last executing test programs: 3m10.776641115s ago: executing program 1 (id=96): bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f00000000c0)) 3m10.597566399s ago: executing program 1 (id=97): msgsnd(0x0, &(0x7f0000001340)={0x2, "565f2a48d28a3ef8314ff9"}, 0x13, 0x800) 3m10.448869261s ago: executing program 1 (id=99): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x2380, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000680)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000004000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3m10.2048738s ago: executing program 1 (id=100): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=") setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000380)='./bus\x00', 0x1004080, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) lremovexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_default\x00') 3m9.772857485s ago: executing program 1 (id=105): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000180)=0x8, 0x4) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) 3m9.20490591s ago: executing program 1 (id=109): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='auxv\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1, 0x96, 0x100) 3m8.889827845s ago: executing program 32 (id=109): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='auxv\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1, 0x96, 0x100) 2m53.28047085s ago: executing program 4 (id=203): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000080), &(0x7f0000000100)={'enc=', 'raw', ' hash=', {'crc32\x00'}}, 0x0, 0x0) r3 = dup(r2) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800452d00340066000006019078ac141417f87b99bb05019078ac1414bb46900006006504c1"], 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m52.26040964s ago: executing program 4 (id=207): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d57ff38d5231dc712a114aaeae76812b1375a1b59f2b669bcf1f5a39f4241eef5d48ba4a16fb354031b55dd47512d0b1c6d02dce620d1cd5bad3ff8d69fe0a9e54", 0x9a}], 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50}, 0x50) r2 = socket$alg(0x26, 0x5, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000006c0)=ANY=[@ANYRES16=r3, @ANYBLOB="000219bd7000fbdbdf", @ANYBLOB="0a00060008021100000100000a001a00ffffffffffff00000a001a0008021100000000000a001a0008021100000000000a000600ffffffffffff00000a001a0008021100000100000a001a0008021100000100000a000600ffffffffffff00000a001a0008021100000000000a001a00080211"], 0x94}, 0x1, 0x0, 0x0, 0x10}, 0x40080) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2m51.960121144s ago: executing program 4 (id=209): bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4140aecd, &(0x7f00000000c0)) 2m51.703807964s ago: executing program 4 (id=212): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8820, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0) linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x80002, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, 0x0, r1, &(0x7f0000000a40)='./file2\x00', 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) 2m51.698464375s ago: executing program 0 (id=214): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c0000001000010025bd7000fedbdf2500000000", @ANYRES32, @ANYBLOB="100804001a0804001c002b800800030011000000080001"], 0x3c}}, 0x4000000) 2m51.463587804s ago: executing program 0 (id=216): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd92, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 2m51.344619873s ago: executing program 0 (id=217): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x12000, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[], 0x0, 0x4, 0xa0, &(0x7f0000001a80)=""/160, 0x8eb2e000f2c28467}, 0x94) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001680)) r3 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) connect$vsock_stream(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 2m51.092770623s ago: executing program 4 (id=220): bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x4140aecd, &(0x7f00000000c0)) 2m50.640869059s ago: executing program 4 (id=223): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000280)="66b9800000c00f326635000400000f300f01d10f8b7700f30f2d2ee70d0ff2d7f30fa6c066b8e708a93a0f23c80f21f86635000040000f23f80f48f1650fc7ba70b8660f38806096", 0x48}], 0x1, 0x4d, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000001c0)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m50.221679872s ago: executing program 33 (id=223): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000280)="66b9800000c00f326635000400000f300f01d10f8b7700f30f2d2ee70d0ff2d7f30fa6c066b8e708a93a0f23c80f21f86635000040000f23f80f48f1650fc7ba70b8660f38806096", 0x48}], 0x1, 0x4d, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000001c0)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m50.209696662s ago: executing program 0 (id=225): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) open(&(0x7f0000000440)='./file1\x00', 0x0, 0x73) creat(&(0x7f0000000580)='./file1\x00', 0x0) 2m49.831143663s ago: executing program 0 (id=231): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) shutdown(0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x12060) r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) getdents(r0, &(0x7f0000001fc0)=""/184, 0xc4) 2m49.300036215s ago: executing program 0 (id=234): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x0, 0x260, 0x260, 0xfeffffff, 0xffffffff, 0x380, 0x260, 0x380, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 2m48.753612588s ago: executing program 34 (id=234): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x0, 0x260, 0x260, 0xfeffffff, 0xffffffff, 0x380, 0x260, 0x380, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 2m12.996178187s ago: executing program 5 (id=388): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000780)={{r0}, &(0x7f0000000380), 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f00000001c0)='GPL\x00'}, 0x80) 2m12.684449161s ago: executing program 5 (id=391): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={r2}, &(0x7f0000000040)=0x8) 2m12.464908459s ago: executing program 5 (id=394): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40094) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x1, 0x70bd25, 0x7, {0x0, 0x0, 0x0, 0x0, 0x80000, 0x188f}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_NEIGH_SUPPRESS={0x5, 0x20, 0x1}, @IFLA_BRPORT_ISOLATED={0x5, 0x21, 0x1}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x811}, 0x4000000) 2m12.286487844s ago: executing program 5 (id=397): setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x8, 0x4) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000100)=0x400, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x8, r1}, 0x10) ppoll(&(0x7f00000002c0)=[{0xffffffffffffffff, 0x47}], 0x1, 0x0, 0x0, 0x0) 2m11.304745311s ago: executing program 5 (id=403): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2145c99, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") 2m10.848664757s ago: executing program 5 (id=406): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000380), 0xfe, 0x579, &(0x7f0000000680)="$eJzs3U1rXFUYAOD3TjLpR1qbQinqQgJdWKmdNIkfFVzUpWixoPs6JNNQMuktmUlpYsF2YTdupAgiFsQf4N5l8Q/4KwpaKFqCLtxE7uROM01m8jkxaed5YNJz7j3Tc8/c+568J3eGCaBnDWc/ChGvRMQ3ScSxln39ke8cXm63+OTWRPZIYmnp0z+TSPJtzfZJ/u9gXnk5In79KuJMYW2/tfmF6XK1WpnN6yP1mesjtfmFs1dnylOVqcq1sfHx82+Pj7337jtdG+sbl/75/pMHH57/+tTidz8/On4viQtxJN/XOo4duN1aGY7h/DUpxoVVDUe70Nl+kuz1AbAtfXmcFyObA45FXx71wIvvy4hYAnpUIv6hRzXzgObavkvr4OfG4w+WF0Brx9+//LeRONhYGx1eTJ5ZGWXr3aEu9J/18csf9+9lj+je3yEANnT7TkSc6+9fO/8l+fy3fec20WZ1H1uc/5a2eEhAiwdZ/vNmu/wnzVscbPxcnf8Mtond7dg4/guPutBNR1n+937b/PfpTauhvrx2tJHzFZMrV6uVbG57KSJOR/FAVl/vfs75xYcd56mV/G+gkQNm/Tdzwfw4HvUfePY5k+V6eSdjbvX4TsSrbfPf5Gn+m7Q5/9nrcWmTfZys3H+t077W/Lf9+HfX0k8Rr+fn//Yza6KVO1rJ+vcnRxrXw0jzqljr77snf+vUf+fxH92F0a6Vnf/Dba//p+MfSlrv19a23sePB/+tdNq38flvf/0PJJ81ygP5tpvlen12NGIg+Xjt9rGV5zbrzfbZ+E+fah//613/hyLi802O/+6Jux2b7vX1n41/ckvnf+uFhx998UOn/jd3/t9qlE7nWzYz/232AHfy2gEAAAAAAMB+U4iII5EUSlm5mJULhVJp+f0dJ+JwoZrW6meupHPXJqPxWdmhKBaad7oHW94PMZq/H7ZZH1tVH4+I4xHxbd+hRr00kVYn93rwAAAAAAAAAAAAAAAAAAAAsE8Mtn7+P1Y+/5/5vW+vjw7Ydb7yG3rXhvHfjW96AvYlv/+hd4l/6F3iH3qX+IfeJf6hd4l/6F3iH3qX+AcAAAAAAAAAAAAAAAAAAAAAAAAAAICuunTxYvZYWnxyayKrT96Yn5tOb5ydrNSmSzNzE6WJdPZ6aSpNp6qV0kQ6s+5/lvwV1TS9PjoWczdH6pVafaQ2v3B5Jp27Vr98daY8VblcKf5fAwMAAAAAAAAAAAAAAAAAAIDnSG1+YbpcrVZmFRS2VejfH4fxghaisMVnNQN7x73v7bwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK3+CwAA///Xxjfu") r0 = open_tree(0xffffffffffffff9c, 0x0, 0x81000) renameat2(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file1\x00', 0x4) 1m55.781137929s ago: executing program 35 (id=406): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000380), 0xfe, 0x579, &(0x7f0000000680)="$eJzs3U1rXFUYAOD3TjLpR1qbQinqQgJdWKmdNIkfFVzUpWixoPs6JNNQMuktmUlpYsF2YTdupAgiFsQf4N5l8Q/4KwpaKFqCLtxE7uROM01m8jkxaed5YNJz7j3Tc8/c+568J3eGCaBnDWc/ChGvRMQ3ScSxln39ke8cXm63+OTWRPZIYmnp0z+TSPJtzfZJ/u9gXnk5In79KuJMYW2/tfmF6XK1WpnN6yP1mesjtfmFs1dnylOVqcq1sfHx82+Pj7337jtdG+sbl/75/pMHH57/+tTidz8/On4viQtxJN/XOo4duN1aGY7h/DUpxoVVDUe70Nl+kuz1AbAtfXmcFyObA45FXx71wIvvy4hYAnpUIv6hRzXzgObavkvr4OfG4w+WF0Brx9+//LeRONhYGx1eTJ5ZGWXr3aEu9J/18csf9+9lj+je3yEANnT7TkSc6+9fO/8l+fy3fec20WZ1H1uc/5a2eEhAiwdZ/vNmu/wnzVscbPxcnf8Mtond7dg4/guPutBNR1n+937b/PfpTauhvrx2tJHzFZMrV6uVbG57KSJOR/FAVl/vfs75xYcd56mV/G+gkQNm/Tdzwfw4HvUfePY5k+V6eSdjbvX4TsSrbfPf5Gn+m7Q5/9nrcWmTfZys3H+t077W/Lf9+HfX0k8Rr+fn//Yza6KVO1rJ+vcnRxrXw0jzqljr77snf+vUf+fxH92F0a6Vnf/Dba//p+MfSlrv19a23sePB/+tdNq38flvf/0PJJ81ygP5tpvlen12NGIg+Xjt9rGV5zbrzfbZ+E+fah//613/hyLi802O/+6Jux2b7vX1n41/ckvnf+uFhx998UOn/jd3/t9qlE7nWzYz/232AHfy2gEAAAAAAMB+U4iII5EUSlm5mJULhVJp+f0dJ+JwoZrW6meupHPXJqPxWdmhKBaad7oHW94PMZq/H7ZZH1tVH4+I4xHxbd+hRr00kVYn93rwAAAAAAAAAAAAAAAAAAAAsE8Mtn7+P1Y+/5/5vW+vjw7Ydb7yG3rXhvHfjW96AvYlv/+hd4l/6F3iH3qX+IfeJf6hd4l/6F3iH3qX+AcAAAAAAAAAAAAAAAAAAAAAAAAAAICuunTxYvZYWnxyayKrT96Yn5tOb5ydrNSmSzNzE6WJdPZ6aSpNp6qV0kQ6s+5/lvwV1TS9PjoWczdH6pVafaQ2v3B5Jp27Vr98daY8VblcKf5fAwMAAAAAAAAAAAAAAAAAAIDnSG1+YbpcrVZmFRS2VejfH4fxghaisMVnNQN7x73v7bwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK3+CwAA///Xxjfu") r0 = open_tree(0xffffffffffffff9c, 0x0, 0x81000) renameat2(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file1\x00', 0x4) 2.27402067s ago: executing program 3 (id=1394): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000120000000000000000850000"], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 2.057063027s ago: executing program 3 (id=1398): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x50, r5, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_BSSID={0xa, 0xf5, @random="418cb04d5101"}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x2}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.76247482s ago: executing program 7 (id=1400): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00'}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x6988b500, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) 1.524613349s ago: executing program 3 (id=1402): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 1.196983335s ago: executing program 3 (id=1404): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000006c0)="da467702f9520108dcebc5560e4f93142974b51221138c2cdf5b4d577cb800c423ace69c1eba8d0c505baa2ad7ddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d5", 0x5a}, {0x0}, {&(0x7f0000000780)="ab2ad7c58596e5d8c1f92a9a6fd90520f31fd9f30b2620750a2d2505203136266d89d22253eb35ae5b51365ff5e57a973a573761fe339ac9a26c4cebeeab735df451658793f684490cef586a0fb1f984e97f5e670b55907ab37875c797f9bbcb132548efe46d707f9773479d1681c47557", 0x71}], 0x3, 0x0, 0x0, 0x4000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffffffffffd01}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f0000000940)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433185b3e53836f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x10000000000001e0, &(0x7f0000000840)=[@iv={0x0, 0x117, 0x2, 0x0, "74d9d85b7c8cc2e547cdba26a513fb74268d4109187d6f3dd3bb5ad00bfe285743c68dff980e06fbd5b9da3b2971f81c8dd844325d20e7ba7c96e6fcfedae5e025e8021367b9a64ad02bf3b86efaeef3dae0dce6720412277bd4718d0e9604df6bd9a85a0241632a115472315f7993a45c86bffc8c3a1c757b5cadd2a46ca141dc29611712e2ab66c3b95c444cc33ad5e63f02275ff11241b39225f8248e273f0e4d88b9041d8c9ca01599"}, @assoc={0x0, 0x117, 0x4, 0x4}], 0x18}], 0x1, 0x44000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) 1.13511858s ago: executing program 6 (id=1405): socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008000000"], 0x7c}}, 0x80) 1.058399996s ago: executing program 7 (id=1406): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'erspan0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x2a5d, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000007c0)="25d7fe75fa3496bb8e75411fe8ffffffffffffff000000000020ded4c9310457da979fa4388dd60154c23004923f7779ccd9606613089b740e01af8b422a04ea9e9c2e65e081c183f2283700c3bad0f9af818f4c6c2151fa1829480e9212644c17193f4e978c3c43133a3b29546754a2845fd8cc", 0x74, 0xe044, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 1.01294703s ago: executing program 3 (id=1407): syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x14002, 0x0, 0x0, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_pidfd_open(0x0, 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)}) close_range(r1, 0xffffffffffffffff, 0x0) 931.403906ms ago: executing program 6 (id=1408): sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)={0x20, 0x0, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1}]}, 0x20}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2b4, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x2a0, 0x1, [@m_ife={0x9c, 0xb, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x8, 0x1ff, 0x5}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x3f, 0x10000000, 0x10, 0x6}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}]}, {0x2e, 0x6, "ea24464decc1b2772ce0e9d802b5374a8d6638c9f5d62d73097ad328a4154dd4046c261a61dc99ee7003"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0xb4, 0x14, 0x0, 0x0, {{0x9}, {0x4}, {0x85, 0x6, "576458eea52fd27eec92e713a172e757e1f62fe8475fa8817d9bd39d398251801f64d9b8e312b47b111ff094a2f452e1fd749b169123625c664a63e06baa8402c6b5fe34fbffaf329e5589fe1d00f704d8d13b0100000081ec7a1e9e21427be570631961812505684e260d3f73821a372961e6acf9f73f3ab3a6d19010c501877f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_bpf={0x8c, 0x5, 0x0, 0x0, {{0x8}, {0x64, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x4, 0x3, 0x87f7, 0x4}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0xd, 0x6, 0x3, 0x7fb}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x408, 0x6, 0x5, 0x5, 0x69e}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ct={0xc0, 0x1a, 0x0, 0x0, {{0x7}, {0x4}, {0x95, 0x6, "8850292e248ac4bb2ecd95dd3a5619db7af347b0687f0683db3cd63dedd7f9c3a5bb3167ac124dd18979a62419a29316d507e2a0abf181e4f9d6dc416b94912a7bf866cd425975578de62756ee0750f95d36d65a7455ad211b57c0a58834d2a3f82c1047a48f1819b6518a7546d51880b75a71017c074b8911d439c5dcc5c150b0553275826241f36ff500bd0f0f78d4ac"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x2b4}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xc3}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 895.652619ms ago: executing program 7 (id=1409): r0 = socket(0x10, 0x3, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000180), &(0x7f00000001c0)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x1a, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) r3 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r3, &(0x7f0000000a00)=[{{&(0x7f00000004c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000f40)="a905000000007464000100000000000000e5c01104b61aa67bf2154694dfa033fe5312e4", 0x24}], 0x1}}], 0x1, 0xc044) 813.016695ms ago: executing program 2 (id=1410): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x38, r1, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x4}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}}, 0x0) 761.15705ms ago: executing program 2 (id=1411): r0 = socket(0x15, 0x805, 0x7fffffff) syz_genetlink_get_family_id$ethtool(0x0, r0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000020000000000000000000850000003600000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197}, 0x94) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, r3, 0x25, 0x0, @void}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740)) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB], 0x2a8}, 0x1, 0x0, 0x0, 0x20040010}, 0x20008080) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x401, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'syz_tun\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x58840}, 0x0) accept4$vsock_stream(r0, 0x0, 0x0, 0x81000) 728.931732ms ago: executing program 6 (id=1412): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c0001"], 0xd4}}, 0x4000010) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5], 0x3c}}, 0x0) 680.941316ms ago: executing program 7 (id=1413): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac141411e00000010000000018000000000000000000000007000000440682"], 0x38}, 0x20002880) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) 613.576971ms ago: executing program 7 (id=1414): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x61d0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_DEL(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x1) 484.270901ms ago: executing program 2 (id=1415): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 426.924226ms ago: executing program 6 (id=1416): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) 362.854461ms ago: executing program 2 (id=1417): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001440), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000001480)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000014c0)={0x48, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x2c, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000000}, 0x44) 314.226935ms ago: executing program 6 (id=1418): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x10681}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbfc, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_CACHEINFO={0x14, 0x6, {0x1, 0x9, 0x1, 0x4}}]}, 0x40}}, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) 232.977782ms ago: executing program 2 (id=1419): r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081) 151.081218ms ago: executing program 2 (id=1420): socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x80, &(0x7f0000000000)=ANY=[], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xff, 0x0, 0xff, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x80}}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 121.10563ms ago: executing program 6 (id=1421): r0 = socket$kcm(0x2, 0x3, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac141411e00000010000000018000000000000000000000007000000"], 0x38}, 0x20002880) 70.286444ms ago: executing program 3 (id=1422): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x3000000, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xffffffffffffffb4, &(0x7f00000001c0)={&(0x7f0000000040)=@delnexthop={0x18, 0x69, 0x400, 0x70bd2a, 0x25dfdbfc}, 0x18}}, 0x8010) 0s ago: executing program 7 (id=1423): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x713, 0x40000, 0x0, {{@in=@remote, @in=@initdev={0xac, 0x1e, 0x1, 0x0}}, {@in6=@mcast1, 0x0, 0x32}, @in=@local, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0xa, 0x2, 0xb}}, 0xf0}}, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000005c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fbdbdf251500000008000300", @ANYRES32=r2, @ANYBLOB="050029"], 0x48}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000) kernel console output (not intermixed with test programs): batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.674221][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.736346][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.743335][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.769860][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.804853][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.814315][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.840494][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.877533][ T5790] Bluetooth: hci3: command tx timeout [ 69.902218][ T5788] hsr_slave_0: entered promiscuous mode [ 69.909032][ T5788] hsr_slave_1: entered promiscuous mode [ 69.915171][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.923380][ T5788] Cannot create hsr debugfs directory [ 69.942559][ T5783] hsr_slave_0: entered promiscuous mode [ 69.949506][ T5783] hsr_slave_1: entered promiscuous mode [ 69.955562][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.963434][ T5783] Cannot create hsr debugfs directory [ 69.974231][ T5790] Bluetooth: hci1: command tx timeout [ 70.036987][ T5790] Bluetooth: hci0: command tx timeout [ 70.042772][ T5790] Bluetooth: hci2: command tx timeout [ 70.081345][ T5789] hsr_slave_0: entered promiscuous mode [ 70.089291][ T5789] hsr_slave_1: entered promiscuous mode [ 70.095327][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.103139][ T5789] Cannot create hsr debugfs directory [ 70.265082][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.305121][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.317639][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.358355][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.468212][ T5783] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.493619][ T5783] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.505135][ T5783] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.534558][ T5783] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.609594][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.621804][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.652180][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.663055][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.679953][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.719963][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.745394][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.759314][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.766631][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.787950][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.798854][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.813486][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.820672][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.843488][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.980027][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.035406][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.069874][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.080628][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.087846][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.119484][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.126701][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.192670][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.208819][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.243556][ T3438] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.250695][ T3438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.264385][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.277959][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.285102][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.304184][ T5783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.330651][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.337823][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.374364][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.400591][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.407810][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.554849][ T5784] veth0_vlan: entered promiscuous mode [ 71.574085][ T5784] veth1_vlan: entered promiscuous mode [ 71.650388][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.658201][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.695087][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.755409][ T5784] veth0_macvtap: entered promiscuous mode [ 71.769259][ T5784] veth1_macvtap: entered promiscuous mode [ 71.824118][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.856495][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.882310][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.911175][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.927480][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.937554][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.966948][ T5790] Bluetooth: hci3: command tx timeout [ 71.984857][ T5783] veth0_vlan: entered promiscuous mode [ 72.004118][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.032149][ T5783] veth1_vlan: entered promiscuous mode [ 72.038719][ T5790] Bluetooth: hci1: command tx timeout [ 72.064213][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.117341][ T5790] Bluetooth: hci2: command tx timeout [ 72.122778][ T5790] Bluetooth: hci0: command tx timeout [ 72.196067][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.207578][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.220842][ T5789] veth0_vlan: entered promiscuous mode [ 72.238191][ T5783] veth0_macvtap: entered promiscuous mode [ 72.276081][ T5783] veth1_macvtap: entered promiscuous mode [ 72.284034][ T5788] veth0_vlan: entered promiscuous mode [ 72.293861][ T5789] veth1_vlan: entered promiscuous mode [ 72.309929][ T3496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.312795][ T5788] veth1_vlan: entered promiscuous mode [ 72.324467][ T3496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.341335][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.352976][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.366180][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.391078][ T5789] veth0_macvtap: entered promiscuous mode [ 72.410375][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.430097][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.444686][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.461490][ T5789] veth1_macvtap: entered promiscuous mode [ 72.496066][ T5783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.508297][ T5783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.522844][ T5783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.532723][ T5783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.570735][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.583799][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.594636][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.608642][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.623496][ T5878] syz.0.1[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.625551][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.647896][ T5878] loop0: detected capacity change from 0 to 512 [ 72.655177][ T5788] veth0_macvtap: entered promiscuous mode [ 72.674764][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.702327][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.736159][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.762711][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.781196][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.793507][ T5788] veth1_macvtap: entered promiscuous mode [ 72.869289][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.879245][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.888953][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.897942][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.913950][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.925028][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.936530][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.947387][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.957620][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.968942][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.982171][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.039660][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.054888][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.069806][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.082579][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.084343][ T5884] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.092825][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.120485][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.132155][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.155024][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.167965][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.177425][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.186136][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.275436][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.294110][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.360882][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.394063][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.404347][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.436468][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.531862][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.557268][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.653873][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.674555][ T5889] loop2: detected capacity change from 0 to 512 [ 73.686367][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.745527][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.766404][ T5889] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 73.780192][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.856938][ T5889] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 73.930378][ T5889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.044107][ T5790] Bluetooth: hci3: command tx timeout [ 74.117258][ T5790] Bluetooth: hci1: command tx timeout [ 74.125178][ T5898] loop3: detected capacity change from 0 to 1024 [ 74.134166][ T5898] ======================================================= [ 74.134166][ T5898] WARNING: The mand mount option has been deprecated and [ 74.134166][ T5898] and is ignored by this kernel. Remove the mand [ 74.134166][ T5898] option from the mount to silence this warning. [ 74.134166][ T5898] ======================================================= [ 74.141647][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.197527][ T5790] Bluetooth: hci2: command tx timeout [ 74.207670][ T5787] Bluetooth: hci0: command tx timeout [ 74.299242][ T5898] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.326755][ T5898] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.594169][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.712717][ T5911] loop0: detected capacity change from 0 to 512 [ 74.739393][ T5911] EXT4-fs: Ignoring removed oldalloc option [ 74.794829][ T5911] EXT4-fs (loop0): 1 truncate cleaned up [ 74.808127][ T5911] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.873120][ T5911] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.0.11: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 74.972988][ T5911] EXT4-fs (loop0): Remounting filesystem read-only [ 75.162237][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.390520][ T5935] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5) [ 75.469599][ T5939] 9pnet: Unknown protocol version 9 [ 75.771131][ T5948] loop0: detected capacity change from 0 to 736 [ 75.856543][ T5785] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 76.095438][ T5966] loop1: detected capacity change from 0 to 128 [ 76.117460][ T5790] Bluetooth: hci3: command tx timeout [ 76.196484][ T5790] Bluetooth: hci1: command tx timeout [ 76.281291][ T5790] Bluetooth: hci2: command tx timeout [ 76.281426][ T5787] Bluetooth: hci0: command tx timeout [ 76.312573][ T5971] loop0: detected capacity change from 0 to 512 [ 76.521604][ T5976] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 76.977198][ T5996] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.155799][ T6000] loop2: detected capacity change from 0 to 512 [ 77.221796][ T6005] loop1: detected capacity change from 0 to 512 [ 77.248244][ T6000] EXT4-fs: Ignoring removed orlov option [ 77.259720][ T6005] EXT4-fs: Ignoring removed oldalloc option [ 77.293324][ T6000] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 77.342007][ T6005] EXT4-fs (loop1): 1 truncate cleaned up [ 77.355037][ T6000] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.48: corrupted in-inode xattr: e_value size too large [ 77.370622][ T6005] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.400820][ T6005] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.50: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 77.434348][ T6005] EXT4-fs (loop1): Remounting filesystem read-only [ 77.463281][ T6000] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.48: couldn't read orphan inode 15 (err -117) [ 77.482561][ T6000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.578863][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.653876][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.102876][ T6025] loop2: detected capacity change from 0 to 512 [ 78.149054][ T6025] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 78.164354][ T6019] loop0: detected capacity change from 0 to 2364 [ 78.187568][ T6025] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8001e119, mo2=0000] [ 78.220042][ T6025] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6). [ 78.240461][ T6025] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 78.269183][ T6025] EXT4-fs (loop2): mount failed [ 78.296387][ T5800] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 78.816706][ T5828] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 78.913852][ T6053] loop2: detected capacity change from 0 to 512 [ 78.926936][ T6050] loop0: detected capacity change from 0 to 1024 [ 78.970641][ T6053] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 79.009301][ T6050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.036547][ T5828] usb 2-1: Using ep0 maxpacket: 8 [ 79.056000][ T6053] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 79.056554][ T6050] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.071276][ T6053] EXT4-fs (loop2): 1 truncate cleaned up [ 79.088781][ T6053] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.102513][ T5828] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 79.113215][ T5828] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 79.122483][ T5828] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 79.136195][ T5828] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 79.145343][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.174400][ T6050] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 1: comm syz.0.66: lblock 1 mapped to illegal pblock 1 (length 3) [ 79.199702][ T5828] hub 2-1:1.0: bad descriptor, ignoring hub [ 79.226656][ T5828] hub: probe of 2-1:1.0 failed with error -5 [ 79.248297][ T5828] cdc_wdm 2-1:1.0: skipping garbage [ 79.253561][ T5828] cdc_wdm 2-1:1.0: skipping garbage [ 79.254803][ T6050] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 79.264804][ T5828] cdc_wdm 2-1:1.0: skipping garbage [ 79.277665][ T5828] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 79.303574][ T6050] EXT4-fs (loop0): This should not happen!! Data will be lost [ 79.303574][ T6050] [ 79.315297][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.433586][ T6050] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 4: comm syz.0.66: lblock 4 mapped to illegal pblock 4 (length 8) [ 79.454119][ T6050] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 8 with error 117 [ 79.473189][ T6050] EXT4-fs (loop0): This should not happen!! Data will be lost [ 79.473189][ T6050] [ 79.537185][ T5828] usb 2-1: USB disconnect, device number 2 [ 79.555107][ T6067] loop3: detected capacity change from 0 to 1764 [ 79.564788][ T3496] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 79.587436][ T3496] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28 [ 79.656450][ T3496] EXT4-fs (loop0): This should not happen!! Data will be lost [ 79.656450][ T3496] [ 79.681861][ T3496] EXT4-fs (loop0): Total free blocks count 0 [ 79.696716][ T3496] EXT4-fs (loop0): Free/Dirty block details [ 79.702691][ T3496] EXT4-fs (loop0): free_blocks=4293918720 [ 79.877202][ T6075] loop3: detected capacity change from 0 to 512 [ 79.932475][ T6075] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803e028, mo2=0002] [ 79.941192][ T5876] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 79.986729][ T6075] System zones: 1-12 [ 80.001218][ T6075] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 33261: comm syz.3.76: invalid block [ 80.022117][ T6075] EXT4-fs (loop3): Remounting filesystem read-only [ 80.029492][ T6075] EXT4-fs (loop3): 1 truncate cleaned up [ 80.048772][ T6075] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.168136][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 80.216432][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 80.225475][ T5876] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 80.243218][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.257309][ T5876] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 80.276419][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.315498][ T5876] hub 2-1:1.0: bad descriptor, ignoring hub [ 80.325193][ T5876] hub: probe of 2-1:1.0 failed with error -5 [ 80.333314][ T5876] cdc_wdm 2-1:1.0: skipping garbage [ 80.338806][ T5876] cdc_wdm 2-1:1.0: skipping garbage [ 80.344044][ T5876] cdc_wdm 2-1:1.0: skipping garbage [ 80.349979][ T5876] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 80.372386][ T6071] loop2: detected capacity change from 0 to 128 [ 80.379342][ T6084] loop0: detected capacity change from 0 to 512 [ 80.398540][ T6071] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4634: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 80.441856][ T6071] EXT4-fs (loop2): Encoding requested by superblock is unknown [ 80.484259][ T6084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.523253][ T6084] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.554951][ T6091] netlink: 88 bytes leftover after parsing attributes in process `syz.3.80'. [ 80.576898][ T6084] EXT4-fs error (device loop0): ext4_lookup:1858: inode #12: comm syz.0.79: iget: bad i_size value: 2533274857506816 [ 80.610093][ T6084] EXT4-fs error (device loop0): ext4_lookup:1858: inode #12: comm syz.0.79: iget: bad i_size value: 2533274857506816 [ 80.636710][ T5876] usb 2-1: USB disconnect, device number 3 [ 80.721621][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.955689][ T6102] netlink: 256 bytes leftover after parsing attributes in process `syz.3.84'. [ 81.478865][ T6120] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 81.566426][ T6122] loop0: detected capacity change from 0 to 2048 [ 81.650996][ T6122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.665584][ T6122] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.698479][ T28] audit: type=1804 audit(1755249441.335:2): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.94" name="/newroot/21/file0/file1" dev="loop0" ino=15 res=1 errno=0 [ 81.775790][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.836790][ T5882] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 81.880460][ T3060] cfg80211: failed to load regulatory.db [ 81.882942][ T6134] loop0: detected capacity change from 0 to 1024 [ 81.905451][ T6134] EXT4-fs: inline encryption not supported [ 81.914132][ T6134] EXT4-fs: Ignoring removed i_version option [ 81.927338][ T6134] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.968608][ T6136] kvm: emulating exchange as write [ 81.981339][ T6134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.036443][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 82.064339][ T5882] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.084614][ T5882] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 82.094445][ T5882] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 82.134299][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.148270][ T5882] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 82.163713][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.183123][ T6142] loop1: detected capacity change from 0 to 1024 [ 82.193840][ T6142] EXT4-fs: Ignoring removed nomblk_io_submit option [ 82.224403][ T5882] hub 3-1:1.0: bad descriptor, ignoring hub [ 82.235939][ T5882] hub: probe of 3-1:1.0 failed with error -5 [ 82.252087][ T5882] cdc_wdm 3-1:1.0: skipping garbage [ 82.260270][ T5882] cdc_wdm 3-1:1.0: skipping garbage [ 82.261709][ T6142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.265578][ T5882] cdc_wdm 3-1:1.0: skipping garbage [ 82.296636][ T5882] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 82.563949][ T5789] EXT4-fs error (device loop1): ext4_lookup:1858: inode #14: comm syz-executor: iget: bad extra_isize 17960 (inode size 256) [ 82.565516][ T6153] loop3: detected capacity change from 0 to 136 [ 82.586036][ T6154] loop0: detected capacity change from 0 to 764 [ 82.593055][ T5828] usb 3-1: USB disconnect, device number 2 [ 82.605915][ T5789] EXT4-fs error (device loop1): ext4_lookup:1858: inode #14: comm syz-executor: iget: bad extra_isize 17960 (inode size 256) [ 82.630711][ T6154] rock: directory entry would overflow storage [ 82.643125][ T6154] rock: sig=0x4654, size=5, remaining=4 [ 82.882429][ T6156] netlink: 88 bytes leftover after parsing attributes in process `syz.0.107'. [ 82.936778][ T5828] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 82.982614][ T6158] loop0: detected capacity change from 0 to 128 [ 82.986702][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.033362][ T6158] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 83.052510][ T6158] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 83.071774][ T5789] syz-executor (5789) used greatest stack depth: 20680 bytes left [ 83.141185][ T3438] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.191422][ T5828] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 83.214445][ T5828] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 83.230169][ T5784] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 83.239692][ T5828] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 83.254461][ T5828] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 83.266284][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.331865][ T5828] hub 3-1:1.0: bad descriptor, ignoring hub [ 83.346353][ T5828] hub: probe of 3-1:1.0 failed with error -5 [ 83.358362][ T3438] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.381366][ T5828] cdc_wdm 3-1:1.0: skipping garbage [ 83.399623][ T5828] cdc_wdm 3-1:1.0: skipping garbage [ 83.404882][ T5828] cdc_wdm 3-1:1.0: skipping garbage [ 83.460575][ T5828] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 83.517879][ T3438] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.537478][ T5828] usb 3-1: USB disconnect, device number 3 [ 83.690156][ T3438] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.849685][ T6170] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 83.997006][ T6174] netlink: 'syz.3.116': attribute type 1 has an invalid length. [ 84.091499][ T6174] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 84.163739][ T6174] 8021q: adding VLAN 0 to HW filter on device bond1 [ 84.210753][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.220461][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.228537][ T5790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.237642][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.245446][ T5790] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.256753][ T5790] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.062378][ T6215] loop2: detected capacity change from 0 to 512 [ 85.226522][ T3060] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 85.404930][ T6182] chnl_net:caif_netlink_parms(): no params data found [ 85.447641][ T3060] usb 4-1: Using ep0 maxpacket: 8 [ 85.457339][ T6220] loop2: detected capacity change from 0 to 16 [ 85.466114][ T3060] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.484940][ T3060] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 85.506960][ T3060] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 85.525702][ T6220] erofs: (device loop2): mounted with root inode @ nid 36. [ 85.567428][ T3060] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 85.588315][ T6220] erofs: (device loop2): erofs_read_inode: unsupported i_format 1796 of nid 86 [ 85.606324][ T3060] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.635747][ T3060] hub 4-1:1.0: bad descriptor, ignoring hub [ 85.680702][ T3060] hub: probe of 4-1:1.0 failed with error -5 [ 85.693372][ T3060] cdc_wdm 4-1:1.0: skipping garbage [ 85.699425][ T3060] cdc_wdm 4-1:1.0: skipping garbage [ 85.704718][ T3060] cdc_wdm 4-1:1.0: skipping garbage [ 85.710821][ T3060] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 85.967139][ T5876] usb 4-1: USB disconnect, device number 2 [ 86.154849][ T6182] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.174325][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.203340][ T6182] bridge_slave_0: entered allmulticast mode [ 86.221973][ T6182] bridge_slave_0: entered promiscuous mode [ 86.248609][ T6182] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.266014][ T6182] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.286786][ T6182] bridge_slave_1: entered allmulticast mode [ 86.294738][ T6182] bridge_slave_1: entered promiscuous mode [ 86.346462][ T5876] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 86.361451][ T5787] Bluetooth: hci2: command tx timeout [ 86.553038][ T6198] loop0: detected capacity change from 0 to 512 [ 86.571061][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.585121][ T6182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.616325][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 86.641390][ T5876] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 86.669972][ T6198] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 86.672895][ T5876] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 86.715220][ T6182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.729720][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.754496][ T6198] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.768497][ T3438] hsr_slave_0: left promiscuous mode [ 86.775765][ T3438] hsr_slave_1: left promiscuous mode [ 86.785949][ T5876] hub 4-1:1.0: bad descriptor, ignoring hub [ 86.793416][ T3438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.796964][ T5876] hub: probe of 4-1:1.0 failed with error -5 [ 86.816577][ T3438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.825595][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 86.872571][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 86.887999][ T3438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.905070][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 86.912713][ T3438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.925137][ T5876] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 86.942050][ T3438] bridge_slave_1: left allmulticast mode [ 86.969696][ T3438] bridge_slave_1: left promiscuous mode [ 86.977012][ T3438] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.011253][ T5876] usb 4-1: USB disconnect, device number 3 [ 87.034589][ T3438] bridge_slave_0: left allmulticast mode [ 87.045317][ T3438] bridge_slave_0: left promiscuous mode [ 87.052766][ T3438] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.120084][ T3438] veth1_macvtap: left promiscuous mode [ 87.129026][ T3438] veth0_macvtap: left promiscuous mode [ 87.134708][ T3438] veth1_vlan: left promiscuous mode [ 87.144702][ T3438] veth0_vlan: left promiscuous mode [ 87.823785][ T6251] loop3: detected capacity change from 0 to 764 [ 87.851605][ T6251] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 87.895170][ T6251] Symlink component flag not implemented [ 87.902119][ T6251] Symlink component flag not implemented (7) [ 87.931888][ T6251] Symlink component flag not implemented (7) [ 88.252144][ T3438] team0 (unregistering): Port device team_slave_1 removed [ 88.253032][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.314442][ T3438] team0 (unregistering): Port device team_slave_0 removed [ 88.447426][ T5787] Bluetooth: hci2: command tx timeout [ 88.459154][ T3438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 88.552637][ T3438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 88.955778][ T5876] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 89.005597][ T6268] loop0: detected capacity change from 0 to 512 [ 89.043034][ T6268] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.169080][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 89.176296][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.186801][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 89.190391][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.195724][ T5876] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x76, skipping [ 89.215477][ T5876] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 89.225733][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.249093][ T5876] hub 4-1:1.0: bad descriptor, ignoring hub [ 89.255062][ T5876] hub: probe of 4-1:1.0 failed with error -5 [ 89.264169][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 89.269757][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 89.275020][ T5876] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 89.358544][ T6272] loop0: detected capacity change from 0 to 512 [ 89.394411][ T3438] bond0 (unregistering): Released all slaves [ 89.580368][ T3060] usb 4-1: USB disconnect, device number 4 [ 89.603938][ T6182] team0: Port device team_slave_0 added [ 89.617811][ T6182] team0: Port device team_slave_1 added [ 89.619682][ T6274] loop2: detected capacity change from 0 to 1024 [ 89.645594][ T6274] EXT4-fs: inline encryption not supported [ 89.658540][ T6274] EXT4-fs: Ignoring removed i_version option [ 89.674937][ T6274] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.714982][ T6182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.731260][ T6182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.749962][ T6274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.758058][ T6182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.823218][ T6182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.841289][ T6182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.869478][ T6182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.936340][ T3060] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 89.981186][ T6182] hsr_slave_0: entered promiscuous mode [ 89.989174][ T6182] hsr_slave_1: entered promiscuous mode [ 89.995577][ T6182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.007086][ T6182] Cannot create hsr debugfs directory [ 90.118617][ T3060] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.132723][ T3060] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.150313][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.159766][ T3060] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x76, skipping [ 90.196368][ T3060] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 90.213638][ T3060] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.256810][ T6265] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 90.266143][ T3060] hub 4-1:1.0: bad descriptor, ignoring hub [ 90.293023][ T3060] hub: probe of 4-1:1.0 failed with error -5 [ 90.336401][ T3060] cdc_wdm 4-1:1.0: skipping garbage [ 90.341676][ T3060] cdc_wdm 4-1:1.0: skipping garbage [ 90.388799][ T3060] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 90.500359][ T6182] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.516644][ T5787] Bluetooth: hci2: command tx timeout [ 90.531127][ T6182] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.560433][ T6182] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.574343][ T6182] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.638292][ T3060] usb 4-1: USB disconnect, device number 5 [ 90.783806][ T6182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.823394][ T6182] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.857842][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.865013][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.885869][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.893225][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.025549][ T6309] netlink: 72 bytes leftover after parsing attributes in process `syz.2.146'. [ 91.039329][ T6309] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.048262][ T6309] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.312546][ T6315] loop2: detected capacity change from 0 to 1024 [ 91.421656][ T6315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.518821][ T6315] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.674912][ T6182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.690150][ T58] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 3) [ 91.726731][ T58] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 91.754289][ T58] EXT4-fs (loop2): This should not happen!! Data will be lost [ 91.754289][ T58] [ 91.792808][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.366543][ T3060] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 92.420342][ T6361] loop0: detected capacity change from 0 to 512 [ 92.466083][ T6361] EXT4-fs: Ignoring removed oldalloc option [ 92.473731][ T6182] veth0_vlan: entered promiscuous mode [ 92.518621][ T6182] veth1_vlan: entered promiscuous mode [ 92.565771][ T6361] EXT4-fs (loop0): 1 truncate cleaned up [ 92.586907][ T6361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.588691][ T3060] usb 3-1: Using ep0 maxpacket: 8 [ 92.600732][ T5787] Bluetooth: hci2: command tx timeout [ 92.621620][ T6182] veth0_macvtap: entered promiscuous mode [ 92.648981][ T6182] veth1_macvtap: entered promiscuous mode [ 92.680562][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.680601][ T3060] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.707501][ T6361] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.0.157: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 92.737155][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.740567][ T6361] EXT4-fs (loop0): Remounting filesystem read-only [ 92.757836][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.776364][ T3060] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 92.785541][ T3060] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x76, skipping [ 92.789328][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.796528][ T3060] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 92.816378][ T3060] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.849676][ T3060] hub 3-1:1.0: bad descriptor, ignoring hub [ 92.855648][ T3060] hub: probe of 3-1:1.0 failed with error -5 [ 92.856276][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.886985][ T3060] cdc_wdm 3-1:1.0: skipping garbage [ 92.892253][ T3060] cdc_wdm 3-1:1.0: skipping garbage [ 92.906424][ T3060] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 92.910382][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.950256][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.965041][ T6182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.013433][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.056348][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.083380][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.116349][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.146677][ T6182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.160304][ T6377] loop0: detected capacity change from 0 to 1024 [ 93.176263][ T6182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.197440][ T5775] usb 3-1: USB disconnect, device number 4 [ 93.202318][ T6182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.259291][ T6182] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.270297][ T6377] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.288524][ T6182] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.298679][ T6182] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.306441][ T6377] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.311120][ T6182] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.466318][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.496343][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.527155][ T3438] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 3) [ 93.555241][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.557968][ T5775] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 93.573817][ T3438] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 93.588184][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.625221][ T3438] EXT4-fs (loop0): This should not happen!! Data will be lost [ 93.625221][ T3438] [ 93.667065][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.798185][ T5775] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 93.818737][ T5775] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 93.852921][ T5775] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x76, skipping [ 93.890972][ T5775] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 93.917511][ T6393] loop3: detected capacity change from 0 to 2048 [ 93.925458][ T5775] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.971799][ T6351] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 93.999130][ T6393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.023483][ T5775] hub 3-1:1.0: bad descriptor, ignoring hub [ 94.044197][ T5775] hub: probe of 3-1:1.0 failed with error -5 [ 94.046421][ T6393] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.056972][ T5775] cdc_wdm 3-1:1.0: skipping garbage [ 94.065805][ T5775] cdc_wdm 3-1:1.0: skipping garbage [ 94.090707][ T6399] loop0: detected capacity change from 0 to 512 [ 94.104026][ T5775] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 94.160419][ T6393] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.161: bg 0: block 345: padding at end of block bitmap is not set [ 94.183590][ T6399] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 94.208668][ T6399] EXT4-fs (loop0): 1 truncate cleaned up [ 94.231200][ T6404] loop4: detected capacity change from 0 to 512 [ 94.246835][ T6399] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.324910][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.337427][ T5775] usb 3-1: USB disconnect, device number 5 [ 94.380903][ T6399] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.162: corrupted in-inode xattr: overlapping e_value [ 94.454009][ T6407] EXT4-fs error (device loop0): ext4_lookup:1858: inode #12: comm syz.0.162: iget: checksum invalid [ 94.491081][ T6407] EXT4-fs (loop0): Remounting filesystem read-only [ 94.506645][ T6399] EXT4-fs (loop0): Remounting filesystem read-only [ 94.513221][ T6399] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1781: inode #15: comm syz.0.162: unable to update i_inline_off [ 94.562240][ T6412] loop3: detected capacity change from 0 to 128 [ 94.635506][ T6412] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 94.636000][ T6415] netlink: 16 bytes leftover after parsing attributes in process `syz.4.165'. [ 94.687529][ T6412] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 94.729117][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.906652][ T6412] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.013741][ T6422] loop2: detected capacity change from 0 to 1024 [ 95.055358][ T6422] EXT4-fs: Ignoring removed bh option [ 95.066414][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.146465][ T6422] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.255616][ T6422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.867015][ T6422] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4036: comm syz.2.167: Allocating blocks 497-513 which overlap fs metadata [ 96.047453][ T6421] EXT4-fs (loop2): pa ffff8880771b0ae0: logic 16, phys. 257, len 16 [ 96.055894][ T6421] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 1 [ 96.341568][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.558875][ T6477] loop2: detected capacity change from 0 to 512 [ 96.572359][ T6473] loop0: detected capacity change from 0 to 1024 [ 96.577053][ T6477] ext4: Unknown parameter 'nouser_xattr' [ 96.600018][ T6473] EXT4-fs: Ignoring removed orlov option [ 96.605723][ T6473] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.689321][ T6473] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 96.752288][ T6473] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.825339][ T6486] loop4: detected capacity change from 0 to 136 [ 97.113928][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.505436][ T6497] block device autoloading is deprecated and will be removed. [ 98.021376][ T6513] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3354154791 (6708309582 ns) > initial count (4455734788 ns). Using initial count to start timer. [ 98.364180][ T6526] syz.2.191 uses obsolete (PF_INET,SOCK_PACKET) [ 98.762739][ T6544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.196'. [ 99.159295][ T6561] loop0: detected capacity change from 0 to 512 [ 99.232544][ T6561] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 99.257005][ T6561] EXT4-fs (loop0): 1 truncate cleaned up [ 99.579314][ T6561] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.919137][ T6561] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.202: corrupted in-inode xattr: overlapping e_value [ 100.048455][ T6561] EXT4-fs (loop0): Remounting filesystem read-only [ 100.096823][ T6561] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1781: inode #15: comm syz.0.202: unable to update i_inline_off [ 100.152524][ T6578] loop2: detected capacity change from 0 to 512 [ 100.188036][ T6578] EXT4-fs: Ignoring removed nobh option [ 100.219553][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.261550][ T6578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.310193][ T6578] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.204: iget: bad i_size value: 15393162788874 [ 100.332593][ T6578] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.204: iget: bad i_size value: 15393162788874 [ 100.435831][ T6578] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.204: iget: bad i_size value: 15393162788874 [ 100.574091][ T6592] loop3: detected capacity change from 0 to 512 [ 100.597657][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.692541][ T6594] loop4: detected capacity change from 0 to 512 [ 100.735891][ T6594] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.793906][ T6598] loop2: detected capacity change from 0 to 256 [ 100.800921][ T6594] EXT4-fs (loop4): 1 truncate cleaned up [ 100.835679][ T6594] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.181733][ T6182] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 101.263507][ T6613] loop2: detected capacity change from 0 to 512 [ 101.281769][ T6613] EXT4-fs: Ignoring removed oldalloc option [ 101.382151][ T6613] EXT4-fs (loop2): 1 truncate cleaned up [ 101.395010][ T6613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.454685][ T6616] loop3: detected capacity change from 0 to 1024 [ 101.463836][ T6616] EXT4-fs: inline encryption not supported [ 101.469777][ T6616] EXT4-fs: Ignoring removed i_version option [ 101.477837][ T6613] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.2.218: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 101.512656][ T6616] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.516976][ T6613] EXT4-fs (loop2): Remounting filesystem read-only [ 101.549343][ T6182] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.601491][ T6616] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.645200][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.695374][ T3505] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.929030][ T3505] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.958005][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.099319][ T3505] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.220030][ T3505] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.823116][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.833114][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.844735][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.855578][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.866532][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 102.874012][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.931987][ T6648] overlay: filesystem on . not supported [ 103.011076][ T5784] syz-executor (5784) used greatest stack depth: 20584 bytes left [ 103.219063][ T6657] loop3: detected capacity change from 0 to 136 [ 103.921125][ T6643] chnl_net:caif_netlink_parms(): no params data found [ 103.943592][ T6670] loop2: detected capacity change from 0 to 512 [ 104.003860][ T6670] EXT4-fs (loop2): 1 truncate cleaned up [ 104.059246][ T6670] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.130783][ T6676] loop3: detected capacity change from 0 to 512 [ 104.146884][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.157823][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.167138][ T5790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.178240][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.186010][ T6676] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 104.194925][ T5790] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 104.205150][ T5790] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.257172][ T6676] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 104.268709][ T6676] System zones: 0-1, 15-15, 18-18, 34-34 [ 104.286548][ T6676] EXT4-fs (loop3): orphan cleanup on readonly fs [ 104.293032][ T6676] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 104.336532][ T6676] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 104.354942][ T6676] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 104.377885][ T6676] EXT4-fs (loop3): 1 truncate cleaned up [ 104.422370][ T6676] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.463299][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.674643][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.687228][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.705459][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.713965][ T6643] bridge_slave_0: entered allmulticast mode [ 104.722560][ T6643] bridge_slave_0: entered promiscuous mode [ 104.764075][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.778705][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.794915][ T6643] bridge_slave_1: entered allmulticast mode [ 104.818789][ T6643] bridge_slave_1: entered promiscuous mode [ 104.832105][ T6698] loop3: detected capacity change from 0 to 512 [ 104.870058][ T6698] EXT4-fs: Ignoring removed oldalloc option [ 104.914600][ T6698] EXT4-fs (loop3): 1 truncate cleaned up [ 104.922901][ T5787] Bluetooth: hci1: command tx timeout [ 104.955020][ T6698] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.982486][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.995590][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.010873][ T6698] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.3.241: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 105.035608][ T6698] EXT4-fs (loop3): Remounting filesystem read-only [ 105.087082][ T3505] hsr_slave_0: left promiscuous mode [ 105.117669][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.132955][ T3505] hsr_slave_1: left promiscuous mode [ 105.147259][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.158702][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.167392][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.180432][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.202817][ T3505] bridge_slave_1: left allmulticast mode [ 105.224627][ T3505] bridge_slave_1: left promiscuous mode [ 105.245138][ T3505] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.277745][ T3505] bridge_slave_0: left allmulticast mode [ 105.288361][ T3505] bridge_slave_0: left promiscuous mode [ 105.304615][ T3505] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.367842][ T3505] veth1_macvtap: left promiscuous mode [ 105.373584][ T3505] veth0_macvtap: left promiscuous mode [ 105.386094][ T3505] veth1_vlan: left promiscuous mode [ 105.398273][ T3505] veth0_vlan: left promiscuous mode [ 106.221280][ T3505] team0 (unregistering): Port device team_slave_1 removed [ 106.261482][ T3505] team0 (unregistering): Port device team_slave_0 removed [ 106.279195][ T5787] Bluetooth: hci2: command tx timeout [ 106.309521][ T3505] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.350418][ T3505] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.746718][ T3505] bond0 (unregistering): Released all slaves [ 106.996384][ T5787] Bluetooth: hci1: command tx timeout [ 107.039830][ T6643] team0: Port device team_slave_0 added [ 107.052346][ T6643] team0: Port device team_slave_1 added [ 107.217415][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.227248][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.254716][ T6643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.267945][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.274920][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.301413][ T6643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.608808][ T6643] hsr_slave_0: entered promiscuous mode [ 107.615682][ T6643] hsr_slave_1: entered promiscuous mode [ 107.645289][ T6643] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.679410][ T6643] Cannot create hsr debugfs directory [ 107.894609][ T6771] loop2: detected capacity change from 0 to 1024 [ 107.937398][ T6771] EXT4-fs: inline encryption not supported [ 107.944233][ T6771] EXT4-fs: Ignoring removed i_version option [ 107.986109][ T6771] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 108.008951][ T6774] loop3: detected capacity change from 0 to 256 [ 108.031628][ T6673] chnl_net:caif_netlink_parms(): no params data found [ 108.082688][ T6771] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.201447][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.310394][ T3505] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.359058][ T5787] Bluetooth: hci2: command tx timeout [ 108.441649][ T6786] loop3: detected capacity change from 0 to 512 [ 108.451130][ T6786] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 108.470696][ T6786] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.541042][ T12] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 108.542932][ T3505] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.566773][ T6673] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.584925][ T6673] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.592356][ T6673] bridge_slave_0: entered allmulticast mode [ 108.600092][ T6673] bridge_slave_0: entered promiscuous mode [ 108.657837][ T3505] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.671332][ T6673] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.679371][ T6673] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.686777][ T6673] bridge_slave_1: entered allmulticast mode [ 108.693509][ T6673] bridge_slave_1: entered promiscuous mode [ 108.739210][ T6673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.810973][ T3505] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.833063][ T6673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.970410][ T6673] team0: Port device team_slave_0 added [ 109.031700][ T6790] loop2: detected capacity change from 0 to 512 [ 109.053919][ T6673] team0: Port device team_slave_1 added [ 109.086679][ T5787] Bluetooth: hci1: command tx timeout [ 109.092581][ T6790] EXT4-fs error (device loop2): ext4_get_branch:178: inode #13: block 2: comm syz.2.260: invalid block [ 109.136542][ T6790] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.260: invalid indirect mapped block 10 (level 1) [ 109.161820][ T6643] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 109.246062][ T6790] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.260: invalid indirect mapped block 8 (level 1) [ 109.317998][ T6790] EXT4-fs (loop2): 1 truncate cleaned up [ 109.337580][ T6643] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 109.360985][ T6790] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.364029][ T6643] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 109.398088][ T6673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.407909][ T6673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.502697][ T6673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.623538][ T6643] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 109.639593][ T6673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.649289][ T6673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.682088][ T6673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.894085][ T6673] hsr_slave_0: entered promiscuous mode [ 109.925003][ T6673] hsr_slave_1: entered promiscuous mode [ 109.957156][ T6673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.958374][ T6813] loop3: detected capacity change from 0 to 1024 [ 109.964739][ T6673] Cannot create hsr debugfs directory [ 109.979897][ T6813] EXT4-fs: inline encryption not supported [ 109.985750][ T6813] EXT4-fs: Ignoring removed i_version option [ 110.020807][ T6813] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 110.120336][ T6813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.314809][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.436969][ T5787] Bluetooth: hci2: command tx timeout [ 110.967647][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.070963][ T6643] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.098517][ T6673] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 111.126096][ T6673] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 111.156355][ T5787] Bluetooth: hci1: command tx timeout [ 111.163567][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.170772][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.227929][ T6673] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 111.264693][ T3505] hsr_slave_0: left promiscuous mode [ 111.274533][ T3505] hsr_slave_1: left promiscuous mode [ 111.288017][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.296070][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.351074][ T3505] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.382864][ T3505] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.448420][ T3505] bridge_slave_1: left allmulticast mode [ 111.580050][ T3505] bridge_slave_1: left promiscuous mode [ 111.675994][ T3505] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.857152][ T3505] bridge_slave_0: left allmulticast mode [ 111.885917][ T3505] bridge_slave_0: left promiscuous mode [ 111.915805][ T3505] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.086733][ T3505] veth1_macvtap: left promiscuous mode [ 112.093418][ T3505] veth0_macvtap: left promiscuous mode [ 112.106067][ T3505] veth1_vlan: left promiscuous mode [ 112.119074][ T3505] veth0_vlan: left promiscuous mode [ 112.187293][ T6842] loop3: detected capacity change from 0 to 1024 [ 112.237167][ T6842] EXT4-fs: inline encryption not supported [ 112.243113][ T6842] EXT4-fs: Ignoring removed bh option [ 112.288350][ T6842] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 112.380704][ T6842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.478852][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.516883][ T5787] Bluetooth: hci2: command tx timeout [ 112.659823][ T6842] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.267: Allocating blocks 497-513 which overlap fs metadata [ 112.703381][ T6842] EXT4-fs (loop3): Remounting filesystem read-only [ 112.743700][ T6854] loop2: detected capacity change from 0 to 1024 [ 112.756634][ T6841] EXT4-fs (loop3): pa ffff88805c51c828: logic 256, phys. 385, len 8 [ 112.855381][ T6854] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.874134][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.891718][ T6854] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.977717][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.013414][ T6858] loop3: detected capacity change from 0 to 1024 [ 113.023705][ T6858] EXT4-fs: inline encryption not supported [ 113.029621][ T6858] EXT4-fs: Ignoring removed i_version option [ 113.038959][ T6858] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 113.080134][ T6858] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.364711][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.176039][ T3505] team0 (unregistering): Port device team_slave_1 removed [ 114.294085][ T3505] team0 (unregistering): Port device team_slave_0 removed [ 114.385407][ T6874] loop2: detected capacity change from 0 to 2048 [ 114.402692][ T3505] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.482131][ T6874] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.017232][ T3505] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.372360][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.483239][ T6884] loop2: detected capacity change from 0 to 512 [ 115.497759][ T6885] loop3: detected capacity change from 0 to 1024 [ 115.524490][ T6884] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 115.549135][ T6885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.581448][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #17: comm syz.2.277: iget: bad i_size value: -6917529027641081756 [ 115.631058][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.277: couldn't read orphan inode 17 (err -117) [ 115.668921][ T6884] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.735981][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.931098][ T6884] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.277: bg 0: block 65: padding at end of block bitmap is not set [ 115.965388][ T6884] Quota error (device loop2): write_blk: dquota write failed [ 115.981897][ T6884] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 115.992379][ T6884] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.277: Failed to acquire dquot type 0 [ 116.084017][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.295026][ T3505] bond0 (unregistering): Released all slaves [ 116.397184][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.404342][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.453449][ T6673] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 116.467557][ T6896] kvm_intel: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0x65b7 [ 116.480782][ T6896] kvm: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x3b7 [ 116.489854][ T6896] kvm: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x14a2 [ 116.501679][ T6896] kvm: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0xac3c [ 116.513117][ T6896] kvm: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7b28 [ 116.522250][ T6896] kvm: kvm [6895]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0xfe14 [ 116.851559][ T6673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.891164][ T6673] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.905185][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.912404][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.998044][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.005225][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.335341][ T6924] kvm: pic: non byte write [ 117.356648][ T6924] kvm: pic: non byte write [ 117.363415][ T6924] kvm: pic: non byte write [ 117.365966][ T6643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.393923][ T6924] kvm: pic: non byte write [ 117.426899][ T6924] kvm: pic: non byte write [ 117.446458][ T6924] kvm: pic: non byte write [ 117.672585][ T6673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.741060][ T6942] loop3: detected capacity change from 0 to 256 [ 118.228948][ T6643] veth0_vlan: entered promiscuous mode [ 118.274774][ T6643] veth1_vlan: entered promiscuous mode [ 118.393362][ T6643] veth0_macvtap: entered promiscuous mode [ 118.423130][ T6643] veth1_macvtap: entered promiscuous mode [ 118.626065][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.644202][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.674849][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.782413][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.925132][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.092057][ T6673] veth0_vlan: entered promiscuous mode [ 119.166121][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.177091][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.196320][ T6643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.236640][ T6643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.418280][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.483026][ T6643] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.586102][ T6643] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.674684][ T6643] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.787213][ T6643] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.994880][ T6673] veth1_vlan: entered promiscuous mode [ 120.354947][ T6673] veth0_macvtap: entered promiscuous mode [ 120.404016][ T6673] veth1_macvtap: entered promiscuous mode [ 120.505828][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.533617][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.543900][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.554984][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.565887][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.576815][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.592940][ T6673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.601423][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.620581][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.632224][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.661608][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.674177][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.690337][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.702050][ T6673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.718486][ T6673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.730573][ T6673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.750021][ T6673] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.763673][ T6673] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.775290][ T6673] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.789516][ T6673] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.851763][ T3496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.874486][ T3496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.998644][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.024024][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.067482][ T6999] netlink: 88 bytes leftover after parsing attributes in process `syz.2.298'. [ 121.149671][ T3550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.178167][ T3550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.924581][ T7017] process 'syz.5.300' launched './file0' with NULL argv: empty string added [ 122.114942][ T7019] loop6: detected capacity change from 0 to 512 [ 122.433082][ T7022] loop3: detected capacity change from 0 to 164 [ 123.392106][ T7039] loop3: detected capacity change from 0 to 164 [ 125.921623][ T7069] loop3: detected capacity change from 0 to 1024 [ 126.227584][ T7069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.976012][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.229877][ T7098] loop3: detected capacity change from 0 to 1024 [ 127.297464][ T7098] EXT4-fs: Ignoring removed nobh option [ 127.318095][ T7098] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 127.445976][ T7098] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c856c018, mo2=0102] [ 127.482013][ T7098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.250735][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.335261][ T7134] loop6: detected capacity change from 0 to 1024 [ 129.513776][ T7141] loop5: detected capacity change from 0 to 1024 [ 129.521218][ T7141] EXT4-fs: inline encryption not supported [ 129.522265][ T7134] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.527249][ T7141] EXT4-fs: Ignoring removed i_version option [ 129.550948][ T7141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 129.675102][ T7141] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.769530][ T6673] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.944502][ T6643] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.123209][ T7159] bridge1: entered allmulticast mode [ 130.327693][ T7169] loop5: detected capacity change from 0 to 164 [ 131.227983][ T7176] loop5: detected capacity change from 0 to 1024 [ 131.315492][ T7176] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.319826][ T7183] loop3: detected capacity change from 0 to 1024 [ 131.360210][ T7183] EXT4-fs: inline encryption not supported [ 131.382841][ T7183] EXT4-fs: Ignoring removed i_version option [ 131.435594][ T7183] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 131.520725][ T7183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.545974][ T6643] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.558491][ T7182] overlayfs: statfs failed on './file0' [ 131.724014][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.023502][ T7211] loop2: detected capacity change from 0 to 512 [ 132.125323][ T7211] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.351: bad orphan inode 11862016 [ 132.221923][ T7211] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 132.318296][ T7211] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.975326][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 133.086861][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.093215][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.240781][ T7238] loop3: detected capacity change from 0 to 2364 [ 134.472006][ T7240] overlayfs: statfs failed on './file0' [ 138.570261][ T7330] loop5: detected capacity change from 0 to 164 [ 138.948875][ T7337] loop5: detected capacity change from 0 to 1024 [ 139.093384][ T7337] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.356965][ T6643] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.658557][ T7352] overlayfs: failed to resolve './file0/../file0': -2 [ 140.709006][ T7389] capability: warning: `syz.6.400' uses deprecated v2 capabilities in a way that may be insecure [ 141.116050][ T7400] loop5: detected capacity change from 0 to 512 [ 141.191811][ T7400] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.208690][ T7400] ext4 filesystem being mounted at /27/file1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.435049][ T6643] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.366101][ T7445] overlayfs: failed to clone upperpath [ 144.703944][ T7464] loop3: detected capacity change from 0 to 512 [ 144.733455][ T7464] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 144.782490][ T7464] EXT4-fs (loop3): 1 truncate cleaned up [ 144.791701][ T7464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.822004][ T7464] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.418: corrupted in-inode xattr: overlapping e_value [ 144.836663][ T7464] EXT4-fs (loop3): Remounting filesystem read-only [ 144.843220][ T7464] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1781: inode #15: comm syz.3.418: unable to update i_inline_off [ 145.012931][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.726007][ T7499] overlayfs: failed to clone upperpath [ 147.025127][ T7535] overlayfs: failed to clone upperpath [ 147.164775][ T7539] overlayfs: failed to clone upperpath [ 147.255532][ T7542] bridge1: entered allmulticast mode [ 148.678093][ T7578] fuse: Bad value for 'fd' [ 148.704833][ T7578] overlayfs: failed to clone upperpath [ 148.898912][ T7586] bridge2: entered allmulticast mode [ 150.792754][ T7619] bridge1: entered allmulticast mode [ 152.680920][ T7658] bridge3: entered allmulticast mode [ 154.735307][ T7702] netlink: 4 bytes leftover after parsing attributes in process `syz.6.480'. [ 154.764511][ T7705] bridge2: entered allmulticast mode [ 154.792366][ T7702] netlink: 12 bytes leftover after parsing attributes in process `syz.6.480'. [ 156.265647][ T7747] bridge4: entered allmulticast mode [ 158.316787][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 158.335249][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 158.347626][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 158.360927][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 158.370062][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 158.378513][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 158.939821][ T3550] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.424723][ T3550] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.445257][ T7820] loop3: detected capacity change from 0 to 512 [ 159.466114][ T7820] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 159.495300][ T7820] EXT4-fs (loop3): orphan cleanup on readonly fs [ 159.508045][ T7820] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:512: comm syz.3.513: Block bitmap for bg 0 marked uninitialized [ 159.546342][ T7820] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 159.638359][ T7820] EXT4-fs (loop3): 1 orphan inode deleted [ 159.660405][ T7820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 159.688684][ T3550] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.785756][ T7832] overlayfs: failed to clone upperpath [ 159.828298][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.923908][ T3550] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.127084][ T7844] bridge3: entered allmulticast mode [ 160.436515][ T5787] Bluetooth: hci1: command tx timeout [ 160.503005][ T7797] chnl_net:caif_netlink_parms(): no params data found [ 161.087216][ T7797] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.102728][ T7797] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.116491][ T7797] bridge_slave_0: entered allmulticast mode [ 161.123830][ T7797] bridge_slave_0: entered promiscuous mode [ 161.152888][ T7797] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.176666][ T7797] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.183937][ T7797] bridge_slave_1: entered allmulticast mode [ 161.197982][ T7797] bridge_slave_1: entered promiscuous mode [ 161.367912][ T7797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.431179][ T7797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.606501][ T7797] team0: Port device team_slave_0 added [ 161.749954][ T7797] team0: Port device team_slave_1 added [ 162.079628][ T7797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.103729][ T7797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.161914][ T7797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.314424][ T7797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 162.343405][ T7797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.408826][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.418943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.428088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.439890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.449182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.459067][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.467857][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.476857][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.486834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.495303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.516419][ T5787] Bluetooth: hci1: command tx timeout [ 168.012677][ T5787] Bluetooth: hci1: command tx timeout [ 168.078032][ T7797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.301978][ T7957] syz.2.559[7957] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.302113][ T7957] syz.2.559[7957] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.733948][ T7966] netlink: 96 bytes leftover after parsing attributes in process `syz.3.562'. [ 168.788810][ T3550] hsr_slave_0: left promiscuous mode [ 168.817872][ T3550] hsr_slave_1: left promiscuous mode [ 168.825902][ T3550] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.835609][ T3550] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.856870][ T3550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.865278][ T3550] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.885154][ T3550] bridge_slave_1: left allmulticast mode [ 168.891454][ T3550] bridge_slave_1: left promiscuous mode [ 168.910743][ T3550] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.937718][ T3550] bridge_slave_0: left allmulticast mode [ 168.943436][ T3550] bridge_slave_0: left promiscuous mode [ 168.966517][ T3550] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.024129][ T3550] veth1_macvtap: left promiscuous mode [ 169.036490][ T3550] veth0_macvtap: left promiscuous mode [ 169.052400][ T3550] veth1_vlan: left promiscuous mode [ 169.066451][ T3550] veth0_vlan: left promiscuous mode [ 170.038813][ T5790] Bluetooth: hci1: command tx timeout [ 170.335815][ T3550] team0 (unregistering): Port device team_slave_1 removed [ 170.415844][ T3550] team0 (unregistering): Port device team_slave_0 removed [ 170.533405][ T3550] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 170.641118][ T3550] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.903082][ T7996] trusted_key: syz.3.574 sent an empty control message without MSG_MORE. [ 171.364842][ T8012] loop3: detected capacity change from 0 to 512 [ 171.373960][ T8012] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 171.401723][ T8012] EXT4-fs (loop3): 1 truncate cleaned up [ 171.416614][ T8012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.467578][ T8012] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.578: corrupted in-inode xattr: overlapping e_value [ 171.511283][ T8012] EXT4-fs (loop3): Remounting filesystem read-only [ 171.526817][ T8012] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1781: inode #15: comm syz.3.578: unable to update i_inline_off [ 171.541683][ T3550] bond0 (unregistering): Released all slaves [ 171.605276][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.685370][ T7797] hsr_slave_0: entered promiscuous mode [ 171.697535][ T7797] hsr_slave_1: entered promiscuous mode [ 171.703312][ T8018] Zero length message leads to an empty skb [ 171.917616][ T8023] loop3: detected capacity change from 0 to 2048 [ 171.981053][ T8023] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.072297][ T8023] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 172.350606][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.461150][ T7797] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 172.515864][ T7797] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 172.550453][ T7797] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 172.583204][ T7797] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 172.883323][ T7797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.942228][ T7797] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.989155][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.996376][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.056019][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.063252][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.250479][ T7797] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.943819][ T7797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.457777][ T8150] overlayfs: failed to clone upperpath [ 175.417948][ T7797] veth0_vlan: entered promiscuous mode [ 175.434180][ T7797] veth1_vlan: entered promiscuous mode [ 175.504454][ T8161] loop3: detected capacity change from 0 to 512 [ 175.538845][ T7797] veth0_macvtap: entered promiscuous mode [ 175.573983][ T8161] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.609: casefold flag without casefold feature [ 175.604488][ T7797] veth1_macvtap: entered promiscuous mode [ 175.620733][ T8161] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.609: couldn't read orphan inode 15 (err -117) [ 175.653069][ T8161] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.665762][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.665781][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.665790][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.665801][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.665812][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.665823][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.687615][ T7797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.821491][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.841120][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.858965][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.870641][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.882064][ T7797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.892731][ T7797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.903805][ T8161] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 175.914329][ T7797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.923515][ T8173] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 175.945313][ T7797] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.956269][ T8173] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 175.973672][ T7797] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.993724][ T7797] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.019968][ T7797] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.035878][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.299312][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.307395][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.408942][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.429189][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.435965][ T8206] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.672565][ T8214] overlayfs: statfs failed on './file0' [ 177.872082][ T8232] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 177.899913][ T8232] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 179.627471][ T8281] overlayfs: failed to resolve './file1': -2 [ 180.519101][ T8288] loop7: detected capacity change from 0 to 512 [ 180.565070][ T8288] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 180.599138][ T8288] EXT4-fs (loop7): orphan cleanup on readonly fs [ 180.605533][ T8288] EXT4-fs error (device loop7): ext4_quota_enable:7125: comm syz.7.642: Bad quota inum: 64, type: 0 [ 180.710241][ T8288] EXT4-fs (loop7): Remounting filesystem read-only [ 180.738912][ T8288] EXT4-fs warning (device loop7): ext4_enable_quotas:7173: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 180.776281][ T8288] EXT4-fs (loop7): Cannot turn on quotas: error -117 [ 180.789845][ T8288] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 180.877546][ T8288] loop7: Can't mount, would change RO state [ 180.982796][ T7797] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.037291][ T8314] loop3: detected capacity change from 0 to 512 [ 181.058350][ T8314] EXT4-fs: Ignoring removed nobh option [ 181.181283][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.651: corrupted inode contents [ 181.288914][ T8324] overlayfs: failed to resolve './file1': -2 [ 181.317281][ T8314] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.651: mark_inode_dirty error [ 181.823658][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.651: corrupted inode contents [ 181.966257][ T8314] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.651: mark_inode_dirty error [ 181.982118][ T8314] Quota error (device loop3): write_blk: dquota write failed [ 181.993927][ T8314] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 182.011706][ T8314] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.651: Failed to acquire dquot type 0 [ 182.066038][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.651: corrupted inode contents [ 182.094328][ T8314] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #16: comm syz.3.651: mark_inode_dirty error [ 182.154704][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.651: corrupted inode contents [ 182.189832][ T8333] loop7: detected capacity change from 0 to 128 [ 182.207195][ T8314] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.651: mark_inode_dirty error [ 182.263218][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.651: corrupted inode contents [ 182.301417][ T8314] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 182.335851][ T8314] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #16: comm syz.3.651: corrupted inode contents [ 182.398082][ T8314] EXT4-fs error (device loop3): ext4_truncate:4288: inode #16: comm syz.3.651: mark_inode_dirty error [ 182.491078][ T8314] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 182.556630][ T8314] EXT4-fs (loop3): 1 truncate cleaned up [ 182.605617][ T8314] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.643297][ T8314] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.031258][ T8366] overlayfs: failed to resolve './file1': -2 [ 183.806079][ T8314] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.651: iget: bad i_size value: 360287970189639690 [ 183.949020][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.970464][ T3438] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 184.006646][ T3438] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:7: Failed to release dquot type 1 [ 184.083912][ T8380] overlayfs: failed to clone upperpath [ 184.210345][ T8387] loop7: detected capacity change from 0 to 256 [ 185.132200][ T8420] overlayfs: statfs failed on './file0' [ 185.446426][ T8439] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.759892][ T8455] netlink: 28 bytes leftover after parsing attributes in process `syz.2.689'. [ 187.212440][ T8477] loop7: detected capacity change from 0 to 256 [ 187.402413][ T8477] FAT-fs (loop7): Directory bread(block 64) failed [ 187.418735][ T8477] FAT-fs (loop7): Directory bread(block 65) failed [ 187.436955][ T8477] FAT-fs (loop7): Directory bread(block 66) failed [ 187.455404][ T8477] FAT-fs (loop7): Directory bread(block 67) failed [ 187.470680][ T8477] FAT-fs (loop7): Directory bread(block 68) failed [ 187.491218][ T8477] FAT-fs (loop7): Directory bread(block 69) failed [ 187.513857][ T8477] FAT-fs (loop7): Directory bread(block 70) failed [ 187.534113][ T8477] FAT-fs (loop7): Directory bread(block 71) failed [ 187.558739][ T8477] FAT-fs (loop7): Directory bread(block 72) failed [ 187.565750][ T8477] FAT-fs (loop7): Directory bread(block 73) failed [ 187.663176][ T8494] netlink: 4 bytes leftover after parsing attributes in process `syz.6.699'. [ 187.778892][ T8498] netlink: 28 bytes leftover after parsing attributes in process `syz.2.700'. [ 188.514460][ T8530] loop3: detected capacity change from 0 to 1024 [ 188.540613][ T8530] EXT4-fs: Ignoring removed nobh option [ 188.585240][ T8530] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 188.661012][ T8530] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c856c018, mo2=0102] [ 188.699769][ T8530] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.841674][ T8543] netlink: 28 bytes leftover after parsing attributes in process `syz.2.713'. [ 188.884038][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.604123][ T8571] fuse: Bad value for 'fd' [ 189.609622][ T8573] netlink: 28 bytes leftover after parsing attributes in process `syz.6.724'. [ 190.192005][ T8592] loop7: detected capacity change from 0 to 1024 [ 190.227426][ T8592] EXT4-fs: Ignoring removed nobh option [ 190.252976][ T8592] EXT4-fs: Ignoring removed bh option [ 190.302462][ T8592] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.371195][ T8592] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.420093][ T8592] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm syz.7.729: bg 0: block 273: padding at end of block bitmap is not set [ 190.545619][ T7797] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.946804][ T8617] netlink: 28 bytes leftover after parsing attributes in process `syz.6.734'. [ 191.277871][ T8632] loop7: detected capacity change from 0 to 512 [ 191.364754][ T8632] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.429738][ T8632] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.479073][ T5797] Bluetooth: hci3: command 0x0406 tx timeout [ 191.479446][ T5106] Bluetooth: hci0: command 0x0406 tx timeout [ 191.500426][ T8644] overlayfs: failed to clone upperpath [ 191.696118][ T7797] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.536944][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.543337][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.982689][ T8755] overlayfs: failed to clone upperpath [ 196.512295][ T8803] vlan0: entered allmulticast mode [ 196.522628][ T8803] veth0_vlan: entered allmulticast mode [ 199.677894][ T8891] overlayfs: failed to clone upperpath [ 200.177332][ T8905] syz.7.800[8905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.177465][ T8905] syz.7.800[8905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.353345][ T8910] pim6reg1: entered promiscuous mode [ 200.405417][ T8910] pim6reg1: entered allmulticast mode [ 202.002253][ T8951] wg2: entered promiscuous mode [ 202.066929][ T8951] wg2: entered allmulticast mode [ 202.148258][ T8955] overlayfs: failed to clone upperpath [ 203.275261][ T8988] syz.2.820[8988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 203.275514][ T8988] syz.2.820[8988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 203.321495][ T8988] syz.2.820[8988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 203.366824][ T8988] syz.2.820[8988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.325682][ T9024] overlayfs: failed to clone upperpath [ 209.366930][ T9127] overlayfs: failed to clone upperpath [ 209.605208][ T9136] overlayfs: failed to clone upperpath [ 211.248320][ T9175] bridge4: entered allmulticast mode [ 212.051093][ T9204] overlayfs: failed to clone upperpath [ 212.367812][ T9212] bridge3: entered allmulticast mode [ 214.086926][ T9245] overlayfs: failed to clone upperpath [ 214.483132][ T9256] bridge5: entered allmulticast mode [ 214.777745][ T9267] overlayfs: failed to clone upperpath [ 216.054919][ T9300] pim6reg1: entered promiscuous mode [ 216.071328][ T9300] pim6reg1: entered allmulticast mode [ 216.436568][ T9313] overlayfs: failed to clone upperpath [ 216.938922][ T9333] overlayfs: failed to clone upperpath [ 218.794061][ T9365] overlayfs: failed to clone upperpath [ 218.887786][ T9367] pim6reg1: entered promiscuous mode [ 218.893146][ T9367] pim6reg1: entered allmulticast mode [ 221.032669][ T9428] wg2: entered promiscuous mode [ 221.062961][ T9428] wg2: entered allmulticast mode [ 221.318647][ T9436] veth1_macvtap: left promiscuous mode [ 221.324294][ T9436] macsec0: entered promiscuous mode [ 222.271059][ T9463] overlayfs: failed to clone upperpath [ 223.212037][ T9485] overlayfs: failed to clone upperpath [ 224.492836][ T9510] overlayfs: failed to clone upperpath [ 227.317552][ T5787] Bluetooth: hci2: command 0x0406 tx timeout [ 232.835433][ T9700] wg2: left promiscuous mode [ 232.849164][ T9700] wg2: left allmulticast mode [ 233.106569][ T9700] wg2: entered promiscuous mode [ 233.111771][ T9700] wg2: entered allmulticast mode [ 233.699441][ T9728] Dead loop on virtual device ip6_vti0, fix it urgently! [ 234.256778][ T9744] wg2: entered promiscuous mode [ 234.300138][ T9744] wg2: entered allmulticast mode [ 235.280455][ T9771] GUP no longer grows the stack in syz.6.1105 (9771): 200000005000-200000008000 (200000004000) [ 235.291871][ T9771] CPU: 0 PID: 9771 Comm: syz.6.1105 Not tainted 6.6.101-syzkaller #0 [ 235.299976][ T9771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 235.310061][ T9771] Call Trace: [ 235.313333][ T9771] [ 235.316264][ T9771] dump_stack_lvl+0x16c/0x230 [ 235.320945][ T9771] ? show_regs_print_info+0x20/0x20 [ 235.326281][ T9771] ? load_image+0x3b0/0x3b0 [ 235.330781][ T9771] ? find_vma+0x12e/0x1b0 [ 235.335130][ T9771] __get_user_pages+0xfb9/0x1470 [ 235.340080][ T9771] ? __lock_acquire+0x1334/0x7c80 [ 235.345102][ T9771] ? populate_vma_page_range+0x370/0x370 [ 235.350742][ T9771] ? __gup_longterm_locked+0x1e3c/0x2920 [ 235.356374][ T9771] ? down_read_killable+0x1d0/0x340 [ 235.361568][ T9771] __gup_longterm_locked+0x1f92/0x2920 [ 235.367034][ T9771] ? pin_user_pages_remote+0x210/0x210 [ 235.372485][ T9771] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 235.378454][ T9771] ? lock_chain_count+0x20/0x20 [ 235.383293][ T9771] ? internal_get_user_pages_fast+0x1fa2/0x2730 [ 235.389526][ T9771] internal_get_user_pages_fast+0x217f/0x2730 [ 235.395587][ T9771] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 235.401558][ T9771] ? lock_chain_count+0x20/0x20 [ 235.406402][ T9771] ? finish_task_switch+0x265/0x920 [ 235.411590][ T9771] ? lockdep_hardirqs_on+0x98/0x150 [ 235.416799][ T9771] ? finish_task_switch+0x265/0x920 [ 235.422000][ T9771] ? get_user_pages_fast_only+0xa0/0xa0 [ 235.427550][ T9771] ? __schedule+0x14da/0x44d0 [ 235.432220][ T9771] get_futex_key+0x19f/0x1020 [ 235.436894][ T9771] ? futex_setup_timer+0xc0/0xc0 [ 235.441833][ T9771] ? futex_wait_queue+0x9d/0x1b0 [ 235.446781][ T9771] futex_wait_setup+0xac/0x260 [ 235.451596][ T9771] ? futex_wait_multiple+0x8d0/0x8d0 [ 235.456871][ T9771] ? schedule+0xc7/0x170 [ 235.461106][ T9771] futex_wait+0x172/0x530 [ 235.465429][ T9771] ? futex_wait_setup+0x260/0x260 [ 235.470451][ T9771] ? mtree_range_walk+0x674/0x7c0 [ 235.475470][ T9771] ? userfaultfd_unmap_prep+0x3d0/0x3d0 [ 235.481027][ T9771] ? mas_find_setup+0x493/0x590 [ 235.485866][ T9771] do_futex+0x2ff/0x3e0 [ 235.490011][ T9771] ? __ia32_sys_get_robust_list+0x90/0x90 [ 235.495729][ T9771] __se_sys_futex+0x36f/0x3f0 [ 235.500417][ T9771] ? __x64_sys_futex+0xf0/0xf0 [ 235.505188][ T9771] ? __x64_sys_futex+0x21/0xf0 [ 235.509940][ T9771] do_syscall_64+0x55/0xb0 [ 235.514349][ T9771] ? clear_bhb_loop+0x40/0x90 [ 235.519011][ T9771] ? clear_bhb_loop+0x40/0x90 [ 235.523678][ T9771] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 235.529573][ T9771] RIP: 0033:0x7efe5098ebe9 [ 235.533989][ T9771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.553617][ T9771] RSP: 002b:00007efe5181d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 235.562053][ T9771] RAX: ffffffffffffffda RBX: 00007efe50bb5fa0 RCX: 00007efe5098ebe9 [ 235.570049][ T9771] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000200000004000 [ 235.578047][ T9771] RBP: 00007efe50a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 235.586023][ T9771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.593986][ T9771] R13: 00007efe50bb6038 R14: 00007efe50bb5fa0 R15: 00007fffcdeb3148 [ 235.601960][ T9771] [ 236.993023][ T9799] binder: 9798:9799 ioctl 4018620d 0 returned -22 [ 237.077026][ T9803] fuse: Bad value for 'fd' [ 237.492939][ T5882] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 237.708295][ T5882] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 237.717485][ T5882] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.737012][ T5882] usb 8-1: config 0 descriptor?? [ 238.835886][ T9811] bridge5: entered allmulticast mode [ 239.422235][ T5882] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 239.453369][ T5882] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9 [ 239.475913][ T5882] asix: probe of 8-1:0.0 failed with error -71 [ 239.506056][ T5882] usb 8-1: USB disconnect, device number 2 [ 240.092162][ T9844] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1134'. [ 240.120861][ T9844] capability: warning: `syz.7.1134' uses 32-bit capabilities (legacy support in use) [ 240.209779][ T28] audit: type=1326 audit(1755249599.835:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9845 comm="syz.6.1136" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe5098ebe9 code=0x0 [ 241.776403][ T5775] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 241.986207][ T5775] usb 8-1: Using ep0 maxpacket: 32 [ 242.001507][ T5775] usb 8-1: config 0 has an invalid interface number: 184 but max is 0 [ 242.010062][ T5775] usb 8-1: config 0 has no interface number 0 [ 242.016780][ T5775] usb 8-1: config 0 interface 184 has no altsetting 0 [ 242.033181][ T5775] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 242.046016][ T5775] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.056217][ T5775] usb 8-1: Product: syz [ 242.060438][ T5775] usb 8-1: Manufacturer: syz [ 242.065136][ T5775] usb 8-1: SerialNumber: syz [ 242.087614][ T5775] usb 8-1: config 0 descriptor?? [ 242.107624][ T5775] smsc75xx v1.0.0 [ 242.961681][ T9885] wg2: left promiscuous mode [ 242.974184][ T9885] wg2: left allmulticast mode [ 243.341271][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 243.585236][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 243.631908][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 243.685865][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 243.725916][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 243.756236][ T5775] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 243.780694][ T5775] smsc75xx: probe of 8-1:0.184 failed with error -71 [ 243.800855][ T9885] wg2: entered promiscuous mode [ 243.816544][ T9885] wg2: entered allmulticast mode [ 243.820385][ T5775] usb 8-1: USB disconnect, device number 3 [ 244.337181][ T9908] overlayfs: missing 'lowerdir' [ 246.894915][ T28] audit: type=1326 audit(1755249606.525:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.7.1177" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee9a58ebe9 code=0x0 [ 246.957747][ T9953] wg2: entered promiscuous mode [ 246.970528][ T9953] wg2: entered allmulticast mode [ 247.733575][ T9984] wg2: left promiscuous mode [ 247.738371][ T9984] wg2: left allmulticast mode [ 247.933516][ T9984] wg2: entered promiscuous mode [ 247.955864][ T9984] wg2: entered allmulticast mode [ 248.624181][ T28] audit: type=1326 audit(1755249608.215:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10004 comm="syz.3.1196" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f22f158ebe9 code=0x0 [ 248.972575][T10020] overlayfs: failed to clone upperpath [ 249.090616][T10025] wg2: left promiscuous mode [ 249.098450][T10025] wg2: left allmulticast mode [ 249.363719][T10025] wg2: entered promiscuous mode [ 249.390550][T10025] wg2: entered allmulticast mode [ 250.450365][T10052] overlayfs: failed to clone upperpath [ 251.103836][T10072] overlayfs: failed to clone upperpath [ 251.633950][ T3550] Bluetooth: hci4: Frame reassembly failed (-84) [ 251.870516][T10090] overlayfs: failed to clone upperpath [ 253.577511][T10118] overlayfs: failed to clone upperpath [ 253.646568][ T5790] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 255.343971][T10152] overlayfs: statfs failed on './file0' [ 255.432023][T10154] overlayfs: failed to clone upperpath [ 255.961657][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.968260][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.591937][T10168] IPv4: Oversized IP packet from 172.20.20.170 [ 256.600627][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.608815][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.637710][T10168] IPv4: Oversized IP packet from 172.20.20.170 [ 256.644507][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.651056][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.661336][T10168] IPv4: Oversized IP packet from 172.20.20.170 [ 256.668197][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.674656][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 256.710396][T10168] IPv4: Oversized IP packet from 172.20.20.170 [ 257.007750][T10177] bridge6: entered allmulticast mode [ 257.182869][T10186] overlayfs: failed to clone upperpath [ 257.250154][T10188] overlayfs: failed to clone upperpath [ 257.682638][T10202] bridge4: entered allmulticast mode [ 258.540475][T10232] bridge5: entered allmulticast mode [ 258.865203][T10249] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1291'. [ 258.921559][T10251] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1292'. [ 261.516256][ T5828] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 261.529475][T10324] overlayfs: failed to clone upperpath [ 261.728384][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 261.755940][ T5828] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 261.791951][T10326] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1317'. [ 261.812189][ T5828] usb 4-1: New USB device found, idVendor=056a, idProduct=0020, bcdDevice= 0.00 [ 261.844049][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.890902][ T5828] usb 4-1: config 0 descriptor?? [ 261.917265][T10318] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 261.936283][ T5787] Bluetooth: hci1: link tx timeout [ 261.941979][ T5787] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 261.953714][ T5787] Bluetooth: hci1: link tx timeout [ 261.959928][ T5787] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 261.968091][ T5787] Bluetooth: hci1: link tx timeout [ 261.973223][ T5787] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 261.981028][ T5787] Bluetooth: hci1: link tx timeout [ 261.986201][ T5787] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 261.993866][ T5787] Bluetooth: hci1: link tx timeout [ 261.999095][ T5787] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 262.413728][ T5828] wacom 0003:056A:0020.0001: Unknown device_type for 'HID 056a:0020'. Assuming pen. [ 262.455315][ T5828] wacom 0003:056A:0020.0001: hidraw0: USB HID v1.01 Device [HID 056a:0020] on usb-dummy_hcd.3-1/input0 [ 262.519601][ T5828] input: Wacom Intuos 4x5 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0020.0001/input/input5 [ 262.697133][ T5828] usb 4-1: USB disconnect, device number 6 [ 262.995041][T10346] bridge6: entered allmulticast mode [ 263.220583][T10355] syz_tun: entered allmulticast mode [ 263.238594][T10354] syz_tun: left allmulticast mode [ 263.488436][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1333'. [ 263.721749][T10371] netlink: 'syz.3.1336': attribute type 1 has an invalid length. [ 263.742318][T10375] overlayfs: failed to clone upperpath [ 263.799605][T10373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1337'. [ 263.873105][T10378] gretap1: entered promiscuous mode [ 263.929135][T10378] bond2: (slave gretap1): making interface the new active one [ 263.939996][T10378] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 263.961789][ T5787] Bluetooth: hci1: command 0x0406 tx timeout [ 263.969793][T10381] wg2: left promiscuous mode [ 263.974471][T10381] wg2: left allmulticast mode [ 264.021378][T10373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1337'. [ 264.065567][T10371] macvlan2: entered promiscuous mode [ 264.072372][T10371] macvlan2: entered allmulticast mode [ 264.084092][T10371] bond2: entered promiscuous mode [ 264.094198][T10371] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 264.124671][T10371] bond2: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 264.154047][T10371] bond2: left promiscuous mode [ 264.197890][T10381] wg2: entered promiscuous mode [ 264.203320][T10381] wg2: entered allmulticast mode [ 264.462923][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1344'. [ 264.693715][T10404] bridge7: entered allmulticast mode [ 264.743375][T10406] wg2: left promiscuous mode [ 264.753370][T10406] wg2: left allmulticast mode [ 264.898878][T10410] wg2: entered promiscuous mode [ 264.903819][T10410] wg2: entered allmulticast mode [ 265.060192][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1356'. [ 265.148221][T10426] overlayfs: failed to clone upperpath [ 265.285787][ T28] audit: type=1326 audit(1755249624.915:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10432 comm="syz.6.1360" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe5098ebe9 code=0x0 [ 265.496382][T10441] overlayfs: failed to clone upperpath [ 265.972122][T10451] overlayfs: failed to clone upperpath [ 266.253189][T10463] wg2: left promiscuous mode [ 266.261959][T10463] wg2: left allmulticast mode [ 266.447039][T10471] overlayfs: failed to clone upperpath [ 267.060379][T10468] wg2: entered promiscuous mode [ 267.085788][T10468] wg2: entered allmulticast mode [ 267.153215][T10480] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1376'. [ 267.328253][T10476] syzkaller0: entered promiscuous mode [ 267.344388][T10476] syzkaller0: entered allmulticast mode [ 267.414334][ T28] audit: type=1326 audit(1755249627.045:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10489 comm="syz.2.1381" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f55b578ebe9 code=0x0 [ 268.703700][T10503] overlayfs: failed to clone upperpath [ 269.665190][T10486] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1379'. [ 270.230432][T10524] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1396'. [ 270.664136][T10536] wg2: left promiscuous mode [ 270.678343][T10536] wg2: left allmulticast mode [ 270.761285][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1401'. [ 270.867989][T10537] wg2: entered promiscuous mode [ 270.880488][T10537] wg2: entered allmulticast mode [ 270.887632][T10540] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1402'. [ 271.257452][T10549] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1405'. [ 271.502186][T10559] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 271.645388][T10564] netlink: 'syz.6.1412': attribute type 1 has an invalid length. [ 271.683487][T10564] 8021q: adding VLAN 0 to HW filter on device bond1 [ 271.701011][T10562] syz_tun: entered promiscuous mode [ 271.711942][T10562] syz_tun: entered allmulticast mode [ 271.770069][T10564] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1412'. [ 272.086923][T10578] bridge7: entered allmulticast mode [ 272.159629][T10551] overlayfs: statfs failed on './file0' [ 272.244609][T10584] BUG: assuming non migratable context at include/linux/filter.h:599 [ 272.253559][T10584] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 10584, name: syz.6.1421 [ 272.267687][T10585] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 272.275469][T10585] IPv6: NLM_F_CREATE should be set when creating new route [ 272.278483][T10584] 2 locks held by syz.6.1421/10584: [ 272.319154][T10584] #0: ffff88807a0e8e30 (sk_lock-AF_INET){+.+.}-{0:0}, at: raw_sendmsg+0x13d8/0x1950 [ 272.334862][T10584] #1: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: nf_hook+0x9e/0x370 [ 272.365852][T10584] CPU: 1 PID: 10584 Comm: syz.6.1421 Not tainted 6.6.101-syzkaller #0 [ 272.374074][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 272.384161][T10584] Call Trace: [ 272.387468][T10584] [ 272.390410][T10584] dump_stack_lvl+0x16c/0x230 [ 272.395115][T10584] ? show_regs_print_info+0x20/0x20 [ 272.400334][T10584] ? ipt_do_table+0x2b2/0x15f0 [ 272.405143][T10584] __cant_migrate+0x234/0x2e0 [ 272.409852][T10584] ? __cant_sleep+0x210/0x210 [ 272.414555][T10584] ? nf_nat_packet+0xf0/0xf0 [ 272.419179][T10584] nf_hook_run_bpf+0x90/0x1e0 [ 272.423870][T10584] ? ipt_alloc_initial_table+0x610/0x610 [ 272.429522][T10584] ? bpf_nf_link_attach+0x810/0x810 [ 272.434739][T10584] ? nf_nat_ipv4_out+0x3af/0x4d0 [ 272.439696][T10584] ? bpf_nf_link_attach+0x810/0x810 [ 272.444909][T10584] nf_hook_slow+0xbd/0x200 [ 272.449343][T10584] nf_hook+0x215/0x370 [ 272.453434][T10584] ? nf_hook+0x9e/0x370 [ 272.457606][T10584] ? __ip_local_out+0x5f0/0x5f0 [ 272.462475][T10584] ? ip_mc_output+0x580/0x580 [ 272.467181][T10584] ? skb_clone+0x21f/0x370 [ 272.471624][T10584] ip_mc_output+0x22d/0x580 [ 272.476141][T10584] ? ip_mc_output+0x580/0x580 [ 272.480858][T10584] ip_send_skb+0x12d/0x1d0 [ 272.485295][T10584] raw_sendmsg+0x1488/0x1950 [ 272.489925][T10584] ? compat_raw_ioctl+0x70/0x70 [ 272.494814][T10584] ? aa_sk_perm+0x7fc/0x930 [ 272.499342][T10584] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 272.505794][T10584] ? sock_rps_record_flow+0x19/0x400 [ 272.511094][T10584] ? inet_send_prepare+0x260/0x260 [ 272.516218][T10584] ? inet_sendmsg+0x7c/0x2f0 [ 272.520815][T10584] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 272.526115][T10584] ? security_socket_sendmsg+0x80/0xa0 [ 272.531676][T10584] ? inet_send_prepare+0x260/0x260 [ 272.536801][T10584] ____sys_sendmsg+0x5bf/0x950 [ 272.541593][T10584] ? __sys_sendmsg_sock+0x30/0x30 [ 272.546634][T10584] ? __import_iovec+0x3fa/0x860 [ 272.551517][T10584] ? import_iovec+0x73/0xa0 [ 272.556065][T10584] ___sys_sendmsg+0x220/0x290 [ 272.560779][T10584] ? __sys_sendmsg+0x270/0x270 [ 272.565628][T10584] __se_sys_sendmsg+0x1a5/0x270 [ 272.570507][T10584] ? __x64_sys_sendmsg+0x80/0x80 [ 272.575495][T10584] ? lockdep_hardirqs_on+0x98/0x150 [ 272.580716][T10584] do_syscall_64+0x55/0xb0 [ 272.585149][T10584] ? clear_bhb_loop+0x40/0x90 [ 272.589844][T10584] ? clear_bhb_loop+0x40/0x90 [ 272.594537][T10584] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.600458][T10584] RIP: 0033:0x7efe5098ebe9 [ 272.604891][T10584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.624612][T10584] RSP: 002b:00007efe5181d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.633049][T10584] RAX: ffffffffffffffda RBX: 00007efe50bb5fa0 RCX: 00007efe5098ebe9 [ 272.641038][T10584] RDX: 0000000020002880 RSI: 0000200000001640 RDI: 0000000000000003 [ 272.649029][T10584] RBP: 00007efe50a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 272.657014][T10584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.664999][T10584] R13: 00007efe50bb6038 R14: 00007efe50bb5fa0 R15: 00007fffcdeb3148 [ 272.673005][T10584]