5 [ 356.736498][ T5919] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected. [ 357.015681][ T8375] xt_CT: You must specify a L4 protocol and not use inversions on it [ 357.896418][ T6038] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 358.076593][ T6039] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 358.829333][ T6038] usb 3-1: Using ep0 maxpacket: 8 [ 359.087801][ T8366] loop6: detected capacity change from 0 to 32768 [ 359.170912][ T8366] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 scanned by syz.6.970 (8366) [ 359.187796][ T6039] usb 6-1: Using ep0 maxpacket: 8 [ 359.576569][ T6039] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.011823][ T6039] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 360.137717][ T8366] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 360.216330][ T6039] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 360.233041][ T8366] BTRFS info (device loop6): force zlib compression, level 3 [ 360.294755][ T8366] BTRFS info (device loop6): force clearing of disk cache [ 360.306083][ T6039] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 360.318119][ T6038] usb 3-1: unable to read config index 0 descriptor/all [ 360.325129][ T6038] usb 3-1: can't read configurations, error -71 [ 360.401885][ T8366] BTRFS info (device loop6): setting nodatasum [ 360.493602][ T8366] BTRFS info (device loop6): allowing degraded mounts [ 360.507270][ T6039] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 360.523206][ T6039] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.776536][ T8366] BTRFS info (device loop6): enabling disk space caching [ 361.495173][ T8366] BTRFS info (device loop6): disk space caching is enabled [ 361.525139][ T6039] usb 6-1: can't set config #1, error -71 [ 361.541834][ T8366] BTRFS info (device loop6): has skinny extents [ 361.573640][ T6039] usb 6-1: USB disconnect, device number 3 [ 362.445167][ T8429] netlink: 48 bytes leftover after parsing attributes in process `syz.3.989'. [ 362.767128][ T8428] loop1: detected capacity change from 0 to 40427 [ 362.825000][ T8428] F2FS-fs (loop1): invalid crc value [ 362.850877][ T8428] F2FS-fs (loop1): Found nat_bits in checkpoint [ 363.015490][ T8366] BTRFS error (device loop6): open_ctree failed: -12 [ 363.082453][ T8428] F2FS-fs (loop1): Start checkpoint disabled! [ 363.099233][ T4491] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 scanned by udevd (4491) [ 363.165499][ T8428] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 363.449721][ T8442] syz.2.990[8442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 363.449920][ T8442] syz.2.990[8442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.427203][ T26] audit: type=1326 audit(1749225835.364:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8452 comm="syz.5.997" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x0 [ 364.464413][ T8462] loop6: detected capacity change from 0 to 8 [ 364.537408][ T8457] attempt to access beyond end of device [ 364.537408][ T8457] loop1: rw=2049, want=45104, limit=40427 [ 364.551981][ T26] audit: type=1800 audit(1749225835.484:153): pid=8428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.988" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 364.628095][ T8462] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 364.776489][ T8466] netlink: 224 bytes leftover after parsing attributes in process `syz.5.999'. [ 364.827155][ T4491] udevd[4491]: incorrect cramfs checksum on /dev/loop6 [ 364.838389][ T8466] netlink: 16 bytes leftover after parsing attributes in process `syz.5.999'. [ 365.004357][ T4491] udevd[4491]: incorrect cramfs checksum on /dev/loop6 [ 365.190600][ T8468] cramfs: Error -3 while decompressing! [ 365.196305][ T8468] cramfs: ffffffff961ce228(26)->ffff888049ba0000(4096) [ 365.203387][ T8468] cramfs: Error -3 while decompressing! [ 365.209075][ T8468] cramfs: ffffffff961ce242(26)->ffff888049ba1000(4096) [ 365.216237][ T8468] cramfs: Error -3 while decompressing! [ 365.221943][ T8468] cramfs: ffffffff961ce25c(16)->ffff888049ba2000(4096) [ 365.229260][ T8468] cramfs: Error -3 while decompressing! [ 365.234912][ T8468] cramfs: ffffffff961ce228(26)->ffff888049ba0000(4096) [ 365.882184][ T4491] udevd[4491]: incorrect cramfs checksum on /dev/loop6 [ 365.927411][ T4491] udevd[4491]: incorrect cramfs checksum on /dev/loop6 [ 365.953289][ T4491] udevd[4491]: incorrect cramfs checksum on /dev/loop6 [ 368.957271][ T8492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1000'. [ 369.370071][ T8498] loop1: detected capacity change from 0 to 32768 [ 369.444874][ T8504] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1008'. [ 371.978427][ T4173] Bluetooth: hci2: link tx timeout [ 371.984318][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 371.997777][ T4173] Bluetooth: hci2: link tx timeout [ 372.002923][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.011248][ T4173] Bluetooth: hci2: link tx timeout [ 372.016601][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.024969][ T4173] Bluetooth: hci2: link tx timeout [ 372.030746][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.038825][ T4173] Bluetooth: hci2: link tx timeout [ 372.043950][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.052007][ T4173] Bluetooth: hci2: link tx timeout [ 372.059228][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.067118][ T4173] Bluetooth: hci2: link tx timeout [ 372.072237][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.080045][ T4173] Bluetooth: hci2: link tx timeout [ 372.085272][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.094418][ T4173] Bluetooth: hci2: link tx timeout [ 372.099670][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.107411][ T4173] Bluetooth: hci2: link tx timeout [ 372.112527][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.122762][ T4173] Bluetooth: hci2: link tx timeout [ 372.127950][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.135611][ T4173] Bluetooth: hci2: link tx timeout [ 372.140839][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.148661][ T4173] Bluetooth: hci2: link tx timeout [ 372.153820][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.166520][ T4173] Bluetooth: hci2: link tx timeout [ 372.171661][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.180641][ T4173] Bluetooth: hci2: link tx timeout [ 372.185803][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.194140][ T4173] Bluetooth: hci2: link tx timeout [ 372.199396][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.207883][ T4173] Bluetooth: hci2: link tx timeout [ 372.213002][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.221378][ T4173] Bluetooth: hci2: link tx timeout [ 372.226649][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.234967][ T4173] Bluetooth: hci2: link tx timeout [ 372.240187][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.250028][ T4173] Bluetooth: hci2: link tx timeout [ 372.255153][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.263664][ T4173] Bluetooth: hci2: link tx timeout [ 372.269280][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.280439][ T4173] Bluetooth: hci2: link tx timeout [ 372.285576][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.293505][ T4173] Bluetooth: hci2: link tx timeout [ 372.298811][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.306871][ T4173] Bluetooth: hci2: link tx timeout [ 372.312005][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.327535][ T4173] Bluetooth: hci2: link tx timeout [ 372.332767][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.341197][ T4173] Bluetooth: hci2: link tx timeout [ 372.346441][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.355301][ T4173] Bluetooth: hci2: link tx timeout [ 372.360603][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.369110][ T4173] Bluetooth: hci2: link tx timeout [ 372.374247][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.391038][ T4173] Bluetooth: hci2: link tx timeout [ 372.396172][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.404008][ T4173] Bluetooth: hci2: link tx timeout [ 372.409192][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.453732][ T4173] Bluetooth: hci2: link tx timeout [ 372.459121][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.470255][ T4173] Bluetooth: hci2: link tx timeout [ 372.475664][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.483989][ T4173] Bluetooth: hci2: link tx timeout [ 372.489161][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.497139][ T4173] Bluetooth: hci2: link tx timeout [ 372.502291][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.510356][ T4173] Bluetooth: hci2: link tx timeout [ 372.515677][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.537061][ T4173] Bluetooth: hci2: link tx timeout [ 372.542223][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.556990][ T4173] Bluetooth: hci2: link tx timeout [ 372.562133][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.570710][ T4173] Bluetooth: hci2: link tx timeout [ 372.575842][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.597155][ T8537] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 372.615901][ T4173] Bluetooth: hci2: link tx timeout [ 372.621324][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.631270][ T4173] Bluetooth: hci2: link tx timeout [ 372.637165][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.645761][ T4173] Bluetooth: hci2: link tx timeout [ 372.651152][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.662761][ T4173] Bluetooth: hci2: link tx timeout [ 372.668050][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.677083][ T4173] Bluetooth: hci2: link tx timeout [ 372.682297][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.690399][ T4173] Bluetooth: hci2: link tx timeout [ 372.695536][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.703706][ T4173] Bluetooth: hci2: link tx timeout [ 372.708876][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.717068][ T4173] Bluetooth: hci2: link tx timeout [ 372.722195][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.730511][ T4173] Bluetooth: hci2: link tx timeout [ 372.735666][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.744705][ T4173] Bluetooth: hci2: link tx timeout [ 372.749852][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.757935][ T4173] Bluetooth: hci2: link tx timeout [ 372.763072][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.771787][ T4173] Bluetooth: hci2: link tx timeout [ 372.777478][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.785472][ T4173] Bluetooth: hci2: link tx timeout [ 372.790807][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.799846][ T4173] Bluetooth: hci2: link tx timeout [ 372.804976][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.814668][ T4173] Bluetooth: hci2: link tx timeout [ 372.820058][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.828207][ T4173] Bluetooth: hci2: link tx timeout [ 372.833595][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.842084][ T4173] Bluetooth: hci2: link tx timeout [ 372.847357][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.856962][ T4173] Bluetooth: hci2: link tx timeout [ 372.862113][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.870347][ T4173] Bluetooth: hci2: link tx timeout [ 372.875485][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.884531][ T4173] Bluetooth: hci2: link tx timeout [ 372.889741][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.898192][ T4173] Bluetooth: hci2: link tx timeout [ 372.903316][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.911841][ T4173] Bluetooth: hci2: link tx timeout [ 372.917036][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.926120][ T4173] Bluetooth: hci2: link tx timeout [ 372.931325][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.942163][ T4173] Bluetooth: hci2: link tx timeout [ 372.947367][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.955308][ T4173] Bluetooth: hci2: link tx timeout [ 372.960520][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.968507][ T4173] Bluetooth: hci2: link tx timeout [ 372.973658][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.983110][ T4173] Bluetooth: hci2: link tx timeout [ 372.988478][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 372.998099][ T4173] Bluetooth: hci2: link tx timeout [ 373.003266][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.011219][ T4173] Bluetooth: hci2: link tx timeout [ 373.016429][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.027476][ T4173] Bluetooth: hci2: link tx timeout [ 373.032614][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.042261][ T4173] Bluetooth: hci2: link tx timeout [ 373.047424][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.065465][ T4173] Bluetooth: hci2: link tx timeout [ 373.070659][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.078602][ T4173] Bluetooth: hci2: link tx timeout [ 373.084040][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.092061][ T4173] Bluetooth: hci2: link tx timeout [ 373.097219][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.107392][ T4173] Bluetooth: hci2: link tx timeout [ 373.112534][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.121251][ T4173] Bluetooth: hci2: link tx timeout [ 373.126528][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.134820][ T4173] Bluetooth: hci2: link tx timeout [ 373.140219][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.148158][ T4173] Bluetooth: hci2: link tx timeout [ 373.153290][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.185365][ T4173] Bluetooth: hci2: link tx timeout [ 373.191046][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.199070][ T4173] Bluetooth: hci2: link tx timeout [ 373.204211][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.217726][ T4173] Bluetooth: hci2: link tx timeout [ 373.222903][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.231496][ T4173] Bluetooth: hci2: link tx timeout [ 373.236692][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.245221][ T4173] Bluetooth: hci2: link tx timeout [ 373.250429][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.263343][ T4173] Bluetooth: hci2: link tx timeout [ 373.268569][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.286550][ T4173] Bluetooth: hci2: link tx timeout [ 373.291717][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.299942][ T4173] Bluetooth: hci2: link tx timeout [ 373.305084][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.317500][ T4173] Bluetooth: hci2: link tx timeout [ 373.322639][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.330512][ T4173] Bluetooth: hci2: link tx timeout [ 373.335750][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.344608][ T4173] Bluetooth: hci2: link tx timeout [ 373.349844][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.367215][ T4173] Bluetooth: hci2: link tx timeout [ 373.372370][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.380541][ T4173] Bluetooth: hci2: link tx timeout [ 373.385847][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.394817][ T4173] Bluetooth: hci2: link tx timeout [ 373.399991][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.407896][ T4173] Bluetooth: hci2: link tx timeout [ 373.413035][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.440212][ T4173] Bluetooth: hci2: link tx timeout [ 373.445577][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.462009][ T4173] Bluetooth: hci2: link tx timeout [ 373.467929][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.477076][ T4173] Bluetooth: hci2: link tx timeout [ 373.482224][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.490087][ T4173] Bluetooth: hci2: link tx timeout [ 373.495536][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.515454][ T4173] Bluetooth: hci2: link tx timeout [ 373.520707][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.528696][ T4173] Bluetooth: hci2: link tx timeout [ 373.533829][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.541918][ T4173] Bluetooth: hci2: link tx timeout [ 373.547093][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.555343][ T4173] Bluetooth: hci2: link tx timeout [ 373.560616][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.568997][ T4173] Bluetooth: hci2: link tx timeout [ 373.574122][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.582540][ T4173] Bluetooth: hci2: link tx timeout [ 373.587726][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.603849][ T4173] Bluetooth: hci2: link tx timeout [ 373.609558][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.617663][ T4173] Bluetooth: hci2: link tx timeout [ 373.622967][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.631030][ T4173] Bluetooth: hci2: link tx timeout [ 373.636159][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.643995][ T4173] Bluetooth: hci2: link tx timeout [ 373.649150][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.663651][ T4173] Bluetooth: hci2: link tx timeout [ 373.669330][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.677843][ T4173] Bluetooth: hci2: link tx timeout [ 373.682969][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.691744][ T4173] Bluetooth: hci2: link tx timeout [ 373.697377][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.705322][ T4173] Bluetooth: hci2: link tx timeout [ 373.710579][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.719370][ T4173] Bluetooth: hci2: link tx timeout [ 373.724494][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.732905][ T4173] Bluetooth: hci2: link tx timeout [ 373.738117][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.745996][ T4173] Bluetooth: hci2: link tx timeout [ 373.751208][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.759483][ T4173] Bluetooth: hci2: link tx timeout [ 373.764621][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.777133][ T4173] Bluetooth: hci2: link tx timeout [ 373.782263][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.790754][ T4173] Bluetooth: hci2: link tx timeout [ 373.795887][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.804784][ T4173] Bluetooth: hci2: link tx timeout [ 373.806056][ T26] audit: type=1326 audit(1749225844.734:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7fc00000 [ 373.809972][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.840194][ T4173] Bluetooth: hci2: link tx timeout [ 373.845311][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.867541][ T4173] Bluetooth: hci2: link tx timeout [ 373.872736][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.880824][ T4173] Bluetooth: hci2: link tx timeout [ 373.885961][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.894030][ T4173] Bluetooth: hci2: link tx timeout [ 373.899413][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.917912][ T4173] Bluetooth: hci2: link tx timeout [ 373.917940][ T26] audit: type=1326 audit(1749225844.844:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb815b19929 code=0x7fc00000 [ 373.923053][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.961557][ T4173] Bluetooth: hci2: link tx timeout [ 373.966762][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.974595][ T4173] Bluetooth: hci2: link tx timeout [ 373.979766][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 373.987649][ T4173] Bluetooth: hci2: link tx timeout [ 373.993011][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.000837][ T4173] Bluetooth: hci2: link tx timeout [ 374.006328][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.014275][ T4173] Bluetooth: hci2: link tx timeout [ 374.019517][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.028246][ T4215] Bluetooth: hci2: command 0x0406 tx timeout [ 374.034464][ T4173] Bluetooth: hci2: link tx timeout [ 374.039630][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.047601][ T4173] Bluetooth: hci2: link tx timeout [ 374.052737][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.075264][ T4173] Bluetooth: hci2: link tx timeout [ 374.080486][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.088475][ T26] audit: type=1326 audit(1749225844.844:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7fc00000 [ 374.115393][ T4173] Bluetooth: hci2: link tx timeout [ 374.120615][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.133649][ T4173] Bluetooth: hci2: link tx timeout [ 374.139035][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.149187][ T4173] Bluetooth: hci2: link tx timeout [ 374.154378][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.162999][ T4173] Bluetooth: hci2: link tx timeout [ 374.169000][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.177497][ T4173] Bluetooth: hci2: link tx timeout [ 374.182650][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.191022][ T4173] Bluetooth: hci2: link tx timeout [ 374.196180][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.205680][ T4173] Bluetooth: hci2: link tx timeout [ 374.211178][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.219403][ T4173] Bluetooth: hci2: link tx timeout [ 374.224544][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.232832][ T4173] Bluetooth: hci2: link tx timeout [ 374.237996][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.245856][ T4173] Bluetooth: hci2: link tx timeout [ 374.251043][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.259818][ T4173] Bluetooth: hci2: link tx timeout [ 374.265273][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.273371][ T4173] Bluetooth: hci2: link tx timeout [ 374.278517][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.286403][ T4173] Bluetooth: hci2: link tx timeout [ 374.291529][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.299567][ T4173] Bluetooth: hci2: link tx timeout [ 374.304684][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.313136][ T4173] Bluetooth: hci2: link tx timeout [ 374.318374][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.326174][ T4173] Bluetooth: hci2: link tx timeout [ 374.331464][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.339346][ T4173] Bluetooth: hci2: link tx timeout [ 374.344458][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.352805][ T4173] Bluetooth: hci2: link tx timeout [ 374.357990][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.365834][ T4173] Bluetooth: hci2: link tx timeout [ 374.372535][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.380609][ T4173] Bluetooth: hci2: link tx timeout [ 374.385730][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.393825][ T4173] Bluetooth: hci2: link tx timeout [ 374.399009][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.406930][ T4173] Bluetooth: hci2: link tx timeout [ 374.412428][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.420665][ T4173] Bluetooth: hci2: link tx timeout [ 374.425977][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.434225][ T4173] Bluetooth: hci2: link tx timeout [ 374.439445][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.447375][ T4173] Bluetooth: hci2: link tx timeout [ 374.452498][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.460400][ T4173] Bluetooth: hci2: link tx timeout [ 374.465533][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.474129][ T4173] Bluetooth: hci2: link tx timeout [ 374.480401][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.488391][ T4173] Bluetooth: hci2: link tx timeout [ 374.493522][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.501433][ T4173] Bluetooth: hci2: link tx timeout [ 374.506695][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.515109][ T4173] Bluetooth: hci2: link tx timeout [ 374.520568][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.528539][ T4173] Bluetooth: hci2: link tx timeout [ 374.533660][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.541530][ T4173] Bluetooth: hci2: link tx timeout [ 374.546811][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.554639][ T4173] Bluetooth: hci2: link tx timeout [ 374.560024][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.568173][ T4173] Bluetooth: hci2: link tx timeout [ 374.573602][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.581655][ T4173] Bluetooth: hci2: link tx timeout [ 374.586917][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.596185][ T4173] Bluetooth: hci2: link tx timeout [ 374.601378][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.609396][ T4173] Bluetooth: hci2: link tx timeout [ 374.614552][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.623018][ T4173] Bluetooth: hci2: link tx timeout [ 374.628186][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.636056][ T4173] Bluetooth: hci2: link tx timeout [ 374.641221][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.649467][ T4173] Bluetooth: hci2: link tx timeout [ 374.654604][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.662498][ T4173] Bluetooth: hci2: link tx timeout [ 374.667746][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.676174][ T4173] Bluetooth: hci2: link tx timeout [ 374.681426][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.689330][ T4173] Bluetooth: hci2: link tx timeout [ 374.694558][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.703513][ T4173] Bluetooth: hci2: link tx timeout [ 374.708820][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.750181][ T4173] Bluetooth: hci2: link tx timeout [ 374.757794][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.765789][ T4173] Bluetooth: hci2: link tx timeout [ 374.771039][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.779333][ T4173] Bluetooth: hci2: link tx timeout [ 374.784481][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.807557][ T4173] Bluetooth: hci2: link tx timeout [ 374.812704][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.820630][ T4173] Bluetooth: hci2: link tx timeout [ 374.826037][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.834227][ T4173] Bluetooth: hci2: link tx timeout [ 374.839436][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.856581][ T4173] Bluetooth: hci2: link tx timeout [ 374.861784][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.869826][ T4173] Bluetooth: hci2: link tx timeout [ 374.875052][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.883388][ T4173] Bluetooth: hci2: link tx timeout [ 374.888581][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.896599][ T4173] Bluetooth: hci2: link tx timeout [ 374.901740][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.909668][ T4173] Bluetooth: hci2: link tx timeout [ 374.914798][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.923584][ T4173] Bluetooth: hci2: link tx timeout [ 374.929272][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.942399][ T4173] Bluetooth: hci2: link tx timeout [ 374.947627][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.955687][ T4173] Bluetooth: hci2: link tx timeout [ 374.961048][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.968993][ T4173] Bluetooth: hci2: link tx timeout [ 374.974387][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 374.982819][ T4173] Bluetooth: hci2: link tx timeout [ 374.988228][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.004299][ T4173] Bluetooth: hci2: link tx timeout [ 375.009512][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.031316][ T4173] Bluetooth: hci2: link tx timeout [ 375.036489][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.044555][ T4173] Bluetooth: hci2: link tx timeout [ 375.049842][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.057800][ T4173] Bluetooth: hci2: link tx timeout [ 375.062953][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.070945][ T4173] Bluetooth: hci2: link tx timeout [ 375.076060][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.084664][ T4173] Bluetooth: hci2: link tx timeout [ 375.089963][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.097859][ T4173] Bluetooth: hci2: link tx timeout [ 375.103082][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.120092][ T4173] Bluetooth: hci2: link tx timeout [ 375.125252][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.164615][ T8563] loop2: detected capacity change from 0 to 256 [ 375.171051][ T4173] Bluetooth: hci2: link tx timeout [ 375.178078][ T4173] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 376.926994][ T8582] siw: device registration error -23 [ 377.833930][ T8585] netlink: 'syz.2.1030': attribute type 39 has an invalid length. [ 377.907440][ T8588] loop3: detected capacity change from 0 to 512 [ 377.974721][ T8588] EXT4-fs (loop3): Ignoring removed orlov option [ 377.981395][ T8588] EXT4-fs (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 377.991784][ T8588] EXT4-fs (loop3): DAX unsupported by block device. [ 378.434352][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.469361][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.451907][ T8612] loop3: detected capacity change from 0 to 32768 [ 381.745394][ T8612] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 scanned by syz.3.1047 (8612) [ 381.937590][ T8612] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 381.947328][ T8612] BTRFS info (device loop3): use zlib compression, level 3 [ 381.954801][ T8612] BTRFS error (device loop3): unrecognized mount option 'dont_appraise' [ 381.996678][ T8612] BTRFS error (device loop3): open_ctree failed: -22 [ 382.314663][ T8616] loop1: detected capacity change from 0 to 64 [ 383.402514][ T8620] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1036'. [ 383.650923][ T8620] netlink: 'syz.6.1036': attribute type 11 has an invalid length. [ 383.751945][ T8620] netlink: 428 bytes leftover after parsing attributes in process `syz.6.1036'. [ 383.798773][ T26] audit: type=1800 audit(1749225854.724:157): pid=8626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1037" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 385.157655][ T8639] netlink: 'syz.3.1044': attribute type 1 has an invalid length. [ 386.289096][ T8639] 8021q: adding VLAN 0 to HW filter on device bond1 [ 386.327368][ T8646] device ip6erspan0 entered promiscuous mode [ 386.782325][ T8657] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1050'. [ 386.916761][ T8646] bond1: (slave ip6erspan0): making interface the new active one [ 386.969033][ T8646] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 387.068209][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 388.899755][ T21] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 390.265654][ T21] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 390.273039][ T8674] loop5: detected capacity change from 0 to 1024 [ 390.369477][ T8672] netlink: zone id is out of range [ 390.442654][ T8674] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 391.316408][ T8674] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 391.323763][ T8674] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 391.419758][ T8674] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,nolazytime,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,nobarrier,,errors=continue. Quota mode: writeback. [ 391.557444][ T26] audit: type=1326 audit(1749225862.494:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8690 comm="syz.3.1058" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb815b19929 code=0x0 [ 391.605108][ T8698] device bridge2 entered promiscuous mode [ 391.684623][ T8700] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1060'. [ 391.906710][ T8709] netlink: 'syz.6.1073': attribute type 12 has an invalid length. [ 392.121686][ T8712] loop1: detected capacity change from 0 to 512 [ 393.145030][ T8712] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 393.432371][ T8712] EXT4-fs (loop1): 1 truncate cleaned up [ 393.896400][ T8712] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 394.910984][ T8712] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1063'. [ 395.090658][ T8712] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1063'. [ 395.734939][ T8707] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1064'. [ 397.928916][ T8772] device netdevsim0 entered promiscuous mode [ 397.977323][ T8772] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 397.980825][ T8777] loop3: detected capacity change from 0 to 256 [ 398.029557][ T8769] kvm: pic: level sensitive irq not supported [ 398.029679][ T8769] picdev_read: 2038 callbacks suppressed [ 398.029702][ T8769] kvm: pic: non byte read [ 398.053183][ T8781] loop5: detected capacity change from 0 to 512 [ 398.054929][ T8769] kvm: pic: non byte read [ 398.065827][ T8769] kvm: pic: non byte read [ 398.071385][ T8769] kvm: pic: non byte read [ 398.077727][ T8769] kvm: pic: non byte read [ 398.082239][ T8769] kvm: pic: non byte read [ 398.087516][ T8769] kvm: pic: non byte read [ 398.092022][ T8769] kvm: pic: non byte read [ 398.096933][ T8769] kvm: pic: non byte read [ 398.101596][ T8769] kvm: pic: non byte read [ 398.234890][ T8781] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue. Quota mode: writeback. [ 398.267788][ T8781] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 398.370154][ T8785] loop6: detected capacity change from 0 to 512 [ 398.460090][ T8785] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 399.143735][ T8785] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #16: comm syz.6.1087: invalid indirect mapped block 83886080 (level 1) [ 399.296822][ T8785] EXT4-fs (loop6): Remounting filesystem read-only [ 399.303674][ T8785] EXT4-fs (loop6): 1 orphan inode deleted [ 399.366433][ T8785] EXT4-fs (loop6): 1 truncate cleaned up [ 399.372136][ T8785] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000000040,block_validity,quota,. Quota mode: writeback. [ 400.094643][ T26] audit: type=1326 audit(1749225871.024:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 400.173458][ T26] audit: type=1326 audit(1749225871.054:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 400.206551][ T26] audit: type=1326 audit(1749225871.054:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 400.286676][ T26] audit: type=1326 audit(1749225871.054:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 400.379617][ T26] audit: type=1326 audit(1749225871.054:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 400.633647][ T26] audit: type=1326 audit(1749225871.064:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 401.730494][ T26] audit: type=1326 audit(1749225871.064:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 401.786533][ T26] audit: type=1326 audit(1749225871.064:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 401.814075][ T26] audit: type=1326 audit(1749225871.064:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 401.836456][ T26] audit: type=1326 audit(1749225871.064:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8784 comm="syz.6.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x7ffc0000 [ 401.842370][ T8822] loop2: detected capacity change from 0 to 512 [ 402.025637][ T8822] EXT4-fs error (device loop2): __ext4_iget:4893: inode #14: block 1886221359: comm syz.2.1096: invalid block [ 402.116526][ T8822] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.1096: couldn't read orphan inode 14 (err -117) [ 402.147025][ T8822] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nodiscard,nouid32,journal_ioprio=0x0000000000000006,quota,,errors=continue. Quota mode: writeback. [ 402.518405][ T8822] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 402.827643][ T8833] loop3: detected capacity change from 0 to 64 [ 402.939534][ T8835] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1099'. [ 404.387716][ T8851] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1103'. [ 404.740071][ T8859] blktrace: Concurrent blktraces are not allowed on loop10 [ 405.156986][ T6045] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 405.252777][ T8879] hub 1-0:1.0: USB hub found [ 405.262372][ T8879] hub 1-0:1.0: 1 port detected [ 405.406494][ T6045] usb 2-1: Using ep0 maxpacket: 16 [ 405.706605][ T6045] usb 2-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 405.716452][ T6045] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.724809][ T6045] usb 2-1: Product: syz [ 405.730299][ T6045] usb 2-1: Manufacturer: syz [ 405.735710][ T6045] usb 2-1: SerialNumber: syz [ 405.759803][ T6045] usb 2-1: config 0 descriptor?? [ 405.808634][ T6045] usb 2-1: Found UVC 0.00 device syz (046d:0721) [ 405.815217][ T6045] usb 2-1: No valid video chain found. [ 406.028967][ T4215] usb 2-1: USB disconnect, device number 6 [ 407.097174][ T8894] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1120'. [ 407.221169][ T8894] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1120'. [ 407.924995][ T8877] loop5: detected capacity change from 0 to 40427 [ 407.994695][ T8900] xt_CT: You must specify a L4 protocol and not use inversions on it [ 409.521956][ T8913] hub 1-0:1.0: USB hub found [ 410.066572][ T8913] hub 1-0:1.0: 1 port detected [ 411.226900][ T4215] Bluetooth: hci3: command 0x0406 tx timeout [ 412.413887][ T8937] lo speed is unknown, defaulting to 1000 [ 412.419959][ T8939] netlink: 'syz.6.1133': attribute type 39 has an invalid length. [ 412.499407][ T8937] lo speed is unknown, defaulting to 1000 [ 412.507710][ T8937] lo speed is unknown, defaulting to 1000 [ 412.535487][ T8937] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 412.683188][ T8937] lo speed is unknown, defaulting to 1000 [ 412.707446][ T8937] lo speed is unknown, defaulting to 1000 [ 412.717833][ T8937] lo speed is unknown, defaulting to 1000 [ 412.927168][ T8937] lo speed is unknown, defaulting to 1000 [ 413.099143][ T8937] lo speed is unknown, defaulting to 1000 [ 413.855328][ T8948] tipc: Resetting bearer [ 413.864914][ T8948] tipc: Resetting bearer [ 415.338733][ T8948] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.368265][ T8948] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.394899][ T8963] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1140'. [ 415.431160][ T8963] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1140'. [ 415.582150][ T4503] tipc: Resetting bearer [ 415.672922][ T8973] loop2: detected capacity change from 0 to 8 [ 416.468397][ T21] Bluetooth: hci1: command 0x0406 tx timeout [ 416.977707][ T8973] SQUASHFS error: lzo decompression failed, data probably corrupt [ 417.007091][ T8973] SQUASHFS error: Failed to read block 0x91: -5 [ 417.039081][ T8973] SQUASHFS error: Unable to read metadata cache entry [8f] [ 417.209989][ T8973] SQUASHFS error: Unable to read inode 0x11f [ 417.488986][ T8990] xt_CT: You must specify a L4 protocol and not use inversions on it [ 418.355679][ T8992] loop5: detected capacity change from 0 to 1024 [ 418.427211][ T8996] loop2: detected capacity change from 0 to 1024 [ 418.506026][ T8996] hfsplus: unable to parse mount options [ 418.510826][ T8987] hfsplus: xattr search failed [ 418.601485][ T8987] hfsplus: xattr searching failed [ 418.866627][ T4217] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 419.234060][ T4217] usb 3-1: device descriptor read/64, error -71 [ 419.324179][ T4733] hfsplus: b-tree write err: -5, ino 3 [ 419.655589][ T4217] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 420.792567][ T9017] loop5: detected capacity change from 0 to 256 [ 420.861142][ T9019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 421.126525][ T21] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 422.708487][ T9036] loop5: detected capacity change from 0 to 2048 [ 423.150265][ T9036] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 423.363197][ T9033] loop1: detected capacity change from 0 to 1024 [ 423.476356][ T21] usb 4-1: Using ep0 maxpacket: 16 [ 423.507570][ T9042] loop6: detected capacity change from 0 to 512 [ 424.906576][ T21] usb 4-1: unable to read config index 0 descriptor/all [ 424.913610][ T21] usb 4-1: can't read configurations, error -71 [ 424.932167][ T4541] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 424.963208][ T9047] hfsplus: xattr search failed [ 424.984852][ T9042] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue. Quota mode: writeback. [ 425.074929][ T9042] ext4 filesystem being mounted at /119/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 425.167588][ T9033] hfsplus: xattr searching failed [ 425.176712][ T4541] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 14 with error 28 [ 425.196404][ T9033] hfsplus: xattr searching failed [ 425.225919][ T4541] EXT4-fs (loop5): This should not happen!! Data will be lost [ 425.225919][ T4541] [ 425.228810][ T9033] hfsplus: b-tree write err: -5, ino 3 [ 425.240901][ T4541] EXT4-fs (loop5): Total free blocks count 0 [ 425.250209][ T4541] EXT4-fs (loop5): Free/Dirty block details [ 425.266555][ T4541] EXT4-fs (loop5): free_blocks=2415919104 [ 425.272343][ T4541] EXT4-fs (loop5): dirty_blocks=16 [ 425.294918][ T4541] EXT4-fs (loop5): Block reservation details [ 425.303924][ T4541] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 426.976646][ T9069] rdma_op ffff8880784499f0 conn xmit_rdma 0000000000000000 [ 427.733638][ T9076] loop2: detected capacity change from 0 to 16 [ 427.743520][ T9077] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1173'. [ 427.760451][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1183'. [ 427.790229][ T9072] tipc: Started in network mode [ 427.795141][ T9072] tipc: Node identity 52037ac6dfd8, cluster identity 4711 [ 427.842543][ T9072] tipc: Enabled bearer , priority 0 [ 427.853917][ T9076] erofs: (device loop2): mounted with root inode @ nid 36. [ 427.885126][ T9082] device syzkaller0 entered promiscuous mode [ 427.940735][ T9072] tipc: Resetting bearer [ 427.961368][ T9085] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1176'. [ 428.041734][ T9071] tipc: Resetting bearer [ 428.235851][ T9071] tipc: Disabling bearer [ 428.335660][ T9085] loop1: detected capacity change from 0 to 512 [ 428.511674][ T9085] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 428.649552][ T9085] EXT4-fs (loop1): group descriptors corrupted! [ 428.810890][ T9094] bridge0: port 1(bridge_slave_0) entered listening state [ 428.867924][ T9093] 9pnet: Insufficient options for proto=fd [ 430.286141][ T9110] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1187'. [ 430.409329][ T9112] sd 0:0:1:0: PR command failed: 2 [ 430.439659][ T9112] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 430.457851][ T9112] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 431.193172][ T9125] tipc: Enabling of bearer rejected, already enabled [ 431.417708][ T9125] tipc: Enabling of bearer rejected, already enabled [ 431.557200][ T9120] lo speed is unknown, defaulting to 1000 [ 431.564100][ T9120] lo speed is unknown, defaulting to 1000 [ 431.857111][ T9138] xt_TCPMSS: Only works on TCP SYN packets [ 432.750440][ T9139] loop1: detected capacity change from 0 to 2048 [ 433.146695][ T4491] Alternate GPT is invalid, using primary GPT. [ 433.187259][ T4491] loop1: p1 p2 p3 [ 433.551344][ T6042] Bluetooth: hci1: command 0x0409 tx timeout [ 433.587080][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1197'. [ 433.657511][ T9139] Alternate GPT is invalid, using primary GPT. [ 433.675383][ T9139] loop1: p1 p2 p3 [ 433.680327][ T9139] loop1: p1 could not be added: -ENOMEM [ 433.686125][ T9139] loop1: p2 could not be added: -ENOMEM [ 433.692228][ T9139] loop1: p3 could not be added: -ENOMEM [ 433.770059][ T9120] chnl_net:caif_netlink_parms(): no params data found [ 433.818794][ T5748] udevd[5748]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 433.833037][ T4491] udevd[4491]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 433.857846][ T5478] udevd[5478]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 433.961834][ T9157] loop3: detected capacity change from 0 to 2048 [ 434.067644][ T9120] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.074738][ T9120] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.105476][ T9120] device bridge_slave_0 entered promiscuous mode [ 434.132312][ T9120] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.140306][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.149049][ T9120] device bridge_slave_1 entered promiscuous mode [ 434.187372][ T9157] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 434.216430][ T9120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.280353][ T9163] loop5: detected capacity change from 0 to 4096 [ 434.331293][ T9120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 435.800939][ T6045] Bluetooth: hci1: command 0x041b tx timeout [ 435.900514][ T9177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1204'. [ 435.935855][ T9120] team0: Port device team_slave_0 added [ 435.951410][ T9120] team0: Port device team_slave_1 added [ 436.025212][ T9120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.043288][ T9120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.004620][ T9120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.063711][ T9120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.079934][ T9120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.131940][ T9120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.205213][ T9187] tipc: Enabled bearer , priority 10 [ 437.239650][ T9187] tipc: Enabled bearer , priority 0 [ 437.290887][ T9120] device hsr_slave_0 entered promiscuous mode [ 437.342821][ T9120] device hsr_slave_1 entered promiscuous mode [ 437.372916][ T9120] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 437.406861][ T9120] Cannot create hsr debugfs directory [ 437.898903][ T6045] Bluetooth: hci1: command 0x040f tx timeout [ 437.933156][ T9120] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.963566][ T9218] xt_TPROXY: Can be used only with -p tcp or -p udp [ 438.011205][ T9217] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1215'. [ 438.519170][ T4161] tipc: Node number set to 829675192 [ 438.930272][ T9120] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.208155][ T9120] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.224147][ T9230] siw: device registration error -23 [ 439.869363][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.869413][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.890009][ T9120] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.948012][ T6043] Bluetooth: hci1: command 0x0419 tx timeout [ 439.998858][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 439.998874][ T26] audit: type=1326 audit(1749225910.934:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9232 comm="syz.6.1219" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc42094d929 code=0x0 [ 440.040424][ T9235] netlink: 'syz.5.1220': attribute type 10 has an invalid length. [ 440.051594][ T9235] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 440.147793][ T9120] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 440.158836][ T9120] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 440.170739][ T9120] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 440.177594][ T9120] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 440.289795][ T9242] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1222'. [ 440.395590][ T9120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.459314][ T9120] 8021q: adding VLAN 0 to HW filter on device team0 [ 440.537106][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 440.537935][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 440.551494][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 440.552133][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 440.552590][ T1201] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.552627][ T1201] bridge0: port 1(bridge_slave_0) entered forwarding state [ 440.553085][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 440.553601][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 440.553989][ T1201] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.554023][ T1201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 440.554908][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 440.561866][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 440.580990][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 440.594884][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 440.597666][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 440.598444][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 440.671256][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 441.698092][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 441.707635][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 441.708377][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 441.709015][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 441.710112][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 441.711673][ T9120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 442.190027][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 442.190163][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 442.209260][ T9120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 442.248889][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 442.249581][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 442.332022][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 442.332714][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 442.333460][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 442.333983][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 442.342755][ T9120] device veth0_vlan entered promiscuous mode [ 442.363006][ T9120] device veth1_vlan entered promiscuous mode [ 442.403592][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 442.404235][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 442.404777][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 442.405347][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 442.434864][ T9120] device veth0_macvtap entered promiscuous mode [ 442.496152][ T9120] device veth1_macvtap entered promiscuous mode [ 442.531593][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.531618][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.531639][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.531654][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.531673][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.531687][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.531707][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.531721][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.532992][ T9120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 442.533085][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 442.533716][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 442.534231][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 442.534697][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 442.560558][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.560591][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.560605][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.560628][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.560642][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.560663][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.560678][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.560699][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.560715][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.560732][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.573660][ T9120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 442.573876][ T4452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 442.574764][ T4452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 442.628865][ T9120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.152017][ T9269] loop1: detected capacity change from 0 to 512 [ 443.206402][ T9269] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 443.227134][ T9120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.238544][ T9120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.247450][ T9120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.267467][ T9267] lo speed is unknown, defaulting to 1000 [ 443.274186][ T9267] lo speed is unknown, defaulting to 1000 [ 443.280346][ T9269] EXT4-fs (loop1): Ignoring removed bh option [ 443.294304][ T9269] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 443.436620][ T9269] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 443.479691][ T9269] EXT4-fs (loop1): 1 truncate cleaned up [ 443.485500][ T9269] EXT4-fs (loop1): mounted filesystem without journal. Opts: mblk_io_submit,dioread_nolock,bh,errors=continue,nouid32,quota,nogrpid,,errors=continue. Quota mode: writeback. [ 443.534646][ T9223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.555232][ T9223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.628479][ T1201] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 443.672418][ T1201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.689897][ T1201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.723572][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 443.846445][ T9281] netlink: 'syz.2.1182': attribute type 32 has an invalid length. [ 445.669193][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 446.879907][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 446.889071][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 447.760337][ T9323] loop2: detected capacity change from 0 to 512 [ 448.349464][ T9323] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 448.837862][ T9323] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 448.883333][ T9330] netlink: 'syz.3.1245': attribute type 10 has an invalid length. [ 448.952183][ T9330] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 449.111638][ T9339] siw: device registration error -23 [ 449.221243][ T9342] EXT4-fs error (device loop2): ext4_do_update_inode:5203: inode #2: comm syz.2.1244: corrupted inode contents [ 449.733521][ T9342] EXT4-fs error (device loop2): ext4_dirty_inode:6039: inode #2: comm syz.2.1244: mark_inode_dirty error [ 450.237236][ T9342] EXT4-fs error (device loop2): ext4_do_update_inode:5203: inode #2: comm syz.2.1244: corrupted inode contents [ 450.255721][ T9342] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.1244: mark_inode_dirty error [ 453.124361][ T9363] loop5: detected capacity change from 0 to 512 [ 453.230500][ T9368] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1251'. [ 453.348686][ T9369] netlink: 'syz.2.1251': attribute type 11 has an invalid length. [ 453.398409][ T9369] netlink: 428 bytes leftover after parsing attributes in process `syz.2.1251'. [ 454.398762][ T9363] EXT4-fs (loop5): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 454.866515][ T9363] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 456.030723][ T9382] loop1: detected capacity change from 0 to 4096 [ 456.069972][ T9391] EXT4-fs error (device loop5): ext4_do_update_inode:5203: inode #2: comm syz.5.1265: corrupted inode contents [ 456.086083][ T26] audit: type=1326 audit(1749225927.014:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.117394][ T9391] EXT4-fs error (device loop5): ext4_dirty_inode:6039: inode #2: comm syz.5.1265: mark_inode_dirty error [ 456.179320][ T26] audit: type=1326 audit(1749225927.044:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.222706][ T9391] EXT4-fs error (device loop5): ext4_do_update_inode:5203: inode #2: comm syz.5.1265: corrupted inode contents [ 456.347102][ T9391] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.1265: mark_inode_dirty error [ 456.366323][ T26] audit: type=1326 audit(1749225927.044:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.450296][ T26] audit: type=1326 audit(1749225927.044:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.545120][ T26] audit: type=1326 audit(1749225927.044:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.703771][ T26] audit: type=1326 audit(1749225927.044:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 456.727238][ T26] audit: type=1326 audit(1749225927.044:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 457.305392][ T26] audit: type=1326 audit(1749225927.044:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 458.410370][ T26] audit: type=1326 audit(1749225927.064:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 458.519515][ T26] audit: type=1326 audit(1749225927.064:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb815b19929 code=0x7ffc0000 [ 458.998704][ T4217] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 459.163039][ T4217] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 459.437261][ T9414] loop1: detected capacity change from 0 to 1024 [ 459.656492][ T9414] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 459.666026][ T9414] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 459.696413][ T9414] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 459.836915][ T9414] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,nolazytime,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,nobarrier,,errors=continue. Quota mode: writeback. [ 460.883601][ T9428] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1268'. [ 461.035144][ T9432] 9pnet: Insufficient options for proto=fd [ 461.833124][ T9441] netlink: 'syz.3.1274': attribute type 4 has an invalid length. [ 461.935942][ T9443] loop6: detected capacity change from 0 to 1024 [ 462.132108][ T4217] lo speed is unknown, defaulting to 1000 [ 462.179988][ T9443] hfsplus: xattr search failed [ 463.008750][ T9443] hfsplus: xattr searching failed [ 463.064640][ T9443] hfsplus: xattr searching failed [ 463.566457][ T9443] hfsplus: b-tree write err: -5, ino 3 [ 467.454744][ T6045] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 467.592535][ T9482] loop1: detected capacity change from 0 to 128 [ 467.621075][ T6045] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 467.785263][ T9482] EXT4-fs (loop1): Test dummy encryption mode enabled [ 467.876007][ T9478] loop3: detected capacity change from 0 to 1024 [ 467.898281][ T9482] EXT4-fs (loop1): Test dummy encryption mode enabled [ 467.958069][ T9482] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 467.999042][ T9482] ext4 filesystem being mounted at /270/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 468.021645][ T9478] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 468.272249][ T9478] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 468.290559][ T9478] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 469.649410][ T9478] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,nolazytime,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,nobarrier,,errors=continue. Quota mode: writeback. [ 469.831491][ T9498] binder: BINDER_SET_CONTEXT_MGR already set [ 469.889895][ T9498] binder: 9495:9498 ioctl 4018620d 200000000040 returned -16 [ 470.240504][ T9504] loop2: detected capacity change from 0 to 128 [ 470.429242][ T9504] EXT4-fs (loop2): Test dummy encryption mode enabled [ 470.551759][ T9504] EXT4-fs (loop2): Test dummy encryption mode enabled [ 470.801720][ T9504] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 470.901403][ T9504] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 473.211182][ T9522] netlink: 277 bytes leftover after parsing attributes in process `syz.5.1291'. [ 473.935533][ T9522] loop5: detected capacity change from 0 to 512 [ 474.015240][ T9535] syz.1.1296[9535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 474.015341][ T9535] syz.1.1296[9535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 474.060633][ T9522] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 474.100122][ T9522] EXT4-fs (loop5): group descriptors corrupted! [ 475.609973][ T9559] loop5: detected capacity change from 0 to 128 [ 477.683057][ T9559] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrquota,acl,,errors=continue. Quota mode: writeback. [ 477.732057][ T9559] ext4 filesystem being mounted at /238/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 479.559629][ T9590] loop5: detected capacity change from 0 to 128 [ 479.580687][ T9587] siw: device registration error -23 [ 480.386828][ T9590] EXT4-fs (loop5): Test dummy encryption mode enabled [ 480.410597][ T9590] EXT4-fs (loop5): Test dummy encryption mode enabled [ 480.457687][ T9590] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 481.358262][ T9590] ext4 filesystem being mounted at /239/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 481.621040][ T9599] lo speed is unknown, defaulting to 1000 [ 481.638073][ T9599] lo speed is unknown, defaulting to 1000 [ 483.194456][ T9614] loop1: detected capacity change from 0 to 512 [ 485.146430][ T9614] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 485.558093][ T9614] EXT4-fs: failed to create workqueue [ 485.563608][ T9614] EXT4-fs (loop1): mount failed [ 487.212756][ T9671] loop6: detected capacity change from 0 to 128 [ 487.560285][ T1201] Bluetooth: Error in BCSP hdr checksum [ 487.620703][ T9671] EXT4-fs (loop6): Test dummy encryption mode enabled [ 487.641976][ T9671] EXT4-fs (loop6): Test dummy encryption mode enabled [ 487.664127][ T9662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1329'. [ 487.697338][ T9671] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 487.707908][ T6042] Bluetooth: hci5: command 0x1003 tx timeout [ 487.720153][ T4503] Bluetooth: Error in BCSP hdr checksum [ 487.720339][ T9671] ext4 filesystem being mounted at /155/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 487.786374][ T4179] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 490.306541][ T6042] Bluetooth: hci5: command 0x1001 tx timeout [ 490.326826][ T4179] Bluetooth: hci5: sending frame failed (-49) [ 490.452149][ T9692] loop2: detected capacity change from 0 to 128 [ 491.603414][ T9692] EXT4-fs (loop2): Test dummy encryption mode enabled [ 491.637611][ T9692] EXT4-fs (loop2): Test dummy encryption mode enabled [ 491.704322][ T9706] loop6: detected capacity change from 0 to 512 [ 491.892091][ T9692] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 491.907691][ T9692] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 493.119478][ T6045] Bluetooth: hci5: command 0x1009 tx timeout [ 493.369259][ T9706] EXT4-fs error (device loop6): __ext4_iget:4893: inode #14: block 1886221359: comm syz.6.1336: invalid block [ 494.129620][ T9706] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.1336: couldn't read orphan inode 14 (err -117) [ 494.270358][ T9706] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nodiscard,nouid32,journal_ioprio=0x0000000000000006,quota,,errors=continue. Quota mode: writeback. [ 494.369964][ T9706] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 494.555829][ T9726] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 494.741891][ T9731] loop2: detected capacity change from 0 to 256 [ 494.749543][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 495.292587][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 495.433199][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 495.547807][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 495.579427][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 495.617453][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 495.630291][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 497.978296][ T9756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1349'. [ 498.012653][ T4294] Bluetooth: hci6: Frame reassembly failed (-84) [ 498.731435][ T9223] Bluetooth: Error in BCSP hdr checksum [ 498.990492][ T4294] Bluetooth: Error in BCSP hdr checksum [ 499.146532][ T6042] Bluetooth: hci2: command 0x0406 tx timeout [ 499.265749][ T9223] Bluetooth: Error in BCSP hdr checksum [ 500.167538][ T4179] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 500.186623][ T9] Bluetooth: Error in BCSP hdr checksum [ 500.842682][ T6042] Bluetooth: hci5: command 0x1003 tx timeout [ 500.848884][ T4179] Bluetooth: hci5: sending frame failed (-49) [ 501.309974][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.316741][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.645062][ T9783] loop2: detected capacity change from 0 to 128 [ 502.039903][ T9783] EXT4-fs (loop2): Test dummy encryption mode enabled [ 502.102397][ T9783] EXT4-fs (loop2): Test dummy encryption mode enabled [ 502.143683][ T9788] loop3: detected capacity change from 0 to 512 [ 502.198664][ T9783] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 502.282224][ T9788] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1355: bg 0: block 248: padding at end of block bitmap is not set [ 502.345129][ T9783] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 502.396708][ T9788] __quota_error: 21 callbacks suppressed [ 502.396725][ T9788] Quota error (device loop3): write_blk: dquota write failed [ 502.479096][ T9788] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 504.518260][ T4245] Bluetooth: hci5: command 0x1001 tx timeout [ 504.524461][ T4179] Bluetooth: hci5: sending frame failed (-49) [ 504.626677][ T9788] EXT4-fs error (device loop3): ext4_acquire_dquot:6204: comm syz.3.1355: Failed to acquire dquot type 1 [ 504.722619][ T9788] EXT4-fs (loop3): 1 truncate cleaned up [ 504.782089][ T9788] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 504.851510][ T9788] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 505.016617][ T9807] tipc: Enabled bearer , priority 10 [ 505.080500][ T9808] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 505.154927][ T4503] Quota error (device loop3): remove_tree: Getting block too big (0 >= 6) [ 505.170542][ T4503] EXT4-fs error (device loop3): ext4_release_dquot:6240: comm kworker/u4:10: Failed to release dquot type 1 [ 505.224393][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 505.286847][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 505.347875][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 505.417807][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 505.428600][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 505.448037][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 505.507475][ T9809] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 505.664928][ T9815] loop6: detected capacity change from 0 to 512 [ 505.749462][ T9815] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 506.037250][ T9815] EXT4-fs (loop6): 1 truncate cleaned up [ 506.121944][ T9815] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 506.136341][ T4531] tipc: Node number set to 2379971270 [ 506.587924][ T4245] Bluetooth: hci5: command 0x1009 tx timeout [ 506.730832][ T9820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1365'. [ 506.828868][ T9815] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1364'. [ 506.861140][ T9815] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1364'. [ 508.590504][ T9840] loop3: detected capacity change from 0 to 512 [ 509.539739][ T9848] loop6: detected capacity change from 0 to 128 [ 509.587489][ T9850] loop2: detected capacity change from 0 to 512 [ 509.632238][ T9848] EXT4-fs (loop6): Test dummy encryption mode enabled [ 509.658717][ T9840] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 509.698536][ T9848] EXT4-fs (loop6): Test dummy encryption mode enabled [ 509.819967][ T9840] EXT4-fs (loop3): 1 truncate cleaned up [ 509.833938][ T9848] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none. [ 509.866889][ T9840] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 509.889398][ T9850] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1372: bg 0: block 248: padding at end of block bitmap is not set [ 509.896033][ T9855] delete_channel: no stack [ 509.932808][ T9848] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 509.962878][ T9850] Quota error (device loop2): write_blk: dquota write failed [ 510.000201][ T9850] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 510.000917][ T9850] EXT4-fs error (device loop2): ext4_acquire_dquot:6204: comm syz.2.1372: Failed to acquire dquot type 1 [ 510.177517][ T9850] EXT4-fs (loop2): 1 truncate cleaned up [ 510.195898][ T9850] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 510.681192][ T9861] loop5: detected capacity change from 0 to 512 [ 510.744756][ T9840] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1379'. [ 510.754616][ T9850] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 510.807885][ T9840] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1379'. [ 510.912375][ T9850] tipc: Failed to obtain node identity [ 510.937762][ T9850] tipc: Enabling of bearer rejected, failed to enable media [ 511.009904][ T9861] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,min_batch_time=0x000000000000002f,dioread_lock,,errors=continue. Quota mode: writeback. [ 511.215313][ T9861] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 511.518181][ T9872] bridge4: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 511.686544][ T1201] Quota error (device loop2): remove_tree: Getting block too big (0 >= 6) [ 511.695714][ T1201] EXT4-fs error (device loop2): ext4_release_dquot:6240: comm kworker/u4:3: Failed to release dquot type 1 [ 511.717927][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 512.220798][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 512.712178][ T9878] loop1: detected capacity change from 0 to 512 [ 512.747006][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 512.891553][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 512.971054][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 513.504308][ T9874] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 513.961354][ T9878] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1391: bg 0: block 248: padding at end of block bitmap is not set [ 514.107658][ T9878] Quota error (device loop1): write_blk: dquota write failed [ 514.115127][ T9878] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 515.376767][ T9878] EXT4-fs error (device loop1): ext4_acquire_dquot:6204: comm syz.1.1391: Failed to acquire dquot type 1 [ 515.829980][ T9903] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1384'. [ 515.927306][ T9878] EXT4-fs (loop1): 1 truncate cleaned up [ 515.935567][ T9878] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 515.947861][ T9878] ext4 filesystem being mounted at /286/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 516.776606][ T9901] netlink: 'syz.2.1386': attribute type 1 has an invalid length. [ 516.913766][ T9920] loop5: detected capacity change from 0 to 512 [ 518.114474][ T9920] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 518.242985][ T9931] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 519.789530][ T9938] netlink: 'syz.6.1403': attribute type 10 has an invalid length. [ 519.815769][ T9920] EXT4-fs (loop5): 1 truncate cleaned up [ 519.829025][ T9920] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 520.281998][ T9920] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1387'. [ 520.302667][ T9920] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1387'. [ 520.758374][ T9956] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 520.841669][ T9955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1406'. [ 520.857820][ T9962] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 521.284741][ T9955] tipc: Resetting bearer [ 521.367956][ T9962] loop2: detected capacity change from 0 to 512 [ 521.387159][ T9955] tipc: Disabling bearer [ 521.462302][ T9955] team0 (unregistering): Port device team_slave_0 removed [ 521.487763][ T9955] team0 (unregistering): Port device team_slave_1 removed [ 521.521892][ T9962] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,min_batch_time=0x000000000000002f,dioread_lock,,errors=continue. Quota mode: writeback. [ 521.541587][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 521.562489][ T9962] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 521.583260][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 521.647042][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 521.660324][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 521.684175][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 521.709577][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 521.728795][ T9961] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 522.976397][ T9988] netlink: 'syz.3.1402': attribute type 1 has an invalid length. [ 523.155049][ T9988] 8021q: adding VLAN 0 to HW filter on device bond2 [ 524.048107][ T9989] 8021q: adding VLAN 0 to HW filter on device bond2 [ 524.179540][ T9989] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 524.191216][ T9989] bond2: (slave vxcan3): Error -22 calling dev_set_mtu [ 525.493384][ T9995] loop6: detected capacity change from 0 to 8192 [ 525.543248][ T9990] device gretap1 entered promiscuous mode [ 525.569449][ T9990] bond2: (slave gretap1): making interface the new active one [ 525.629362][ T9990] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 525.667862][ T9999] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1405'. [ 529.660290][T10054] siw: device registration error -23 [ 531.597333][T10079] loop3: detected capacity change from 0 to 256 [ 531.686759][T10079] FAT-fs (loop3): Directory bread(block 64) failed [ 531.917250][T10079] FAT-fs (loop3): Directory bread(block 65) failed [ 531.923922][T10079] FAT-fs (loop3): Directory bread(block 66) failed [ 532.010033][T10079] FAT-fs (loop3): Directory bread(block 67) failed [ 532.027491][T10079] FAT-fs (loop3): Directory bread(block 68) failed [ 532.102582][T10079] FAT-fs (loop3): Directory bread(block 69) failed [ 532.728942][T10079] FAT-fs (loop3): Directory bread(block 70) failed [ 532.735544][T10079] FAT-fs (loop3): Directory bread(block 71) failed [ 532.828476][T10079] FAT-fs (loop3): Directory bread(block 72) failed [ 532.848090][T10079] FAT-fs (loop3): Directory bread(block 73) failed [ 533.363819][ T26] audit: type=1800 audit(1749226004.274:218): pid=10100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1431" name="file1" dev="loop3" ino=1048637 res=0 errno=0 [ 534.109514][T10103] loop6: detected capacity change from 0 to 128 [ 534.198077][T10103] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 534.269603][T10103] ext4 filesystem being mounted at /181/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 539.148317][T10162] overlayfs: failed to clone upperpath [ 544.190955][T10205] loop3: detected capacity change from 0 to 4096 [ 545.347572][T10225] loop1: detected capacity change from 0 to 512 [ 545.558243][T10225] EXT4-fs (loop1): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000009,,errors=continue. Quota mode: writeback. [ 545.579066][T10225] ext4 filesystem being mounted at /300/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 550.273226][ T7653] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 550.305891][ T7653] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 554.611459][ T1110] Bluetooth: hci1: command 0x0406 tx timeout [ 555.290615][T10342] device wg2 entered promiscuous mode [ 563.098045][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.104368][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.341450][T10459] syz.3.1531 (10459): drop_caches: 2 [ 571.177754][T10496] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1548'. [ 571.381661][T10501] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1550'. [ 572.157708][ T26] audit: type=1326 audit(1749226043.094:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.2.1544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e69f7929 code=0x7fc00000 [ 572.255431][ T26] audit: type=1326 audit(1749226043.094:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.2.1544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f62e69f7929 code=0x7fc00000 [ 577.380359][T10565] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 581.049428][T10612] netlink: 'syz.5.1581': attribute type 10 has an invalid length. [ 581.735163][T10619] loop6: detected capacity change from 0 to 64 [ 586.967347][T10682] delete_channel: no stack [ 591.407601][T10741] binder: BINDER_SET_CONTEXT_MGR already set [ 591.416018][T10741] binder: 10740:10741 ioctl 4018620d 200000000040 returned -16 [ 596.574262][T10782] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1625'. [ 596.636742][T10782] bond0: (slave wlan1): Releasing backup interface [ 596.920143][T10796] loop6: detected capacity change from 0 to 512 [ 597.754361][T10796] EXT4-fs (loop6): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 597.833022][T10796] ext4 filesystem being mounted at /216/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 599.471497][T10796] EXT4-fs error (device loop6): ext4_do_update_inode:5203: inode #2: comm syz.6.1628: corrupted inode contents [ 599.509255][T10796] EXT4-fs error (device loop6): ext4_dirty_inode:6039: inode #2: comm syz.6.1628: mark_inode_dirty error [ 599.521307][T10815] delete_channel: no stack [ 599.548468][T10796] EXT4-fs error (device loop6): ext4_do_update_inode:5203: inode #2: comm syz.6.1628: corrupted inode contents [ 599.649875][T10796] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #2: comm syz.6.1628: mark_inode_dirty error [ 599.669952][T10825] xt_ecn: cannot match TCP bits for non-tcp packets [ 601.100826][T10814] delete_channel: no stack [ 601.254792][T10880] loop6: detected capacity change from 0 to 256 [ 603.939127][T10880] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 604.829332][T10880] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 606.621794][T10913] loop3: detected capacity change from 0 to 512 [ 607.674484][T10913] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 607.718972][T10913] ext4 filesystem being mounted at /136/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 608.007691][T10913] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #2: comm syz.3.1650: corrupted inode contents [ 608.162741][T10913] EXT4-fs error (device loop3): ext4_dirty_inode:6039: inode #2: comm syz.3.1650: mark_inode_dirty error [ 608.447430][T10913] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #2: comm syz.3.1650: corrupted inode contents [ 608.705375][T10913] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.1650: mark_inode_dirty error [ 610.310673][T10951] netlink: 'syz.1.1662': attribute type 1 has an invalid length. [ 610.549155][ T26] audit: type=1326 audit(1749226081.484:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 611.157793][T10951] 8021q: adding VLAN 0 to HW filter on device bond2 [ 611.793923][ T26] audit: type=1326 audit(1749226081.484:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 611.865207][ T26] audit: type=1326 audit(1749226081.494:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 611.891219][ T26] audit: type=1326 audit(1749226081.494:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 611.998291][ T26] audit: type=1326 audit(1749226081.494:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 612.272581][ T26] audit: type=1326 audit(1749226081.494:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 613.669712][ T26] audit: type=1326 audit(1749226081.494:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 613.865334][T10990] loop1: detected capacity change from 0 to 512 [ 615.083577][T10990] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 615.273335][ T26] audit: type=1326 audit(1749226081.494:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 615.299654][T10990] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 615.404490][ T26] audit: type=1326 audit(1749226081.494:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 615.579386][ T26] audit: type=1326 audit(1749226081.504:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 615.825703][T10990] EXT4-fs error (device loop1): ext4_do_update_inode:5203: inode #2: comm syz.1.1670: corrupted inode contents [ 615.861348][ T26] audit: type=1326 audit(1749226081.504:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 615.892239][ T26] audit: type=1326 audit(1749226081.504:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 615.926607][T10990] EXT4-fs error (device loop1): ext4_dirty_inode:6039: inode #2: comm syz.1.1670: mark_inode_dirty error [ 616.080529][ T26] audit: type=1326 audit(1749226081.504:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 616.248974][T10990] EXT4-fs error (device loop1): ext4_do_update_inode:5203: inode #2: comm syz.1.1670: corrupted inode contents [ 616.705997][T10990] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.1670: mark_inode_dirty error [ 616.790746][ T26] audit: type=1326 audit(1749226081.504:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 616.815437][ T26] audit: type=1326 audit(1749226081.504:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa61a735290 code=0x7ffc0000 [ 616.838255][ T26] audit: type=1326 audit(1749226081.524:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 616.871112][ T26] audit: type=1326 audit(1749226081.524:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 616.939063][ T26] audit: type=1326 audit(1749226081.524:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa61a736929 code=0x7ffc0000 [ 616.969525][ T26] audit: type=1326 audit(1749226081.524:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10952 comm="syz.5.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa61a735290 code=0x7ffc0000 [ 617.730425][T11024] lo speed is unknown, defaulting to 1000 [ 617.770436][T11024] lo speed is unknown, defaulting to 1000 [ 618.070901][T11038] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1682'. [ 619.875296][ T6043] Bluetooth: hci3: command 0x0409 tx timeout [ 620.011842][T11054] loop3: detected capacity change from 0 to 512 [ 620.324288][T11054] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #16: comm syz.3.1687: corrupted inode contents [ 620.346789][T11054] EXT4-fs error (device loop3): ext4_dirty_inode:6039: inode #16: comm syz.3.1687: mark_inode_dirty error [ 620.747562][T11054] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #16: comm syz.3.1687: corrupted inode contents [ 620.895872][T11054] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #16: comm syz.3.1687: mark_inode_dirty error [ 621.136761][T11054] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #16: comm syz.3.1687: corrupted inode contents [ 621.179797][T11024] chnl_net:caif_netlink_parms(): no params data found [ 621.230834][T11054] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 621.266286][T11054] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #16: comm syz.3.1687: corrupted inode contents [ 621.297619][T11054] EXT4-fs error (device loop3): ext4_truncate:4273: inode #16: comm syz.3.1687: mark_inode_dirty error [ 622.016973][ T6042] Bluetooth: hci3: command 0x041b tx timeout [ 622.689461][T11054] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 622.878002][T11054] EXT4-fs (loop3): 1 truncate cleaned up [ 622.907137][T11054] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 622.932854][T11024] bridge0: port 1(bridge_slave_0) entered blocking state [ 623.113608][T11054] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 623.136737][T11024] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.145217][T11024] device bridge_slave_0 entered promiscuous mode [ 623.658405][T11087] overlayfs: failed to clone upperpath [ 623.692956][T11024] bridge0: port 2(bridge_slave_1) entered blocking state [ 623.734131][T11092] loop1: detected capacity change from 0 to 512 [ 623.873726][T11024] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.884734][T11024] device bridge_slave_1 entered promiscuous mode [ 624.065961][T11092] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 624.191630][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.198914][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.691406][ T6042] Bluetooth: hci3: command 0x040f tx timeout [ 625.188512][T11024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 625.200953][T11024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 625.225390][T11092] EXT4-fs (loop1): 1 truncate cleaned up [ 625.237269][T11092] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 626.142199][T11024] team0: Port device team_slave_0 added [ 626.295875][T11024] team0: Port device team_slave_1 added [ 627.070723][ T6043] Bluetooth: hci3: command 0x0419 tx timeout [ 627.152296][T11024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 627.188147][T11024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 627.272499][T11024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 627.297162][T11121] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1706'. [ 627.317074][T11122] bridge5: port 1(ip6gretap1) entered blocking state [ 627.323996][T11122] bridge5: port 1(ip6gretap1) entered disabled state [ 627.332340][T11122] device ip6gretap1 entered promiscuous mode [ 627.355198][T11024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 627.376261][T11024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 627.448205][T11024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 627.754249][T11121] device veth3 entered promiscuous mode [ 627.760053][T11121] bridge5: port 2(veth3) entered blocking state [ 627.766682][T11121] bridge5: port 2(veth3) entered disabled state [ 627.923549][T11024] device hsr_slave_0 entered promiscuous mode [ 627.975796][T11024] device hsr_slave_1 entered promiscuous mode [ 628.165553][T11024] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 628.196956][T11024] Cannot create hsr debugfs directory [ 629.912626][T11163] loop3: detected capacity change from 0 to 40427 [ 629.958857][T11024] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 629.986277][T11024] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.313036][T11163] F2FS-fs (loop3): invalid crc value [ 630.885590][T11181] loop1: detected capacity change from 0 to 256 [ 630.899571][T11163] F2FS-fs (loop3): Found nat_bits in checkpoint [ 630.940369][T11182] xt_l2tp: unknown flags: 17 [ 630.960210][T11163] F2FS-fs (loop3): Start checkpoint disabled! [ 631.046222][T11163] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 631.178668][T11024] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 631.382984][T11024] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.382960][T11187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1720'. [ 632.785181][T11024] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 632.802396][T11024] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.875520][T11024] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.042002][T11024] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.140406][T10867] attempt to access beyond end of device [ 633.140406][T10867] loop3: rw=2049, want=40976, limit=40427 [ 633.363287][T11024] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 633.400950][T11024] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 633.423014][T11024] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 633.460230][T11024] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 633.830089][T11024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.295105][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 634.368766][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 634.590161][T11024] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.637953][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 634.707038][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 634.917581][T10867] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.924804][T10867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.671577][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 635.726973][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 635.756811][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 635.805871][T11214] syz.3.1727 (11214): drop_caches: 2 [ 635.841519][T10867] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.848671][T10867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.885779][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 635.929480][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 635.972349][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 636.058655][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 636.099197][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 636.347187][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 636.458446][T11231] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 636.663618][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 636.824082][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 637.170972][T10867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 637.239202][T11024] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 637.390197][T11236] loop3: detected capacity change from 0 to 512 [ 637.518939][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 637.557762][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 637.831189][T11236] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,min_batch_time=0x000000000000002f,dioread_lock,,errors=continue. Quota mode: writeback. [ 638.196942][T11236] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 638.583021][ T9141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 638.601176][ T9141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 638.631602][T11024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.272658][T11267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 640.296301][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 640.325209][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 640.473018][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 640.490224][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 640.648613][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 640.656921][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 640.684933][T11024] device veth0_vlan entered promiscuous mode [ 641.732861][T11024] device veth1_vlan entered promiscuous mode [ 642.955147][T10873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 642.981255][T10873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 643.031165][T11024] device veth0_macvtap entered promiscuous mode [ 643.080181][T11024] device veth1_macvtap entered promiscuous mode [ 643.690605][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.740288][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.771531][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.816487][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.830663][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.841401][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.895504][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.908702][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.918893][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 643.929988][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 643.945691][T11024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 643.967369][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 644.266621][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 644.279266][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 644.300168][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.345737][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.385970][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.604650][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.607334][T11323] binder: 11322:11323 ioctl c0306201 2000000003c0 returned -14 [ 644.633163][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.673663][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.700361][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.713224][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.730156][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.742992][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.765607][T11024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.799471][T11024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.817414][T11024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 644.903805][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 644.927789][ T9223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 645.290169][T11327] netlink: 'syz.2.1756': attribute type 1 has an invalid length. [ 645.359059][T11024] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.388644][T11024] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.419688][T11024] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.459296][T11024] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.505993][T11328] device ip6erspan0 entered promiscuous mode [ 645.527460][T11334] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1757'. [ 646.331634][T11334] tipc: Resetting bearer [ 646.669147][T11334] tipc: Disabling bearer [ 646.800786][T11334] team0 (unregistering): Port device team_slave_0 removed [ 646.827603][T11334] team0 (unregistering): Port device team_slave_1 removed [ 647.246099][T10867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.263227][T10867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.384548][T11354] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 648.375294][T10873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 648.377093][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 648.423097][T10873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.417529][ T4503] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 649.898334][T11373] binder: 11371:11373 ioctl c0306201 2000000003c0 returned -14 [ 652.088407][T11390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1774'. [ 652.443987][T11395] loop1: detected capacity change from 0 to 32768 [ 652.608962][T11395] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 653.372993][T11390] team0 (unregistering): Port device team_slave_0 removed [ 654.089520][T11390] team0 (unregistering): Port device team_slave_1 removed [ 654.282738][ T4170] ocfs2: Unmounting device (7,1) on (node local) [ 655.846185][ C1] hrtimer: interrupt took 54116 ns [ 658.564771][T11472] binder: 11471:11472 ioctl c0306201 2000000003c0 returned -14 [ 662.061078][T11472] syz.6.1798 (11472): drop_caches: 2 [ 666.190507][T11566] binder: BINDER_SET_CONTEXT_MGR already set [ 666.210414][T11566] binder: 11565:11566 ioctl 4018620d 200000000040 returned -16 [ 666.246376][T11569] binder: 11565:11569 ioctl c0306201 2000000003c0 returned -14 [ 667.836483][T11566] syz.3.1836 (11566): drop_caches: 2 [ 669.541589][T11594] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 671.061611][T11617] loop3: detected capacity change from 0 to 8 [ 671.406950][T11625] loop6: detected capacity change from 0 to 40427 [ 671.462932][T11625] F2FS-fs (loop6): invalid crc value [ 671.499473][T11625] F2FS-fs (loop6): Found nat_bits in checkpoint [ 671.500031][T11617] SQUASHFS error: lzo decompression failed, data probably corrupt [ 671.542039][T11617] SQUASHFS error: Failed to read block 0x91: -5 [ 671.549635][T11625] F2FS-fs (loop6): Start checkpoint disabled! [ 671.564632][T11625] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 671.569230][T11617] SQUASHFS error: Unable to read metadata cache entry [8f] [ 671.593820][T11617] SQUASHFS error: Unable to read inode 0x11f [ 672.878546][T11617] loop3: detected capacity change from 0 to 64 [ 673.560723][ T4452] attempt to access beyond end of device [ 673.560723][ T4452] loop6: rw=2049, want=40968, limit=40427 [ 673.826325][ T4212] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 674.293467][ T4212] usb 4-1: device descriptor read/64, error -71 [ 674.311824][T11645] loop1: detected capacity change from 0 to 40427 [ 674.400322][T11645] F2FS-fs (loop1): invalid crc value [ 674.432586][T11645] F2FS-fs (loop1): Found nat_bits in checkpoint [ 674.479505][T11645] F2FS-fs (loop1): Start checkpoint disabled! [ 674.494064][T11645] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 674.625747][T11656] xt_connbytes: Forcing CT accounting to be enabled [ 674.633547][T11656] --map-set only usable from mangle table [ 675.248883][ T4212] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 675.701179][T11661] binder: 11660:11661 ioctl c0306201 2000000003c0 returned -14 [ 675.887751][ T9141] attempt to access beyond end of device [ 675.887751][ T9141] loop1: rw=2049, want=40968, limit=40427 [ 676.255754][T11671] loop6: detected capacity change from 0 to 2048 [ 676.365517][T11671] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 678.291407][T11686] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1867'. [ 678.683373][T11693] loop1: detected capacity change from 0 to 512 [ 678.726771][ T23] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 678.735477][ T23] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 678.744335][ T4212] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 679.068498][T11693] lo speed is unknown, defaulting to 1000 [ 679.075242][T11693] lo speed is unknown, defaulting to 1000 [ 679.634611][ T4212] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 679.674940][T11704] loop1: detected capacity change from 0 to 8 [ 679.706438][ T4212] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 679.719961][T11704] SQUASHFS error: lzo decompression failed, data probably corrupt [ 679.743060][T11704] SQUASHFS error: Failed to read block 0x91: -5 [ 679.755759][T11704] SQUASHFS error: Unable to read metadata cache entry [8f] [ 679.768495][T11704] SQUASHFS error: Unable to read inode 0x11f [ 681.784108][T11704] loop1: detected capacity change from 0 to 64 [ 683.643590][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 685.656779][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.663108][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.576578][T11809] xt_ecn: cannot match TCP bits for non-tcp packets [ 691.263106][T11795] overlayfs: failed to resolve './file1': -2 [ 692.036253][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 692.388885][T11827] overlayfs: failed to clone upperpath [ 692.652704][T11824] loop6: detected capacity change from 0 to 32768 [ 693.472872][T11824] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 694.579436][T11024] ocfs2: Unmounting device (7,6) on (node local) [ 695.324867][T11858] overlayfs: failed to clone upperpath [ 696.853890][ C0] ------------[ cut here ]------------ [ 696.860268][ C0] refcount_t: addition on 0; use-after-free. [ 696.866799][ C0] WARNING: CPU: 0 PID: 14 at lib/refcount.c:25 refcount_warn_saturate+0xff/0x1a0 [ 696.875957][ C0] Modules linked in: [ 696.879922][ C0] CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.185-syzkaller #0 [ 696.888037][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 696.898167][ C0] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 [ 696.904265][ C0] Code: 09 01 48 c7 c7 40 6b 59 8a e8 dd 27 bb 05 0f 0b eb e0 e8 04 42 9c fd c6 05 ae 8f 79 09 01 48 c7 c7 80 6a 59 8a e8 c1 27 bb 05 <0f> 0b eb c4 e8 e8 41 9c fd c6 05 93 8f 79 09 01 48 c7 c7 e0 6a 59 [ 696.924122][ C0] RSP: 0018:ffffc90000d376e8 EFLAGS: 00010246 [ 696.930268][ C0] RAX: a08ea6f6959bc100 RBX: 0000000000000002 RCX: ffff88813fea1dc0 [ 696.938285][ C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 [ 696.946383][ C0] RBP: ffffc90000d37850 R08: dffffc0000000000 R09: fffff520001a6e41 [ 696.954454][ C0] R10: fffff520001a6e41 R11: 1ffff920001a6e40 R12: ffff88807a078000 [ 696.962486][ C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 [ 696.970589][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 696.979570][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 696.986370][ C0] CR2: 0000001b31d1cff8 CR3: 000000000be8e000 CR4: 00000000003506f0 [ 696.994367][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 697.002395][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 697.010417][ C0] Call Trace: [ 697.013706][ C0] [ 697.016766][ C0] tipc_crypto_xmit+0x1949/0x2560 [ 697.021834][ C0] ? tipc_crypto_do_cmd+0xd60/0xd60 [ 697.027091][ C0] tipc_bearer_xmit_skb+0x228/0x3c0 [ 697.032503][ C0] ? tipc_bearer_min_mtu+0x190/0x190 [ 697.037850][ C0] tipc_disc_timeout+0x568/0x6b0 [ 697.042813][ C0] ? tipc_disc_create+0x920/0x920 [ 697.048068][ C0] ? tipc_disc_create+0x920/0x920 [ 697.053114][ C0] call_timer_fn+0x16c/0x530 [ 697.057770][ C0] ? tipc_disc_create+0x920/0x920 [ 697.063073][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 697.069200][ C0] ? __run_timers+0x7c0/0x7c0 [ 697.073913][ C0] ? rcu_is_watching+0x11/0xa0 [ 697.078724][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 697.083942][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 697.089245][ C0] ? tipc_disc_create+0x920/0x920 [ 697.094288][ C0] __run_timers+0x525/0x7c0 [ 697.098864][ C0] ? detach_timer+0x2b0/0x2b0 [ 697.103559][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 697.109620][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 697.114487][ C0] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 697.120530][ C0] run_timer_softirq+0x63/0xf0 [ 697.125335][ C0] handle_softirqs+0x328/0x820 [ 697.130177][ C0] ? run_ksoftirqd+0x98/0xf0 [ 697.134788][ C0] ? do_softirq+0x200/0x200 [ 697.139334][ C0] ? run_ksoftirqd+0x75/0xf0 [ 697.143932][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.149174][ C0] ? lockdep_hardirqs_off+0x70/0x100 [ 697.154483][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.159726][ C0] run_ksoftirqd+0x98/0xf0 [ 697.164161][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.169408][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 697.174804][ C0] ? smpboot_thread_fn+0x5bc/0x970 [ 697.179984][ C0] smpboot_thread_fn+0x4f6/0x970 [ 697.184955][ C0] kthread+0x436/0x520 [ 697.189071][ C0] ? cpu_report_death+0x180/0x180 [ 697.194115][ C0] ? kthread_blkcg+0xd0/0xd0 [ 697.198757][ C0] ret_from_fork+0x1f/0x30 [ 697.203207][ C0] [ 697.206270][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 697.213555][ C0] CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.185-syzkaller #0 [ 697.221635][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 697.231805][ C0] Call Trace: [ 697.235105][ C0] [ 697.238053][ C0] dump_stack_lvl+0x168/0x230 [ 697.242753][ C0] ? show_regs_print_info+0x20/0x20 [ 697.247974][ C0] ? load_image+0x3b0/0x3b0 [ 697.252518][ C0] panic+0x2c9/0x7f0 [ 697.256454][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 697.260992][ C0] ? ret_from_fork+0x1f/0x30 [ 697.265608][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 697.271091][ C0] __warn+0x248/0x2b0 [ 697.275089][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 697.280663][ C0] report_bug+0x1b7/0x2e0 [ 697.285013][ C0] handle_bug+0x3a/0x70 [ 697.289184][ C0] exc_invalid_op+0x16/0x40 [ 697.293956][ C0] asm_exc_invalid_op+0x16/0x20 [ 697.298812][ C0] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 [ 697.304892][ C0] Code: 09 01 48 c7 c7 40 6b 59 8a e8 dd 27 bb 05 0f 0b eb e0 e8 04 42 9c fd c6 05 ae 8f 79 09 01 48 c7 c7 80 6a 59 8a e8 c1 27 bb 05 <0f> 0b eb c4 e8 e8 41 9c fd c6 05 93 8f 79 09 01 48 c7 c7 e0 6a 59 [ 697.324597][ C0] RSP: 0018:ffffc90000d376e8 EFLAGS: 00010246 [ 697.330689][ C0] RAX: a08ea6f6959bc100 RBX: 0000000000000002 RCX: ffff88813fea1dc0 [ 697.338668][ C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 [ 697.346648][ C0] RBP: ffffc90000d37850 R08: dffffc0000000000 R09: fffff520001a6e41 [ 697.354630][ C0] R10: fffff520001a6e41 R11: 1ffff920001a6e40 R12: ffff88807a078000 [ 697.362609][ C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 [ 697.370611][ C0] ? refcount_warn_saturate+0xff/0x1a0 [ 697.376086][ C0] tipc_crypto_xmit+0x1949/0x2560 [ 697.381261][ C0] ? tipc_crypto_do_cmd+0xd60/0xd60 [ 697.386497][ C0] tipc_bearer_xmit_skb+0x228/0x3c0 [ 697.391721][ C0] ? tipc_bearer_min_mtu+0x190/0x190 [ 697.397039][ C0] tipc_disc_timeout+0x568/0x6b0 [ 697.402023][ C0] ? tipc_disc_create+0x920/0x920 [ 697.407072][ C0] ? tipc_disc_create+0x920/0x920 [ 697.412122][ C0] call_timer_fn+0x16c/0x530 [ 697.416726][ C0] ? tipc_disc_create+0x920/0x920 [ 697.421764][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 697.427763][ C0] ? __run_timers+0x7c0/0x7c0 [ 697.432460][ C0] ? rcu_is_watching+0x11/0xa0 [ 697.437243][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 697.442505][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 697.447742][ C0] ? tipc_disc_create+0x920/0x920 [ 697.452816][ C0] __run_timers+0x525/0x7c0 [ 697.457371][ C0] ? detach_timer+0x2b0/0x2b0 [ 697.462086][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 697.468113][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 697.472980][ C0] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 697.479019][ C0] run_timer_softirq+0x63/0xf0 [ 697.483842][ C0] handle_softirqs+0x328/0x820 [ 697.488619][ C0] ? run_ksoftirqd+0x98/0xf0 [ 697.493221][ C0] ? do_softirq+0x200/0x200 [ 697.497719][ C0] ? run_ksoftirqd+0x75/0xf0 [ 697.502400][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.507773][ C0] ? lockdep_hardirqs_off+0x70/0x100 [ 697.513085][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.518299][ C0] run_ksoftirqd+0x98/0xf0 [ 697.522729][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 697.527923][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 697.533293][ C0] ? smpboot_thread_fn+0x5bc/0x970 [ 697.538431][ C0] smpboot_thread_fn+0x4f6/0x970 [ 697.543373][ C0] kthread+0x436/0x520 [ 697.547434][ C0] ? cpu_report_death+0x180/0x180 [ 697.552447][ C0] ? kthread_blkcg+0xd0/0xd0 [ 697.557065][ C0] ret_from_fork+0x1f/0x30 [ 697.561483][ C0] [ 697.564780][ C0] Kernel Offset: disabled [ 697.569496][ C0] Rebooting in 86400 seconds..