last executing test programs: 2m29.047198016s ago: executing program 4 (id=1021): socket$netlink(0x10, 0x3, 0x12) socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$inet_udp(0x2, 0x2, 0x0) io_pgetevents(0x0, 0x3, 0x0, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0), 0x8}) io_submit(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x2d00, r0, 0x0}]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x0, 0x2003) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000100)={r6, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r7}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$snddsp(r8, &(0x7f0000000740)=""/56, 0x38) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x14}}, 0x0) 2m26.769155224s ago: executing program 4 (id=1025): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000000000003fb9924ba97a293296000000000005001b000000000006001d00000000004bf45a00b353e8bd50e9516e6d943a7190d4da7a61b8b7cca5e509c7c2b76a4dc7ef73eb8220aa5d5864451dc0057c38e63626896faf822a31720af102dcd1980a44a22d1a7a278c17d8cac6bbf801538a2a5369447c19a1375d471e06ea222137555e5c7d0f1e0d07eef52ad9544b246b1c483338b71d08c39640079be2b3bb773403f1ed2391755122a45495ecba4706725551fd175cfa44ce1ab9c064ccdfedb07aae3118199fa59bb095b1d89039b61e9871129677b4fe86e79f65b9"], 0x2c}}, 0x0) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$igmp6(0xa, 0x3, 0x2) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r2]}, 0x80) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x7, 0x80, r2, 0xfffffffe}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x19, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe0000000}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) unshare(0x22020600) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_END_FF_ERASE(r5, 0x400c55cb, &(0x7f0000000040)={0x10}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x35) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz0\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000640)='cpu.weight.nice\x00', 0x2, 0x0) write$cgroup_int(r7, &(0x7f0000000200), 0x12) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x38) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000140)={r3, 0x58, &(0x7f00000000c0)}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18030000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x200000000006}]}) syz_emit_ethernet(0xd2, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x9c, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "b0575c7b4df2bddabab59df4a56afe54ba6a5d5d0d170fca692c777338468608", "29accf2af44c0e1aaaaf532417a91cadd9e65f82310f80cf64f46c761191fda0a250498ce1b5c603debf9e05d8de03dc", "3d73abde0d0700c3001000000000496b31143860dbd100", {"6cde9c5018586db672628c1415233979", "ba3df3d8a8490bce9cafc2ab6acde477"}}}}}}}}, 0x0) timer_create(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x0, 0x0, 0xd}, @restrict]}}, &(0x7f0000000180)=""/253, 0x32, 0xfd, 0x1}, 0x20) 2m24.164124758s ago: executing program 1 (id=1034): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000003900)={0x2, 0x0, @multicast1}, 0x10) ioperm(0x0, 0x0, 0x2) 2m22.261643279s ago: executing program 1 (id=1037): socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) chdir(0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x1100, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 2m21.391253317s ago: executing program 4 (id=1042): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_procfs(r0, &(0x7f0000000340)='net/protocols\x00') r3 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) socket$packet(0x11, 0x3, 0x300) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) symlinkat(&(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='efs\x00', 0x0, 0x0) 2m21.178836747s ago: executing program 0 (id=1043): syz_read_part_table(0x1064, &(0x7f0000001700)="$eJzsz7FNxEAUBNBZ29hLRk7iiI5IERKFYJGQ0Ag0Qgc0QAlERHvas64GX/BesiONdqQfDna35DlLSl7exyQlrWzDpRzSWms9LUnNmtpDbpOb37enh8xJxjLnO9P+Yd6fMfevrfT0V/vYlP99p+azrOdmy8fP49cxNwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdTkFAAD//6eSFUs=") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x6, 0x0, @void}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r1, 0x6, 0x0, @val=@tracing}, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup=r2, 0x6, 0x0, 0x0, &(0x7f0000002380)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40) 2m18.55403661s ago: executing program 4 (id=1044): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000003c0), 0x12) r3 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$AUDIT_MAKE_EQUIV(r0, 0x0, 0x8001) read$FUSE(r0, &(0x7f0000001440)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000008c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000180)={r6, 0x0, r5}) 2m18.343454347s ago: executing program 1 (id=1047): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000007c0)='./file0\x00', 0x2000002, &(0x7f0000000300)=ANY=[@ANYBLOB='shortad,gid=forget,adinicb,adinicb,uid=forget,undelete,nostrict,iocharset=maccenteuro,undelete,fileset=00000000000000000002,unhide,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=', @ANYRESDEC=0x0, @ANYBLOB="2c00f7a6ec8b5559fe1eece1345fc988eb2dcc1538805c317fc8596d8cef813ac7f3825590db71d7995eec6d7a1f0d7017f369dcba793746efa52acff040d520b5ce3dadf8c1da8f37c703b51449fa42f35d10c335f51783fa157d79df202562a5e9c945feceb2f4500bc0228e2fa03ddae8d49c34f2db9a2c71b700000000000000d7788d6bc330c4bfcf7b9e6cc7216166b12cfe4211ba17dae7f8f549b21e32b514905ca6ce927503be3a6e14996ded92b35cff030000bc55c4fb26db440f2cc7cb8ca3f911c8022e141d57678209736c9c2f9a6d3a1a6c310f02e94f37c471741250982d9b060b1fbcf808a2e583eacef6c1eac97808525c2d0c6dd9174bda2363e94641cd2302c1553ebabf0e20"], 0xfc, 0xc2d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) unlinkat(r1, &(0x7f0000000280)='./file1\x00', 0x0) renameat2(r0, &(0x7f0000000140)='./file1\x00', r0, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlinkat(r0, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 2m17.648667468s ago: executing program 0 (id=1049): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000003900)={0x2, 0x0, @multicast1}, 0x10) ioperm(0x0, 0x0, 0x2) 2m15.282421844s ago: executing program 0 (id=1050): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="3a10bd003aba0c70", 0x8}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="300000000000000017e2ffff01000000180000000100000002f4596a8034a9ab3e395939422ffab456dd833a00000000180000000000000017c70f000400000006020000000000001800000000000000170100000300000001"], 0x60}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000180)=""/104, 0x68}], 0x1}, 0x10140) 2m15.165501317s ago: executing program 4 (id=1051): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6) 2m15.080540979s ago: executing program 1 (id=1053): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) quotactl$Q_SETQUOTA(0xffffffff80000800, 0x0, 0x0, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000080)={@local, @broadcast, @void, {@llc={0x4, {@snap={0x0, 0x0, "af", '50x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000200001000000200000008003fe67a000000080061"], 0x24}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0) 2m14.497839795s ago: executing program 1 (id=1059): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000d00)={'#! ', './file0', [], 0xa, "2e7524d8ce7f784dc5ef1d9fbb7895a87a066e5efe145a4f2d0b9c6ef4d29306cceaea05a1314a5b98d2bcdd0bfeff6d438ab9badc8783b4465c7c471e3b9923933d439ac52de881c3ead5079f98a7e25868fe1182603478871cb02b423db8ceffffffdf00000000d8f88abd00000000000059eed703"}, 0x81) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) getsockopt$inet_int(r0, 0x0, 0x33, 0x0, &(0x7f0000000080)) 2m14.11908828s ago: executing program 1 (id=1061): socket$inet6(0xa, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x3210052, &(0x7f0000000280)={[{}, {@discard}, {@discard}, {@order_strict}, {@nobarrier}, {@order_relaxed}, {@order_strict}, {}, {@order_strict}, {}], [], 0x2c}, 0x1, 0xebd, &(0x7f0000004540)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfVSpMRV7PfWu8+e7npsz9q7v5/07ds3b3a+b7yRMzOefRuAkdVYfTx5cr4I4d1P33n05aeK315fdld7jSOrj0XstUIIzY5+kW3v87jg6pWXzmzWFuH46mPqh8cut187HUJYDkfCZ6EVPlpc+vLD9x45+vHrU7e8dfGZV3Zp99vy/QAAgGF06c9Lf7/vn396YO6rS4dPh8n28nR83or96XjcfyweKKfj5Ubo7hcd0WkiW28sRiNbbyxbbzzLM16Sr5ltp1my3kSPfGMdyzbbTwAAANiP0nltKxSNha5+o7GwsHbef93nsxPFwnPnl85dGFChAAAAQGX/eXX1plshhBBCCCGEEEIMcazMDvoKBAAAADBq8vnCNlje2Zm62ltr9Zf/8sONzV8PO6Duf//y76/8H7zmNw4AANUN69Fk2q90HJ3mMcjnERzLXrfV4/9Gtp3xLdZZNq/gfplvsKzO/Oe6V5XVv9X3cVDK6s/nw9yryurP5+ncq8rqn6y5jqrK6p+quY6qyuo/UHMdVZXVf7DmOqoqq3+65jqqKqt/puY6qiqr/4aa66iqrP5DNddRVVn9++W22rL6WzXXUVVZ/XM111FVWf031lxHVWX131RzHVWV1X9zzXUMyp2xTT+Hw9l45/lzfk63X87xAAAAYNT91/x/QgghhBBCCCHE0Merg74AAQAAAAxc+lxA+tT7SpTGx3qMj/cYb/YYn+gxPtljHAAAAAjhd2+cu+3tYv1z/tudDy/NG5XmX9rqPEb5fIRbzb/dec+2m3+/zFsGAADAaCm+99m1+x99/4W5ry4dPt1x9nstnu+meUDH47WBT2I/3Rcwk/WLdA59ujtPo2S9/PrADWXbe3ybOwoAAAAjLJ2/t0LRWOg4726FRmNhYf18fD40i3Pnl84ei/30/Sx/nG1OXl/+UM11AwAAAP1bP9/f/Pw/fY/vfJgoFp47v3Tuwlp/pr282ei8LjC7vrzovC7QypYfL1l+IvbT93f+YPbA6vKFMz9cemqndx4AAABGxIUXLz7z5NLS2R954oknnrSfDPo3EwAAsNO++OKd5o9PzPx+7fP/6/Pfpc//H4n9Vpzb7y9xhXSfQPocwIbP6z/RnWe2bL3nu9drZeuNxZjM6p7q2E7omG8wvW6uLF+rezsTJfmms3wzWb58noLxbP2U71C2PJ+fMK03my3P52Ecz3IUWf67AwAAAJRbfOHZ5xcvvHjxwfPPPvn02afPPnfi+Knvnjp17KHvPLS4el//Yufd/QAAAMB+tH7T76ArAQAAAAAAAAAAAAAAAAAAgNFVx9eJDXofAQAAYNT9+9UQwrIQoiTWvgJz8HUIIYQQQvSOsT1QgxBiz8bKSv5N8wAAAAC76+qVl850thssFzuar7211lpzLeZN7cyDf5u7Hmm1yw93Xy85uKPVMOrq/vcv//7K/8FrO5t/Kj3p+/dfo3sDp6vlvXfxl/Od+W8f7zN/vv+PV8t/NMt/b+gv/8r7Wf4nquW/L8t/sM/8G/b/+Wr574/552P/6D395u9+/ydjm/bjQJ/5v53t/1Oh3/zZ/rf6TJh5IOYHgFHUGHQBuyQdJaTj6OnYT/sbDzdDfvfDVo//G9l2xrddefd203HQrbGfjpdmsrzJVuufzrZ3Q8U6c/vlrpKy+nfqfdxtZfU3a66jqrL6J2quo6qy+idrrqOqsvqnaq6jqrL6+z0PHbSy+vfLdeWy+qdrrqOqsvpnaq6jqrL6t/r/+KCU1X+o5jqqKqt/tuY6qiqrv+JltdqV1T9Xcx1VldV/Y811VFVW/00111FVWf0311zHoNwR27Lz4XT+ORvHUr+V9Sc3+VkO67UFAAAA2G/+Zf4/IYQQQgghhBBi6GNlZdBXIBik3f00MwB7ld//o837P9q8/6PN+8//k+7hL7J+MtZjfLzHeLPH+EQ2nv97newxflO23ZUojd/cY/xrPcYP9Ri/tcf4fI/x23qM395j/I4e4wAAAIyGW2Lr/BAAAACG18u/+uTN39z7xJW5ry4dPh0mNsw7fyz2J+Pf1t+I/Xze+6QZ/+b/k9j/RWz/ENt/ZOu7/wQAAAB2X/qeGH//BwAAgOGVvqfU+T8AAAAMr7nYOv8HAACA4XVjbJ3/AwAAwBArpjZfHNt0XeDu2PY7rx8AsPd9PbZ3xvZwbO+K7Tdim44D7ontN2uqDwDYOT///k9PvV2sz/d/Ihu/GpendoPltSsFRaN7Jv8DsT0Y22/1WU/+fQD95k8O9Zlnt/LPbjM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8GquPJ0/OFyG8++k7j/5s4s2/Xl92V3uNI6uPRey1QgjN9uvS6Hr/13HFq1deOtPZXottEY6HIhTt5eGxy+1M0yGE5XAkfBZa4aPFpS8/fO+Rox+/PnXLWxefeWUXfwRd+wcAAADD6H8BAAD//8WNHkw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0186e86, &(0x7f0000000080)={@id={0x20000000, 0x0, @auto="660005002800a73e1baeff79da3b89f5"}}) 2m13.776584006s ago: executing program 0 (id=1065): syz_open_dev$dri(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000002340)='./bus\x00') r1 = open(&(0x7f0000007f80)='./bus\x00', 0x141142, 0x0) ftruncate(r1, 0x2007ffb) r2 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index}) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000400)='./bus\x00', 0x500, 0x0) 2m11.662322345s ago: executing program 0 (id=1068): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) write$nci(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="400404ff"], 0x7) r3 = socket$packet(0x11, 0x2, 0x300) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r4) sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f0000000240)={0x14, r5, 0x1}, 0x14}}, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6}]}, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x200009, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_mr_vif\x00') r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f00000014c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000001440)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r10, 0x0, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r10, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r11}}, 0x10) mq_open(&(0x7f0000000040)='!selinuxsel\xad\"\x0e\xabx\xb8\xc9\xa8x\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'gre0\x00'}) 1m0.269984375s ago: executing program 2 (id=1135): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x8c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}]}}, @filter_kind_options=@f_route={{0xa}, {0x18, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x4}]}}]}, 0x8c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0xc4382, 0x0) r2 = dup(r1) r3 = socket$alg(0x26, 0x5, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000080)=""/175, 0x59003, 0x0, 0x0, 0x10000000000000) sendfile(r4, r2, 0x0, 0x8a000) 58.502145413s ago: executing program 2 (id=1139): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="5f000047bc041000", @ANYRES64=r1, @ANYBLOB="070000000000000400000000000000000800000000000000402d2f5c260d802d000000000000000000000000000000000a000000000000002f3e0d762f6375736500000000000000"], 0x58) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000380)={0x0, 0x0, 0x100000}, 0x20) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x48, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action_no_ack={{{}, {}, @device_b, @device_a, @from_mac=@broadcast}, @delba={0x3, 0x2, {{}, 0x0, {0xbd, 0x6}}}}}]}, 0x48}}, 0x0) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r6, 0x8008700b, &(0x7f0000000840)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) unshare(0x2a020400) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) close(r7) mount$fuse(0x0, &(0x7f0000002240)='./file0/file0\x00', 0x0, 0x280000, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x198, [], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000004ff8d978fa7ef9850000000000e5ffffffffffffff000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000040000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000799e3b3c00000001000000000000000000ffffffff01000000110000000000000000000300736630b08d4a395bd1d6febe0dc24d5fe679000011000000000008000064756d6d793000000000000000000000010000000000000000000000000000006c6f00000000200000000000f8ffffffffffff000000000000000070000000a8000000d8000000646e6174000000000000200000000000000000000002000000000000000000586a2fb10000000000aaaaaaaaaaaa000001"]}, 0x1d9) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.numa_stat\x00', 0x275a, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644", 0x127}], 0x1}, 0x0) write$binfmt_script(r8, &(0x7f00000001c0), 0x208e256) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r8, 0x0) r9 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r9, 0x0, 0x81, &(0x7f00000004c0)={'nat\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88) r10 = syz_io_uring_setup(0x279, &(0x7f00000021c0)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r10, 0x3701, 0x0, 0x0, 0x0, 0x0) 57.29617177s ago: executing program 2 (id=1142): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)}) r5 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0) landlock_restrict_self(r6, 0x0) r7 = syz_pidfd_open(r5, 0x0) setns(r7, 0x10000000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_SETPLANE(r4, 0xc03064b7, &(0x7f0000000040)={r8, 0x0, 0x0, 0x2, 0x0, 0x80000000, 0x0, 0xfffffffc, 0x0, 0x4}) ioctl$DRM_IOCTL_MODE_SETPLANE(r4, 0xc03064b7, &(0x7f0000000a00)={r9}) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x0, 0x0}, 0x0) 52.448050228s ago: executing program 2 (id=1145): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r4, 0x851, 0x0) 50.943786757s ago: executing program 2 (id=1147): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21d, &(0x7f0000000b40)="$eJzsmL9rFEEUx78zu7e5FRFtUthYGDCi2cvuoaQ5NIJgJULir0oPs4Z4m5xcVjAHgsHGRjsLwcbCf8AiRSoLO/8BQQsVBAuvsLCxGZmd2b1JJnGPNVa+TzF8Z9978+a9233FgSCI/5Yvn39+enJuZv4kgP2YwJh+/s0BGFOaG/4fn9878ax1/sXrD6/erhx4sLn9PBkixNYH9T/kdwG8mXWQFpmK6F9STOjNPHihL4PjuNZXwRBofRMcV7SOwXBd6zuG7kr/ILi9lMTBrW6yIMW0XEK5RHJpbr/fYJ1hQe+FEIIZ9tW1fqedJHHPEK627WCqJIpknXGrfzV4GMxytIz7yS5ee/xoXe7z3kwb/QvBEeoimmCY089nMJb3RrXEqP+wOzzfserfsVrpKg1lRdaVaP3Yk2aZ4tBUtfBJWc5Z23QQVa6BrVE1DE2yk3tbsvXqZMItfxfP6B+0Qq6Lo1bx1Afwjyo1RaUqcjE+2Hxnm76WhQtWnoKN/v7UR71z/iFW75iPfof/Tcd2u9j7DTU/xEuGY8Z8co350UiX7zZW1/pTS8vtxXgxXomi5mkGPDwVNbJBpFZr7g3ns5/Np33G+bVdfD3u4X47TXuhWj3mwUea9qJsHxmfzdxG9/sNHZbiAoCjaiPHplec6Fg5mKd8eOYr1aTtRBAEQRAEQRAEQRAEQRAEUYkjYNm/oCVElzLv3wEAAP//0Ixjlw==") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) getdents(r0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x0) getdents(r2, 0x0, 0x5e) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r3, 0xfffffffffffffffb, 0x2) getdents(r3, 0x0, 0x0) 50.555952801s ago: executing program 2 (id=1148): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x8c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}]}}, @filter_kind_options=@f_route={{0xa}, {0x18, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x4}]}}]}, 0x8c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0xc4382, 0x0) r2 = dup(r1) r3 = socket$alg(0x26, 0x5, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000080)=""/175, 0x59003, 0x0, 0x0, 0x10000000000000) sendfile(r4, r2, 0x0, 0x8a000) 4.279563852s ago: executing program 5 (id=1243): r0 = socket$netlink(0x10, 0x3, 0x15) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) r3 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x50200, 0x4, 0x8}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000240)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@local}}, 0x0) r5 = getegid() fchownat(r3, 0x0, r4, r5, 0x100) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r1, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r2}, 0x20) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) close_range(r1, r6, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)=0x0) capset(&(0x7f0000000240)={0x20080522, r7}, &(0x7f0000000080)={0x0, 0x0, 0x1000, 0x3}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_CHANNEL_POLICY(r9, 0x112, 0xa, 0x0, 0x0) r10 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) process_vm_readv(r10, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) r11 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r11, 0x0, 0x2e, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @broadcast}}}, 0x108) r12 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r12, &(0x7f0000000100), 0x0, 0x5e, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8932, &(0x7f00000000c0)={'veth1_vlan\x00'}) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300fff5dd00000008000100090c100000000000224e0000", 0x58}], 0x1) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0x6000, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.events\x00', 0x0, 0x0) 3.495656097s ago: executing program 5 (id=1244): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)) close(r1) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) r3 = dup(r2) write$uinput_user_dev(r3, &(0x7f0000000380)={'syz0\x00', {}, 0x0, [], [], [0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r0, &(0x7f0000002600)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8e], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3]}, 0x45c) write$uinput_user_dev(r3, &(0x7f0000000800)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) 3.375707753s ago: executing program 3 (id=1245): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x58, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2b, 0xe, {{{}, {}, @broadcast, @device_a, @random="fd0e2cfdb6bd"}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x58}}, 0x0) 2.84378654s ago: executing program 5 (id=1246): r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 2.574149482s ago: executing program 3 (id=1247): syz_emit_ethernet(0x4e, &(0x7f0000000a40)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "89d884", 0x18, 0x0, 0x0, @remote, @empty, {[@dstopts={0x3a, 0x2, '\x00', [@enc_lim, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x0, 0x4, "393de0e2"}]}]}}}}}, 0x0) 2.316247393s ago: executing program 5 (id=1248): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240), 0x27, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) renameat2(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5) 2.135962609s ago: executing program 3 (id=1249): syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x0, 0x401}}}, 0x7) 1.744000301s ago: executing program 3 (id=1250): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) syz_emit_ethernet(0xc2, &(0x7f00000000c0)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e2ffb28c599d1681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "24001100"/16}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x0, 0x6, "7f36c525"}]}]}}, "52badd41"}}}}}, 0x0) 1.42590741s ago: executing program 5 (id=1251): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x7a, 0x1000, 0x3a}, 0x1c) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0x156, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c20000000180c200010000006002000b01202f00fe880000000000000001fe8000000000000000000000000000aa2c13000000000000041c2de0e95a902e7cea5bab252d26c3b770c9a99e39c777b5ae5a9eb2270102000004000000000000c6c294280081eb3e603a2f3adf7614db5ee58a2163d159534d01000000f880eae52136f072f4fcc73e109e2a361b5c95a29d4072c910fe8800000000000000000000000000010921d4f316bd82c908ab3f8efe91e3124f19deb795764e8740c19800000201010000003204000000000000c20400000006000100c20400000003040103040105010100010700000000000dddc8659643000000000000000000242065580004000097de000000000800000086dd080088be00000000100000000100000000003396080022eb00000000200000000200000000000000000000000800"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) io_setup(0x9, &(0x7f0000000b80)=0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00102}]}) io_submit(r4, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000100)={0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xf, &(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRESHEX=r8, @ANYRESHEX=r2], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0xfffffffe}, 0xfffffffffffffd3b) 1.376645678s ago: executing program 3 (id=1252): r0 = socket$netlink(0x10, 0x3, 0x15) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) r3 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x50200, 0x4, 0x8}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000240)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@local}}, 0x0) r5 = getegid() fchownat(r3, 0x0, r4, r5, 0x100) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r1, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r2}, 0x20) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) close_range(r1, r6, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)=0x0) capset(&(0x7f0000000240)={0x20080522, r7}, &(0x7f0000000080)={0x0, 0x0, 0x1000, 0x3}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_CHANNEL_POLICY(r9, 0x112, 0xa, 0x0, 0x0) r10 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) process_vm_readv(r10, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) r11 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r11, 0x0, 0x2e, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @broadcast}}}, 0x108) r12 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r12, &(0x7f0000000100), 0x0, 0x5e, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8932, &(0x7f00000000c0)={'veth1_vlan\x00'}) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300fff5dd00000008000100090c100000000000224e0000", 0x58}], 0x1) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0x6000, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.events\x00', 0x0, 0x0) 302.365906ms ago: executing program 3 (id=1253): openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS={0x4}]}, 0x40}}, 0x0) 0s ago: executing program 5 (id=1254): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0) kernel console output (not intermixed with test programs): isabled [ 568.268518][ T9100] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 568.877549][ T9100] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 568.894120][ T4615] Bluetooth: hci2: command tx timeout [ 568.961778][ T29] audit: type=1326 audit(1722028717.630:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9128 comm="syz.0.944" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f438af77299 code=0x0 [ 569.280698][ T7757] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.454314][ T4615] Bluetooth: hci5: command tx timeout [ 569.596128][ T8638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 570.269795][ T9156] loop0: detected capacity change from 0 to 1024 [ 570.342276][ T9156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 570.593194][ T9156] loop0: detected capacity change from 1024 to 1001 [ 570.629056][ T9164] EXT4-fs error (device loop0): __ext4_new_inode:1069: comm syz.0.949: reserved inode found cleared - inode=1 [ 570.973134][ T4615] Bluetooth: hci2: command tx timeout [ 571.014900][ T47] bridge_slave_1: left allmulticast mode [ 571.020617][ T47] bridge_slave_1: left promiscuous mode [ 571.061167][ T7947] EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 16: comm syz-executor: path /68/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 571.105290][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.178908][ T47] bridge_slave_0: left allmulticast mode [ 571.214579][ T47] bridge_slave_0: left promiscuous mode [ 571.244315][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.353759][ T7947] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.534407][ T4615] Bluetooth: hci5: command tx timeout [ 571.989690][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 572.043930][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.085228][ T47] bond0 (unregistering): Released all slaves [ 572.822929][ T9094] chnl_net:caif_netlink_parms(): no params data found [ 572.913913][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.920325][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.053070][ T4615] Bluetooth: hci2: command tx timeout [ 573.693303][ T4615] Bluetooth: hci5: command tx timeout [ 574.460108][ T5246] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 574.470476][ T5246] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 574.479037][ T5246] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 574.484162][ T47] hsr_slave_0: left promiscuous mode [ 574.494347][ T5246] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 574.503900][ T5246] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 574.511503][ T5246] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 574.573040][ T47] hsr_slave_1: left promiscuous mode [ 574.613114][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.644305][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 576.032104][ T4615] Bluetooth: hci2: command tx timeout [ 576.037648][ T5246] Bluetooth: hci5: command tx timeout [ 576.078025][ T9208] loop5: detected capacity change from 0 to 1024 [ 576.315359][ T9208] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 576.468232][ T9218] input: syz1 as /devices/virtual/input/input7 [ 576.577581][ T4615] Bluetooth: hci3: command tx timeout [ 577.220392][ T47] team0 (unregistering): Port device team_slave_1 removed [ 577.601088][ T47] team0 (unregistering): Port device team_slave_0 removed [ 578.333470][ T9208] loop5: detected capacity change from 1024 to 1001 [ 578.351056][ T5246] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 578.373274][ T5246] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 578.389391][ T5246] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 578.399339][ T5246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 578.408489][ T5246] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 578.433288][ T5246] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 578.537267][ T7757] EXT4-fs error (device loop5): ext4_readdir:258: inode #2: block 16: comm syz-executor: path /93/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 578.657752][ T4615] Bluetooth: hci3: command tx timeout [ 578.707100][ T7757] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.496525][ T9107] chnl_net:caif_netlink_parms(): no params data found [ 579.585309][ T9251] sg_write: data in/out 1818846731/52 bytes for SCSI command 0x46-- guessing data in; [ 579.585309][ T9251] program syz.4.967 not setting count and/or reply_len properly [ 579.883897][ T9094] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.891226][ T9094] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.917320][ T9094] bridge_slave_0: entered allmulticast mode [ 579.951874][ T9094] bridge_slave_0: entered promiscuous mode [ 580.181639][ T9094] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.201747][ T9094] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.210204][ T9094] bridge_slave_1: entered allmulticast mode [ 580.234984][ T9094] bridge_slave_1: entered promiscuous mode [ 580.493926][ T4615] Bluetooth: hci1: command tx timeout [ 580.707182][ T9094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.733732][ T4615] Bluetooth: hci3: command tx timeout [ 580.817551][ T9107] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.854065][ T9107] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.876168][ T9107] bridge_slave_0: entered allmulticast mode [ 580.896320][ T9107] bridge_slave_0: entered promiscuous mode [ 580.991548][ T9094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 581.022392][ T9272] hugetlbfs: Bad value 'A' for mount option 'nr_inodes' [ 581.022392][ T9272] [ 581.176860][ T9107] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.197485][ T9107] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.235010][ T9107] bridge_slave_1: entered allmulticast mode [ 581.246455][ T9107] bridge_slave_1: entered promiscuous mode [ 581.491747][ T9094] team0: Port device team_slave_0 added [ 581.532639][ T9094] team0: Port device team_slave_1 added [ 581.947935][ T9107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.987177][ T5246] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 582.000254][ T5246] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 582.008746][ T5246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 582.018777][ T5246] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 582.027208][ T5246] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 582.050668][ T9107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 582.071737][ T5246] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 582.254575][ T9094] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.265445][ T9094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.310074][ T9094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.326415][ T9094] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.391913][ T9094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.447209][ T9094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.489725][ T9107] team0: Port device team_slave_0 added [ 582.532039][ T9107] team0: Port device team_slave_1 added [ 582.574875][ T4615] Bluetooth: hci1: command tx timeout [ 582.823053][ T4615] Bluetooth: hci3: command tx timeout [ 583.025246][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.032250][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.078161][ T9107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.189084][ T47] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.698118][ T9094] hsr_slave_0: entered promiscuous mode [ 583.719582][ T9094] hsr_slave_1: entered promiscuous mode [ 583.830686][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.865393][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 583.943576][ T9107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 584.031514][ T47] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.150883][ T5297] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 584.175073][ T4615] Bluetooth: hci0: command tx timeout [ 584.393005][ T5297] usb 5-1: Using ep0 maxpacket: 32 [ 584.405506][ T5297] usb 5-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=89.65 [ 584.416263][ T5297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.429280][ T47] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.445021][ T5297] usb 5-1: Product: syz [ 584.449224][ T5297] usb 5-1: Manufacturer: syz [ 584.462987][ T5297] usb 5-1: SerialNumber: syz [ 584.477013][ T5297] usb 5-1: config 0 descriptor?? [ 584.502206][ T5297] net1080 5-1:0.0: probe with driver net1080 failed with error -22 [ 584.653433][ T4615] Bluetooth: hci1: command tx timeout [ 584.873309][ T9] usb 5-1: USB disconnect, device number 6 [ 585.030304][ T47] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 585.077990][ T9233] chnl_net:caif_netlink_parms(): no params data found [ 585.158573][ T9107] hsr_slave_0: entered promiscuous mode [ 585.168509][ T9107] hsr_slave_1: entered promiscuous mode [ 585.188028][ T9107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 585.196536][ T9107] Cannot create hsr debugfs directory [ 585.833793][ T9197] chnl_net:caif_netlink_parms(): no params data found [ 585.893287][ T5293] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 586.124693][ T5293] usb 5-1: Using ep0 maxpacket: 32 [ 586.133151][ T5293] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 586.153152][ T5293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.179279][ T5293] usb 5-1: config 0 descriptor?? [ 586.214498][ T5293] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 586.253905][ T4615] Bluetooth: hci0: command tx timeout [ 586.561927][ T9233] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.572213][ T9233] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.581511][ T9233] bridge_slave_0: entered allmulticast mode [ 586.591563][ T9233] bridge_slave_0: entered promiscuous mode [ 586.733671][ T4615] Bluetooth: hci1: command tx timeout [ 586.808567][ T9233] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.820755][ T9233] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.829293][ T9233] bridge_slave_1: entered allmulticast mode [ 586.846770][ T9233] bridge_slave_1: entered promiscuous mode [ 587.038440][ T9233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 587.084242][ T9282] chnl_net:caif_netlink_parms(): no params data found [ 587.188412][ T9233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.262733][ T9197] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.270859][ T9197] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.279444][ T9197] bridge_slave_0: entered allmulticast mode [ 587.291603][ T9197] bridge_slave_0: entered promiscuous mode [ 587.449661][ T9197] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.463372][ T9197] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.483277][ T9197] bridge_slave_1: entered allmulticast mode [ 587.492275][ T9197] bridge_slave_1: entered promiscuous mode [ 587.595217][ T9233] team0: Port device team_slave_0 added [ 587.755915][ T9233] team0: Port device team_slave_1 added [ 587.778707][ T5293] usb 5-1: USB disconnect, device number 7 [ 587.905764][ T9197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.051723][ T9197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.163320][ T9282] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.170617][ T9282] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.178513][ T9282] bridge_slave_0: entered allmulticast mode [ 588.192235][ T9282] bridge_slave_0: entered promiscuous mode [ 588.239172][ T9197] team0: Port device team_slave_0 added [ 588.298263][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.307519][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.336185][ T9233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.336279][ T4615] Bluetooth: hci0: command tx timeout [ 588.376168][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.386843][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.419611][ T9233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.503945][ T9282] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.511239][ T9282] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.542661][ T9282] bridge_slave_1: entered allmulticast mode [ 588.557285][ T9282] bridge_slave_1: entered promiscuous mode [ 588.605078][ T9197] team0: Port device team_slave_1 added [ 588.757164][ T47] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.993328][ T9282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.021183][ T9282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.082475][ T47] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.161769][ T9197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.184206][ T9197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.211839][ T9197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.480034][ T47] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.526757][ T9197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.543150][ T9197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.567828][ T9367] loop4: detected capacity change from 0 to 4096 [ 589.604892][ T9197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 589.619500][ T9369] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 589.701585][ T9233] hsr_slave_0: entered promiscuous mode [ 589.734984][ T9233] hsr_slave_1: entered promiscuous mode [ 589.753062][ T9233] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 589.760668][ T9233] Cannot create hsr debugfs directory [ 589.796264][ T9282] team0: Port device team_slave_0 added [ 589.834680][ T9282] team0: Port device team_slave_1 added [ 589.941960][ T47] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.175585][ T9282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 590.204106][ T9282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.262873][ T9282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 590.292210][ T9282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 590.308956][ T9282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.335693][ T9282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.423558][ T4615] Bluetooth: hci0: command tx timeout [ 590.655742][ T9197] hsr_slave_0: entered promiscuous mode [ 590.673527][ T9197] hsr_slave_1: entered promiscuous mode [ 590.693454][ T9197] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.713030][ T9197] Cannot create hsr debugfs directory [ 591.077332][ T9282] hsr_slave_0: entered promiscuous mode [ 591.104293][ T9282] hsr_slave_1: entered promiscuous mode [ 591.121568][ T9282] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 591.142193][ T9282] Cannot create hsr debugfs directory [ 591.518059][ T9094] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 592.492580][ T9094] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 592.631032][ C1] eth0: bad gso: type: 1, size: 1408 [ 592.694221][ T47] bridge_slave_1: left allmulticast mode [ 592.699964][ T47] bridge_slave_1: left promiscuous mode [ 592.718818][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.742354][ T47] bridge_slave_0: left allmulticast mode [ 592.755839][ T47] bridge_slave_0: left promiscuous mode [ 592.761861][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.797164][ T47] bridge_slave_1: left allmulticast mode [ 592.819831][ T47] bridge_slave_1: left promiscuous mode [ 592.826509][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.849641][ T47] bridge_slave_0: left allmulticast mode [ 592.870808][ T47] bridge_slave_0: left promiscuous mode [ 592.877090][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.877446][ T9394] kernel profiling enabled (shift: 9) [ 592.902530][ T47] bridge_slave_1: left allmulticast mode [ 592.908714][ T47] bridge_slave_1: left promiscuous mode [ 592.914768][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.926808][ T47] bridge_slave_0: left allmulticast mode [ 592.932479][ T47] bridge_slave_0: left promiscuous mode [ 592.941908][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.959558][ T47] bridge_slave_1: left allmulticast mode [ 592.966802][ T47] bridge_slave_1: left promiscuous mode [ 592.972694][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.994726][ T47] bridge_slave_0: left allmulticast mode [ 593.000438][ T47] bridge_slave_0: left promiscuous mode [ 593.007719][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.353603][ T7999] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 593.543222][ T7999] usb 5-1: Using ep0 maxpacket: 32 [ 593.556828][ T7999] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 593.566192][ T7999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.587951][ T7999] usb 5-1: config 0 descriptor?? [ 593.617008][ T7999] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 594.677566][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.692561][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.712588][ T47] bond0 (unregistering): Released all slaves [ 594.851015][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.871094][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.885097][ T47] bond0 (unregistering): Released all slaves [ 595.022063][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.038368][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 595.055182][ T47] bond0 (unregistering): Released all slaves [ 595.080161][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.099217][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 595.125865][ T47] bond0 (unregistering): Released all slaves [ 595.150284][ T9094] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 595.260863][ T7999] usb 5-1: USB disconnect, device number 8 [ 595.348575][ T9094] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 596.063402][ T9405] loop4: detected capacity change from 0 to 512 [ 596.097825][ T9405] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 596.121714][ T9405] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 596.140604][ T9405] EXT4-fs (loop4): orphan cleanup on readonly fs [ 596.157453][ T9107] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 596.184739][ T9405] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:482: comm syz.4.983: Invalid block bitmap block 0 in block_group 0 [ 596.275314][ T9405] EXT4-fs (loop4): Remounting filesystem read-only [ 596.282490][ T9405] Quota error (device loop4): write_blk: dquota write failed [ 596.290302][ T9405] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 596.325999][ T9405] EXT4-fs (loop4): 1 orphan inode deleted [ 596.348987][ T9405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 596.479942][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 596.553597][ T9107] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 596.781814][ T9107] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 596.827132][ T9107] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 597.471981][ T47] hsr_slave_0: left promiscuous mode [ 597.495377][ T47] hsr_slave_1: left promiscuous mode [ 597.502062][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 597.510852][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.522731][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 597.543462][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.603469][ T47] hsr_slave_0: left promiscuous mode [ 597.624859][ T47] hsr_slave_1: left promiscuous mode [ 597.631659][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.659085][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.706472][ T47] hsr_slave_0: left promiscuous mode [ 597.733203][ T47] hsr_slave_1: left promiscuous mode [ 597.745402][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 597.765613][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.782956][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 597.795362][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.822616][ T47] hsr_slave_0: left promiscuous mode [ 597.834494][ T47] hsr_slave_1: left promiscuous mode [ 597.845136][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.865849][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 598.027853][ T47] veth1_macvtap: left promiscuous mode [ 598.033638][ T47] veth0_macvtap: left promiscuous mode [ 598.039376][ T47] veth1_vlan: left promiscuous mode [ 598.046454][ T47] veth0_vlan: left promiscuous mode [ 598.055843][ T47] veth1_macvtap: left promiscuous mode [ 598.061549][ T47] veth0_macvtap: left promiscuous mode [ 598.086982][ T47] veth1_vlan: left promiscuous mode [ 598.116398][ T47] veth0_vlan: left promiscuous mode [ 598.253660][ T9423] loop4: detected capacity change from 0 to 512 [ 598.286535][ T9423] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 599.476380][ T9427] loop4: detected capacity change from 0 to 1024 [ 599.546799][ T9427] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 599.733379][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.253976][ T47] team0 (unregistering): Port device team_slave_1 removed [ 601.371607][ T47] team0 (unregistering): Port device team_slave_0 removed [ 601.673105][ T7999] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 601.863758][ T7999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.895390][ T7999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.933273][ T7999] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 601.948482][ T7999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.994567][ T7999] usb 5-1: config 0 descriptor?? [ 602.660289][ T7999] hid-led 0003:1D34:000A.0007: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 602.719378][ T7999] hid-led 0003:1D34:000A.0007: Dream Cheeky Webmail Notifier initialized [ 603.028392][ T47] team0 (unregistering): Port device team_slave_1 removed [ 603.129758][ T47] team0 (unregistering): Port device team_slave_0 removed [ 604.675399][ T47] team0 (unregistering): Port device team_slave_1 removed [ 604.732771][ T47] team0 (unregistering): Port device team_slave_0 removed [ 605.591461][ T47] team0 (unregistering): Port device team_slave_1 removed [ 605.634234][ T47] team0 (unregistering): Port device team_slave_0 removed [ 606.173971][ T5297] usb 5-1: USB disconnect, device number 9 [ 606.329604][ T9233] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 606.367738][ T9233] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 606.575632][ T9445] syz.4.990: attempt to access beyond end of device [ 606.575632][ T9445] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 606.589905][ T9445] efs: cannot read volume header [ 607.475286][ T9233] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 607.782529][ T9233] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 607.986342][ T9452] Bluetooth: MGMT ver 1.23 [ 608.211681][ T9454] loop4: detected capacity change from 0 to 512 [ 608.368529][ T9454] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.991: corrupted in-inode xattr: invalid ea_ino [ 608.427206][ T9454] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.991: couldn't read orphan inode 15 (err -117) [ 608.462448][ T9454] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 608.532539][ T9094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 608.760643][ T9094] 8021q: adding VLAN 0 to HW filter on device team0 [ 608.996656][ T5294] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.003996][ T5294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 609.065698][ T5294] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.073070][ T5294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 609.234131][ T9107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 609.507442][ T9107] 8021q: adding VLAN 0 to HW filter on device team0 [ 609.608532][ T9197] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 609.657925][ T7989] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 609.877575][ T9197] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 609.925217][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.932515][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.033434][ T9197] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 610.078726][ T9197] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 610.177231][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.184655][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 610.238924][ T9471] loop4: detected capacity change from 0 to 2048 [ 610.319743][ T9471] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 610.642759][ T9233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 610.775687][ T9107] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 610.823023][ T9107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 611.288729][ T9233] 8021q: adding VLAN 0 to HW filter on device team0 [ 611.370078][ T5420] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.377385][ T5420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 611.526818][ T9094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 611.569734][ T5420] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.577074][ T5420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 611.643495][ T25] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 611.825826][ T9282] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 611.867315][ T25] usb 5-1: config 0 descriptor has 1 excess byte, ignoring [ 611.893310][ T25] usb 5-1: config 0 has no interfaces? [ 611.902909][ T25] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 611.928082][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.959488][ T25] usb 5-1: config 0 descriptor?? [ 611.965723][ T9282] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 612.036370][ T9282] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 612.066185][ T9282] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 612.220059][ T9197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.265525][ T5293] usb 5-1: USB disconnect, device number 10 [ 612.370063][ T9094] veth0_vlan: entered promiscuous mode [ 612.392326][ T9107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 612.457236][ T9197] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.487345][ T9094] veth1_vlan: entered promiscuous mode [ 612.519206][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.526567][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.705383][ T8000] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.712606][ T8000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.002680][ T9107] veth0_vlan: entered promiscuous mode [ 613.194900][ T9107] veth1_vlan: entered promiscuous mode [ 613.212742][ T9094] veth0_macvtap: entered promiscuous mode [ 613.312126][ T9507] loop4: detected capacity change from 0 to 4096 [ 613.370791][ T9507] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 613.371167][ T9094] veth1_macvtap: entered promiscuous mode [ 613.492551][ T9507] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 613.539811][ T9094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 613.563079][ T9094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.607197][ T9094] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.655508][ T9233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.721741][ T9282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 613.767135][ T9094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.790664][ T9094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.807047][ T9094] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 613.829373][ T9094] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.853756][ T9094] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.862516][ T9094] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.902887][ T9094] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.973372][ T11] ntfs3: loop4: ino=1a, ntfs3_write_inode failed, -22. [ 613.991373][ T7989] ntfs3: loop4: ino=1a, ntfs_sync_fs failed, -22. [ 614.109605][ T9282] 8021q: adding VLAN 0 to HW filter on device team0 [ 614.208260][ T9107] veth0_macvtap: entered promiscuous mode [ 614.271697][ T5420] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.279023][ T5420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.348907][ T9107] veth1_macvtap: entered promiscuous mode [ 614.487625][ T5298] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.494985][ T5298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.526778][ T9525] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 615.098934][ T9197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 615.411684][ T9233] veth0_vlan: entered promiscuous mode [ 615.601079][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.618157][ T9530] loop4: detected capacity change from 0 to 512 [ 615.638176][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.662914][ T9530] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 615.674020][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.693332][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.711801][ T9530] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 615.725073][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 615.735791][ T9530] EXT4-fs (loop4): orphan cleanup on readonly fs [ 615.783526][ T9530] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:482: comm syz.4.999: Invalid block bitmap block 0 in block_group 0 [ 615.792910][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.809596][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.819657][ T9107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 615.831130][ T9107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.846178][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 615.854779][ T9530] EXT4-fs (loop4): Remounting filesystem read-only [ 615.862020][ T9530] Quota error (device loop4): write_blk: dquota write failed [ 615.880889][ T9233] veth1_vlan: entered promiscuous mode [ 615.914470][ T9530] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 615.933148][ T9530] EXT4-fs (loop4): 1 orphan inode deleted [ 615.937889][ T9107] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.965555][ T9530] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 615.970278][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 615.986492][ T9107] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.001888][ T9107] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.022500][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.029973][ T9107] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.147332][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.262179][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 616.286298][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.717314][ T9197] veth0_vlan: entered promiscuous mode [ 616.789924][ T9233] veth0_macvtap: entered promiscuous mode [ 616.864760][ T9542] loop4: detected capacity change from 0 to 512 [ 616.872368][ T9197] veth1_vlan: entered promiscuous mode [ 616.911548][ T9233] veth1_macvtap: entered promiscuous mode [ 617.010853][ T9542] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.1000: corrupted in-inode xattr: invalid ea_ino [ 617.055035][ T2485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.069003][ T9542] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.1000: couldn't read orphan inode 15 (err -117) [ 617.103237][ T2485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.213098][ T9542] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 617.475516][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.498652][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.667153][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.698124][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.794025][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.825563][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.860876][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.880851][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.921100][ T9233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 617.978135][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.007493][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.023001][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.035734][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.052798][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 618.068827][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.130770][ T9233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.226148][ T9197] veth0_macvtap: entered promiscuous mode [ 618.316219][ T7989] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 618.341678][ T9233] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.383480][ T9233] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.392251][ T9233] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.412661][ T9233] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.512652][ T9282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 618.598583][ T9197] veth1_macvtap: entered promiscuous mode [ 618.674834][ T9572] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 618.775080][ T4615] Bluetooth: hci2: Unknown advertising packet type: 0x70 [ 618.775279][ T4615] Bluetooth: hci2: Malformed LE Event: 0x0d [ 619.246057][ T9577] loop4: detected capacity change from 0 to 128 [ 620.854344][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 620.980743][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.052114][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 621.094687][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.130913][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 621.173199][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.210646][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 621.283935][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.329701][ T9197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 621.375433][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 621.435541][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.459330][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 621.470926][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.505998][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 621.565078][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 621.592655][ T9197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 621.629755][ T9197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.611712][ T9197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 622.943021][ T9197] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.006241][ T9197] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.069627][ T9197] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.088089][ T4615] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 623.097546][ T9197] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.108494][ T4615] Bluetooth: hci2: Injecting HCI hardware error event [ 623.118400][ T5246] Bluetooth: hci2: hardware error 0x00 [ 623.285948][ T2485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.351608][ T2485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.503268][ T9619] syz.2.1014: attempt to access beyond end of device [ 623.503268][ T9619] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 623.516121][ T9619] efs: cannot read volume header [ 627.880618][ T5246] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 628.788800][ T2485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 628.818424][ T2485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.938028][ T9282] veth0_vlan: entered promiscuous mode [ 630.000826][ T2485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 630.055276][ T2485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 630.240875][ T9282] veth1_vlan: entered promiscuous mode [ 631.418861][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 631.466206][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 631.702793][ T9282] veth0_macvtap: entered promiscuous mode [ 631.841264][ T9282] veth1_macvtap: entered promiscuous mode [ 632.133853][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.205422][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.242798][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.274516][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.287160][ T9653] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1025'. [ 632.321292][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.344721][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.366707][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.411123][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.463736][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.511662][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.597553][ T9282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 632.751161][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.845810][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.909649][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.953008][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.993871][ T29] audit: type=1326 audit(1722028780.560:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9652 comm="syz.4.1025" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa75e577299 code=0x0 [ 633.044546][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.094456][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.155203][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.196836][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.238583][ T9282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.279521][ T9282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.374042][ T9282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 633.486140][ T9667] loop1: detected capacity change from 0 to 4096 [ 633.503316][ T9282] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.576188][ T9667] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 633.600546][ T9282] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.671342][ T9282] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.725149][ T9282] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.847203][ T9667] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 633.917923][ T9673] loop3: detected capacity change from 0 to 2048 [ 634.003648][ T9673] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 634.643815][ T1049] ntfs3: loop1: ino=1a, ntfs3_write_inode failed, -22. [ 634.702023][ T9197] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22. [ 634.848455][ T8453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.913644][ T8453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.650285][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 635.656863][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 636.550879][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.621910][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.809594][ T9714] syz.4.1042: attempt to access beyond end of device [ 637.809594][ T9714] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 637.823345][ T9714] efs: cannot read volume header [ 640.889273][ T9726] loop2: detected capacity change from 0 to 4096 [ 640.903987][ T9734] loop1: detected capacity change from 0 to 2048 [ 640.980811][ T9726] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 641.121716][ T9734] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 641.269881][ T9739] overlayfs: failed to resolve './file0': -2 [ 642.148217][ T9726] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 643.787617][ T2485] ntfs3: loop2: ino=1a, ntfs3_write_inode failed, -22. [ 643.799511][ T9107] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22. [ 644.391702][ T9757] loop0: detected capacity change from 0 to 2048 [ 644.497061][ T9764] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1057'. [ 644.599130][ T9768] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 645.053428][ T9779] sctp: [Deprecated]: syz.3.1063 (pid 9779) Use of struct sctp_assoc_value in delayed_ack socket option. [ 645.053428][ T9779] Use struct sctp_sack_info instead [ 645.455450][ T9777] loop1: detected capacity change from 0 to 4096 [ 645.662783][ T9788] evm: overlay not supported [ 645.699261][ T29] audit: type=1804 audit(1722028792.282:36): pid=9788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1065" name="/newroot/11/bus/bus" dev="overlay" ino=82 res=1 errno=0 [ 646.452664][ T9789] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 659.392122][ T5246] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 659.403059][ T5246] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 659.413099][ T5246] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 659.453195][ T5246] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 659.466590][ T5246] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 659.474351][ T5246] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 660.323311][ T9807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1075'. [ 660.700509][ T4615] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 660.765643][ T4615] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 660.777105][ T4615] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 660.789134][ T4615] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 660.798529][ T4615] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 660.807829][ T4615] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 661.074092][ T7775] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.401371][ T4615] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 661.459086][ T4615] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 661.482818][ T4615] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 661.544841][ T4615] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 661.557011][ T4615] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 661.568989][ T4615] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 661.728931][ T5246] Bluetooth: hci4: command tx timeout [ 661.937981][ T9820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 661.949952][ T9820] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 661.960786][ T9820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 661.971158][ T9820] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 661.979570][ T9820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 661.990198][ T9820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 662.000550][ T9820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 662.009633][ T9820] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 662.018436][ T9820] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 662.027022][ T9820] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 662.046061][ T9820] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 662.055018][ T9820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 662.210412][ T7775] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.327545][ T9824] loop2: detected capacity change from 0 to 128 [ 662.969817][ T7775] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.028902][ T9822] Bluetooth: hci6: command tx timeout [ 663.630679][ T7775] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.812604][ T9822] Bluetooth: hci1: command tx timeout [ 663.900513][ T9831] veth0_vlan: entered allmulticast mode [ 663.983375][ T9822] Bluetooth: hci4: command tx timeout [ 664.331443][ T9822] Bluetooth: hci0: command tx timeout [ 664.338025][ T9822] Bluetooth: hci2: command tx timeout [ 664.748299][ T7775] bridge_slave_1: left allmulticast mode [ 664.775060][ T7775] bridge_slave_1: left promiscuous mode [ 664.780994][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.831378][ T7775] bridge_slave_0: left allmulticast mode [ 664.837068][ T7775] bridge_slave_0: left promiscuous mode [ 664.845631][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.293366][ T9822] Bluetooth: hci6: command tx timeout [ 665.595378][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 665.621602][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 665.635867][ T7775] bond0 (unregistering): Released all slaves [ 666.062430][ T9822] Bluetooth: hci1: command tx timeout [ 666.236075][ T9822] Bluetooth: hci4: command tx timeout [ 666.585147][ T9820] Bluetooth: hci0: command tx timeout [ 666.591707][ T9822] Bluetooth: hci2: command tx timeout [ 667.175862][ T9802] chnl_net:caif_netlink_parms(): no params data found [ 667.281872][ T7775] hsr_slave_0: left promiscuous mode [ 667.301024][ T7775] hsr_slave_1: left promiscuous mode [ 667.310479][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 667.317952][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 667.338134][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.345811][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 667.392026][ T7775] veth1_macvtap: left promiscuous mode [ 667.401890][ T7775] veth0_macvtap: left promiscuous mode [ 667.409314][ T7775] veth1_vlan: left promiscuous mode [ 667.414778][ T7775] veth0_vlan: left promiscuous mode [ 667.537190][ T9822] Bluetooth: hci6: command tx timeout [ 667.773652][ T9872] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1084'. [ 668.224605][ T29] audit: type=1326 audit(1722028813.077:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9871 comm="syz.2.1084" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb189577299 code=0x0 [ 668.316963][ T9822] Bluetooth: hci1: command tx timeout [ 668.488722][ T9822] Bluetooth: hci4: command tx timeout [ 668.835994][ T9820] Bluetooth: hci0: command tx timeout [ 668.840814][ T9822] Bluetooth: hci2: command tx timeout [ 668.855716][ T7775] team0 (unregistering): Port device team_slave_1 removed [ 668.968743][ T7775] team0 (unregistering): Port device team_slave_0 removed [ 669.788980][ T9822] Bluetooth: hci6: command tx timeout [ 669.995500][ T9876] loop2: detected capacity change from 0 to 2048 [ 670.088616][ T9815] chnl_net:caif_netlink_parms(): no params data found [ 670.155075][ T9876] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 670.168279][ T9876] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 670.306579][ T9876] fs-verity: sha256 using implementation "sha256-ni" [ 670.388676][ T9876] fs-verity: sha512 using implementation "sha512-avx2" [ 670.541147][ T9107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 670.570164][ T9822] Bluetooth: hci1: command tx timeout [ 670.772731][ T9816] chnl_net:caif_netlink_parms(): no params data found [ 671.089331][ T9822] Bluetooth: hci2: command tx timeout [ 671.104929][ T9822] Bluetooth: hci0: command tx timeout [ 671.155598][ T9809] chnl_net:caif_netlink_parms(): no params data found [ 671.182075][ T9811] chnl_net:caif_netlink_parms(): no params data found [ 671.615601][ T9815] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.630755][ T9815] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.638100][ T9815] bridge_slave_0: entered allmulticast mode [ 671.660639][ T9815] bridge_slave_0: entered promiscuous mode [ 671.778598][ T9802] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.807882][ T9802] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.816197][ T9802] bridge_slave_0: entered allmulticast mode [ 672.003518][ T29] audit: type=1804 audit(1722028816.557:38): pid=9908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1090" name="/newroot/35/bus/bus" dev="overlay" ino=209 res=1 errno=0 [ 672.005989][ T9802] bridge_slave_0: entered promiscuous mode [ 672.730390][ T9802] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.738655][ T9802] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.745931][ T9802] bridge_slave_1: entered allmulticast mode [ 672.763045][ T9802] bridge_slave_1: entered promiscuous mode [ 672.877563][ T9816] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.884795][ T9816] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.909469][ T9816] bridge_slave_0: entered allmulticast mode [ 672.940903][ T9816] bridge_slave_0: entered promiscuous mode [ 672.957166][ T9816] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.965396][ T9816] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.980035][ T9816] bridge_slave_1: entered allmulticast mode [ 672.995785][ T9816] bridge_slave_1: entered promiscuous mode [ 673.004853][ T9815] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.050418][ T9815] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.057786][ T9815] bridge_slave_1: entered allmulticast mode [ 673.103118][ T9815] bridge_slave_1: entered promiscuous mode [ 673.448671][ T9917] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1091'. [ 673.522568][ T9802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.637406][ T9815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.664456][ T9815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.811250][ T9802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.859908][ T9816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.981804][ T7999] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 674.003556][ T9811] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.010854][ T9811] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.021666][ T9811] bridge_slave_0: entered allmulticast mode [ 674.033165][ T9811] bridge_slave_0: entered promiscuous mode [ 674.046603][ T9811] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.053950][ T9811] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.061265][ T9811] bridge_slave_1: entered allmulticast mode [ 674.069919][ T9811] bridge_slave_1: entered promiscuous mode [ 674.104350][ T9816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.161728][ T9815] team0: Port device team_slave_0 added [ 674.168933][ T9809] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.176208][ T9809] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.187695][ T7999] usb 3-1: Using ep0 maxpacket: 8 [ 674.194441][ T9809] bridge_slave_0: entered allmulticast mode [ 674.196122][ T7999] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 674.204084][ T9809] bridge_slave_0: entered promiscuous mode [ 674.222461][ T7999] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 674.245640][ T7999] usb 3-1: New USB device found, idVendor=1234, idProduct=5678, bcdDevice=7e.6b [ 674.254818][ T7999] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.262893][ T7999] usb 3-1: Product: syz [ 674.271224][ T7999] usb 3-1: Manufacturer: syz [ 674.275974][ T7999] usb 3-1: SerialNumber: syz [ 674.297103][ T7999] usb 3-1: config 0 descriptor?? [ 674.394937][ T9802] team0: Port device team_slave_0 added [ 674.442975][ T9816] team0: Port device team_slave_0 added [ 674.455518][ T9815] team0: Port device team_slave_1 added [ 674.497545][ T9809] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.506546][ T9809] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.515323][ T9809] bridge_slave_1: entered allmulticast mode [ 674.524516][ T9809] bridge_slave_1: entered promiscuous mode [ 674.547921][ T7999] usb 3-1: USB disconnect, device number 4 [ 674.638202][ T7775] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.675493][ T9811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 674.755663][ T9802] team0: Port device team_slave_1 added [ 674.766998][ T9816] team0: Port device team_slave_1 added [ 674.847994][ T9811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.913109][ T7775] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.025486][ T9815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.035252][ T9815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.061649][ T9815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.079183][ T9815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.086319][ T9815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.116691][ T9815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.189162][ T9809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.266752][ T9931] loop2: detected capacity change from 0 to 16 [ 675.280109][ T9931] erofs: (device loop2): mounted with root inode @ nid 36. [ 675.289807][ T9811] team0: Port device team_slave_0 added [ 675.303935][ T9931] overlayfs: failed to get metacopy (-117) [ 675.416886][ T9802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.436922][ T9802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.494286][ T9802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.581669][ T7775] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.637214][ T9816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.645169][ T9816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.674417][ T9816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.749288][ T9809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.778803][ T9811] team0: Port device team_slave_1 added [ 675.837484][ T9802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.869534][ T9802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.897252][ T9802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.926283][ T9816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.953419][ T9816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.989684][ T9816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.084258][ T7775] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.367952][ T9943] loop2: detected capacity change from 0 to 2048 [ 676.375720][ T9943] EXT4-fs: Ignoring removed orlov option [ 676.461571][ T9943] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 676.546094][ T9809] team0: Port device team_slave_0 added [ 676.557744][ T9811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.577042][ T9811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.607497][ T9811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.624949][ T1064] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 676.639655][ T9811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.649286][ T1064] EXT4-fs (loop2): Remounting filesystem read-only [ 676.660286][ T9811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.668810][ T9107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 676.690114][ T9811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.965319][ T9816] hsr_slave_0: entered promiscuous mode [ 676.984101][ T9816] hsr_slave_1: entered promiscuous mode [ 676.992935][ T9816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 677.000739][ T9816] Cannot create hsr debugfs directory [ 677.034784][ T9815] hsr_slave_0: entered promiscuous mode [ 677.055100][ T9815] hsr_slave_1: entered promiscuous mode [ 677.075275][ T9815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 677.091785][ T9815] Cannot create hsr debugfs directory [ 677.141281][ T9809] team0: Port device team_slave_1 added [ 677.324983][ T9802] hsr_slave_0: entered promiscuous mode [ 677.335378][ T9802] hsr_slave_1: entered promiscuous mode [ 677.370665][ T9802] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 677.388743][ T9802] Cannot create hsr debugfs directory [ 677.695961][ T9809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 677.703009][ T9809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.730228][ T9809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.127195][ T9809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.142042][ T9809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.173822][ T9809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.318388][ T9811] hsr_slave_0: entered promiscuous mode [ 678.339599][ T9811] hsr_slave_1: entered promiscuous mode [ 678.365119][ T9811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 678.391377][ T9811] Cannot create hsr debugfs directory [ 679.223536][ T7775] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.552276][ T9976] loop2: detected capacity change from 0 to 16 [ 679.577348][ T9976] erofs: (device loop2): mounted with root inode @ nid 36. [ 679.637812][ T9976] overlayfs: failed to get metacopy (-117) [ 679.690922][ T7775] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.928272][ T9809] hsr_slave_0: entered promiscuous mode [ 679.947449][ T9809] hsr_slave_1: entered promiscuous mode [ 679.962851][ T9809] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.971166][ T9809] Cannot create hsr debugfs directory [ 680.098840][ T7775] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.831774][ T7775] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.365898][ T9997] loop2: detected capacity change from 0 to 2048 [ 682.439702][ T9997] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 682.529093][ T9997] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 683.842364][ T7775] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.127770][ T7775] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.279562][ T7775] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.442521][ T7775] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.178690][ T7775] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.469152][ T7775] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.610025][ T9815] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 685.684050][ T9815] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 685.895148][ T7775] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.928341][T10032] loop2: detected capacity change from 0 to 16 [ 685.964478][ T9815] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 685.978001][T10032] erofs: (device loop2): mounted with root inode @ nid 36. [ 686.075235][ T7775] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.075684][T10032] overlayfs: failed to get metacopy (-117) [ 686.165632][ T9815] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 687.015549][ T8116] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 687.032682][ T7775] bridge_slave_1: left allmulticast mode [ 687.048078][ T7775] bridge_slave_1: left promiscuous mode [ 687.054181][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.073467][ T7775] bridge_slave_0: left allmulticast mode [ 687.079180][ T7775] bridge_slave_0: left promiscuous mode [ 687.086026][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.121096][ T7775] bridge_slave_1: left allmulticast mode [ 687.134664][ T7775] bridge_slave_1: left promiscuous mode [ 687.141099][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.157881][ T7775] bridge_slave_0: left allmulticast mode [ 687.163608][ T7775] bridge_slave_0: left promiscuous mode [ 687.173038][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.202361][ T7775] bridge_slave_1: left allmulticast mode [ 687.208142][ T7775] bridge_slave_1: left promiscuous mode [ 687.220403][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.243147][ T8116] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 687.267316][ T7775] bridge_slave_0: left allmulticast mode [ 687.272964][ T7775] bridge_slave_0: left promiscuous mode [ 687.279077][ T8116] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.294181][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.304557][ T8116] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 687.317058][ T8116] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.335465][ T7775] bridge_slave_1: left allmulticast mode [ 687.346798][ T8116] usb 3-1: config 0 descriptor?? [ 687.356654][ T7775] bridge_slave_1: left promiscuous mode [ 687.370781][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.391004][ T7775] bridge_slave_0: left allmulticast mode [ 687.410173][ T7775] bridge_slave_0: left promiscuous mode [ 687.419097][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.192864][ T8116] hid-led 0003:1D34:000A.0008: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.2-1/input0 [ 688.253502][ T8116] hid-led 0003:1D34:000A.0008: Dream Cheeky Webmail Notifier initialized [ 690.345002][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.359682][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 690.372410][ T7775] bond0 (unregistering): Released all slaves [ 690.532811][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.558809][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 690.584127][ T7775] bond0 (unregistering): Released all slaves [ 690.725140][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.737983][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 690.750300][ T7775] bond0 (unregistering): Released all slaves [ 690.901320][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 690.914404][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 690.932730][ T7775] bond0 (unregistering): Released all slaves [ 691.501175][ T5294] usb 3-1: USB disconnect, device number 5 [ 692.144035][ C1] eth0: bad gso: type: 1, size: 1408 [ 692.426206][ T9815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.662858][ T9815] 8021q: adding VLAN 0 to HW filter on device team0 [ 692.713387][ T8000] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.720731][ T8000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.851495][ T8000] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.858889][ T8000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.621588][T10054] loop2: detected capacity change from 0 to 128 [ 694.046663][ T7775] hsr_slave_0: left promiscuous mode [ 694.053577][ T7775] hsr_slave_1: left promiscuous mode [ 694.071573][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.080736][ T5293] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 694.096584][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.121056][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.129270][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.173701][ T7775] hsr_slave_0: left promiscuous mode [ 694.189420][ T7775] hsr_slave_1: left promiscuous mode [ 694.204216][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.224155][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.234588][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.242649][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.260957][ T7775] hsr_slave_0: left promiscuous mode [ 694.268738][ T7775] hsr_slave_1: left promiscuous mode [ 694.281230][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.288911][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.300231][ T5293] usb 3-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f [ 694.300333][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.316962][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.324127][ T5293] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.340947][ T5293] usb 3-1: config 0 descriptor?? [ 694.346853][ T7775] hsr_slave_0: left promiscuous mode [ 694.353820][ T7775] hsr_slave_1: left promiscuous mode [ 694.363013][ T5293] rndis_host 3-1:0.0: More than one union descriptor, skipping ... [ 694.370940][ T5293] usb 3-1: bad CDC descriptors [ 694.376570][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.377178][ T5293] cdc_acm 3-1:0.0: More than one union descriptor, skipping ... [ 694.395213][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.403705][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.412545][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.516387][ T7775] veth1_macvtap: left promiscuous mode [ 694.522002][ T7775] veth0_macvtap: left promiscuous mode [ 694.528362][ T7775] veth1_vlan: left promiscuous mode [ 694.533843][ T7775] veth0_vlan: left promiscuous mode [ 694.542217][ T7775] veth1_macvtap: left promiscuous mode [ 694.547894][ T7775] veth0_macvtap: left promiscuous mode [ 694.553740][ T7775] veth1_vlan: left promiscuous mode [ 694.559259][ T7775] veth0_vlan: left promiscuous mode [ 694.566774][ T7775] veth1_macvtap: left promiscuous mode [ 694.572409][ T7775] veth0_macvtap: left promiscuous mode [ 694.583519][ T7775] veth1_vlan: left promiscuous mode [ 694.589103][ T7775] veth0_vlan: left promiscuous mode [ 694.598354][ T7775] veth1_macvtap: left promiscuous mode [ 694.604377][ T7775] veth0_macvtap: left promiscuous mode [ 694.610484][ T7775] veth1_vlan: left promiscuous mode [ 694.615958][ T7775] veth0_vlan: left promiscuous mode [ 694.671513][ T8116] usb 3-1: USB disconnect, device number 6 [ 696.132870][ T7775] team0 (unregistering): Port device team_slave_1 removed [ 696.192566][ T7775] team0 (unregistering): Port device team_slave_0 removed [ 697.391349][ T7775] team0 (unregistering): Port device team_slave_1 removed [ 697.463384][ T7775] team0 (unregistering): Port device team_slave_0 removed [ 698.746711][ T7775] team0 (unregistering): Port device team_slave_1 removed [ 698.809290][ T7775] team0 (unregistering): Port device team_slave_0 removed [ 698.916412][ T9820] Bluetooth: hci5: command 0x0406 tx timeout [ 700.040423][ T7775] team0 (unregistering): Port device team_slave_1 removed [ 700.099356][ T7775] team0 (unregistering): Port device team_slave_0 removed [ 700.856146][ T9815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 701.072692][ T9816] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 701.131413][ T9816] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 701.233455][ T9816] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 701.298612][ T9816] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 702.213300][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 702.219970][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 702.577045][ T9802] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 702.725420][ T9802] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 702.792972][ T9802] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 702.878146][ T9802] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 703.343345][ T9811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 703.392692][ T9811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 703.519421][ T9811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 703.649573][ T9811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 703.733645][ T9815] veth0_vlan: entered promiscuous mode [ 703.793113][ T9815] veth1_vlan: entered promiscuous mode [ 704.277076][ T9809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 704.326196][ T9809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 704.357956][ T9809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 704.430865][ T9809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 704.520491][ T9816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.593685][ T9815] veth0_macvtap: entered promiscuous mode [ 704.866222][ T9815] veth1_macvtap: entered promiscuous mode [ 705.007155][ T9816] 8021q: adding VLAN 0 to HW filter on device team0 [ 705.125481][T10096] loop2: detected capacity change from 0 to 512 [ 705.226500][T10096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 705.242422][T10096] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 705.256700][ T9802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 705.277323][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.284954][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 705.299616][ T9815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 705.322728][ T9815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.338716][ T9815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 705.417227][ T5420] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.424642][ T5420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 705.470388][ T9815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 705.487653][ T9815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.503922][ T9815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 705.742977][ T9815] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.760475][ T9815] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.783279][ T9815] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.935638][T10101] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.1123: Directory hole found for htree leaf block 0 [ 706.181003][ T9815] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.228948][ T9802] 8021q: adding VLAN 0 to HW filter on device team0 [ 706.337971][ T9816] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 706.352152][ T9816] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 706.715110][ T9107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.802088][ T9811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 707.055775][T10109] loop2: detected capacity change from 0 to 1024 [ 707.090133][T10109] EXT4-fs: Ignoring removed oldalloc option [ 707.135023][ T7999] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.142323][ T7999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.162607][T10109] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 707.254871][ T7999] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.254983][T10109] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 707.262245][ T7999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.358407][ T9811] 8021q: adding VLAN 0 to HW filter on device team0 [ 707.494120][ T5297] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.501397][ T5297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.570788][ T5298] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.578219][ T5298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.607823][ T9745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 707.638032][ T9745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 707.704470][ T9816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 707.748749][ T9809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 708.060179][T10122] hub 6-0:1.0: USB hub found [ 708.133501][ T9745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.153195][ T9745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.163785][T10122] hub 6-0:1.0: 1 port detected [ 708.936941][ T9811] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 708.983918][ T9809] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.094337][T10126] loop5: detected capacity change from 0 to 2048 [ 709.126728][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.134048][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.142061][ T9107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.209032][T10126] loop5: p3 < > p4 < > [ 709.224973][T10126] loop5: partition table partially beyond EOD, truncated [ 709.251794][ T5293] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.259128][ T5293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.275202][T10126] loop5: p3 start 4284289 is beyond EOD, truncated [ 709.321598][ T9816] veth0_vlan: entered promiscuous mode [ 709.459780][ T9816] veth1_vlan: entered promiscuous mode [ 709.706228][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'. [ 709.756261][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'. [ 709.775589][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'. [ 709.873634][ T9822] Bluetooth: hci5: unexpected event 0x05 length: 5 > 4 [ 710.042761][ T5293] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 710.078020][ T9816] veth0_macvtap: entered promiscuous mode [ 710.234093][ T9816] veth1_macvtap: entered promiscuous mode [ 710.298651][ T5293] usb 6-1: Using ep0 maxpacket: 8 [ 710.320600][ T5293] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 710.388883][ T5293] usb 6-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=9f.c0 [ 710.435872][ T5293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.462593][ T5293] usb 6-1: Product: syz [ 710.466822][ T5293] usb 6-1: Manufacturer: syz [ 710.490140][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.507112][ T5293] usb 6-1: SerialNumber: syz [ 710.523665][ T5293] usb 6-1: config 0 descriptor?? [ 710.532110][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.544910][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.550187][ T5293] usbserial_generic 6-1:0.0: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 710.572189][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.587648][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 710.637291][ T5293] usbserial_generic 6-1:0.0: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 710.693413][ T5293] usbserial_generic 6-1:0.0: device has no bulk endpoints [ 710.747724][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.818276][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.828187][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.919552][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.970069][ T8000] usb 6-1: USB disconnect, device number 19 [ 710.971792][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.055858][T10159] loop2: detected capacity change from 0 to 128 [ 711.074256][ T9811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 711.210407][ T9816] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.260733][ T9816] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.299798][ T9816] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.338008][ T9816] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.565846][ T5297] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 711.688193][ T9809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 711.829003][ T5297] usb 3-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f [ 711.838833][ T5297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.885859][ T5297] usb 3-1: config 0 descriptor?? [ 711.887712][ T9811] veth0_vlan: entered promiscuous mode [ 711.918606][ T5297] rndis_host 3-1:0.0: More than one union descriptor, skipping ... [ 711.988360][ T5297] usb 3-1: bad CDC descriptors [ 712.004582][ T5297] cdc_acm 3-1:0.0: More than one union descriptor, skipping ... [ 712.058415][T10165] futex_wake_op: syz.5.1127 tries to shift op by 32; fix this program [ 712.404413][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.433594][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.451089][ T5297] usb 3-1: USB disconnect, device number 7 [ 713.473869][ T9820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 713.501142][ T9820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 713.515300][ T9820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 713.527574][ T9820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 713.536005][ T9820] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 713.557108][ T9820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 713.837711][ T9811] veth1_vlan: entered promiscuous mode [ 714.207307][ T9809] veth0_vlan: entered promiscuous mode [ 714.458533][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 714.466445][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 714.680066][ T9811] veth0_macvtap: entered promiscuous mode [ 715.145077][ T9811] veth1_macvtap: entered promiscuous mode [ 716.219246][ T9822] Bluetooth: hci3: command tx timeout [ 716.294744][ T9809] veth1_vlan: entered promiscuous mode [ 718.485072][ T9822] Bluetooth: hci3: command tx timeout [ 719.537351][T10212] loop3: detected capacity change from 0 to 16 [ 719.600377][T10212] erofs: (device loop3): mounted with root inode @ nid 36. [ 720.066234][ T9816] erofs: (device loop3): erofs_fill_dentries: bogus dirent @ nid 46 [ 720.080576][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 720.091336][ T9816] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 720.106198][ T9816] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 720.160020][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.222102][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 720.232582][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.285363][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 720.310689][T10218] loop5: detected capacity change from 0 to 512 [ 720.330416][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.370837][ T9811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 720.493562][T10218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 720.580248][T10218] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 720.667601][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.669535][ T9822] Bluetooth: hci3: command tx timeout [ 720.721127][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.736191][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.746729][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.758418][ T9811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.768947][ T9811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.782129][ T9811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 720.798603][ T9811] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.807405][ T9811] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.816158][ T9811] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.860854][ T9811] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.969254][ T9809] veth0_macvtap: entered promiscuous mode [ 722.016099][ T9809] veth1_macvtap: entered promiscuous mode [ 722.044934][T10244] EXT4-fs error (device loop5): ext4_add_entry:2435: inode #2: comm syz.5.1138: Directory hole found for htree leaf block 0 [ 722.931421][ T9822] Bluetooth: hci3: command tx timeout [ 723.260706][ T9815] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.353792][ T2529] bridge_slave_1: left allmulticast mode [ 723.359487][ T2529] bridge_slave_1: left promiscuous mode [ 723.391879][ T2529] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.453729][ T2529] bridge_slave_0: left allmulticast mode [ 723.522834][ T2529] bridge_slave_0: left promiscuous mode [ 725.315767][ T2529] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.302654][T10262] x_tables: ip_tables: udp match: only valid for protocol 17 [ 727.924473][T10271] loop2: detected capacity change from 0 to 16 [ 727.955939][T10271] erofs: (device loop2): mounted with root inode @ nid 36. [ 728.064071][T10272] loop5: detected capacity change from 0 to 512 [ 728.116306][T10272] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 728.158135][T10272] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 728.166634][T10272] EXT4-fs (loop5): orphan cleanup on readonly fs [ 728.179985][T10272] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.1146: bg 0: block 361: padding at end of block bitmap is not set [ 728.221985][T10272] EXT4-fs (loop5): Remounting filesystem read-only [ 728.231674][T10272] EXT4-fs (loop5): 1 truncate cleaned up [ 728.241116][T10272] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 728.279337][ T9107] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 46 [ 728.308960][ T9107] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 728.327448][ T9107] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 728.467916][ T9815] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 728.916854][T10278] loop5: detected capacity change from 0 to 256 [ 729.050964][ T9820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 729.061052][ T9820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 729.089815][ T9820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 729.107806][ T9820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 729.127504][ T9820] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 729.147334][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 729.167443][ T9822] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 729.199353][ T5231] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 729.215038][ T5231] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 729.218222][T10278] FAT-fs (loop5): Directory bread(block 64) failed [ 729.228687][T10278] FAT-fs (loop5): Directory bread(block 65) failed [ 729.230431][ T5231] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 729.235344][T10278] FAT-fs (loop5): Directory bread(block 66) failed [ 729.245280][ T5231] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 729.256724][ T5231] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 729.322917][T10278] FAT-fs (loop5): Directory bread(block 67) failed [ 729.329659][T10278] FAT-fs (loop5): Directory bread(block 68) failed [ 729.350128][T10278] FAT-fs (loop5): Directory bread(block 69) failed [ 729.388113][T10278] FAT-fs (loop5): Directory bread(block 70) failed [ 729.394809][T10278] FAT-fs (loop5): Directory bread(block 71) failed [ 729.419365][T10278] FAT-fs (loop5): Directory bread(block 72) failed [ 729.430755][T10278] FAT-fs (loop5): Directory bread(block 73) failed [ 729.674877][ T2529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 729.697553][ T29] audit: type=1800 audit(1722028869.814:39): pid=10278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1149" name="file2" dev="loop5" ino=1048699 res=0 errno=0 [ 729.746570][ T2529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 729.755406][ T29] audit: type=1800 audit(1722028869.814:40): pid=10278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1149" name="file2" dev="loop5" ino=1048699 res=0 errno=0 [ 729.792066][ T2529] bond0 (unregistering): Released all slaves [ 729.893979][T10285] syz.5.1149: attempt to access beyond end of device [ 729.893979][T10285] loop5: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 730.359852][T10166] chnl_net:caif_netlink_parms(): no params data found [ 730.926487][ T2529] hsr_slave_0: left promiscuous mode [ 730.979083][ T2529] hsr_slave_1: left promiscuous mode [ 731.008499][ T5231] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 731.020443][ T5231] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 731.031472][ T5231] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 731.064816][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 731.087756][ T5231] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 731.095103][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 731.116232][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 731.143300][ T5231] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 731.158443][ T9822] Bluetooth: hci2: unexpected event 0x05 length: 5 > 4 [ 731.159645][ T5231] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 731.204783][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 731.361483][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 731.416089][ T9820] Bluetooth: hci4: command tx timeout [ 731.500730][ T9820] Bluetooth: hci7: command tx timeout [ 731.732172][T10308] binder: 10307:10308 ioctl 541b 0 returned -22 [ 733.085506][T10323] loop5: detected capacity change from 0 to 16 [ 733.126977][T10323] erofs: (device loop5): mounted with root inode @ nid 36. [ 733.391653][ T9815] erofs: (device loop5): erofs_fill_dentries: bogus dirent @ nid 46 [ 733.409652][ T9820] Bluetooth: hci5: command tx timeout [ 733.416172][ T9815] erofs: (device loop5): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 733.440301][ T9815] erofs: (device loop5): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 733.668051][ T9820] Bluetooth: hci4: command tx timeout [ 733.754250][ T9820] Bluetooth: hci7: command tx timeout [ 733.773126][ T2529] team0 (unregistering): Port device team_slave_1 removed [ 733.940670][ T2529] team0 (unregistering): Port device team_slave_0 removed [ 735.661618][ T9820] Bluetooth: hci5: command tx timeout [ 735.987568][ T9820] Bluetooth: hci4: command tx timeout [ 736.007609][ T9820] Bluetooth: hci7: command tx timeout [ 736.376392][T10362] loop3: detected capacity change from 0 to 512 [ 737.655983][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1163'. [ 737.665790][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1163'. [ 737.676532][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1163'. [ 737.722682][T10372] futex_wake_op: syz.3.1162 tries to shift op by 32; fix this program [ 738.014598][ T9820] Bluetooth: hci5: command tx timeout [ 738.036284][ T9820] Bluetooth: hci0: unexpected event 0x05 length: 5 > 4 [ 738.214581][ T9820] Bluetooth: hci4: command tx timeout [ 738.289299][ T9820] Bluetooth: hci7: command tx timeout [ 739.348471][T10166] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.358256][T10166] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.378221][T10166] bridge_slave_0: entered allmulticast mode [ 739.436248][T10166] bridge_slave_0: entered promiscuous mode [ 739.655958][T10389] binder: 10388:10389 ioctl 541b 0 returned -22 [ 739.669911][T10166] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.677170][T10166] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.708581][T10166] bridge_slave_1: entered allmulticast mode [ 739.727564][T10166] bridge_slave_1: entered promiscuous mode [ 739.998720][T10166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 740.166370][T10166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 740.254723][ T5231] Bluetooth: hci5: command tx timeout [ 740.535789][T10409] loop3: detected capacity change from 0 to 512 [ 741.470150][T10408] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 741.604771][ T9820] Bluetooth: Unexpected start frame (len 18) [ 741.628579][T10413] futex_wake_op: syz.3.1172 tries to shift op by 32; fix this program [ 741.643295][T10166] team0: Port device team_slave_0 added [ 743.054748][ T2529] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.158022][T10166] team0: Port device team_slave_1 added [ 743.409078][T10166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 743.416697][T10166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.477615][T10166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 743.493302][T10166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 743.502734][T10166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.533016][T10166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.631747][ T2529] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.942922][ T2529] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.966172][T10431] binder: 10430:10431 ioctl 541b 0 returned -22 [ 744.113892][ T2529] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.397404][T10279] chnl_net:caif_netlink_parms(): no params data found [ 744.644831][T10166] hsr_slave_0: entered promiscuous mode [ 744.670386][T10166] hsr_slave_1: entered promiscuous mode [ 744.751610][T10281] chnl_net:caif_netlink_parms(): no params data found [ 745.084636][T10449] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 745.104979][T10457] loop5: detected capacity change from 0 to 128 [ 745.154335][ T9820] Bluetooth: Unexpected start frame (len 18) [ 745.946783][T10468] overlay: filesystem on ./bus not supported [ 746.201543][ T29] audit: type=1804 audit(1722028885.016:41): pid=10469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1183" name="/newroot/27/file0/bus/bus" dev="loop5" ino=1048704 res=1 errno=0 [ 747.997886][T10281] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.018792][T10281] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.032669][T10281] bridge_slave_0: entered allmulticast mode [ 748.043348][T10281] bridge_slave_0: entered promiscuous mode [ 748.077290][T10279] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.094549][T10279] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.104538][T10279] bridge_slave_0: entered allmulticast mode [ 748.119228][T10279] bridge_slave_0: entered promiscuous mode [ 748.413120][T10281] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.451794][T10281] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.482754][T10281] bridge_slave_1: entered allmulticast mode [ 748.533760][T10281] bridge_slave_1: entered promiscuous mode [ 748.543637][T10279] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.550878][T10279] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.570654][T10279] bridge_slave_1: entered allmulticast mode [ 748.580467][T10279] bridge_slave_1: entered promiscuous mode [ 748.819669][T10507] loop3: detected capacity change from 0 to 1764 [ 748.844795][T10507] iso9660: Unknown parameter 'm' [ 749.077574][T10507] loop3: detected capacity change from 0 to 8 [ 749.140628][T10507] SQUASHFS error: lzo decompression failed, data probably corrupt [ 749.180214][T10507] SQUASHFS error: Failed to read block 0x91: -5 [ 749.186805][T10507] SQUASHFS error: Unable to read metadata cache entry [8f] [ 749.238989][T10507] SQUASHFS error: Unable to read inode 0x11f [ 749.440392][T10279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 749.783458][T10281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 749.884323][T10281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 750.037521][T10279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 750.275176][T10298] chnl_net:caif_netlink_parms(): no params data found [ 751.430478][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1198'. [ 751.457210][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1198'. [ 751.473641][T10537] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1198'. [ 751.517483][T10281] team0: Port device team_slave_0 added [ 751.546232][ T9820] Bluetooth: hci0: unexpected event 0x05 length: 5 > 4 [ 751.561403][T10281] team0: Port device team_slave_1 added [ 751.706704][T10279] team0: Port device team_slave_0 added [ 752.179086][T10279] team0: Port device team_slave_1 added [ 752.541129][T10281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 752.596748][T10281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.633239][T10281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 752.779200][T10559] binder: 10549:10559 ioctl c0306201 0 returned -14 [ 753.134499][T10281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 753.153511][T10281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 753.222082][T10281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 753.252040][T10279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 753.261024][T10279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 753.302430][T10279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 753.463795][T10573] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 753.579336][T10279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 753.613319][T10279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 753.661747][T10279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 753.692240][T10298] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.699533][T10298] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.709663][T10298] bridge_slave_0: entered allmulticast mode [ 753.738166][T10298] bridge_slave_0: entered promiscuous mode [ 754.049059][T10298] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.058349][T10298] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.065771][T10298] bridge_slave_1: entered allmulticast mode [ 754.090156][T10298] bridge_slave_1: entered promiscuous mode [ 754.200288][T10281] hsr_slave_0: entered promiscuous mode [ 754.231427][T10281] hsr_slave_1: entered promiscuous mode [ 754.241907][T10281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 754.249476][T10281] Cannot create hsr debugfs directory [ 754.564881][ T2529] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.716667][T10298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.755637][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1210'. [ 754.765096][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1210'. [ 754.784970][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1210'. [ 754.836364][ T9820] Bluetooth: hci0: unexpected event 0x05 length: 5 > 4 [ 755.011555][T10589] loop3: detected capacity change from 0 to 512 [ 755.046174][T10589] EXT4-fs: Ignoring removed oldalloc option [ 755.134445][T10589] EXT4-fs error (device loop3): ext4_xattr_inode_iget:435: comm syz.3.1212: Parent and EA inode have the same ino 15 [ 755.180679][T10589] EXT4-fs error (device loop3): ext4_xattr_inode_iget:435: comm syz.3.1212: Parent and EA inode have the same ino 15 [ 755.189374][ T2529] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.200663][T10589] EXT4-fs (loop3): 1 orphan inode deleted [ 755.212563][T10589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.243970][T10298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.297971][T10279] hsr_slave_0: entered promiscuous mode [ 755.319709][T10279] hsr_slave_1: entered promiscuous mode [ 755.341462][T10279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 755.351875][T10279] Cannot create hsr debugfs directory [ 756.338885][ T8116] usb 6-1: new low-speed USB device number 20 using dummy_hcd [ 756.742310][ T2529] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.862615][ T9816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.979103][ T8116] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 757.027491][ T8116] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 757.036633][ T8116] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.051402][ T2529] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.152551][T10298] team0: Port device team_slave_0 added [ 757.314556][T10166] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 757.349097][ T8116] usb 6-1: string descriptor 0 read error: -71 [ 757.391397][ T8116] hub 6-1:32.0: USB hub found [ 757.403705][T10298] team0: Port device team_slave_1 added [ 757.428928][ T8116] hub 6-1:32.0: config failed, can't read hub descriptor (err -22) [ 757.703009][ T8116] usb 6-1: USB disconnect, device number 20 [ 757.746000][T10605] loop3: detected capacity change from 0 to 512 [ 757.753946][T10166] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 757.797686][T10605] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 757.890974][T10605] EXT4-fs (loop3): warning: maximal mount count reached, running e2fsck is recommended [ 757.934818][T10605] EXT4-fs error (device loop3): ext4_orphan_get:1391: comm syz.3.1214: inode #15: comm syz.3.1214: iget: illegal inode # [ 757.952040][T10298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 757.961140][T10298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.989673][T10605] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.1214: couldn't read orphan inode 15 (err -117) [ 757.994016][T10298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 758.032452][T10605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 758.079536][T10601] udevd[10601]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 758.117757][T10166] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 758.167142][T10166] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 758.232580][T10298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 758.255843][T10298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 758.347844][T10298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 758.543157][T10609] loop5: detected capacity change from 0 to 2048 [ 758.577561][T10609] EXT4-fs: Ignoring removed orlov option [ 758.645809][T10609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 758.695502][T10298] hsr_slave_0: entered promiscuous mode [ 758.719930][T10298] hsr_slave_1: entered promiscuous mode [ 758.737951][T10298] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 758.745724][T10298] Cannot create hsr debugfs directory [ 758.931047][ T9815] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 759.245366][T10619] syz.5.1216 uses obsolete (PF_INET,SOCK_PACKET) [ 759.391254][ T2529] bridge_slave_1: left allmulticast mode [ 759.410452][ T2529] bridge_slave_1: left promiscuous mode [ 759.416376][ T2529] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.476636][ T2529] bridge_slave_0: left allmulticast mode [ 759.482342][ T2529] bridge_slave_0: left promiscuous mode [ 759.510283][ T2529] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.531645][T10591] EXT4-fs error (device loop3): ext4_validate_block_bitmap:431: comm ext4lazyinit: bg 0: block 19: invalid block bitmap [ 759.565221][ T2529] bridge_slave_1: left allmulticast mode [ 759.570903][ T2529] bridge_slave_1: left promiscuous mode [ 759.611192][ T2529] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.632391][ T2529] bridge_slave_0: left allmulticast mode [ 759.647927][ T2529] bridge_slave_0: left promiscuous mode [ 759.676265][ T2529] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.717358][ T2529] bridge_slave_1: left allmulticast mode [ 759.745777][ T2529] bridge_slave_1: left promiscuous mode [ 759.751711][ T2529] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.813300][ T2529] bridge_slave_0: left allmulticast mode [ 759.818989][ T2529] bridge_slave_0: left promiscuous mode [ 759.855589][ T2529] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.086874][ T9816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 760.337195][T10633] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 760.958399][T10640] binder: 10636:10640 ioctl c0306201 0 returned -14 [ 762.139129][ T2529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 762.187904][ T2529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 762.212799][ T2529] bond0 (unregistering): Released all slaves [ 762.552305][ T2529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 762.596590][ T2529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 762.630214][ T2529] bond0 (unregistering): Released all slaves [ 762.861870][ T2529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 762.892464][ T2529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 762.915575][ T2529] bond0 (unregistering): Released all slaves [ 763.602731][ T4693] usb 4-1: new low-speed USB device number 18 using dummy_hcd [ 763.867145][ T4693] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 763.890806][ T4693] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 763.921650][ T4693] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.232707][ T4693] usb 4-1: string descriptor 0 read error: -71 [ 764.264551][ T4693] hub 4-1:32.0: USB hub found [ 764.283321][ T4693] hub 4-1:32.0: config failed, can't read hub descriptor (err -22) [ 764.363732][ T2529] hsr_slave_0: left promiscuous mode [ 764.397032][ T2529] hsr_slave_1: left promiscuous mode [ 764.437099][ T2529] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 764.444574][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 764.449005][ T4693] usb 4-1: USB disconnect, device number 18 [ 764.508340][ T2529] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 764.531198][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 764.576667][ T2529] hsr_slave_0: left promiscuous mode [ 764.587300][ T2529] hsr_slave_1: left promiscuous mode [ 764.599858][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 764.607853][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 764.625856][ T2529] hsr_slave_0: left promiscuous mode [ 764.633293][ T2529] hsr_slave_1: left promiscuous mode [ 764.640055][ T2529] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 764.649405][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 764.659193][ T2529] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 764.667156][ T2529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 764.741832][ T2529] veth1_macvtap: left promiscuous mode [ 764.747566][ T2529] veth0_macvtap: left promiscuous mode [ 764.753860][ T2529] veth1_vlan: left promiscuous mode [ 764.759303][ T2529] veth0_vlan: left promiscuous mode [ 764.769645][ T2529] veth1_macvtap: left promiscuous mode [ 764.775285][ T5298] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 764.784021][ T6752] udevd[6752]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 764.784231][ T2529] veth0_macvtap: left promiscuous mode [ 764.808285][ T2529] veth1_vlan: left promiscuous mode [ 764.819994][ T2529] veth0_vlan: left promiscuous mode [ 764.839938][ T2529] veth1_macvtap: left promiscuous mode [ 764.849475][ T2529] veth0_macvtap: left promiscuous mode [ 764.855318][ T2529] veth1_vlan: left promiscuous mode [ 765.003004][ T5298] usb 6-1: Using ep0 maxpacket: 32 [ 765.024128][ T5298] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 765.041706][ T5298] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 765.069325][ T5298] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 765.098261][ T5298] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 765.114190][ T5298] usb 6-1: Product: syz [ 765.118406][ T5298] usb 6-1: Manufacturer: syz [ 765.135609][ T5298] usb 6-1: SerialNumber: syz [ 765.178413][ T5298] usb 6-1: config 0 descriptor?? [ 765.191782][ T5298] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 765.208083][T10662] loop3: detected capacity change from 0 to 512 [ 765.226592][ T5298] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 765.244877][T10662] EXT4-fs: Ignoring removed oldalloc option [ 765.309369][T10662] EXT4-fs error (device loop3): ext4_xattr_inode_iget:435: comm syz.3.1228: Parent and EA inode have the same ino 15 [ 765.338084][T10662] EXT4-fs error (device loop3): ext4_xattr_inode_iget:435: comm syz.3.1228: Parent and EA inode have the same ino 15 [ 765.380089][T10662] EXT4-fs (loop3): 1 orphan inode deleted [ 765.388464][T10662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 765.686326][ T5298] usb 6-1: USB disconnect, device number 21 [ 765.686417][ C1] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 765.761792][ T5298] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 766.777885][T10668] ldusb: No device or device unplugged -19 [ 767.042959][ T9816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 767.690684][T10674] binder: 10669:10674 ioctl c0306201 0 returned -14 [ 768.511152][ T2529] team0 (unregistering): Port device team_slave_1 removed [ 768.586935][ T2529] team0 (unregistering): Port device team_slave_0 removed [ 768.780071][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 768.788726][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 770.575373][ T2529] team0 (unregistering): Port device team_slave_1 removed [ 770.649129][ T2529] team0 (unregistering): Port device team_slave_0 removed [ 771.814446][ T2529] team0 (unregistering): Port device team_slave_1 removed [ 771.864981][ T2529] team0 (unregistering): Port device team_slave_0 removed [ 772.637888][T10279] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 772.707719][T10279] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 772.895816][T10279] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 772.961003][T10279] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 773.255309][T10697] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 773.291020][ T9820] Bluetooth: Unexpected start frame (len 18) [ 773.794185][T10279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 774.091320][T10166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 774.121158][T10720] loop5: detected capacity change from 0 to 1024 [ 774.381010][T10279] 8021q: adding VLAN 0 to HW filter on device team0 [ 774.463804][T10166] 8021q: adding VLAN 0 to HW filter on device team0 [ 774.657513][ T5294] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.664760][ T5294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 774.726332][ T5294] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.733665][ T5294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.894807][ T5294] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.902105][ T5294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 774.942688][T10733] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1243'. [ 775.023010][ T4693] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.030306][ T4693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 775.591888][T10736] input: syz0 as /devices/virtual/input/input9 [ 776.063350][T10281] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 776.168922][T10281] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 776.280255][T10281] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 776.622501][T10281] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 776.707952][T10755] loop5: detected capacity change from 0 to 512 [ 776.867963][T10755] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 776.962190][T10755] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 777.229798][T10763] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 777.309953][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 777.329693][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 777.346794][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 777.377108][ T9815] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 777.387813][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 777.427302][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 777.459476][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 777.510704][T10298] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 777.682401][T10298] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 777.794999][T10298] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 777.885589][T10279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 778.018268][T10780] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1252'. [ 778.045486][ T5231] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 778.058832][ T5231] Bluetooth: hci2: Injecting HCI hardware error event [ 778.068565][ T5231] Bluetooth: hci2: hardware error 0x00 [ 778.247781][T10298] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 778.925977][T10794] ------------[ cut here ]------------ [ 778.932121][T10794] WARNING: CPU: 1 PID: 10794 at net/mac80211/rate.c:48 rate_control_rate_init+0x543/0x690 [ 778.942936][T10794] Modules linked in: [ 778.946933][T10794] CPU: 1 UID: 0 PID: 10794 Comm: syz.3.1253 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0 [ 778.957451][T10794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 778.967581][T10794] RIP: 0010:rate_control_rate_init+0x543/0x690 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 778.973792][T10794] Code: 48 c7 c2 60 7d 9d 8c be 63 03 00 00 48 c7 c7 20 7d 9d 8c c6 05 d4 eb 79 05 01 e8 88 c1 e6 f6 e9 e0 fd ff ff e8 7e 85 09 f7 90 <0f> 0b 90 e9 36 ff ff ff e8 70 85 09 f7 e8 ab c9 ef f6 31 ff 89 c3 [ 778.994254][T10794] RSP: 0018:ffffc90008a6f258 EFLAGS: 00010287 [ 779.001439][T10794] RAX: 000000000000311d RBX: ffff8880598a4000 RCX: ffffc90014dc7000 [ 779.009524][T10794] RDX: 0000000000040000 RSI: ffffffff8a825602 RDI: 0000000000000005 [ 779.017546][T10794] RBP: ffff88801c6d8420 R08: 0000000000000005 R09: 0000000000000000 [ 779.026173][T10794] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 779.034242][T10794] R13: 0000000000000000 R14: ffff88807a5f8e40 R15: ffff8880675b8000 [ 779.042327][T10794] FS: 00007f0e4cbde6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 779.051322][T10794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 779.057986][T10794] CR2: 00007ffe93398608 CR3: 000000006cc58000 CR4: 0000000000350ef0 [ 779.066052][T10794] Call Trace: [ 779.069363][T10794] [ 779.072331][T10794] ? show_regs+0x8c/0xa0 [ 779.076792][T10794] ? __warn+0xe5/0x3c0 [ 779.080926][T10794] ? rate_control_rate_init+0x543/0x690 [ 779.086560][T10794] ? report_bug+0x3c0/0x580 [ 779.091122][T10794] ? handle_bug+0x3d/0x70 [ 779.095534][T10794] ? exc_invalid_op+0x17/0x50 [ 779.100269][T10794] ? asm_exc_invalid_op+0x1a/0x20 [ 779.105368][T10794] ? rate_control_rate_init+0x542/0x690 [ 779.111027][T10794] ? rate_control_rate_init+0x543/0x690 [ 779.116638][T10794] ? rate_control_rate_init+0x542/0x690 [ 779.122281][T10794] sta_apply_auth_flags.constprop.0+0x4bb/0x510 [ 779.128743][T10794] sta_apply_parameters+0xb6e/0x1740 [ 779.134097][T10794] ieee80211_add_station+0x3fa/0x6c0 [ 779.139474][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.145181][T10794] nl80211_new_station+0x1470/0x1bf0 [ 779.150608][T10794] ? __rtnl_unlock+0x68/0xf0 [ 779.155241][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.160982][T10794] ? __pfx_nl80211_new_station+0x10/0x10 [ 779.166680][T10794] ? ref_tracker_alloc+0x2ef/0x5b0 [ 779.173262][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.178957][T10794] ? nl80211_pre_doit+0x1b0/0xb10 [ 779.184095][T10794] genl_family_rcv_msg_doit+0x205/0x2f0 [ 779.189723][T10794] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 779.195953][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.201647][T10794] ? ns_capable+0xd7/0x110 [ 779.206181][T10794] genl_rcv_msg+0x565/0x800 [ 779.210774][T10794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 779.215924][T10794] ? __pfx___lock_acquire+0x10/0x10 [ 779.221193][T10794] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 779.226703][T10794] ? __pfx_nl80211_new_station+0x10/0x10 [ 779.232405][T10794] ? __pfx_nl80211_post_doit+0x10/0x10 [ 779.238044][T10794] netlink_rcv_skb+0x16e/0x440 [ 779.242877][T10794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 779.248022][T10794] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 779.253394][T10794] ? down_read+0xc9/0x330 [ 779.259623][T10794] ? __pfx_down_read+0x10/0x10 [ 779.264441][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.270438][T10794] ? netlink_deliver_tap+0x1ae/0xd90 [ 779.275797][T10794] genl_rcv+0x28/0x40 [ 779.280253][T10794] netlink_unicast+0x547/0x830 [ 779.285088][T10794] ? __pfx_netlink_unicast+0x10/0x10 [ 779.290487][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.296190][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.302030][T10794] ? __phys_addr_symbol+0x30/0x80 [ 779.307112][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.312838][T10794] ? __check_object_size+0x497/0x720 [ 779.318188][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.323921][T10794] netlink_sendmsg+0x8b8/0xd70 [ 779.328757][T10794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 779.334166][T10794] ? __import_iovec+0x1fd/0x6e0 [ 779.339077][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.345298][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.350997][T10794] ____sys_sendmsg+0xab8/0xc90 [ 779.356727][T10794] ? copy_msghdr_from_user+0x10b/0x160 [ 779.362238][T10794] ? __pfx_____sys_sendmsg+0x10/0x10 [ 779.367647][T10794] ? __pfx___lock_acquire+0x10/0x10 [ 779.372906][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.378702][T10794] ? try_to_wake_up+0xc08/0x13e0 [ 779.383713][T10794] ___sys_sendmsg+0x135/0x1e0 [ 779.388480][T10794] ? __pfx____sys_sendmsg+0x10/0x10 [ 779.393763][T10794] ? __pfx_futex_wake+0x10/0x10 [ 779.398767][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.404456][T10794] ? __fget_light+0x173/0x210 [ 779.409200][T10794] __sys_sendmsg+0x117/0x1f0 [ 779.413878][T10794] ? __pfx___sys_sendmsg+0x10/0x10 [ 779.419049][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.424817][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.430531][T10794] do_syscall_64+0xcd/0x250 [ 779.435449][T10794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.441419][T10794] RIP: 0033:0x7f0e4d177299 [ 779.445964][T10794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.465918][T10794] RSP: 002b:00007f0e4cbde048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 779.474606][T10794] RAX: ffffffffffffffda RBX: 00007f0e4d306058 RCX: 00007f0e4d177299 [ 779.482618][T10794] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 779.490733][T10794] RBP: 00007f0e4d1e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 779.501295][T10794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.509360][T10794] R13: 000000000000006e R14: 00007f0e4d306058 R15: 00007ffdd56adde8 [ 779.517407][T10794] [ 779.520915][T10794] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 779.528218][T10794] CPU: 1 UID: 0 PID: 10794 Comm: syz.3.1253 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0 [ 779.538670][T10794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 779.548751][T10794] Call Trace: [ 779.552049][T10794] [ 779.554998][T10794] dump_stack_lvl+0x3d/0x1f0 [ 779.559637][T10794] panic+0x6f5/0x7a0 [ 779.563592][T10794] ? __pfx_panic+0x10/0x10 [ 779.568061][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.573745][T10794] ? show_trace_log_lvl+0x363/0x500 [ 779.579039][T10794] ? rate_control_rate_init+0x543/0x690 [ 779.584632][T10794] check_panic_on_warn+0xab/0xb0 [ 779.589630][T10794] __warn+0xf1/0x3c0 [ 779.593582][T10794] ? rate_control_rate_init+0x543/0x690 [ 779.599178][T10794] report_bug+0x3c0/0x580 [ 779.603565][T10794] handle_bug+0x3d/0x70 [ 779.607760][T10794] exc_invalid_op+0x17/0x50 [ 779.612303][T10794] asm_exc_invalid_op+0x1a/0x20 [ 779.617197][T10794] RIP: 0010:rate_control_rate_init+0x543/0x690 [ 779.623384][T10794] Code: 48 c7 c2 60 7d 9d 8c be 63 03 00 00 48 c7 c7 20 7d 9d 8c c6 05 d4 eb 79 05 01 e8 88 c1 e6 f6 e9 e0 fd ff ff e8 7e 85 09 f7 90 <0f> 0b 90 e9 36 ff ff ff e8 70 85 09 f7 e8 ab c9 ef f6 31 ff 89 c3 [ 779.643055][T10794] RSP: 0018:ffffc90008a6f258 EFLAGS: 00010287 [ 779.649156][T10794] RAX: 000000000000311d RBX: ffff8880598a4000 RCX: ffffc90014dc7000 [ 779.657231][T10794] RDX: 0000000000040000 RSI: ffffffff8a825602 RDI: 0000000000000005 [ 779.665219][T10794] RBP: ffff88801c6d8420 R08: 0000000000000005 R09: 0000000000000000 [ 779.673209][T10794] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 779.681198][T10794] R13: 0000000000000000 R14: ffff88807a5f8e40 R15: ffff8880675b8000 [ 779.689201][T10794] ? rate_control_rate_init+0x542/0x690 [ 779.694791][T10794] ? rate_control_rate_init+0x542/0x690 [ 779.700377][T10794] sta_apply_auth_flags.constprop.0+0x4bb/0x510 [ 779.706679][T10794] sta_apply_parameters+0xb6e/0x1740 [ 779.712012][T10794] ieee80211_add_station+0x3fa/0x6c0 [ 779.717328][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.723003][T10794] nl80211_new_station+0x1470/0x1bf0 [ 779.728335][T10794] ? __rtnl_unlock+0x68/0xf0 [ 779.732951][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.738623][T10794] ? __pfx_nl80211_new_station+0x10/0x10 [ 779.744295][T10794] ? ref_tracker_alloc+0x2ef/0x5b0 [ 779.749481][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.755152][T10794] ? nl80211_pre_doit+0x1b0/0xb10 [ 779.760214][T10794] genl_family_rcv_msg_doit+0x205/0x2f0 [ 779.765819][T10794] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 779.771953][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.777623][T10794] ? ns_capable+0xd7/0x110 [ 779.782073][T10794] genl_rcv_msg+0x565/0x800 [ 779.786634][T10794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 779.791709][T10794] ? __pfx___lock_acquire+0x10/0x10 [ 779.796951][T10794] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 779.802350][T10794] ? __pfx_nl80211_new_station+0x10/0x10 [ 779.808019][T10794] ? __pfx_nl80211_post_doit+0x10/0x10 [ 779.813544][T10794] netlink_rcv_skb+0x16e/0x440 [ 779.818354][T10794] ? __pfx_genl_rcv_msg+0x10/0x10 [ 779.823429][T10794] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 779.828780][T10794] ? down_read+0xc9/0x330 [ 779.833148][T10794] ? __pfx_down_read+0x10/0x10 [ 779.837939][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.843608][T10794] ? netlink_deliver_tap+0x1ae/0xd90 [ 779.848939][T10794] genl_rcv+0x28/0x40 [ 779.852967][T10794] netlink_unicast+0x547/0x830 [ 779.857781][T10794] ? __pfx_netlink_unicast+0x10/0x10 [ 779.863112][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.868790][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.874644][T10794] ? __phys_addr_symbol+0x30/0x80 [ 779.879710][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.885381][T10794] ? __check_object_size+0x497/0x720 [ 779.890712][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.896390][T10794] netlink_sendmsg+0x8b8/0xd70 [ 779.901209][T10794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 779.906535][T10794] ? __import_iovec+0x1fd/0x6e0 [ 779.911425][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.917094][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.922772][T10794] ____sys_sendmsg+0xab8/0xc90 [ 779.927587][T10794] ? copy_msghdr_from_user+0x10b/0x160 [ 779.933078][T10794] ? __pfx_____sys_sendmsg+0x10/0x10 [ 779.938415][T10794] ? __pfx___lock_acquire+0x10/0x10 [ 779.943658][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.949328][T10794] ? try_to_wake_up+0xc08/0x13e0 [ 779.954323][T10794] ___sys_sendmsg+0x135/0x1e0 [ 779.959035][T10794] ? __pfx____sys_sendmsg+0x10/0x10 [ 779.964285][T10794] ? __pfx_futex_wake+0x10/0x10 [ 779.969207][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.974881][T10794] ? __fget_light+0x173/0x210 [ 779.979598][T10794] __sys_sendmsg+0x117/0x1f0 [ 779.984221][T10794] ? __pfx___sys_sendmsg+0x10/0x10 [ 779.989368][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 779.995054][T10794] ? srso_alias_return_thunk+0x5/0xfbef5 [ 780.000743][T10794] do_syscall_64+0xcd/0x250 [ 780.005313][T10794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.011248][T10794] RIP: 0033:0x7f0e4d177299 [ 780.015683][T10794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 780.035331][T10794] RSP: 002b:00007f0e4cbde048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 780.043784][T10794] RAX: ffffffffffffffda RBX: 00007f0e4d306058 RCX: 00007f0e4d177299 [ 780.051783][T10794] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 780.059782][T10794] RBP: 00007f0e4d1e48e6 R08: 0000000000000000 R09: 0000000000000000 [ 780.067778][T10794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.075778][T10794] R13: 000000000000006e R14: 00007f0e4d306058 R15: 00007ffdd56adde8 [ 780.083814][T10794] [ 780.087075][T10794] Kernel Offset: disabled [ 780.091537][T10794] Rebooting in 86400 seconds..