last executing test programs: 44.525435013s ago: executing program 1 (id=736): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000840)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x14fe, &(0x7f0000002ac0)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZDzqcmWJElOOYX1XWrv7b//7f9l72/3/+xvz/27rnW9677Wc69nrfdm3ud5rjn80HlojUY1qzYgIvEvgd9eUoQQMUKIAUKIPEKIQAhRNr5s/JXxXApS/rWTsD/W42nXewXseuL6Z29c/+yN65+9cf2zN65/9sb1z964/tkb15+x7Gzz9II3ccu+7V9//h/z2ws/////EH/+Z29c//80p3P9M0dz/f+TXPbe/3MZXP/sjeufvXH9szeuf/bG9c/euP6MZWfX+/kzt+vbrve/P8YYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj2cM5f5UWQvylf73XxRhjjDHGGGOMsT+Oz3m9V8AYY4wxxhhjjLH/fSCkUEKLQOQQOUWMyCVixQ0iTtwocos8IiJuEvHiZpFX3CLyifyigCgoEkQhUVgYgcIKEqEoIoqKqLhVFBO3iURRXJQQJYUTpUSSuF2UFneIMuJOUVbcJcqJu0V5UUFUFJXEPaKyuFdUEfeJquJ+UU1UFzVETfGAqCUeFLXFQ6KOeFjUFY+IeuJRUV88JhqIx0VD8YRoJJ4UjcVTooloKpqJ5qLF/1X+a6K7eF30ED1Fiugleos3RB/RV/QT/cUA8aYYKN4Sg8TbYrAYIoaKd8Qw8a4YLt4TI8RIMUq8L0aLMWKsGCfGiwkiVXwgJooPxSTxkZgspoipYppIE9PFDPGxmClmidniEzFHfCrminlivlgg0sVnYqFYJDLE52Kx+EJkiiViqVgmlosVYqVYJVaLNWKtWCfWiw1io9gkNosvxRaxVWwT28UOsVPsErvFHrFX7BNfiSzx9T+Zf/a/5XcBAQIkSNCgIQfkgBiIgViIhTiIg9yQGyIQgXiIh7yQF/JBPigABSABEqAwFAYEBAKCIlAEohCFYlAMEiERSkAJcOAgCZKgNNwBZaAMlIWyUA7KQXmoABWgElSCylAZqkAVqApVoRpUgxpQAx6AB+BBqA21oQ7UgbpQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBZtAMWkALaAktoRW0gjbQBtpCW2gH7SAZkqE9tIcO0AE6QkfoBJ2gM3SGLtAVusJr8Bq8Dq9DT6gme0Fv6A19oA/0g/7QH96EgfAWvAVvw2AYAkPhHXgH3oXhcAZGwEgYBaOgshwDY2EckJwAqZAKE2EiTIJJMBmmwBSYBmkwHWbADJgJs2AWfAJz4FP4FObBPFgA6ZAOC2ERZEAGLIazkAlLYCksg+WwApbDKlgNq2AtrIO1sAE2wCbYBF/Cl7AVtsJ22A47YSfsht2wF/bCYMiCLNgP++EAHICDcBAOwSE4DIfhCByBo3AUjsExOA4n4CScgNNwGs7AWTgH5+ACXICLcBEuw+Ur//nlFVpqmUPmkDEyRsbKWBkn42RumVtGZETGy3iZV+aV+WQ+WUAWkAkyQRaWhSVKlCRDWUQWkVEZlcVkMZkoE2UJWUI66WSSTJKlZWlZRpaRZeVdspy8W5aXFWRrV0lWkpVlG1dF3ieryqqymqwua8iasqasJWvJ2rK2rCPryLqyrqwnH5X1ZS/oB4/LK5VpJIdAYzkUmsimsplsLt+Fp2VLORxaydayjXxWjoQR0E62dMnyBdlejoUO8iU5Dl6WneQE6CxflV1kV9lNvia7y1auh+wpJ0Mv2VtOgz6yr+wn+8uZUF1eqVgN+bYcLIfIofIduQDelcPle3KEHClHyfflaDlGjpXj5Hg5QabKD+RE+aGcJD+Sk+UUOVVOk2lyupwhP5Yz5Sw5W34i58hP5Vw5T86XC2S6/EwulItkhvxcLpZfyEy5RC6Vy+RyuUKulKvkarlGrpXr5Hq5QW6Um+Rm+aXcIrfKbXK73CF3yl1yt9wj98p98iuZJb+W++Wf5AH5jTwov5WH5HfysPxeHpE/yKPyR3lM/iSPyxPypDwlT8uf5Rl5Vp6T5+UF+Yu8KC/Jy9JLoUBJpZRWgcqhcqoYlUvFqhtUnLpR5VZ5VETdpOLVzSqvukXlU/lVAVVQJahCqrAyCpVVpEJVRBVVUXWrKqZuU4mquCqhSiqnSqkkdbsqre5QZdSdqqy6S5VTd6vyqoKqqCqpe1Rlda+qou5TVdX9qpqqrmqomuoBVUs9qGqrh1Qd9bCqqx5R9dSjqr56TDVQj6uG6gnVSD2pGqunVBPVVDVTzVUL9bRqqZ5RrVRr1UY9q9qq51Q79bxKVi+o9upF1UG9pDqql1Un9YrqrF5VXVRX1U1dUpeVVz1UT5Wieqne6g3VR/VV/VR/NUC9qQaqt9Qg9bYarIaooeodNUy9q4ar99QINVKNUu+r0WqMGqvGqfFqgkpVH6iJ6kM1SX2kJqspaqqaptLUdNXvzzPN/gfyP/w7+YN+PfsmtVl9qbaorWqb2q52qJ1ql9ql9qg9ap/ap7JUltqv9qsD6oA6qA6qQ+qQOqwOqyPqiDqqjqpj6pg6rk6o8+qUOq1+VmfUWXVWnVcX1AV18c/vgdCgpVZa60Dn0Dl1jM6lY/UNOk7fqHPrPDqib9Lx+madV9+i8+n8uoAuqBN0IV1YG43aatKhLqKL6qi+VRfTt+lEXVyX0CW106V0kr79X86/1vpa6Ba6pW6pW+lWuo1uo9vqtrqdbqeTdbJur9vrDrqD7qg76k66k+6sO+suuovuprvp7rq79kKIFJ2ie+s3dB/dV/fT/fUA/aYeqAfqQXqQHqwH66F6qB6mh+nhergeoUfoUXqUHq1H67F6rB6vx+tUnaon6ol6kp6kJ+vJeqqeqtN0mp6hZ+iZeqaerWfrOXqOnqvn6vl6vk7X6XqhXqgzdIZerBfrTL1EL9HL9DK9Qq/Qq/QqvUav0ev0Or1Bb9CZ+i/foLlNb9M79A69S+/Se/QevU/v01k6S+/X+/UBfUAf1Af1IX1IH9aH9RF9RB/VR/UxfUwf18f1SX1Sn9an9Rl9Rp/T5/QFfUFf1Bf1ZX35ymVfIAMZ6EAHOYIcQUwQE8QGsUFcEBfkDnIHkSASxAfxQd7gliBfkD8oEBQMEoJCQeHABBjYgIIwKBIUDaLBrUGx4LYgMSgelAhKBi4oFSQFtwelgzuCMsGdQdngrqBccHdQPqgQVAwqBfcElYN7gyrBfUHV4P6gWlA9qBHUDB4IagUPBrWDh4I6wcNB3eCRoF7waFA/eCxoEDweNAyeCBoFTwaNg6eCJkHToFnQPGjxh87v/Zn8z7gepqdJMb1Mb/OG6WP6mn6mvxlg3jQDzVtmkHnbDDZDzFDzjhlm3jXDzXtmhBlpRpn3zWgzxow148x4M8Gkmg/MRPOhmWQ+MpPNFDPVTDNpZrqZYT42M80sM9t8YuaYT81cM8/MNwtMuvnMLDSLTIb53Cw2X5hMs8QsNcvMcrPCrDSrzGqzxqw168x6s8FsNJvMZvOl2WK2mm1mu9lhdppdZrfZY/aafeYrk2W+NvvNn8wB8405aL41h8x35rD53hwxP5ij5kdzzPxkjpsT5qQ5ZU6bn80Zc9acM+fNBfOLuWgumcvGX7m4v/Lxjho15sAcGIMxGIuxGIdxmBtzYwQjGI/xmBfzYj7MhwWwACZgAhbGwngFIWERLIJRjGIxLIaJmIglsAQ6dJiESVgaS2MZLINlsSyWw3JYHstjRbxyP3IP3ov34n14H96P92N1rI41sSbWwlpYG2tjHayDdbEu1sN6WB/rYwNsgA2xITbCRtgYG2MTbILNsBm2wBbYEltiK2yFbbANtsW22A7bYTImY3tsjx2wA3bEjtgJO2Fn7IxdsAt2w27YHbtjD+yBKZiCvbE39sE+2A/74QAcgANxIA7CQTgYB+NQHIrDcBgOx+E4AkfiKHwfR+MYHIvjcDxOwFRMxYk4ESfhJJyMk3EqTsU0TMMZOANn4kycjbNxDs7BuTgX5+N8TMd0XIgLMQMzcDEuxkzMxKW4FJfjclyJK3E1rsa1uBbX43rciBtxM27GLbgFt+E23IE7cBfuwj24B/fhPszCLNyP+/EAHsCDeBAP4SE8jIfxCB7Bo3gUj+ExPI7H4SSexNN4Gs/gGTyH5/AC/oIX8RJeRo8xNpeNtTfYOHujzW3z2Bibq6cQ4q9xAVvQJthCtrA1Np/N/zcxWmsTbXFbwpa0zpaySfb238XlbQVb0Vay99jK9l5b5XdxLfugrW0fsnXsw7amfeBv4rr2EVvPPmnr26dsA9vUNrTNbSP7pG1sn7JNbFPbzDa3be1ztp193ibbF2x7++Lv4oV2kV1t19i1dp3dY/fac/a8PWJ/sBfsL7aH7WkH2DftQPuWHWTftoPtkN/Fo+z7drQdY8facXa8nfC7eKqdZtPsdDvDfmxn2lm/i9PtZ3aOzbBz7Tw73y74Nb6ypgz7uV1sv7CZdoldapfZ5XaFXWlX/XWty+wGu9FusrvsbrvFbrXb7Ha7w+78Nb6yj332K5tlv7aH7ff2gP3GHrRH7SH73a/xlf0dtT/aY/Yne9yesCftKXva/mzP2LO/7v/K3k/ZS/ay9VYQkCRFmgLKQTkphnJRLN1AcXQj5aY8FKGbKJ5uprx0C+Wj/FSAClICFaLCZAjJElFIRagoRelWKka3USIVpxJUkhyVoiS6nUrTHVSG7qSydBeVo7upPFWgilSJ7qHKdC9VofuoKt1P1ag61aCa9ADVogepNj1EdehhqkuPUD16lOrTY9SAHqeG9AQ1oiepMT1FTagpNaPm1IKeppb0DLWi1tSGnqW29By1o+cpmV6g9vQidaCXqCO9TJ3oFepMr1IX6krd6DXqTq9TD+pJKdSLetMb1If6Uj/qTwPoTRpIb9EgepsG0xAaSu/QMHqXhtN7NIJG0ih6n0bTGBpL42g8TaBU+oAm0oc0iT6iyTSFptI0SqPpNIM+ppk0i2bTJzSHPqW5NI/m0wJKp89oIS2iDPqcFtMXlElLaCkto+W0glbSKlpNa2gtraP1tIE20ibaTF/SFtpK22g77aCdtIt20x7aS/voK8qir2k//YkO0Dd0kL6lQ/QdHabv6Qj9QEfpRzpGP9FxOkEn6RSdpp/pDJ2lc3SeLtAvdJEu0WXyJEIIZahCHQZhjjBnGBPmCmPDG8K48MYwd5gnjIQ3hfHhzWHe8JYwX5g/LBAWDBPCQmHh0IQY2pDCMCwSFg2j4a1hsfC2MDEsHpYIS4YuLBUmhbeHpcM7wjLhnWHZ8K6wXHh3WD6sEFYMK4X3hJXDe8Mq4X1h1fD+sFpYPawR1gwfCGuFD4a1w4fCOuHDYZnwkbBe+GhYP3wsbBA+HjYMnwgbhU+GjcOnwiZh07BZ2DxsET4dtgyfCVuFrcM24bNh2/C5sF34fJgcvhC2D1+85nhK2CvsHb4RvhF6/5CaH10QTY9+Fl0YXRTNiH4eXRz9IpoZXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U9b5mTuHASaecdoHL4XK6GJfLxbobXJy70eV2eVzE3eTi3c0ur7vF5XP5XQFX0CW4Qq6wMw6ddeRCV8QVdVF3qyvmbnOJrrgr4Uo650q5JNfctXAtXEv3jGvlWrs27ln3rHvOPeeed8+7F1x796Lr4F5yHd3LrpN7xb3iXnVdXFfXzb3murvXXQ/X06W4FNfb9XZ9XB/Xz/VzA9wAN9ANdIPcIDfYDXZD3VA3zA1zw91wN8KNcKPcKDfajXZj3Vg33o13qS7VTXQT3SQ3yU12k91UN9WluTQ3w81wM91MN9vNdnPcHDfXzXXz3XyX7tLdQrfQZbgMt9gtdpku0y11S91yt9ytdCvdarfarXVr3Xq33m10G91mt9ltcVvcNrfN7XA73C63y+1xe9w+t89luSy33+13B9wBd9B96w6579xh97074n5wR92P7pj7yR13J9xJd8qddj+7M+6sO+fOuwvuF3fRXXKXnXepkQ8iEyMfRiZFPopMjkyJTI1Mi6RFpkdmRD6OzIzMisyOfBKZE/k0MjcyLzI/siCSHvkssjCyKJIR+TyyOPJFJDOyJLI0siyyPLIi4n2hLaEv4ov6qL/VF/O3+URf3JfwJb3zpXySv92X9nf4Mv5OX9bf5cv5u315X8FX9E/5Jr6pb+ab+xb+ad/SP+Nb+da+jX/Wt/XP+Xb+eZ/sX/Dt/Yu+g3/Jd/Qv+07+Fd/Zv+q7+K6+m3/Nd/ev+x6+p0/xvXxv/4bv4/v6fr6/H+Df9AP9W36Qf9sP9kP8UP+OH+bf9cP9e36EH+lH+ff9aD/Gj/Xj/Hg/waf6D/xE/6Gf5D/yk/0UP9VP82l+up/hP/Yz/Sw/23/i5/hP/Vw/z8/3C3y6/8wv9It8hv/cL/Zf+Ey/xC/1y/xyv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xm/6Xf4rf6bX673+F3+l1+t9/j9/p9/iuf5b/2+/2f/AH/jT/ov/WH/Hf+sP/eH/E/+KP+R3/M/+SP+xP+pD/lT/uf/Rl/1p/z5/0F/4u/6C/5y/wza4wxxhhj/xB1jfFe/0OO/HO/txDixq0FD/338fX5fuv3zZnQNiKEeKFn58f/0qpVS0lJ+fOxmUoERecJISJX83OIq/ES0UY8J5JFa1H6r+Mx/+VcfWXXC3SN+aN3CRH7NzuAv8ZX57/j7+6/rxwz55rzzxMisejVnFzianx1/jL/w/z5W15j/lzfpArR6r/kxImr8dX5k8Qz4kWR/DdHMsYYY4wxxhhjv+krK3a81v3tlfvzBH01J6e4Gv+9+3PGGGOMMcYYY4z9e3m5a7fnn05Obt2RO/9bHZ/nt7f632U93OHOP9C53l+ZGGOMMcYYY3+0qxf913sljDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZY9vX/4teJ/eVc1/pbg4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxth/qv8TAAD//3iQOws=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) write$FUSE_WRITE(r4, &(0x7f00000000c0)={0x18}, 0xfffffdef) write$binfmt_misc(r4, &(0x7f0000000140)={'syz0'}, 0x4) 12.429353063s ago: executing program 2 (id=801): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000010000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='io_uring_link\x00', 0xffffffffffffffff, 0x0, 0x5f06df59}, 0x18) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 12.321933922s ago: executing program 3 (id=803): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x30000c0, &(0x7f0000000840)=ANY=[@ANYBLOB="7175f46965742c63726561746f723dd4675f162c756d61736b3d30303030303030303030303030303030303030303031302c756d61736b3d30303030303030303030303030303030303030343030302c636f6465706167653d63703933362c00"], 0x11, 0x2b6, &(0x7f0000000200)="$eJzs3U9rE0EYx/HfbNI22lK3tiJ4rBb0Ilov4iUieRGeRG0iFENFrfjnVMWTiN69+xZ8EV4U34CePPkC6mllZifZJLvZTUOTber3Aw2b7D47z2T/zDyBsgLw37rV+Pn52m/7Z6SKKtK7G1IgqSZVJZ3R2dqznd3t3Xarmbejiouwf0ZxpElts7XTygq1cS7CC+27qpZ6P8NkRFF081fZSaB07urPEEgL/up062tTzyzf6zHj9g45j1lj9rWvF1ouOw8AQLn8+B/4cX7Jz9+DQNrww/6RHP/HtV92AhMX5a7tGf9dlRUZe3xPuVVJvedKOLs+6FSJo7Q8N/B+XvGZ1TfBNEVVpcslOPFgu926vPWo3Qz0RnWvZ7M199qMT92OgmzXM2rTHCP03WTPKBddH+ZsHzbj/J9L6st/dcwWx2a+mu/mjgn1Sc3u/K8aGXuY3JEKB45UnP+V4Xt0vQztVvK3jXq9HvRtsuIaOedb8Ap6WcuuSNQ5o1bU/wNBWJSnizo9EBX37mpB1Gpm1Gbn3ZCotb4o25vu2Ty8vUkzH8xts64/+qJGz/w/sPltKPfKTK4asxEPBe4bj/szn91c1e0zTI0c6cul+y0uDEv9b/49DQfwXvd1XctPX756WGm3W0/swr2MhcdL3U/m3kqZ25S8oL3kkwVFTmrjzqA0zcQuHeoO7f2jcGN7lR2Jg3KsFxrfpnsilbFQ8v0JU5Ec9LIzQUnsvMvE9V9Sr1TjyZ59CTPn6SP+EOD3GNk5dreCS2KjeEYu6eSBKrjF4RVcuuZK1Yyu5jp/Uboweouhz/OYMA390F1+/wcAAAAAAAAAAAAAAAAAAJg10/h3grL7CAAAAAAAAAAAAAAAAAAAAADArOs+/1ed5/9qtOf/Dj6K5TCf//txRzz/F5i8fwEAAP//FZd8vg==") 10.981135806s ago: executing program 3 (id=806): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b40), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000005c00000008000300", @ANYRES32=r0], 0x24}}, 0x0) 10.771779646s ago: executing program 1 (id=737): pipe(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x7) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ftruncate(0xffffffffffffffff, 0xee72) lseek(0xffffffffffffffff, 0x5, 0x4) 10.692497283s ago: executing program 3 (id=808): r0 = socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000001840)={0x2020}, 0x2020) preadv2(r4, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x1, 0x2b, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r6}) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) utime(0x0, &(0x7f00000004c0)={0x6, 0x2}) syz_open_procfs(0x0, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) 8.834206224s ago: executing program 3 (id=811): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 8.783236069s ago: executing program 1 (id=812): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket(0x10, 0x3, 0x0) connect$unix(r0, &(0x7f0000000000)=@file={0x0, './cgroup.cpu/cgroup.procs\x00'}, 0x6e) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) openat$ptmx(0xffffffffffffff9c, 0x0, 0x40b80, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5423, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x8, 0x9, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x1f00, 0x12) 7.732746936s ago: executing program 1 (id=816): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r2, 0x4068aea3, &(0x7f00000000c0)={0xc1, 0x0, 0x1311d710d620bf97}) 7.388021858s ago: executing program 1 (id=820): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000b0000000c000580"], 0x20}}, 0x0) 7.185813157s ago: executing program 1 (id=821): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x20080e, &(0x7f0000000740)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug}, {@lazytime}, {@nombcache}, {@noload}]}, 0x3, 0x443, &(0x7f0000000a40)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQuFWp26AmSLSqICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckGMLDG05ckYldE/B4Ro7VsY4Hx2j83ly/P/r18eTaJSuXNv5JquRvLl2fzovn7duaZoYjCp0kcaFHvwsVLaYnShSw/uXjuvcmFi5eePXNu5nTpdOn89IkTx45OPX98+rmexJnGdWP/h/MH97369tXXZ09efefnb5M8/qY4emS808HHK5UeV9dfu+vSyVAfG0JXirVuGsPV/j8axVg9eaPxyid9bRywqSqVSuW+9oeXKsBdLIl+twDoj/yHPp3/5tsWDT3uCNdfrE2A0rhvZlvtyFAUsjLDTfPbXhqPiJNL/3yVbrE59yEAABp8n45/nmk1/itE/X2h/2drKGMRcU9E7ImI4xGxNyLujaiWvT8iHuiy/uZFkrXjn8K1DQW2Tun474Vsbatx/JeP/mKsmOV2V+MfTk6dKZeOZJ/J4RjeluanOtTxw8u/fd7uWP34L93S+vOxYNaOa0PbGt8zN7M4czsx17v+ccT+oVbxJysrAUlE7IuI/Rus48xT3xxsd+zW8XfQg3WmytcRT9TO/1I0xZ9LOq9PTv4vyqUjk/lVsdYvv155o139txV/D6Tnf0fL638l/rGktl57dqZcLl1Y6OZ///LJ9PXKH5+1ndNs9PofSd5q2PfBzOLihamIkeS1WqPr9083lZteLZ/Gf/hQ6/6/J1Y/iQMRkV7ED0bEQxHxcNb2RyLi0Yg41OFT+Omlx97dePybK41/rqvzv5oYieY9rRPFsz9+11DpWDfxp+f/WDV1ONuznu+/9bSr26sZAAAA/qsKEbErksLESrpQmJio/Q3/3thRKM8vLD59av7983O1ZwTGYriQ3+karbsfOpVN6/P8dFP+aHbf+Ivi9mp+Yna+PNfv4GHA7WzT/1N/FvvdOmDTeV4LBpf+D4NL/4fBpf/D4GrR/7f3ox3A1mv1+/9RH9oBbL2m/m/ZDwaI+T8Mro30f98ZcHfo2JdHtq4dwJZa2B63fkheQmJNIgp3RDMkNinR728mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3vg3AAD//5US5f8=") mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0x8, &(0x7f0000001480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet(0x2, 0x2, 0x6) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x4c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1}) chdir(&(0x7f0000000300)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 6.204754307s ago: executing program 2 (id=822): pipe(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x7) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f00000001c0), 0x1, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") ftruncate(0xffffffffffffffff, 0xee72) lseek(0xffffffffffffffff, 0x5, 0x4) 4.271907555s ago: executing program 3 (id=823): mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x18502, &(0x7f0000001b80)=ANY=[], 0x1, 0x11f3, &(0x7f0000000980)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x4000000000010046) 4.074883193s ago: executing program 2 (id=824): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$inet6(r1, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x2}], 0x1}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}}], 0x4000070, 0x8000) recvmmsg(r1, &(0x7f0000002500)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000400)=""/34, 0x22}, {&(0x7f00000018c0)=""/162, 0xa2}], 0x2}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000380)=""/8, 0x8}, {0x0}, {&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000840)=""/209, 0xd1}, {&(0x7f00000006c0)=""/3, 0x3}, {&(0x7f0000000940)=""/184, 0xb8}, {&(0x7f0000000a00)=""/79, 0x4f}, {&(0x7f0000000a80)=""/196, 0xc4}, {&(0x7f0000001f80)=""/255, 0xff}], 0x9}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000d40)=""/129, 0x81}], 0x1}}, {{&(0x7f00000005c0)=@caif=@rfm, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/214, 0xd6}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001140)=""/192, 0xc0}, {0x0}, {&(0x7f00000013c0)=""/65, 0x41}, {&(0x7f0000001440)=""/233, 0xe9}], 0x4, &(0x7f00000015c0)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f00000016c0)}}, {{&(0x7f0000000300)=@nl, 0x80, &(0x7f0000002080)=[{&(0x7f0000000280)=""/21, 0x15}], 0x1}, 0x7f}, {{0x0, 0x0, &(0x7f0000002400), 0x0, &(0x7f0000002480)=""/99, 0x63}, 0x9}], 0x8, 0x0, 0x0) 3.792145399s ago: executing program 4 (id=825): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 3.56821996s ago: executing program 4 (id=826): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@private1, 0x800, 0x0, 0x103, 0x1}, 0x20) mount$bpf(0x0, 0x0, 0x0, 0x820028, &(0x7f0000000300)=ANY=[@ANYBLOB='mode=00000000000000000001000,mode=00000000000000000000002,mode=00000000000000000000000,mode=00000000000000000000005,mode=00000000000000000000377,mode=00000000000\r00000000006,measure,appr', @ANYRESDEC=0x0]) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet6(r0, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x4e21, 0x80000, @local}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="120000000000000029000000"], 0x18}, 0x0) 3.529307024s ago: executing program 2 (id=827): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket(0x10, 0x3, 0x0) connect$unix(r0, &(0x7f0000000000)=@file={0x0, './cgroup.cpu/cgroup.procs\x00'}, 0x6e) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) openat$ptmx(0xffffffffffffff9c, 0x0, 0x40b80, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5423, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x8, 0x9, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x1f00, 0x12) 3.324039363s ago: executing program 4 (id=828): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x4810, &(0x7f0000000540)=ANY=[@ANYRES8=r0, @ANYRESHEX, @ANYRES32], 0x11, 0x6a0, &(0x7f0000004200)="$eJzs3c1vHGcdB/DvrNcvm0qO26ZpQJUwjVRQIxI7VgrhkoAQClKFqnDgbDVOY8VJg+OitAfiAhJXDvwB5RAucAIhJCSkSOUMt4qbxakSEpee0h4YNLOz9trd9UvebMPnE80+zzPPzDO/+c3LvkTWBPi/delU2vfTyaVTr9+p2mv35pbW7s3d6NWTjCdpJe1ukeJmUnyYXEx3yheqmc1wxbDt/Grx/OWPPln7uNtqZ2O86qUzPMD2bvZitZkynWSkKR/BpvHefLjxxjeqxXpmqoSd7CUO9ttoknKTHx3f6BmkHOlrDL3egcOj6L5v9ule/1PJkSQTvTe01W5n6+lHuKM93YtWn1wcAAAAcGAcfXA3uZPJ/Y4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpPm+f9FM7V69ekUvef/j/U9Y39sn8MdbvvIJnqV+62nEQwAAAAAAAAAPFlfepDfXi7LyV67LOr/83+5bhyrX5/JO7mdhSzndO5kPitZyXJmk0z1DTR2Z35lZXm2t+ZnZVkOWfPswDXP7jLgzuPYawAAAAAAAAD4n3GhKX+aS5nc51gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCTIhnpFvV0rFefSqudZCLJWLXcavL3Xv0wu7/fAQAAAMBTcPRBHuROJnvtsqi/8x+vv/dP5J3czEoWs5KlLORK/VtA91t/a+3e3NLavbkb1fT5cb/17436HyZ3DKMeMd3fHgZv+US9RCdXs1jPOZ0383aWciWtes3KiV48g+N6v4qpuNBVlrtL0JWmrPb8l015MEzVGRldz8hME1uVjWe3z0T/0XmILc2mtf7Lz7E95PzCtlsp/tM7Jkd6c5Jnvrdzzkf3tDOPZGsmzvadfce3z0TylT/+7ofXlm5ev1asnjo4p9EejP9z46rZmom5vky8uOtMXL19ODOxVSsvrNcv5bv5QU5lOm9kOYv5ceazkoVM5zt1bb45n6vXqe0zdXFT642dohhrjsvIlpi+fLRbbhfTy/W6k1nM9/N2rmQhr9X/zmY2X8+5nMv5viP8wi6u+taAq/5Pw4M/+dWm0knyi6Y8GKq8PtuX1/577lTd1z+nlXK8u95zj+3euK79xaZSHYmfNeXBsJ6Jiay/S/Sie76XgdGBmfh1fVu5vXTz+vK1+Vtbxi1WB2/vlWze/T3dSEb2svBeVefLc9XBqlubz46q7/mBfbN137H1vtbWvt901vt2ulLHms9wnx/pbN334sC+ubrvRF/fxuetz8qy7H7eAuDAO/LqkbHOvzp/63zQ+XnnWuf1iW+Pf2P8pbGM/nX0m+2ZkVdaLxW/zwf5SXb+hg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzo9rvvXZ9fWlpY3lIpy/LukK4nUkk72TTnL3/uWyZJ/TCg3Q9YLX2xldRz2mkqewvs7sPtzvsPm4R/NMfkqST8sVQmhp4/WyuflmV5MGLeTaVsHJR4nkDl1bIst11mX29LwFNwZuXGrTO3333va4s35t9aeGvh5vlz587PnD/32tyZq4tLCzPd1/2OEngS+j6BAwAAAAAAAAAAAIfE7v44p3i0v+0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeASXTqV9P0VmZ07PVO21e3NL1dSrbyz5aZJWkmI6KT5MLqY7ZapvuGLYdlaTyx99svZxt9Vupnr51nbr7c5qM2U6yUhTDjAxaGZ5d9h4RT3OreHjbTFsL4r1viphJ3uJg/323wAAAP//H4wcFQ==") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000680), 0xfffffd9d) 3.321267483s ago: executing program 3 (id=829): r0 = open(&(0x7f0000000080)='./bus\x00', 0xa942, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={[{}, {@none}, {@name={'name', 0x3d, 'ext4\x00'}}]}) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2010480, &(0x7f00000001c0), 0x45, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000000), &(0x7f0000000180)=0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x800) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x80, 0x130) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x469, 0x2, 0x2, 0x6000, r1, 0x8, '\x00', 0x0, r0, 0x3, 0x2, 0x2, 0x5, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, &(0x7f0000000180), &(0x7f0000000100)=r1}, 0xfffffffffffffeb7) r6 = geteuid() setfsuid(r6) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r5, &(0x7f0000000300), 0x0}, 0x20) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5405, 0x0, 0x0) sendfile(r1, r1, 0x0, 0x7a680000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24}, 0x24}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[], 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.171579127s ago: executing program 0 (id=830): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x11, &(0x7f0000000100)=0x7fff, 0x4) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg$inet6(r2, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x400000000000023, 0x0) 3.121200191s ago: executing program 2 (id=831): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000b0000000c000580"], 0x20}}, 0x0) 2.875387464s ago: executing program 0 (id=832): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000010000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='io_uring_link\x00', 0xffffffffffffffff, 0x0, 0x5f06df59}, 0x18) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 2.874963374s ago: executing program 2 (id=833): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 2.651953345s ago: executing program 4 (id=834): r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000009de00)) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x5032}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[], 0x14}}, 0x0) io_setup(0xbf, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x20000000, 0x0, 0x7, 0x8, 0x0, r1, &(0x7f0000000080)='\x00\x00', 0x2}]) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e00"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES8, @ANYBLOB="04000000000000000500000200"/28], 0x50) sched_getparam(0x0, &(0x7f0000000300)) open(0x0, 0x1c1042, 0x100) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, 0x0, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg(r7, &(0x7f00000018c0)=[{{&(0x7f0000000180)=@hci={0x1f, 0x0, 0x3}, 0x80, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x10}}], 0x1, 0x0) sendfile(r5, r4, &(0x7f0000000100)=0xffff, 0x4) 1.749843498s ago: executing program 0 (id=835): pipe(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x7) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f00000001c0), 0x1, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") ftruncate(0xffffffffffffffff, 0xee72) lseek(0xffffffffffffffff, 0x5, 0x4) 1.063220372s ago: executing program 0 (id=836): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 876.367499ms ago: executing program 4 (id=837): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$inet6(r1, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x2}], 0x1}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}}], 0x4000070, 0x8000) recvmmsg(r1, &(0x7f0000002500)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000400)=""/34, 0x22}, {&(0x7f00000018c0)=""/162, 0xa2}], 0x2}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000380)=""/8, 0x8}, {0x0}, {&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000840)=""/209, 0xd1}, {&(0x7f00000006c0)=""/3, 0x3}, {&(0x7f0000000940)=""/184, 0xb8}, {&(0x7f0000000a00)=""/79, 0x4f}, {&(0x7f0000000a80)=""/196, 0xc4}, {&(0x7f0000001f80)=""/255, 0xff}], 0x9}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000d40)=""/129, 0x81}], 0x1}}, {{&(0x7f00000005c0)=@caif=@rfm, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/214, 0xd6}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001140)=""/192, 0xc0}, {0x0}, {&(0x7f00000013c0)=""/65, 0x41}, {&(0x7f0000001440)=""/233, 0xe9}], 0x4, &(0x7f00000015c0)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f00000016c0)}}, {{&(0x7f0000000300)=@nl, 0x80, &(0x7f0000002080)=[{&(0x7f0000000280)=""/21, 0x15}], 0x1}, 0x7f}, {{0x0, 0x0, &(0x7f0000002400), 0x0, &(0x7f0000002480)=""/99, 0x63}, 0x9}], 0x8, 0x0, 0x0) 800.330876ms ago: executing program 0 (id=838): memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x3) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="5801000010000100"/20, @ANYRES32=r2, @ANYBLOB="4140060000000000040014003401168034000180"], 0x158}}, 0x0) 107.1427ms ago: executing program 4 (id=839): r0 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00') preadv(r0, &(0x7f0000001540)=[{&(0x7f0000000000)=""/100, 0x64}], 0x1, 0x20d, 0x600000) 0s ago: executing program 0 (id=840): unshare(0x28000600) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40485404, &(0x7f00000002c0)={0x1}) kernel console output (not intermixed with test programs): y present! [ 409.146242][ T6425] Cannot create hsr debugfs directory [ 409.412110][ T3797] device hsr_slave_0 left promiscuous mode [ 409.640965][ T3797] device hsr_slave_1 left promiscuous mode [ 409.662670][ T3797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.683776][ T3797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.725301][ T3797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.743221][ T3797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.772270][ T3797] device bridge_slave_1 left promiscuous mode [ 409.784475][ T3797] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.817617][ T3797] device bridge_slave_0 left promiscuous mode [ 409.832509][ T3797] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.922170][ T3797] device veth1_macvtap left promiscuous mode [ 409.935956][ T3797] device veth0_macvtap left promiscuous mode [ 409.948492][ T3797] device veth1_vlan left promiscuous mode [ 409.956272][ T3797] device veth0_vlan left promiscuous mode [ 410.585868][ T6541] loop4: detected capacity change from 0 to 256 [ 410.638424][ T6541] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 410.672998][ T6541] syz.4.564: attempt to access beyond end of device [ 410.672998][ T6541] loop4: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 410.688214][ T6541] syz.4.564: attempt to access beyond end of device [ 410.688214][ T6541] loop4: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 410.710807][ T26] audit: type=1800 audit(1727163927.361:39): pid=6541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.564" name="file1" dev="loop4" ino=1048789 res=0 errno=0 [ 410.755359][ T6541] exFAT-fs (loop4): hint_cluster is invalid (65537) [ 410.763599][ T6541] exFAT-fs (loop4): error, failed to bmap (inode : ffff888057f59b60 iblock : 8, err : -5) [ 410.773671][ T6541] exFAT-fs (loop4): Filesystem has been set read-only [ 410.782559][ T6541] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 410.798022][ T6541] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 410.806133][ T6541] exFAT-fs (loop4): error, failed to bmap (inode : ffff888057f59b60 iblock : 8, err : -5) [ 410.818902][ T6541] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 411.287985][ T6543] loop4: detected capacity change from 0 to 512 [ 411.351396][ T5658] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 412.568731][ T3797] team0 (unregistering): Port device team_slave_1 removed [ 412.617190][ T3797] team0 (unregistering): Port device team_slave_0 removed [ 412.668907][ T3797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.715851][ T3797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.939230][ T3797] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 413.247974][ T3797] bond0 (unregistering): Released all slaves [ 413.341907][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'. [ 413.790159][ T6332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.538604][ T6332] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.575615][ T6553] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 414.584390][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 414.592464][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 414.602050][ T6553] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 414.626097][ T6553] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 414.670562][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 414.700279][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 414.717625][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.724841][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.759002][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 414.793367][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 414.798427][ T6561] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 414.804266][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.816803][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 414.854558][ T6563] syz.0.571[6563] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 414.854664][ T6563] syz.0.571[6563] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.170858][ T6425] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.218892][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 416.236810][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 416.292304][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 416.316741][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 416.336313][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 416.375879][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 416.421930][ T6575] loop1: detected capacity change from 0 to 512 [ 416.465701][ T6575] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 416.483988][ T6425] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.504855][ T6575] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 416.513940][ T6575] System zones: 1-12 [ 416.533052][ T6332] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 416.544629][ T6575] EXT4-fs (loop1): 1 truncate cleaned up [ 416.550316][ T6575] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 416.562890][ T6332] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 416.587739][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 416.736329][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 416.754692][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 416.773782][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 416.804438][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 416.813029][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 416.901897][ T6425] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.927895][ T6582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.574'. [ 416.938475][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 417.061185][ T6425] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.362301][ T5250] EXT4-fs (loop1): unmounting filesystem. [ 418.112059][ T6595] loop1: detected capacity change from 0 to 1024 [ 418.119427][ T6595] EXT4-fs: Ignoring removed orlov option [ 418.185396][ T6595] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 418.211429][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 418.219511][ T6595] System zones: 0-1, 3-12 [ 418.225206][ T6595] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 418.227482][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 418.286134][ T6425] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 418.330082][ T6332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.367374][ T6425] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 418.367846][ T6601] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 418.389389][ T6425] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 418.418991][ T6425] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 418.433650][ T6601] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 418.444498][ T6601] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 418.500358][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 418.514751][ T6603] loop4: detected capacity change from 0 to 8 [ 418.522340][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 418.615123][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 418.627532][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 418.659693][ T6332] device veth0_vlan entered promiscuous mode [ 418.711983][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 418.721412][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 418.751453][ T6332] device veth1_vlan entered promiscuous mode [ 418.776045][ T6425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.819650][ T6603] SQUASHFS error: Failed to read block 0x4e8: -5 [ 418.832376][ T6425] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.841835][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 418.859464][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 418.868712][ T26] audit: type=1800 audit(1727163935.531:40): pid=6603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.579" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 418.894594][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 418.919306][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 418.947999][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 418.961506][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 419.016780][ T6603] SQUASHFS error: Unable to read directory block [631:72] [ 419.024365][ T5219] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.031553][ T5219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.063081][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 419.094895][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 419.103502][ T5219] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.110671][ T5219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.137121][ T6607] syz.0.580[6607] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 419.137228][ T6607] syz.0.580[6607] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 419.258780][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 419.378597][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 419.386836][ T6610] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 420.270040][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 420.289529][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 420.314331][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 420.323388][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 420.332747][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 420.341964][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 420.356368][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 420.381073][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 420.406971][ T6332] device veth0_macvtap entered promiscuous mode [ 420.439101][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 420.457514][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 420.492618][ T3775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 420.527289][ T6332] device veth1_macvtap entered promiscuous mode [ 420.560966][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 420.574733][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 420.598364][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 420.676260][ T6425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 420.813368][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.843478][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.112735][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.340884][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.372761][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.465382][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.475321][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.490921][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.520694][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.562537][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.593540][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.633190][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.663752][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.728434][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.748695][ T5250] EXT4-fs (loop1): unmounting filesystem. [ 421.748879][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.780458][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 421.802877][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 421.835132][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.877021][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.908190][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.944056][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.973510][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.988248][ T6629] loop1: detected capacity change from 0 to 2048 [ 421.999972][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.035579][ T6629] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 422.061770][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 422.093000][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.094932][ T26] audit: type=1800 audit(1727163938.761:41): pid=6629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.586" name="bus" dev="loop1" ino=1367 res=0 errno=0 [ 422.115037][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 422.159426][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.169933][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 422.195651][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.214886][ T6332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 422.227429][ T6332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 422.241080][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.275395][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 422.275867][ T6635] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 422.293093][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 422.315928][ T6635] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 422.328464][ T6332] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.338603][ T6332] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.353725][ T6635] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 422.366924][ T6332] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.386294][ T6332] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.444553][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 422.452766][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 422.497058][ T6425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 422.646558][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 422.662992][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 422.725452][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 422.755183][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 422.779500][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 422.798132][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 422.835993][ T6425] device veth0_vlan entered promiscuous mode [ 422.867232][ T3797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.900660][ T6425] device veth1_vlan entered promiscuous mode [ 422.923578][ T3797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.953692][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 422.992348][ T3797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 423.000923][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 423.001764][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 423.033745][ T3797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.036550][ T6643] syz.0.591[6643] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 423.041222][ T6643] syz.0.591[6643] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 423.062537][ T6425] device veth0_macvtap entered promiscuous mode [ 423.108877][ T6425] device veth1_macvtap entered promiscuous mode [ 423.160948][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.210443][ T6641] loop4: detected capacity change from 0 to 8192 [ 423.222133][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.267700][ T6641] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 423.285121][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.296633][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.307236][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.317859][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.328289][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.359532][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.588268][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.751697][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.904901][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.943507][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.973516][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.013509][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.044043][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.073629][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.100604][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.150841][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 424.176345][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 424.198498][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 424.230467][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 424.257283][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 424.275786][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.289553][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.300553][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.312818][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.323014][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.333763][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.343944][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.355187][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.365661][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.376462][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.386841][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.399319][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.409585][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.421776][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.431851][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.442689][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.477682][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.504116][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 424.534402][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 424.548594][ T6425] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.575505][ T6425] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.595115][ T6425] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.671143][ T6425] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.582176][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.623598][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.739073][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 426.873728][ T6664] loop2: detected capacity change from 0 to 256 [ 427.056638][ T6664] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 427.093191][ T6664] syz.2.595: attempt to access beyond end of device [ 427.093191][ T6664] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 427.107422][ T6664] syz.2.595: attempt to access beyond end of device [ 427.107422][ T6664] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 427.126410][ T6664] syz.2.595: attempt to access beyond end of device [ 427.126410][ T6664] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 427.143572][ T26] audit: type=1800 audit(1727163943.791:42): pid=6664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.595" name="file1" dev="loop2" ino=1048794 res=0 errno=0 [ 427.356230][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.397298][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.477054][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 428.722628][ T6680] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 428.761930][ T6680] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 428.813708][ T6680] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 429.129973][ T6686] 9p: Unknown access argument 18446744073709551615: -34 [ 430.159132][ T6695] loop1: detected capacity change from 0 to 512 [ 430.205947][ T6695] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 430.774864][ T6695] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 430.835188][ T6695] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.602: invalid indirect mapped block 2683928664 (level 1) [ 430.902751][ T6695] EXT4-fs (loop1): Remounting filesystem read-only [ 430.943374][ T6695] EXT4-fs (loop1): 1 truncate cleaned up [ 430.953110][ T6695] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 431.635058][ T6711] loop4: detected capacity change from 0 to 128 [ 431.642723][ T6711] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 431.701259][ T6712] loop2: detected capacity change from 0 to 256 [ 433.327591][ T6712] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 433.342256][ T6712] syz.2.606: attempt to access beyond end of device [ 433.342256][ T6712] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 433.356626][ T6712] syz.2.606: attempt to access beyond end of device [ 433.356626][ T6712] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 433.371333][ T6712] syz.2.606: attempt to access beyond end of device [ 433.371333][ T6712] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 433.377450][ T26] audit: type=1800 audit(1727163950.041:43): pid=6712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.606" name="file1" dev="loop2" ino=1048798 res=0 errno=0 [ 433.528798][ T6695] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz.1.602: Invalid inode table block 3484841159 in block_group 0 [ 433.727752][ T6695] EXT4-fs (loop1): Remounting filesystem read-only [ 433.969035][ T26] audit: type=1800 audit(1727163950.631:44): pid=6708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.602" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 433.969689][ T6695] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 434.035722][ T6727] loop4: detected capacity change from 0 to 256 [ 434.102099][ T6728] fuse: Unknown parameter 'smackfsfloor' [ 434.298180][ T6727] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 434.352482][ T6727] syz.4.609: attempt to access beyond end of device [ 434.352482][ T6727] loop4: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 434.368038][ T6727] syz.4.609: attempt to access beyond end of device [ 434.368038][ T6727] loop4: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 434.384461][ T26] audit: type=1800 audit(1727163951.051:45): pid=6727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.609" name="file1" dev="loop4" ino=1048800 res=0 errno=0 [ 434.424273][ T6727] exFAT-fs (loop4): hint_cluster is invalid (65537) [ 434.447307][ T6727] exFAT-fs (loop4): error, failed to bmap (inode : ffff888057f59b60 iblock : 8, err : -5) [ 434.457682][ T6727] exFAT-fs (loop4): Filesystem has been set read-only [ 434.468171][ T6727] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 434.490209][ T6700] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm ext4lazyinit: Invalid block bitmap block 1911434088 in block_group 0 [ 434.866063][ T5250] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=92, inode=16, rec_len=16, size=1024 fake=0 [ 434.890801][ T5250] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz-executor: Invalid inode table block 3484841159 in block_group 0 [ 434.929169][ T5250] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz-executor: Invalid inode table block 3484841159 in block_group 0 [ 434.998018][ T6734] loop4: detected capacity change from 0 to 512 [ 435.110791][ T6734] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 435.130950][ T6734] ext4 filesystem being mounted at /17/bus supports timestamps until 2038 (0x7fffffff) [ 435.170440][ T6738] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 435.231741][ T6738] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 435.405510][ T6738] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 435.882983][ T5250] EXT4-fs (loop1): unmounting filesystem. [ 436.045068][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 436.728757][ T3754] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.957660][ T3754] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.976548][ T6759] loop4: detected capacity change from 0 to 512 [ 436.986333][ T6759] EXT4-fs: Invalid want_extra_isize 1 [ 437.055407][ T5658] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 437.069998][ T6760] loop3: detected capacity change from 0 to 256 [ 437.285653][ T6760] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 437.366412][ T3754] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.530143][ T6760] syz.3.621: attempt to access beyond end of device [ 437.530143][ T6760] loop3: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 437.667573][ T6765] fuse: Unknown parameter 'smackfsfloor' [ 438.613935][ T6760] syz.3.621: attempt to access beyond end of device [ 438.613935][ T6760] loop3: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 438.783757][ T26] audit: type=1800 audit(1727163955.451:46): pid=6760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.621" name="file1" dev="loop3" ino=1048801 res=0 errno=0 [ 438.869578][ T3754] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.079526][ T6781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.630'. [ 439.195393][ T3640] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 439.206604][ T3640] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 439.224775][ T3640] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 439.234459][ T3640] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 439.242095][ T3640] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 439.251435][ T3640] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 439.515520][ T6791] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 439.564444][ T6791] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 439.582841][ T6791] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 439.890892][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.898035][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.295144][ T6788] loop4: detected capacity change from 0 to 32768 [ 440.307716][ T6782] chnl_net:caif_netlink_parms(): no params data found [ 440.904360][ T26] audit: type=1800 audit(1727163957.571:47): pid=6788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.632" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 441.025917][ T6813] loop3: detected capacity change from 0 to 512 [ 441.117237][ T6813] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 441.133647][ T6813] ext4 filesystem being mounted at /8/bus supports timestamps until 2038 (0x7fffffff) [ 441.150345][ T6818] netlink: 44 bytes leftover after parsing attributes in process `syz.2.636'. [ 441.323752][ T3640] Bluetooth: hci2: command tx timeout [ 441.506584][ T6425] EXT4-fs (loop3): unmounting filesystem. [ 441.638988][ T6782] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.673597][ T6782] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.682083][ T6782] device bridge_slave_0 entered promiscuous mode [ 441.716355][ T26] audit: type=1326 audit(1727163958.381:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54d3f7def9 code=0x7ffc0000 [ 441.829507][ T26] audit: type=1326 audit(1727163958.381:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f54d3f7def9 code=0x7ffc0000 [ 441.859574][ T6782] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.873699][ T6782] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.902816][ T6782] device bridge_slave_1 entered promiscuous mode [ 441.925699][ T6837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.641'. [ 441.964523][ T26] audit: type=1326 audit(1727163958.381:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54d3f7def9 code=0x7ffc0000 [ 442.057602][ T6842] loop3: detected capacity change from 0 to 2048 [ 442.100837][ T6842] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xdd != 0xd4 [ 442.185027][ T6842] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 442.376548][ T6845] loop4: detected capacity change from 0 to 256 [ 442.440879][ T6845] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 442.478245][ T6782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 442.541813][ T6782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.573644][ T6845] syz.4.643: attempt to access beyond end of device [ 442.573644][ T6845] loop4: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 442.704959][ T6845] syz.4.643: attempt to access beyond end of device [ 442.704959][ T6845] loop4: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 442.814518][ T26] audit: type=1800 audit(1727163959.481:51): pid=6845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.643" name="file1" dev="loop4" ino=1048802 res=0 errno=0 [ 442.937049][ T3754] device hsr_slave_0 left promiscuous mode [ 442.975229][ T3754] device hsr_slave_1 left promiscuous mode [ 443.006220][ T3754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.028420][ T3754] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.057458][ T3754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.081663][ T3754] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.102989][ T3754] device bridge_slave_1 left promiscuous mode [ 443.119452][ T3754] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.145688][ T3754] device bridge_slave_0 left promiscuous mode [ 443.159085][ T3754] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.317682][ T3754] device veth1_macvtap left promiscuous mode [ 443.343654][ T3754] device veth0_macvtap left promiscuous mode [ 443.386922][ T3754] device veth1_vlan left promiscuous mode [ 443.403718][ T3640] Bluetooth: hci2: command tx timeout [ 443.413237][ T3754] device veth0_vlan left promiscuous mode [ 444.064553][ T6858] loop3: detected capacity change from 0 to 32768 [ 444.095076][ T26] audit: type=1800 audit(1727163960.751:52): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.645" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 444.503108][ T6872] loop2: detected capacity change from 0 to 512 [ 444.574257][ T6872] EXT4-fs: Ignoring removed nobh option [ 444.617691][ T6872] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 444.653994][ T6872] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 444.703822][ T6872] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #13: comm syz.2.648: casefold flag without casefold feature [ 444.751584][ T6877] loop3: detected capacity change from 0 to 256 [ 444.758631][ T6872] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.648: couldn't read orphan inode 13 (err -117) [ 444.814269][ T6872] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 445.151545][ T6332] EXT4-fs (loop2): unmounting filesystem. [ 445.532235][ T3640] Bluetooth: hci2: command tx timeout [ 445.645466][ T6874] loop4: detected capacity change from 0 to 32768 [ 445.706470][ T26] audit: type=1800 audit(1727163962.371:53): pid=6874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.649" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 445.760216][ T6425] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 445.803018][ T6425] FAT-fs (loop3): Filesystem has been set read-only [ 445.842135][ T6425] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 446.404452][ T6888] syz.0.653[6888] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.404552][ T6888] syz.0.653[6888] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.098813][ T3754] team0 (unregistering): Port device team_slave_1 removed [ 447.381486][ T6897] loop4: detected capacity change from 0 to 512 [ 447.391495][ T3754] team0 (unregistering): Port device team_slave_0 removed [ 447.404639][ T6897] EXT4-fs: Ignoring removed orlov option [ 447.436149][ T6897] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 447.488932][ T3754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 447.491139][ T6897] EXT4-fs (loop4): 1 truncate cleaned up [ 447.513954][ T6897] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 447.564223][ T3640] Bluetooth: hci2: command tx timeout [ 447.606316][ T3754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.745941][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 448.174410][ T6907] loop4: detected capacity change from 0 to 256 [ 448.285410][ T6907] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 448.410455][ T6907] syz.4.658: attempt to access beyond end of device [ 448.410455][ T6907] loop4: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 448.543149][ T6907] syz.4.658: attempt to access beyond end of device [ 448.543149][ T6907] loop4: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 448.596245][ T26] audit: type=1800 audit(1727163965.261:54): pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.658" name="file1" dev="loop4" ino=1048808 res=0 errno=0 [ 449.056043][ T3754] bond0 (unregistering): Released all slaves [ 449.223844][ T6782] team0: Port device team_slave_0 added [ 449.378381][ T6782] team0: Port device team_slave_1 added [ 450.492493][ T6782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 450.502244][ T6782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.563513][ T6782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 450.640922][ T6782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 450.673549][ T6782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.805955][ T6782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 451.209384][ T6782] device hsr_slave_0 entered promiscuous mode [ 451.256263][ T6931] loop4: detected capacity change from 0 to 164 [ 451.270180][ T6782] device hsr_slave_1 entered promiscuous mode [ 451.602814][ T6937] loop4: detected capacity change from 0 to 512 [ 451.661433][ T6937] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 451.730188][ T6937] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 451.804343][ T6937] System zones: 1-12 [ 451.853884][ T6937] EXT4-fs (loop4): 1 truncate cleaned up [ 451.859575][ T6937] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 451.971852][ T6922] loop2: detected capacity change from 0 to 32768 [ 452.103302][ T26] audit: type=1800 audit(1727163968.761:55): pid=6922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.663" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 453.988532][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.4.668'. [ 454.157610][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 454.383821][ T3654] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 454.395361][ T3654] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 454.405987][ T3654] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 454.415017][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 454.426130][ T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 454.434529][ T48] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 454.897655][ T3754] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.137532][ T6967] loop2: detected capacity change from 0 to 256 [ 455.218034][ T3754] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.434636][ T6969] usb usb8: usbfs: process 6969 (syz.2.672) did not claim interface 0 before use [ 455.505835][ T3754] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.715473][ T6972] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 456.524604][ T3640] Bluetooth: hci1: command tx timeout [ 456.627169][ T3754] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.426314][ T6981] loop2: detected capacity change from 0 to 128 [ 457.628718][ T6981] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 458.606770][ T3640] Bluetooth: hci1: command tx timeout [ 458.808450][ T6782] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 458.898421][ T6782] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 458.950369][ T6782] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 458.963615][ T3906] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 459.001359][ T6959] chnl_net:caif_netlink_parms(): no params data found [ 459.154473][ T6782] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 459.206170][ T7000] loop2: detected capacity change from 0 to 512 [ 459.228338][ T7000] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 460.063544][ T3906] usb 5-1: Using ep0 maxpacket: 8 [ 460.111545][ T7000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 460.125988][ T7000] System zones: 1-12 [ 460.132271][ T7000] EXT4-fs (loop2): 1 truncate cleaned up [ 460.173772][ T7000] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 460.212986][ T3906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 460.253791][ T3906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 460.293573][ T3906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 460.333504][ T3906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 460.383962][ T3906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 460.423754][ T3906] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 460.463596][ T3906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.515695][ T3906] usb 5-1: config 0 descriptor?? [ 460.557485][ T7011] netlink: 8 bytes leftover after parsing attributes in process `syz.2.679'. [ 460.665547][ T48] Bluetooth: hci4: urb ffff88805e9bf400 submission failed (90) [ 460.683793][ T3640] Bluetooth: hci1: command tx timeout [ 460.740843][ T6332] EXT4-fs (loop2): unmounting filesystem. [ 460.782539][ T151] usb 5-1: USB disconnect, device number 5 [ 460.887453][ T6959] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.896997][ T6959] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.914554][ T6959] device bridge_slave_0 entered promiscuous mode [ 461.098732][ T6959] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.116355][ T6959] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.164265][ T6959] device bridge_slave_1 entered promiscuous mode [ 461.519944][ T3640] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 461.529969][ T3640] CPU: 0 PID: 3640 Comm: kworker/u5:2 Not tainted 6.1.111-syzkaller #0 [ 461.538229][ T3640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 461.548314][ T3640] Workqueue: hci5 hci_rx_work [ 461.553090][ T3640] Call Trace: [ 461.556426][ T3640] [ 461.559365][ T3640] dump_stack_lvl+0x1e3/0x2cb [ 461.564071][ T3640] ? nf_tcp_handle_invalid+0x642/0x642 [ 461.569578][ T3640] ? panic+0x764/0x764 [ 461.573681][ T3640] sysfs_create_dir_ns+0x2c6/0x390 [ 461.578846][ T3640] ? sysfs_warn_dup+0xa0/0xa0 [ 461.583569][ T3640] kobject_add_internal+0x6df/0xd10 [ 461.588807][ T3640] kobject_add+0x14e/0x210 [ 461.593255][ T3640] ? device_add+0x3c2/0xfd0 [ 461.597801][ T3640] ? kobject_init+0x1d0/0x1d0 [ 461.602521][ T3640] ? __raw_spin_lock_init+0x41/0x100 [ 461.607827][ T3640] ? get_device_parent+0x128/0x400 [ 461.612990][ T3640] device_add+0x476/0xfd0 [ 461.617348][ T3640] hci_conn_add_sysfs+0xe4/0x1f0 [ 461.622312][ T3640] le_conn_complete_evt+0xcc6/0x1320 [ 461.627616][ T3640] ? trace_contention_end+0x61/0x170 [ 461.632920][ T3640] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 461.639171][ T3640] ? __mutex_unlock_slowpath+0x218/0x750 [ 461.644831][ T3640] ? mutex_unlock+0x10/0x10 [ 461.649341][ T3640] ? skb_pull_data+0x10e/0x220 [ 461.654207][ T3640] hci_le_enh_conn_complete_evt+0x181/0x410 [ 461.660129][ T3640] hci_event_packet+0xa40/0x1510 [ 461.665082][ T3640] ? hci_remote_host_features_evt+0x210/0x210 [ 461.671184][ T3640] ? bis_list+0x290/0x290 [ 461.675544][ T3640] ? do_raw_spin_unlock+0x137/0x8a0 [ 461.680768][ T3640] ? kcov_remote_start+0x4ae/0x7c0 [ 461.685911][ T3640] ? lockdep_hardirqs_on+0x80/0x130 [ 461.691123][ T3640] ? hci_send_to_monitor+0x99/0x4d0 [ 461.696336][ T3640] hci_rx_work+0x3cd/0xce0 [ 461.700764][ T3640] ? do_raw_spin_unlock+0x137/0x8a0 [ 461.705977][ T3640] ? process_one_work+0x7a9/0x11d0 [ 461.711096][ T3640] process_one_work+0x8a9/0x11d0 [ 461.716051][ T3640] ? worker_detach_from_pool+0x260/0x260 [ 461.721696][ T3640] ? _raw_spin_lock_irqsave+0x120/0x120 [ 461.727254][ T3640] ? kthread_data+0x4e/0xc0 [ 461.731778][ T3640] ? wq_worker_running+0x97/0x190 [ 461.736810][ T3640] worker_thread+0xa47/0x1200 [ 461.741496][ T3640] ? release_firmware_map_entry+0x186/0x186 [ 461.747504][ T3640] kthread+0x28d/0x320 [ 461.751576][ T3640] ? worker_clr_flags+0x190/0x190 [ 461.756605][ T3640] ? kthread_blkcg+0xd0/0xd0 [ 461.761211][ T3640] ret_from_fork+0x1f/0x30 [ 461.765646][ T3640] [ 461.781398][ T3640] kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 461.794760][ T3640] Bluetooth: hci5: failed to register connection device [ 461.928748][ T6782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.942830][ T7026] loop4: detected capacity change from 0 to 2048 [ 461.958055][ T7026] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 462.006262][ T6959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.163774][ T7029] loop2: detected capacity change from 0 to 2048 [ 462.186875][ T6782] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.218980][ T6959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.229766][ T7029] loop2: p2 < > [ 462.357946][ T7036] usb usb8: usbfs: process 7036 (syz.4.685) did not claim interface 0 before use [ 462.538952][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 462.625584][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 462.806940][ T3640] Bluetooth: hci1: command tx timeout [ 463.130499][ T6332] __loop_clr_fd: partition scan of loop2 failed (rc=-16) [ 463.137715][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 463.167846][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 463.283323][ T5658] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 463.344648][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 463.379782][ T5658] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 463.400523][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 463.412133][ T5658] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 463.421986][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 463.424551][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 463.431994][ T5658] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 463.450494][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 463.461316][ T5658] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 463.833954][ T48] Bluetooth: hci5: command tx timeout [ 463.896749][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 464.087624][ T5658] udevd[5658]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 464.098498][ T3784] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.105659][ T3784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.184098][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 464.255019][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 464.294037][ T3784] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.301269][ T3784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.314796][ T5658] udevd[5658]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 464.355657][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 464.439513][ T7055] loop4: detected capacity change from 0 to 512 [ 464.588598][ T7058] loop2: detected capacity change from 0 to 256 [ 464.629528][ T7058] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 464.664895][ T7058] syz.2.688: attempt to access beyond end of device [ 464.664895][ T7058] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 464.679033][ T7058] syz.2.688: attempt to access beyond end of device [ 464.679033][ T7058] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 464.701076][ T26] audit: type=1800 audit(1727163981.361:56): pid=7058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.688" name="file1" dev="loop2" ino=1048809 res=0 errno=0 [ 464.752065][ T7058] exFAT-fs (loop2): hint_cluster is invalid (65537) [ 464.760460][ T7058] exFAT-fs (loop2): error, failed to bmap (inode : ffff888057f58e60 iblock : 8, err : -5) [ 464.770511][ T7058] exFAT-fs (loop2): Filesystem has been set read-only [ 464.778678][ T7058] exFAT-fs (loop2): error, invalid access to FAT (entry 0x00010000) [ 464.880716][ T6959] team0: Port device team_slave_0 added [ 464.930062][ T7055] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.689: casefold flag without casefold feature [ 465.088849][ T6959] team0: Port device team_slave_1 added [ 465.104653][ T7055] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.689: couldn't read orphan inode 15 (err -117) [ 465.181208][ T7055] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 465.511845][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 465.532025][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 465.728016][ T7068] overlayfs: missing 'lowerdir' [ 465.889291][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 466.177760][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 466.194657][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 466.231319][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 466.365922][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 466.382117][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 466.532899][ T3640] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 466.548485][ T3640] CPU: 0 PID: 3640 Comm: kworker/u5:2 Not tainted 6.1.111-syzkaller #0 [ 466.556773][ T3640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 466.566862][ T3640] Workqueue: hci0 hci_rx_work [ 466.571589][ T3640] Call Trace: [ 466.574908][ T3640] [ 466.577886][ T3640] dump_stack_lvl+0x1e3/0x2cb [ 466.582622][ T3640] ? nf_tcp_handle_invalid+0x642/0x642 [ 466.588204][ T3640] ? panic+0x764/0x764 [ 466.592310][ T3640] sysfs_create_dir_ns+0x2c6/0x390 [ 466.597439][ T3640] ? sysfs_warn_dup+0xa0/0xa0 [ 466.602137][ T3640] kobject_add_internal+0x6df/0xd10 [ 466.607359][ T3640] kobject_add+0x14e/0x210 [ 466.611800][ T3640] ? device_add+0x3c2/0xfd0 [ 466.616319][ T3640] ? kobject_init+0x1d0/0x1d0 [ 466.621009][ T3640] ? __raw_spin_lock_init+0x41/0x100 [ 466.626302][ T3640] ? get_device_parent+0x128/0x400 [ 466.631432][ T3640] device_add+0x476/0xfd0 [ 466.635786][ T3640] hci_conn_add_sysfs+0xe4/0x1f0 [ 466.640748][ T3640] le_conn_complete_evt+0xcc6/0x1320 [ 466.646068][ T3640] ? trace_contention_end+0x61/0x170 [ 466.651372][ T3640] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 466.657625][ T3640] ? __mutex_unlock_slowpath+0x218/0x750 [ 466.663269][ T3640] ? mutex_unlock+0x10/0x10 [ 466.667859][ T3640] ? skb_pull_data+0x10e/0x220 [ 466.672665][ T3640] hci_le_enh_conn_complete_evt+0x181/0x410 [ 466.678575][ T3640] hci_event_packet+0xa40/0x1510 [ 466.683533][ T3640] ? hci_remote_host_features_evt+0x210/0x210 [ 466.689620][ T3640] ? bis_list+0x290/0x290 [ 466.693959][ T3640] ? do_raw_spin_unlock+0x137/0x8a0 [ 466.699168][ T3640] ? kcov_remote_start+0x4ae/0x7c0 [ 466.704297][ T3640] ? lockdep_hardirqs_on+0x80/0x130 [ 466.709518][ T3640] ? hci_send_to_monitor+0x99/0x4d0 [ 466.714727][ T3640] hci_rx_work+0x3cd/0xce0 [ 466.719159][ T3640] ? do_raw_spin_unlock+0x137/0x8a0 [ 466.724373][ T3640] ? process_one_work+0x7a9/0x11d0 [ 466.729498][ T3640] process_one_work+0x8a9/0x11d0 [ 466.734549][ T3640] ? worker_detach_from_pool+0x260/0x260 [ 466.740199][ T3640] ? _raw_spin_lock_irqsave+0x120/0x120 [ 466.745843][ T3640] ? kthread_data+0x4e/0xc0 [ 466.750367][ T3640] ? wq_worker_running+0x97/0x190 [ 466.755401][ T3640] worker_thread+0xa47/0x1200 [ 466.760091][ T3640] ? release_firmware_map_entry+0x186/0x186 [ 466.766017][ T3640] kthread+0x28d/0x320 [ 466.770095][ T3640] ? worker_clr_flags+0x190/0x190 [ 466.775127][ T3640] ? kthread_blkcg+0xd0/0xd0 [ 466.779744][ T3640] ret_from_fork+0x1f/0x30 [ 466.784189][ T3640] [ 466.807320][ T3640] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 466.843365][ T3640] Bluetooth: hci0: failed to register connection device [ 467.579010][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 467.587987][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.346077][ T6959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 468.843162][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 468.882898][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 468.924258][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 468.931255][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.958561][ T3640] Bluetooth: hci0: command 0x0406 tx timeout [ 468.976290][ T6959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 469.179879][ T7097] loop2: detected capacity change from 0 to 256 [ 469.369010][ T7097] FAT-fs (loop2): Directory bread(block 64) failed [ 469.399251][ T7102] loop4: detected capacity change from 0 to 256 [ 469.406026][ T7097] FAT-fs (loop2): Directory bread(block 65) failed [ 469.412670][ T7097] FAT-fs (loop2): Directory bread(block 66) failed [ 469.454770][ T7097] FAT-fs (loop2): Directory bread(block 67) failed [ 469.461465][ T7097] FAT-fs (loop2): Directory bread(block 68) failed [ 469.468229][ T7097] FAT-fs (loop2): Directory bread(block 69) failed [ 469.475365][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 469.483829][ T7097] FAT-fs (loop2): Directory bread(block 70) failed [ 469.490403][ T7097] FAT-fs (loop2): Directory bread(block 71) failed [ 469.496583][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 469.497543][ T7097] FAT-fs (loop2): Directory bread(block 72) failed [ 469.513844][ T7097] FAT-fs (loop2): Directory bread(block 73) failed [ 469.953649][ T6025] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 470.223693][ T6025] usb 1-1: Using ep0 maxpacket: 16 [ 470.353924][ T6025] usb 1-1: config 0 has an invalid interface number: 29 but max is 0 [ 470.382924][ T6025] usb 1-1: config 0 has no interface number 0 [ 470.403272][ T6025] usb 1-1: config 0 interface 29 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024 [ 470.437216][ T6025] usb 1-1: config 0 interface 29 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 470.470228][ T7110] loop2: detected capacity change from 0 to 128 [ 470.519381][ T7110] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 470.624758][ T7110] UDF-fs: warning (device loop2): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount [ 470.636543][ T6025] usb 1-1: New USB device found, idVendor=050d, idProduct=2102, bcdDevice=70.d0 [ 470.656730][ T6025] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.676982][ T6025] usb 1-1: Product: syz [ 470.687106][ T6025] usb 1-1: Manufacturer: syz [ 470.688989][ T6959] device hsr_slave_0 entered promiscuous mode [ 470.694119][ T6025] usb 1-1: SerialNumber: syz [ 471.317774][ T6959] device hsr_slave_1 entered promiscuous mode [ 471.980011][ T6025] usb 1-1: config 0 descriptor?? [ 473.761309][ T6959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 473.817183][ T6025] usb 1-1: can't set config #0, error -71 [ 473.843985][ T6025] usb 1-1: USB disconnect, device number 14 [ 473.856048][ T6959] Cannot create hsr debugfs directory [ 473.965509][ T3754] device hsr_slave_0 left promiscuous mode [ 474.004064][ T3754] device hsr_slave_1 left promiscuous mode [ 474.015164][ T3754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.022631][ T3754] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.187377][ T3754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 474.203616][ T3754] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 474.361969][ T3754] device bridge_slave_1 left promiscuous mode [ 474.382780][ T3754] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.429833][ T3754] device bridge_slave_0 left promiscuous mode [ 475.852189][ T3754] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.167187][ T3754] device veth1_macvtap left promiscuous mode [ 476.173343][ T3754] device veth0_macvtap left promiscuous mode [ 476.182562][ T3754] device veth1_vlan left promiscuous mode [ 476.188640][ T3754] device veth0_vlan left promiscuous mode [ 476.258377][ T7144] loop2: detected capacity change from 0 to 128 [ 476.921235][ T5658] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 476.966626][ T7141] loop4: detected capacity change from 0 to 2048 [ 476.990099][ T7141] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 477.813483][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 478.020746][ T48] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 479.404944][ T3754] team0 (unregistering): Port device team_slave_1 removed [ 479.418964][ T7167] loop4: detected capacity change from 0 to 128 [ 479.430194][ T7167] EXT4-fs (loop4): Test dummy encryption mode enabled [ 479.466347][ T7167] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 479.475826][ T7167] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038 (0x7fffffff) [ 479.509824][ T3754] team0 (unregistering): Port device team_slave_0 removed [ 479.566281][ T3754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 479.659521][ T3754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 479.661675][ T7167] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 480.668305][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 480.966585][ T3754] bond0 (unregistering): Released all slaves [ 481.052295][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.701'. [ 481.305767][ T6782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 481.321119][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 481.332712][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 481.441869][ T7184] loop4: detected capacity change from 0 to 512 [ 481.470202][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 481.478593][ T6025] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 481.500251][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 481.525798][ T7184] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 481.558790][ T7184] ext4 filesystem being mounted at /52/bus supports timestamps until 2038 (0x7fffffff) [ 481.609933][ T7191] loop2: detected capacity change from 0 to 512 [ 481.650759][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 481.659545][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 481.669437][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 481.678207][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 481.705122][ T6782] device veth0_vlan entered promiscuous mode [ 481.777008][ T7191] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 481.804011][ T7191] ext4 filesystem being mounted at /36/bus supports timestamps until 2038 (0x7fffffff) [ 481.821221][ T6782] device veth1_vlan entered promiscuous mode [ 481.966418][ T6025] usb 1-1: config 0 has an invalid interface number: 156 but max is 1 [ 481.975812][ T6025] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.986087][ T6025] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 481.995198][ T6025] usb 1-1: config 0 has no interface number 0 [ 482.001359][ T6025] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 482.023540][ T6025] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 482.116120][ T6025] usb 1-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 482.164115][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 482.660727][ T6332] EXT4-fs (loop2): unmounting filesystem. [ 482.701146][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 482.720608][ T6025] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 482.732033][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 482.757263][ T6025] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=21 [ 482.783651][ T6025] usb 1-1: SerialNumber: syz [ 482.789244][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 482.809998][ T6025] usb 1-1: config 0 descriptor?? [ 482.865794][ T6025] gspca_main: spca561-2.14.0 probing abcd:cdee [ 482.891319][ T6782] device veth0_macvtap entered promiscuous mode [ 482.953188][ T6782] device veth1_macvtap entered promiscuous mode [ 483.026860][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.083338][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.103493][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.135759][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.153660][ T6025] spca561: probe of 1-1:0.156 failed with error -22 [ 483.168250][ T6025] usb 1-1: MIDIStreaming interface descriptor not found [ 483.178377][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.203564][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.227815][ T7215] loop4: detected capacity change from 0 to 2048 [ 483.231077][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.286994][ T7215] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 483.303768][ T7215] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038 (0x7fffffff) [ 483.306508][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.324082][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.335379][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.345406][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.355914][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.365867][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.377204][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.385396][ T6025] usb 1-1: USB disconnect, device number 15 [ 483.391546][ T6782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.406364][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 483.416099][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 483.424482][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 483.444742][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 483.506220][ T7215] fs-verity: sha512 using implementation "sha512-avx2" [ 483.539820][ T7223] udevd[7223]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 483.566851][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.599067][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.610944][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.622862][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.688918][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.717554][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.732169][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.743612][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.754383][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.765213][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.775489][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.786259][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.797171][ T6782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.808530][ T6782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.842860][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 483.864677][ T6782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.891081][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 483.954542][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 484.377277][ T6782] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.473911][ T6782] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.483029][ T6782] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.492125][ T6782] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.740841][ T48] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 484.751411][ T48] CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.111-syzkaller #0 [ 484.759525][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 484.769625][ T48] Workqueue: hci5 hci_rx_work [ 484.774360][ T48] Call Trace: [ 484.777659][ T48] [ 484.780610][ T48] dump_stack_lvl+0x1e3/0x2cb [ 484.785339][ T48] ? nf_tcp_handle_invalid+0x642/0x642 [ 484.790845][ T48] ? panic+0x764/0x764 [ 484.795001][ T48] sysfs_create_dir_ns+0x2c6/0x390 [ 484.800587][ T48] ? sysfs_warn_dup+0xa0/0xa0 [ 484.805311][ T48] kobject_add_internal+0x6df/0xd10 [ 484.810562][ T48] kobject_add+0x14e/0x210 [ 484.815027][ T48] ? device_add+0x3c2/0xfd0 [ 484.819576][ T48] ? kobject_init+0x1d0/0x1d0 [ 484.824294][ T48] ? __raw_spin_lock_init+0x41/0x100 [ 484.829638][ T48] ? get_device_parent+0x128/0x400 [ 484.834797][ T48] device_add+0x476/0xfd0 [ 484.839177][ T48] hci_conn_add_sysfs+0xe4/0x1f0 [ 484.844152][ T48] le_conn_complete_evt+0xcc6/0x1320 [ 484.849474][ T48] ? trace_contention_end+0x61/0x170 [ 484.854797][ T48] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 484.861074][ T48] ? __mutex_unlock_slowpath+0x218/0x750 [ 484.866743][ T48] ? mutex_unlock+0x10/0x10 [ 484.871272][ T48] ? skb_pull_data+0x10e/0x220 [ 484.876069][ T48] hci_le_enh_conn_complete_evt+0x181/0x410 [ 484.882006][ T48] hci_event_packet+0xa40/0x1510 [ 484.886985][ T48] ? hci_remote_host_features_evt+0x210/0x210 [ 484.893098][ T48] ? bis_list+0x290/0x290 [ 484.897546][ T48] ? do_raw_spin_unlock+0x137/0x8a0 [ 484.902778][ T48] ? kcov_remote_start+0x4ae/0x7c0 [ 484.907925][ T48] ? lockdep_hardirqs_on+0x80/0x130 [ 484.913157][ T48] ? hci_send_to_monitor+0x99/0x4d0 [ 484.918390][ T48] hci_rx_work+0x3cd/0xce0 [ 484.922848][ T48] ? do_raw_spin_unlock+0x137/0x8a0 [ 484.928083][ T48] ? process_one_work+0x7a9/0x11d0 [ 484.933224][ T48] process_one_work+0x8a9/0x11d0 [ 484.938210][ T48] ? worker_detach_from_pool+0x260/0x260 [ 484.943877][ T48] ? _raw_spin_lock_irqsave+0x120/0x120 [ 484.949449][ T48] ? kthread_data+0x4e/0xc0 [ 484.953990][ T48] ? wq_worker_running+0x97/0x190 [ 484.959041][ T48] worker_thread+0xa47/0x1200 [ 484.963749][ T48] ? release_firmware_map_entry+0x186/0x186 [ 484.969704][ T48] kthread+0x28d/0x320 [ 484.973798][ T48] ? worker_clr_flags+0x190/0x190 [ 484.978849][ T48] ? kthread_blkcg+0xd0/0xd0 [ 484.983461][ T48] ret_from_fork+0x1f/0x30 [ 484.987932][ T48] [ 484.999573][ T48] kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 485.013532][ T48] Bluetooth: hci5: failed to register connection device [ 485.063015][ T6959] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 485.120838][ T6959] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 485.127889][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.159415][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.200755][ T6959] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 485.267797][ T7242] loop4: detected capacity change from 0 to 256 [ 485.282594][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 485.314495][ T6959] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 485.348477][ T3797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.383729][ T3797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.475115][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 485.873902][ T14] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 485.971976][ T6959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 486.671936][ T7242] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 486.689974][ T7241] syz.4.721: attempt to access beyond end of device [ 486.689974][ T7241] loop4: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 486.703899][ T7241] syz.4.721: attempt to access beyond end of device [ 486.703899][ T7241] loop4: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 486.717503][ T26] audit: type=1800 audit(1727164003.381:57): pid=7241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.721" name="file1" dev="loop4" ino=1048815 res=0 errno=0 [ 486.738666][ T7241] exFAT-fs (loop4): hint_cluster is invalid (65537) [ 486.745712][ T7241] exFAT-fs (loop4): error, failed to bmap (inode : ffff888057e06fe0 iblock : 8, err : -5) [ 486.755752][ T7241] exFAT-fs (loop4): Filesystem has been set read-only [ 486.762730][ T7241] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 486.771520][ T7242] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 486.779593][ T7242] exFAT-fs (loop4): error, failed to bmap (inode : ffff888057e06fe0 iblock : 8, err : -5) [ 486.789797][ T7242] exFAT-fs (loop4): error, invalid access to FAT (entry 0x00010000) [ 486.873873][ T14] usb 1-1: Using ep0 maxpacket: 8 [ 486.947574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 486.966623][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 487.019136][ T6959] 8021q: adding VLAN 0 to HW filter on device team0 [ 487.026464][ T14] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 487.083797][ T48] Bluetooth: hci5: command tx timeout [ 487.203865][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 487.445058][ T14] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 487.459851][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 487.471204][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.478540][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.571171][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 487.590883][ T14] usb 1-1: SerialNumber: syz [ 487.615236][ T14] usb 1-1: config 0 descriptor?? [ 487.685911][ T14] usb 1-1: Found UVC 0.00 device (05ac:8501) [ 487.749667][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 487.766520][ T14] usb 1-1: No valid video chain found. [ 487.775558][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 487.894872][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.902024][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.092488][ T7268] loop4: detected capacity change from 0 to 1024 [ 488.103431][ T7268] EXT4-fs: Ignoring removed orlov option [ 488.150615][ T7268] EXT4-fs (loop4): Test dummy encryption mode enabled [ 488.157562][ T7268] EXT4-fs (loop4): invalid inodes per group: 204800 [ 488.157562][ T7268] [ 488.563963][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 488.605371][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 488.648759][ T151] usb 1-1: USB disconnect, device number 16 [ 488.649947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 488.684878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 488.729881][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 488.759932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 488.924019][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 489.023513][ T7276] loop1: detected capacity change from 0 to 256 [ 489.056851][ T7276] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 489.099986][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 489.425675][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 489.565310][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 489.624628][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 489.637577][ T7278] loop4: detected capacity change from 0 to 16 [ 489.697342][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 489.778214][ T7278] erofs: (device loop4): mounted with root inode @ nid 36. [ 489.869668][ T7282] loop1: detected capacity change from 0 to 1024 [ 489.914447][ T7282] EXT4-fs: Ignoring removed orlov option [ 489.920182][ T7282] EXT4-fs: Ignoring removed bh option [ 489.977355][ T7282] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 490.505221][ T7282] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 491.054733][ T7272] loop2: detected capacity change from 0 to 32768 [ 491.092110][ T26] audit: type=1800 audit(1727164007.751:58): pid=7272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.729" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 491.114831][ T7282] EXT4-fs error (device loop1): ext4_map_blocks:744: inode #18: block 395: comm syz.1.731: lblock 283 mapped to illegal pblock 395 (length 1) [ 491.136511][ T7282] EXT4-fs error (device loop1): ext4_discard_preallocations:5114: comm syz.1.731: Error -117 loading buddy information for 4294937183 [ 491.157982][ T7282] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz.1.731: Invalid inode table block 0 in block_group 0 [ 491.173157][ T7282] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 491.184310][ T7282] EXT4-fs error (device loop1): ext4_ext_truncate:4432: inode #18: comm syz.1.731: mark_inode_dirty error [ 491.196872][ T7282] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz.1.731: Invalid inode table block 0 in block_group 0 [ 491.223875][ T7282] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 491.241794][ T7282] EXT4-fs error (device loop1): ext4_truncate:4311: inode #18: comm syz.1.731: mark_inode_dirty error [ 491.275963][ T7282] EXT4-fs error (device loop1): __ext4_get_inode_loc:4506: comm syz.1.731: Invalid inode table block 0 in block_group 0 [ 491.330094][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 491.338523][ T7282] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 491.351897][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 491.367459][ T7282] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 280 with error 117 [ 491.382011][ T7282] EXT4-fs (loop1): This should not happen!! Data will be lost [ 491.382011][ T7282] [ 491.430376][ T6959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 491.444398][ T6782] EXT4-fs warning (device loop1): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -117 reading directory block [ 491.461461][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 491.482704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 491.539300][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 491.557570][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 491.568842][ T6782] EXT4-fs (loop1): unmounting filesystem. [ 491.579590][ T6959] device veth0_vlan entered promiscuous mode [ 491.591817][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 491.606481][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 491.619386][ T6959] device veth1_vlan entered promiscuous mode [ 491.659168][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 491.682829][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 491.691823][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 491.701545][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 491.715417][ T6959] device veth0_macvtap entered promiscuous mode [ 491.737374][ T6959] device veth1_macvtap entered promiscuous mode [ 491.866491][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.878703][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.889327][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.901538][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.915045][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.935873][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.948561][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.962316][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.995670][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.048721][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.077381][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.120309][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.146993][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.257533][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.410046][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.587039][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.769179][ T6959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 492.849978][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.860705][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.878637][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.889633][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.909411][ T48] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 492.919369][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.989194][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.013517][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 493.025676][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.036439][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 493.049072][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.060249][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 493.071302][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.102155][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 493.133467][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.165062][ T6959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 493.201484][ T6959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.249378][ T6959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 493.272172][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 493.291767][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 493.329986][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 493.387034][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 493.416279][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 493.443250][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 493.629655][ T7308] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 494.399619][ T9] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.458225][ T6959] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.479224][ T6959] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.508717][ T6959] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.579672][ T6959] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.652939][ T3640] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 494.674166][ T3640] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 494.700633][ T3640] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 494.708987][ T3640] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 494.714688][ T9] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.728270][ T3654] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 494.736640][ T3654] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 494.771467][ T7316] loop4: detected capacity change from 0 to 256 [ 495.815215][ T7316] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 495.881150][ T9] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.056199][ T9] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.692567][ T3754] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 496.890134][ T3754] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 496.962968][ T48] Bluetooth: hci2: command tx timeout [ 497.036617][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 497.241951][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.277057][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.393067][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 497.424706][ T7310] chnl_net:caif_netlink_parms(): no params data found [ 497.792173][ T7344] loop2: detected capacity change from 0 to 256 [ 497.906081][ T7344] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 497.950848][ T7344] syz.2.746: attempt to access beyond end of device [ 497.950848][ T7344] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 497.965046][ T7344] syz.2.746: attempt to access beyond end of device [ 497.965046][ T7344] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 497.993044][ T7344] exFAT-fs (loop2): hint_cluster is invalid (65537) [ 498.001522][ T7344] exFAT-fs (loop2): error, failed to bmap (inode : ffff888057f587e0 iblock : 8, err : -5) [ 498.011619][ T7344] exFAT-fs (loop2): Filesystem has been set read-only [ 498.019783][ T7344] exFAT-fs (loop2): error, invalid access to FAT (entry 0x00010000) [ 498.036330][ T7344] exFAT-fs (loop2): error, invalid access to FAT (entry 0x00010000) [ 498.044468][ T7344] exFAT-fs (loop2): error, failed to bmap (inode : ffff888057f587e0 iblock : 8, err : -5) [ 498.058131][ T7344] exFAT-fs (loop2): error, invalid access to FAT (entry 0x00010000) [ 498.070087][ T26] audit: type=1800 audit(1727164014.641:59): pid=7344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.746" name="file1" dev="loop2" ino=1048819 res=0 errno=0 [ 498.577087][ T7356] syz.3.666[7356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 498.577197][ T7356] syz.3.666[7356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 499.527937][ T7362] loop2: detected capacity change from 0 to 256 [ 500.829927][ T6027] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 500.840451][ T48] Bluetooth: hci2: command tx timeout [ 501.026306][ T7362] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 501.045480][ T7360] syz.2.749: attempt to access beyond end of device [ 501.045480][ T7360] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 501.059456][ T7360] syz.2.749: attempt to access beyond end of device [ 501.059456][ T7360] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 501.073343][ T26] audit: type=1800 audit(1727164017.741:60): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.749" name="file1" dev="loop2" ino=1048820 res=0 errno=0 [ 501.086152][ T7367] loop4: detected capacity change from 0 to 1024 [ 501.101704][ T7367] EXT4-fs: quotafile must be on filesystem root [ 501.146541][ T5658] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 501.329591][ T7372] Bluetooth: MGMT ver 1.22 [ 501.333827][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.340724][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.413802][ T6027] usb 1-1: device descriptor read/all, error -71 [ 501.433957][ T7310] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.441105][ T7310] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.474883][ T7310] device bridge_slave_0 entered promiscuous mode [ 501.723857][ T7310] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.731010][ T7310] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.822488][ T7310] device bridge_slave_1 entered promiscuous mode [ 501.931976][ T7310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.984574][ T7310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.002548][ T7381] loop4: detected capacity change from 0 to 2048 [ 502.488165][ T7381] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 502.743869][ T6027] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 502.764376][ T7310] team0: Port device team_slave_0 added [ 502.924963][ T48] Bluetooth: hci2: command tx timeout [ 503.094655][ T7310] team0: Port device team_slave_1 added [ 503.299020][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.319181][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.346007][ T3654] Bluetooth: hci0: command tx timeout [ 503.409025][ T5944] EXT4-fs (loop4): unmounting filesystem. [ 503.483539][ T3640] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 503.493557][ T6027] usb 1-1: Using ep0 maxpacket: 8 [ 503.517770][ T7310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.597398][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.608897][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.661644][ T7310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 503.709631][ T7405] loop3: detected capacity change from 0 to 512 [ 503.746410][ T7405] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 503.773758][ T6027] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 503.786047][ T7405] EXT4-fs (loop3): 1 orphan inode deleted [ 503.791971][ T7405] EXT4-fs (loop3): 1 truncate cleaned up [ 503.797878][ T7405] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 503.816824][ T6027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.825339][ T3686] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 503.937561][ T7310] device hsr_slave_0 entered promiscuous mode [ 503.954688][ T7310] device hsr_slave_1 entered promiscuous mode [ 503.967204][ T7310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 503.985819][ T7310] Cannot create hsr debugfs directory [ 504.033452][ T6027] usb 1-1: Product: syz [ 504.037757][ T6027] usb 1-1: Manufacturer: syz [ 504.042937][ T6027] usb 1-1: SerialNumber: syz [ 504.051218][ T7406] loop2: detected capacity change from 0 to 256 [ 504.083078][ T7406] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 504.084410][ T6027] usb 1-1: config 0 descriptor?? [ 504.373538][ T3686] usb 5-1: Using ep0 maxpacket: 32 [ 504.447963][ T6027] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 504.494726][ T3686] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 504.742765][ T3686] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 504.754252][ T7406] syz.2.755: attempt to access beyond end of device [ 504.754252][ T7406] loop2: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 504.798853][ T3686] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 504.893457][ T7406] syz.2.755: attempt to access beyond end of device [ 504.893457][ T7406] loop2: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 504.900934][ T6959] EXT4-fs (loop3): unmounting filesystem. [ 504.908080][ T26] audit: type=1800 audit(1727164021.571:61): pid=7406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.755" name="file1" dev="loop2" ino=1048821 res=0 errno=0 [ 505.004053][ T3640] Bluetooth: hci2: command tx timeout [ 505.043879][ T3686] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 505.067614][ T3686] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.103717][ T3686] usb 5-1: Product: syz [ 505.118346][ T3686] usb 5-1: Manufacturer: syz [ 505.123022][ T3686] usb 5-1: SerialNumber: syz [ 505.230028][ T3686] cdc_ncm 5-1:1.0: skipping garbage [ 505.239916][ T3686] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 505.263708][ T3686] cdc_ncm 5-1:1.0: bind() failure [ 505.354809][ T7423] loop3: detected capacity change from 0 to 256 [ 505.386076][ T7423] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 505.424775][ T7423] syz.3.760: attempt to access beyond end of device [ 505.424775][ T7423] loop3: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 505.438868][ T7423] syz.3.760: attempt to access beyond end of device [ 505.438868][ T7423] loop3: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 505.458042][ T3640] Bluetooth: hci0: command tx timeout [ 505.463672][ T26] audit: type=1800 audit(1727164022.111:62): pid=7423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.760" name="file1" dev="loop3" ino=1048822 res=0 errno=0 [ 506.020397][ T6027] gspca_sonixj: reg_r err -32 [ 506.026775][ T6027] sonixj: probe of 1-1:0.0 failed with error -32 [ 506.135439][ T3686] usb 5-1: USB disconnect, device number 6 [ 506.358563][ T9] device hsr_slave_0 left promiscuous mode [ 506.385614][ T9] device hsr_slave_1 left promiscuous mode [ 506.404073][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.420284][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.454554][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.473674][ T3878] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 506.481503][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.504502][ T9] device bridge_slave_1 left promiscuous mode [ 506.543770][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.566595][ T3686] usb 1-1: USB disconnect, device number 18 [ 506.585312][ T9] device bridge_slave_0 left promiscuous mode [ 506.594567][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.725542][ T9] device veth1_macvtap left promiscuous mode [ 506.732374][ T9] device veth0_macvtap left promiscuous mode [ 506.753907][ T9] device veth1_vlan left promiscuous mode [ 506.770040][ T9] device veth0_vlan left promiscuous mode [ 506.833971][ T3878] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 506.860012][ T3878] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 506.902880][ T3878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.925552][ T3878] usb 4-1: config 0 descriptor?? [ 506.981259][ T3878] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 507.355434][ T7441] syz.2.765[7441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 507.355579][ T7441] syz.2.765[7441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 507.566903][ T7430] loop3: detected capacity change from 0 to 16 [ 507.589724][ T7430] erofs: (device loop3): mounted with root inode @ nid 36. [ 507.604262][ T7430] syz.3.761: attempt to access beyond end of device [ 507.604262][ T7430] loop3: rw=0, sector=8, nr_sectors = 16 limit=16 [ 507.618410][ T7430] syz.3.761: attempt to access beyond end of device [ 507.618410][ T7430] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 507.632001][ T7430] syz.3.761: attempt to access beyond end of device [ 507.632001][ T7430] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 508.505592][ T7447] loop2: detected capacity change from 0 to 1024 [ 508.567836][ T7447] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 508.637991][ T26] audit: type=1800 audit(1727164025.301:63): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.766" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 508.680470][ T26] audit: type=1800 audit(1727164025.341:64): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.766" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 508.739973][ T7453] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 509.374503][ T3681] usb 4-1: USB disconnect, device number 3 [ 509.673902][ T7459] netlink: 40 bytes leftover after parsing attributes in process `syz.3.768'. [ 509.714793][ T6332] EXT4-fs (loop2): unmounting filesystem. [ 509.814413][ T9] team0 (unregistering): Port device team_slave_1 removed [ 510.093030][ T9] team0 (unregistering): Port device team_slave_0 removed [ 511.182266][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.265097][ T7476] loop3: detected capacity change from 0 to 256 [ 511.289134][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.440493][ T3686] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 511.700920][ T3686] usb 5-1: Using ep0 maxpacket: 8 [ 512.009279][ T3686] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 512.043498][ T3686] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.052298][ T3686] usb 5-1: Product: syz [ 512.063503][ T3686] usb 5-1: Manufacturer: syz [ 512.068140][ T3686] usb 5-1: SerialNumber: syz [ 512.100393][ T3686] usb 5-1: config 0 descriptor?? [ 512.163583][ T3686] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 512.249337][ T9] bond0 (unregistering): Released all slaves [ 512.379236][ T7438] netlink: 'syz.0.764': attribute type 1 has an invalid length. [ 512.710256][ T7485] syz.2.775[7485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 512.710375][ T7485] syz.2.775[7485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 513.653608][ T3654] Bluetooth: hci5: command 0x0406 tx timeout [ 513.973584][ T3686] gspca_sonixj: reg_r err -32 [ 513.978409][ T3686] sonixj: probe of 5-1:0.0 failed with error -32 [ 514.040415][ T7487] loop3: detected capacity change from 0 to 8192 [ 514.073844][ T7] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 514.085502][ T7487] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 515.037242][ T3686] usb 5-1: USB disconnect, device number 7 [ 515.203845][ T7] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 515.233530][ T7] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 515.242951][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.329711][ T7] usb 1-1: config 0 descriptor?? [ 515.491420][ T7310] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 515.546795][ T7310] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 515.598682][ T7310] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 515.657433][ T7310] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 515.988306][ T7310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 516.036776][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 516.051404][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 516.183804][ T7] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 516.235138][ T7511] loop4: detected capacity change from 0 to 2048 [ 516.306018][ T7310] 8021q: adding VLAN 0 to HW filter on device team0 [ 516.324336][ T7511] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 516.328383][ T7517] loop3: detected capacity change from 0 to 1024 [ 516.379769][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 516.673592][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 516.940220][ T3754] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.947414][ T3754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 516.993920][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 517.002949][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 517.012181][ T3754] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.019387][ T3754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 517.028713][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 517.070014][ T7517] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 517.084949][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 517.147547][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 517.160113][ T26] audit: type=1800 audit(1727164033.821:65): pid=7517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.779" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 517.212534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 517.251129][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 517.309877][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 517.350311][ T6959] EXT4-fs (loop3): unmounting filesystem. [ 517.383002][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 517.428435][ T7534] netlink: 8 bytes leftover after parsing attributes in process `syz.4.782'. [ 517.434857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 517.483822][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 517.500748][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 517.512494][ T7537] loop3: detected capacity change from 0 to 128 [ 517.528234][ T7310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 517.578185][ T7310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 517.631389][ T7537] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 517.635461][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 517.643077][ T7537] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038 (0x7fffffff) [ 517.660428][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 518.189119][ T7548] ip6t_rpfilter: unknown options [ 519.439127][ T7546] fscrypt (loop3, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 519.451638][ T7546] fscrypt (loop3, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 519.806803][ T6959] EXT4-fs (loop3): unmounting filesystem. [ 519.818436][ T7562] loop4: detected capacity change from 0 to 256 [ 519.896706][ T6025] usb 1-1: USB disconnect, device number 19 [ 520.197663][ T7568] syz.0.787[7568] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 520.197773][ T7568] syz.0.787[7568] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 520.489763][ T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 521.269076][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 521.292497][ T7571] loop4: detected capacity change from 0 to 8192 [ 521.301955][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 521.329741][ T7310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.337677][ T7571] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 521.473700][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 521.489790][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 521.509810][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 521.590603][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 521.604612][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 521.627076][ T7310] device veth0_vlan entered promiscuous mode [ 521.701359][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 521.736324][ T3755] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 521.764408][ T7] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 521.790933][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.979246][ T7310] device veth1_vlan entered promiscuous mode [ 522.086998][ T26] audit: type=1326 audit(1727164038.671:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.122047][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 522.130708][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 522.138705][ T7] usb 3-1: Product: syz [ 522.142915][ T7] usb 3-1: Manufacturer: syz [ 522.148969][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 522.150937][ T7599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.794'. [ 522.157330][ T7] usb 3-1: SerialNumber: syz [ 522.171955][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 522.197584][ T7] usb 3-1: config 0 descriptor?? [ 522.214523][ T26] audit: type=1326 audit(1727164038.671:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.216662][ T7310] device veth0_macvtap entered promiscuous mode [ 522.286791][ T7] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 522.308784][ T26] audit: type=1326 audit(1727164038.671:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.341711][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 522.372293][ T7310] device veth1_macvtap entered promiscuous mode [ 522.447890][ T26] audit: type=1326 audit(1727164038.671:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.458023][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.571457][ T26] audit: type=1326 audit(1727164038.671:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.617626][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.681865][ T26] audit: type=1326 audit(1727164038.671:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.706141][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.716994][ T26] audit: type=1326 audit(1727164038.681:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.739548][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.774858][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.862861][ T26] audit: type=1326 audit(1727164038.681:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 522.966408][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.071885][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.128638][ T26] audit: type=1326 audit(1727164038.681:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 523.228965][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.366774][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.385474][ T26] audit: type=1326 audit(1727164038.681:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 523.420354][ T7] gspca_sonixj: reg_w1 err -110 [ 523.425437][ T7] sonixj: probe of 3-1:0.0 failed with error -110 [ 523.433950][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.435864][ T26] audit: type=1326 audit(1727164038.681:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7596 comm="syz.3.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f336477def9 code=0x7ffc0000 [ 523.466818][ T151] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 523.489937][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.547596][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.567419][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.587237][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.607813][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.633198][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.670389][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 523.704189][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 523.714302][ T5219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 523.837577][ T7613] loop3: detected capacity change from 0 to 256 [ 523.900148][ T7613] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 523.938288][ T7613] syz.3.798: attempt to access beyond end of device [ 523.938288][ T7613] loop3: rw=524288, sector=524408, nr_sectors = 1 limit=256 [ 523.952658][ T7613] syz.3.798: attempt to access beyond end of device [ 523.952658][ T7613] loop3: rw=0, sector=524408, nr_sectors = 1 limit=256 [ 524.136842][ T7613] exFAT-fs (loop3): hint_cluster is invalid (65537) [ 524.145341][ T7613] exFAT-fs (loop3): error, failed to bmap (inode : ffff888057f5a1e0 iblock : 8, err : -5) [ 524.155429][ T7613] exFAT-fs (loop3): Filesystem has been set read-only [ 524.163674][ T7613] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 524.178695][ T7614] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 524.186961][ T7614] exFAT-fs (loop3): error, failed to bmap (inode : ffff888057f5a1e0 iblock : 8, err : -5) [ 524.198194][ T7614] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 524.525872][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.577423][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.588089][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.603888][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.633522][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.644497][ T7624] loop3: detected capacity change from 0 to 256 [ 524.644917][ T151] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 524.667212][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.689014][ T7623] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 524.704544][ T151] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 524.716705][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.724341][ T6025] usb 3-1: USB disconnect, device number 6 [ 524.727838][ T151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.741828][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.759872][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.774510][ T151] usb 1-1: config 0 descriptor?? [ 524.789443][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.800166][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.811225][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.826280][ T151] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 524.836765][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.848453][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.860579][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.871548][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.915366][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 524.949700][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 524.960476][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 525.002102][ T7310] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.014403][ T7310] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.035941][ T7310] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.046814][ T7629] syz.2.801[7629] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 525.046926][ T7629] syz.2.801[7629] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 525.109337][ T7310] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.261314][ T7637] Illegal XDP return value 4294967262 on prog (id 398) dev N/A, expect packet loss! [ 526.066295][ T7641] loop3: detected capacity change from 0 to 64 [ 526.143569][ T7641] hfs: unable to parse mount options [ 526.154170][ T3722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.186792][ T3722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.257681][ T3797] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 526.316178][ T3797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.361805][ T3797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.412215][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 526.478797][ T7648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.806'. [ 527.093482][ T7] usb 1-1: USB disconnect, device number 20 [ 529.489994][ T7669] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 529.543548][ T3107] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 529.725162][ T26] kauditd_printk_skb: 30 callbacks suppressed [ 529.725187][ T26] audit: type=1326 audit(1727164046.391:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7674 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3ceb7def9 code=0x7fc00000 [ 529.813650][ T3107] usb 4-1: Using ep0 maxpacket: 8 [ 529.833454][ T26] audit: type=1326 audit(1727164046.391:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7674 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3ceb7def9 code=0x7fc00000 [ 529.926828][ T26] audit: type=1326 audit(1727164046.391:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7674 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3ceb7def9 code=0x7fc00000 [ 530.002318][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.820'. [ 530.253491][ T3686] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 530.265826][ T7701] loop1: detected capacity change from 0 to 512 [ 530.273852][ T3107] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 530.291812][ T3107] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.324362][ T3107] usb 4-1: Product: syz [ 530.328720][ T3107] usb 4-1: Manufacturer: syz [ 530.335843][ T7701] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 530.351529][ T3107] usb 4-1: SerialNumber: syz [ 530.377105][ T7701] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 530.388235][ T3107] usb 4-1: config 0 descriptor?? [ 530.407429][ T7701] System zones: 1-12 [ 530.449850][ T3107] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 530.479451][ T7701] EXT4-fs (loop1): 1 truncate cleaned up [ 530.524856][ T7701] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 530.803554][ T3686] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 530.823450][ T3686] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 530.832535][ T3686] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.881957][ T3686] usb 5-1: config 0 descriptor?? [ 530.948632][ T3686] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 531.304409][ T3107] gspca_sonixj: reg_r err -32 [ 531.309209][ T3107] sonixj: probe of 4-1:0.0 failed with error -32 [ 531.464028][ T7718] loop4: detected capacity change from 0 to 16 [ 531.633900][ T7718] erofs: (device loop4): mounted with root inode @ nid 36. [ 531.643188][ T7718] syz.4.819: attempt to access beyond end of device [ 531.643188][ T7718] loop4: rw=0, sector=8, nr_sectors = 16 limit=16 [ 531.657454][ T7718] syz.4.819: attempt to access beyond end of device [ 531.657454][ T7718] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 531.670970][ T7718] syz.4.819: attempt to access beyond end of device [ 531.670970][ T7718] loop4: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 532.971133][ T3681] usb 4-1: USB disconnect, device number 4 [ 532.983049][ T7720] loop2: detected capacity change from 0 to 2048 [ 533.072013][ T7720] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 533.250704][ T6332] EXT4-fs (loop2): unmounting filesystem. [ 533.260092][ T7723] loop3: detected capacity change from 0 to 8192 [ 533.286439][ T7723] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 533.434875][ T3876] usb 5-1: USB disconnect, device number 8 [ 534.070681][ T7740] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 534.181934][ T7744] loop4: detected capacity change from 0 to 1024 [ 534.276758][ T7748] cgroup: none used incorrectly [ 534.328515][ T7752] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'. [ 534.457182][ T7748] loop3: detected capacity change from 0 to 2048 [ 534.528710][ T7748] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 534.545100][ T7758] syz.0.832[7758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 534.545211][ T7758] syz.0.832[7758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 535.551677][ T3107] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 536.243699][ T3107] usb 3-1: Using ep0 maxpacket: 8 [ 536.533700][ T3107] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 536.573822][ T3107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.581962][ T3107] usb 3-1: Product: syz [ 536.625744][ T7781] netlink: 48 bytes leftover after parsing attributes in process `syz.0.838'. [ 536.686246][ T7763] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 537.039376][ T7781] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 537.136585][ T7763] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 537.170273][ T3107] usb 3-1: Manufacturer: syz [ 537.175029][ T3107] usb 3-1: SerialNumber: syz [ 537.184996][ T3107] usb 3-1: config 0 descriptor?? [ 537.190348][ T7763] EXT4-fs (loop3): This should not happen!! Data will be lost [ 537.190348][ T7763] [ 537.201117][ T7763] EXT4-fs (loop3): Total free blocks count 0 [ 537.207991][ T7763] EXT4-fs (loop3): Free/Dirty block details [ 537.225825][ T3107] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 537.234024][ T7763] EXT4-fs (loop3): free_blocks=2415919104 [ 537.239860][ T7763] EXT4-fs (loop3): dirty_blocks=16 [ 537.264373][ T7763] EXT4-fs (loop3): Block reservation details [ 537.270423][ T7763] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 537.337893][ T7791] ------------[ cut here ]------------ [ 537.345101][ T7791] WARNING: CPU: 1 PID: 7791 at net/wireless/core.h:231 cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.355577][ T7791] Modules linked in: [ 537.359525][ T7791] CPU: 1 PID: 7791 Comm: syz.4.839 Not tainted 6.1.111-syzkaller #0 [ 537.367616][ T7791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 537.377890][ T7791] RIP: 0010:cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.384930][ T7791] Code: f7 8b 05 b6 92 5d 0d 89 05 28 92 5d 0d 48 8b 3d 15 93 5d 0d e8 a8 e3 ab f7 48 c7 c0 40 71 79 97 e9 a3 fd ff ff e8 f7 cf 6e f7 <0f> 0b e9 f4 fb ff ff e8 eb cf 6e f7 0f 0b e9 7f fd ff ff e8 df cf [ 537.404636][ T7791] RSP: 0018:ffffc9000318f740 EFLAGS: 00010283 [ 537.410756][ T7791] RAX: ffffffff8a1bdf49 RBX: 0000000000000000 RCX: 0000000000040000 [ 537.418848][ T7791] RDX: ffffc90003891000 RSI: 0000000000000b88 RDI: 0000000000000b89 [ 537.426913][ T7791] RBP: ffffc9000318f7f0 R08: ffffffff8a1bdb1c R09: ffffed100f225015 [ 537.435084][ T7791] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100e1f8800 [ 537.443099][ T7791] R13: ffff888070fc4000 R14: 1ffff92000631eec R15: ffff888144fb0760 [ 537.451176][ T7791] FS: 00007fb870f426c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 537.460285][ T7791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 537.466968][ T7791] CR2: 00007fb870f41f98 CR3: 0000000026e26000 CR4: 00000000003506e0 [ 537.475129][ T7791] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 537.483140][ T7791] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 537.491220][ T7791] Call Trace: [ 537.494591][ T7791] [ 537.497563][ T7791] ? __warn+0x15a/0x520 [ 537.501774][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.507541][ T7791] ? report_bug+0x2af/0x500 [ 537.512099][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.517913][ T7791] ? handle_bug+0x3d/0x70 [ 537.522284][ T7791] ? exc_invalid_op+0x16/0x40 [ 537.527062][ T7791] ? asm_exc_invalid_op+0x16/0x20 [ 537.532140][ T7791] ? cfg80211_wireless_stats+0x19c/0x6c0 [ 537.537897][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.543639][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.549335][ T7791] ? cfg80211_wext_giwretry+0x360/0x360 [ 537.555001][ T7791] ? mutex_lock_nested+0x10/0x10 [ 537.559990][ T7791] wireless_dev_seq_show+0x47/0x490 [ 537.565292][ T7791] ? kvmalloc_node+0x6e/0x180 [ 537.570008][ T7791] ? __kmalloc_node+0xe3/0x230 [ 537.574891][ T7791] traverse+0x1d5/0x530 [ 537.579107][ T7791] seq_read_iter+0xc0c/0xd10 [ 537.583831][ T7791] seq_read+0x289/0x380 [ 537.588042][ T7791] ? aa_path_link+0xea0/0xea0 [ 537.592771][ T7791] ? seq_open+0x130/0x130 [ 537.597222][ T7791] ? end_current_label_crit_section+0x147/0x170 [ 537.603576][ T7791] ? seq_open+0x130/0x130 [ 537.607953][ T7791] proc_reg_read+0x1f9/0x2e0 [ 537.612586][ T7791] do_iter_read+0x500/0xc80 [ 537.617196][ T7791] ? vfs_iter_read+0xa0/0xa0 [ 537.621842][ T7791] do_preadv+0x20e/0x350 [ 537.626174][ T7791] ? do_writev+0x460/0x460 [ 537.630685][ T7791] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 537.636779][ T7791] ? print_irqtrace_events+0x210/0x210 [ 537.642294][ T7791] ? syscall_enter_from_user_mode+0x2e/0x230 [ 537.648385][ T7791] ? lockdep_hardirqs_on+0x94/0x130 [ 537.653681][ T7791] ? syscall_enter_from_user_mode+0x2e/0x230 [ 537.659713][ T7791] do_syscall_64+0x3b/0xb0 [ 537.664224][ T7791] ? clear_bhb_loop+0x45/0xa0 [ 537.668949][ T7791] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 537.674931][ T7791] RIP: 0033:0x7fb87017def9 [ 537.679386][ T7791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.699082][ T7791] RSP: 002b:00007fb870f42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 537.707600][ T7791] RAX: ffffffffffffffda RBX: 00007fb870335f80 RCX: 00007fb87017def9 [ 537.715665][ T7791] RDX: 0000000000000001 RSI: 0000000020001540 RDI: 0000000000000003 [ 537.723722][ T7791] RBP: 00007fb8701f0b76 R08: 0000000000600000 R09: 0000000000000000 [ 537.731734][ T7791] R10: 000000000000020d R11: 0000000000000246 R12: 0000000000000000 [ 537.739790][ T7791] R13: 0000000000000000 R14: 00007fb870335f80 R15: 00007ffc7b3ac338 [ 537.747856][ T7791] [ 537.750915][ T7791] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 537.758214][ T7791] CPU: 1 PID: 7791 Comm: syz.4.839 Not tainted 6.1.111-syzkaller #0 [ 537.766202][ T7791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 537.776259][ T7791] Call Trace: [ 537.779536][ T7791] [ 537.782469][ T7791] dump_stack_lvl+0x1e3/0x2cb [ 537.787168][ T7791] ? nf_tcp_handle_invalid+0x642/0x642 [ 537.792640][ T7791] ? panic+0x764/0x764 [ 537.796719][ T7791] ? 0xffffffffa0003b40 [ 537.800878][ T7791] ? vscnprintf+0x59/0x80 [ 537.805222][ T7791] panic+0x318/0x764 [ 537.809126][ T7791] ? __warn+0x169/0x520 [ 537.813288][ T7791] ? memcpy_page_flushcache+0xfc/0xfc [ 537.818698][ T7791] __warn+0x348/0x520 [ 537.822690][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.828340][ T7791] report_bug+0x2af/0x500 [ 537.832673][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.838321][ T7791] handle_bug+0x3d/0x70 [ 537.842493][ T7791] exc_invalid_op+0x16/0x40 [ 537.846996][ T7791] asm_exc_invalid_op+0x16/0x20 [ 537.851860][ T7791] RIP: 0010:cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.858117][ T7791] Code: f7 8b 05 b6 92 5d 0d 89 05 28 92 5d 0d 48 8b 3d 15 93 5d 0d e8 a8 e3 ab f7 48 c7 c0 40 71 79 97 e9 a3 fd ff ff e8 f7 cf 6e f7 <0f> 0b e9 f4 fb ff ff e8 eb cf 6e f7 0f 0b e9 7f fd ff ff e8 df cf [ 537.877814][ T7791] RSP: 0018:ffffc9000318f740 EFLAGS: 00010283 [ 537.883886][ T7791] RAX: ffffffff8a1bdf49 RBX: 0000000000000000 RCX: 0000000000040000 [ 537.891862][ T7791] RDX: ffffc90003891000 RSI: 0000000000000b88 RDI: 0000000000000b89 [ 537.899837][ T7791] RBP: ffffc9000318f7f0 R08: ffffffff8a1bdb1c R09: ffffed100f225015 [ 537.907812][ T7791] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100e1f8800 [ 537.915791][ T7791] R13: ffff888070fc4000 R14: 1ffff92000631eec R15: ffff888144fb0760 [ 537.923772][ T7791] ? cfg80211_wireless_stats+0x19c/0x6c0 [ 537.929420][ T7791] ? cfg80211_wireless_stats+0x5c9/0x6c0 [ 537.935078][ T7791] ? cfg80211_wext_giwretry+0x360/0x360 [ 537.940640][ T7791] ? mutex_lock_nested+0x10/0x10 [ 537.945635][ T7791] wireless_dev_seq_show+0x47/0x490 [ 537.950840][ T7791] ? kvmalloc_node+0x6e/0x180 [ 537.955523][ T7791] ? __kmalloc_node+0xe3/0x230 [ 537.960327][ T7791] traverse+0x1d5/0x530 [ 537.964528][ T7791] seq_read_iter+0xc0c/0xd10 [ 537.969146][ T7791] seq_read+0x289/0x380 [ 537.973310][ T7791] ? aa_path_link+0xea0/0xea0 [ 537.978003][ T7791] ? seq_open+0x130/0x130 [ 537.982356][ T7791] ? end_current_label_crit_section+0x147/0x170 [ 537.988613][ T7791] ? seq_open+0x130/0x130 [ 537.992954][ T7791] proc_reg_read+0x1f9/0x2e0 [ 537.997553][ T7791] do_iter_read+0x500/0xc80 [ 538.002084][ T7791] ? vfs_iter_read+0xa0/0xa0 [ 538.006691][ T7791] do_preadv+0x20e/0x350 [ 538.010947][ T7791] ? do_writev+0x460/0x460 [ 538.015397][ T7791] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 538.021397][ T7791] ? print_irqtrace_events+0x210/0x210 [ 538.026867][ T7791] ? syscall_enter_from_user_mode+0x2e/0x230 [ 538.032871][ T7791] ? lockdep_hardirqs_on+0x94/0x130 [ 538.038074][ T7791] ? syscall_enter_from_user_mode+0x2e/0x230 [ 538.044072][ T7791] do_syscall_64+0x3b/0xb0 [ 538.048499][ T7791] ? clear_bhb_loop+0x45/0xa0 [ 538.053189][ T7791] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 538.059179][ T7791] RIP: 0033:0x7fb87017def9 [ 538.063683][ T7791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.083310][ T7791] RSP: 002b:00007fb870f42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 538.091742][ T7791] RAX: ffffffffffffffda RBX: 00007fb870335f80 RCX: 00007fb87017def9 [ 538.099717][ T7791] RDX: 0000000000000001 RSI: 0000000020001540 RDI: 0000000000000003 [ 538.107691][ T7791] RBP: 00007fb8701f0b76 R08: 0000000000600000 R09: 0000000000000000 [ 538.115676][ T7791] R10: 000000000000020d R11: 0000000000000246 R12: 0000000000000000 [ 538.123655][ T7791] R13: 0000000000000000 R14: 00007fb870335f80 R15: 00007ffc7b3ac338 [ 538.131904][ T7791] [ 538.135065][ T7791] Kernel Offset: disabled [ 538.139482][ T7791] Rebooting in 86400 seconds..