last executing test programs: 9m54.27125533s ago: executing program 0 (id=66): open(0x0, 0x80ff, 0x36) read$FUSE(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) gettid() write$P9_RGETLOCK(r1, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r3, 0xfffffffffffffc01, 0x0) tee(r0, r3, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r2, &(0x7f0000032680)={0x2020}, 0x2020) 9m52.265345899s ago: executing program 0 (id=70): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==") mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file7/file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x2) 9m51.839998778s ago: executing program 0 (id=71): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, 0x0, 0x0) 9m50.301270498s ago: executing program 0 (id=72): socket(0x10, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x20040000) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000000700)=ANY=[@ANYBLOB='iocharset=default,noadinicb,gid=forget,gid=ignore,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c616e63686f723d30303030000088be0900303030303030303030312c7569643d666f726765742c00215e8c2e42462f3ab5e1f7c0527abbb422be9178aa60681964adb069ae876c4a599d560075ac47c0de1a9bb9146af6433efdcdac853a8e8f16d6bad90ecce0a1fab46f48331e6b3c325c08df3c334e4da28067a30b3b1dc64bf692c712fc273bc1702008f563765c6f3e67d97e1369973c2a87f0ecca7320819863179fb85e394a8cf1d62c70d8306633b6958ebf998a0685bc5cdd1f97291328743add4c867115fae1082f8faf482e15eb939968"], 0xfd, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==") symlink(&(0x7f0000000400)='./bus\x00', &(0x7f00000000c0)='./file0\x00') creat(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x101, 0x402, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "806c64c97808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]}) lstat(&(0x7f0000000280)='./file0\x00', 0x0) 9m44.191185868s ago: executing program 0 (id=80): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x458, 0x320, 0x6affffff, 0x3403000b, 0x320, 0x7, 0x3f8, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00'}, 0x0, 0x2a0, 0x2e8, 0x0, {0x1000000}, [@common=@unspec=@bpf0={{0x230}, {0x1, [{0x6}]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4b8) 9m43.555900601s ago: executing program 0 (id=84): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 9m42.608289509s ago: executing program 32 (id=84): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 9m42.595444189s ago: executing program 2 (id=87): open(0x0, 0x80ff, 0x36) read$FUSE(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) write$P9_RGETLOCK(r1, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r3, 0xfffffffffffffc01, 0x0) tee(r0, r3, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r2, &(0x7f0000032680)={0x2020}, 0x2020) 9m40.458371501s ago: executing program 2 (id=90): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==") syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file7/file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x2) 9m39.991005571s ago: executing program 2 (id=93): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000340)={[{@init_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vVEUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aAAleTIwXY0w8eRD/CyVy5aQnD148GRKihqOJa952H3Tbty0tbV/lfT7JdufN7MvMY/l2ZqczbwOorMHsRy1id0RMp4j+dGXpCwbnn+7+/cnJ7JGiXn/jzxSpmZe/NDWf+7IfnRE9EfHzTyl2dSytd2bu0tnxqanJi83j4dlz08Mzc5f2nzk3fnry9OT50ZdGjxw+dPjIyIE1Xdflgrzj197/sP+zsbe/++afNPL9b2MpjsarzRcuvI71MhiDjX+TtLSo78h6V1aSjvm3Oha+xamzxAaxKvn71xURT0V/dMT9N68/Pn2t1MYBG6qeIupARSXxDxWVjwPyz/aLPwfXShmVAJvhzrH5CYCl8d85PzcYPY25ge13Uyyc1kkRsbaZuVY7IuLWzbFrp26OXYsNmocDil25GhFPF8V/asT/QPTEQCP+ay3xn40LTjSfs/zX11j/4qli8Q+bZz7+e5aN/2gT/+8siP9311j/4P3ke70t8d+71ksCAAAAAACAyrpxLCJeLPr7f+3e+p8oWP/TFxFH16H+wUXHS//+X7u9DtUABe4ci3ilcP1vLV/9O9DRTD3WWA/QlU6dmZo8EBGPR8S+6NqWHY8sU8f+z3d93a5ssLn+L39k9d9qrgVstuN257bWcybGZ8cf9rqBiDtXI54pXP+b7vX/qaD/z34fTD9gHbuev36iXdnK8Q9slPq3EXsL+//7d61Iy9+fY7gxHhjORwVLPfvxFz+0q3+t8e8WE/Dwsv5/+/LxP5AW3q9nZvV1HJzrrLcrW+v4vzu92bjlTHcz76Px2dmLIxHd6XhHltuSP7r6NsOjKI+HPF6y+N/33PLzf0Xj/96IWHSnsEh/te4pzj35b9/v7dpj/A/lyeJ/YlX9/+oTo9cHfmxX/4P1/4caff2+Zo75P5j3VR6m3a35BeHYWVS02e0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEdBLSJ2RKoN3UvXakNDEX0R8URsr01dmJl94dSFD85PZGWN7/+v5d/02z9/nPLv/x9YcDy66PhgROyMiC87ehvHQycvTE2UffEAAAAAAAAAAAAAAAAAAACwRfS12f+f+aOj7NYBG66z7AYApSmI/1/KaAew+fT/UF3iH6pL/EN1iX+oLvEP1SX+obrEP1SX+AcAAAAAgEfKzj03fk0RceXl3sYj090s6yq1ZcBGq5XdAKA0bvED1WXpD1SXz/hAWqG8p+1JK525nOmTD3EyAAAAAAAAAAAAAFTO3t32/0NV2f8P1WX/P1RXvv9/T8ntADafz/hArLCTv3D//4pnAQAAAAAAAAAAAADraWbu0tnxqanJixJvbY1mbGaiXq9fzv4XbJX2/M8T+VL4rdKeRYl8r9+DnVXe7yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDVfwEAAP//tsck3w==") setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000140)=0x7, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000300)=@secondary) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) 9m37.389125812s ago: executing program 2 (id=96): syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") chdir(&(0x7f0000000080)='./file0\x00') syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc41, &(0x7f0000002280)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb5nZ19b+a9mdWMRPDNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4g9euXT6THrYrQAAHqQrI189fdb9HwAeK9f8+x8AAAAAAAAAAAAAAA66FEU8GSlmr6ymsep1R/1yu+/2ndGh4a2rHUlVzUNV+fKrfubsufNfemHwQjcvt6c/oP5e+2y8NnLtUuPlmVuzc5Pz85MTjdHp9vjMxOSOt7Db+pudrA5A49brtydu3JhvnH3+3Ia37wy83//E8YGLg8+eeqZbdnRoeHhkvUi9t3ztvhvSsd0Ij8NRxKlI8dz3fppaEVHE7o9F/cGe+82OVJ04WXVidGi46shUuzW9UL55tXsgiohGT6Vm9xhtfS6i1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9m+uLImqR4jvHVtP1iDjUPQ5frAYGb9+OYh/7uANlOxt9EUvFI3DODrD+KOLVSPGzd07EeL7OVNeaL0S8WuYPIt4q86WIVH4wzke8t8XniEdTLYr4y/L8X1xNE9X1oHtdufy1xlemb8z0lO1eVz7i/eGeK8VDuj8c2ZQPxgG/NtWjiFZ1xV9N9/+XHQAAAAAAAAAAAAAAAAD22pEo4jOR4pX/+JNqXHFU49KPXRz8w4Ff7R0z/vSHbKcs+3xELBY7G5N7OA8MvJqupvSQxxI/zupRxJ/m8X/f+gj1ju5jmwAAAAAAAAAAAAAAAAAAAB5PRfwkUrz47om0FL1zirenbzauta5PdWaF7c79250zfW1tba2ROtnsZC3y68WcSzmXc67kjCLXz9nMOZZzMedSzuWcKznjUK6fs5lzLOdizqWcyzlXckYt18/ZzDmWczHnUs7lnCs544DM3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HFSRBG/iBTf/sZqihQRzYix6ORy/8NuHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQ6k9FfD9SNP6oeXddLSJS9X/HifLb+WgeLvOT0Rws86VoXsrZqrLW/NZDaD+705eK+HGk6K+/ffeE5/Pf13l192MQb31z/dVna5081H1z4P3+J44fuzg4/BtPb7ectmrAycvt6dt3GqNDw8MjPatree+f7Fk3kPdb7E3XiYj5N958vTU1NTl3/wvlR2AX1R+hhVR7XHp6Xwv1iDgAzdjDhagdiGY8nL7zGCjv/+9Fit999z+7N/zO/b8ev9J5dfcOHz//s/X7/4ubN7TD+39tc718/y/v6Vvd/5/sWfdi/ttIXy2ivnBrtu94RH3+jTdPtW+1bk7enJw+f/r0lwcHv3zudN/hiPqN9tRkz9KeHC4AAAAAAAAAAAAAAACABycV8fuRovXj1dSIiDvVeK2Bi4PPnnrmUByqxlttGLf92si1S42XZ27Nzk3Oz09ONEan2+MzE5M73V29Gu41OjS8L535UEf2uf1H6i/PzL4x1775xwtbvn+0fun6/MJca3zrt+NIFBHN3jUnqwaPDg1XjZ5qt6arqle3HEz/0fWlIv4rUoyfb6TP53V5/P/mEf4bxv8vbt7QPo3//0TPunKfKRXx80jxO3/1dHy+aufRuOeY5XJ/FylOXvhcLheHy3LdNnSeK9AZGViW/b9I8U+/2Fi2Ox7yyfWyZ3Z8YB8R5fk/Fim+/xffjd/M6zY+/2Hr839084b26fw/1bPu6IbnFey66+TzfypSvPTk2/Fbed0HPf+j++yNE7nw3edz7NP5/1TPuoG839/em64DAAAAAAAAAAA80vpSEX8fKX44XEsv5HU7+f2/ic0b2qff//p0z7qJvZmv6EMXdn1QAQAAAOCA6EtF/CRS3Fx4++4Y6o3jv3vGf/7e+vjPobTp3ernfL9WPTdgL3/+12sg73ds990GAAAAAAAAAAAAAAAAAACAAyWlIl7I86mPVeP5J7adT305UrzyP8/lcul4Wa47D/xA9b1+ZWb61KWpqZnx1kLr+tRkY2S2NT5Z1n0qUqz+7edy3aKaX70733xnjvf1udjnIsXwP3TLduZi785N/tR62TNl2U9Eiv/+x41lu/NYf2q97Nmy7N9Eiq//y9Zlj6+XPVeW/W6k+NHXG92yR8uy3eejfnq97PPjM8U+nBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97a+nuWP48/39fz8vKW9/sme9/kzvVPP8D1fz/2y3fz/z/1XMFFrfbKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfDylKOLNSDF7ZTUt95evO+qX29O374wODW9d7Uiqah6qypdf9TNnz53/0guDF7r5wfX32mfitZFrlxovz9yanZucn5+caIxOt8dnJiZ3vIXd1t/sZHUAGrdevz1x48Z84+zz5za8fWfg/f4njg9cHHz21DPdsqNDw8MjPWVqffe993ukbdYfjiL+OlI8972fph/2RxSx+2PxIZ+d/Xak6sTJqhOjQ8NVR6baremF8s2r3QNRRDR6KjW7x+gBnItdaUYsVgvV96Hhxshsa651fWqycbU1t9BeaM9MX02d1pb9aUQRF1LEUkSs9N+7ub4o4vVI8Z1jq+lf+yMOdY/DF6+MfPX02e3bUexXB3embGejL2KpeATO2QHWH0X8c6T42Tsn4t/6I2rR+YovRLxa5g8i3orO+U7lB+N8xHtbfI54NNWiiP8vz//F1fROf3k9KP88lZfNy19rfGX6xkxP2e515ZG/PzxIB/zaVI8iflRd8VfTv/tzDQAAAAAAAAAAAAAAAHCAFPHrkeLFd0+kanxwNfZvZLY1156+2bjWuj7VGdbXHfvXHTO9tra21kidbOYcy7nYydQtt5zXr+SMItfP2SyzvrY2ll8v5lzKuZxzJWccyvVzNnOO5VzMuZRzOedKzqjl+jmbOcdyLuZcyrmccyVnHJCxewAAAAAAAAAAAAAAAAAAwMdLUf2X4tvfWE1r/Z35pceik8vmA/3Y+2UAAAD//+ic894=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x105042, 0x1db) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x189) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) 9m36.002888239s ago: executing program 2 (id=97): open(0x0, 0x80ff, 0x36) read$FUSE(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) write$P9_RGETLOCK(r1, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r3, 0xfffffffffffffc01, 0x0) tee(r0, r3, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r2, &(0x7f0000032680)={0x2020}, 0x2020) 9m28.32799417s ago: executing program 2 (id=104): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x38, 0x87, 0x46, 0x20, 0x123, 0x1, 0x4afe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x93, 0x72, 0x34}}]}}]}}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) socket$alg(0x26, 0x5, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x4000, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x10000000000000, 0x0, 0x4, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) ioctl$EVIOCGBITSND(r1, 0x40044591, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 9m27.705969642s ago: executing program 33 (id=104): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x38, 0x87, 0x46, 0x20, 0x123, 0x1, 0x4afe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x93, 0x72, 0x34}}]}}]}}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) socket$alg(0x26, 0x5, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x4000, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x10000000000000, 0x0, 0x4, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) ioctl$EVIOCGBITSND(r1, 0x40044591, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 7m22.924360065s ago: executing program 4 (id=302): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0xb4) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) setreuid(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x4000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_uid}], [], 0x6b}}) chdir(&(0x7f0000000100)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x88040, 0x0) 7m22.693233939s ago: executing program 4 (id=305): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000440), &(0x7f00000003c0)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7m22.573898981s ago: executing program 4 (id=306): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000340)={[{@init_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vVEUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aAAleTIwXY0w8eRD/CyVy5aQnD148GRKihqOJa952H3Tbty0tbV/lfT7JdufN7MvMY/l2ZqczbwOorMHsRy1id0RMp4j+dGXpCwbnn+7+/cnJ7JGiXn/jzxSpmZe/NDWf+7IfnRE9EfHzTyl2dSytd2bu0tnxqanJi83j4dlz08Mzc5f2nzk3fnry9OT50ZdGjxw+dPjIyIE1Xdflgrzj197/sP+zsbe/++afNPL9b2MpjsarzRcuvI71MhiDjX+TtLSo78h6V1aSjvm3Oha+xamzxAaxKvn71xURT0V/dMT9N68/Pn2t1MYBG6qeIupARSXxDxWVjwPyz/aLPwfXShmVAJvhzrH5CYCl8d85PzcYPY25ge13Uyyc1kkRsbaZuVY7IuLWzbFrp26OXYsNmocDil25GhFPF8V/asT/QPTEQCP+ay3xn40LTjSfs/zX11j/4qli8Q+bZz7+e5aN/2gT/+8siP9311j/4P3ke70t8d+71ksCAAAAAACAyrpxLCJeLPr7f+3e+p8oWP/TFxFH16H+wUXHS//+X7u9DtUABe4ci3ilcP1vLV/9O9DRTD3WWA/QlU6dmZo8EBGPR8S+6NqWHY8sU8f+z3d93a5ssLn+L39k9d9qrgVstuN257bWcybGZ8cf9rqBiDtXI54pXP+b7vX/qaD/z34fTD9gHbuev36iXdnK8Q9slPq3EXsL+//7d61Iy9+fY7gxHhjORwVLPfvxFz+0q3+t8e8WE/Dwsv5/+/LxP5AW3q9nZvV1HJzrrLcrW+v4vzu92bjlTHcz76Px2dmLIxHd6XhHltuSP7r6NsOjKI+HPF6y+N/33PLzf0Xj/96IWHSnsEh/te4pzj35b9/v7dpj/A/lyeJ/YlX9/+oTo9cHfmxX/4P1/4caff2+Zo75P5j3VR6m3a35BeHYWVS02e0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEdBLSJ2RKoN3UvXakNDEX0R8URsr01dmJl94dSFD85PZGWN7/+v5d/02z9/nPLv/x9YcDy66PhgROyMiC87ehvHQycvTE2UffEAAAAAAAAAAAAAAAAAAACwRfS12f+f+aOj7NYBG66z7AYApSmI/1/KaAew+fT/UF3iH6pL/EN1iX+oLvEP1SX+obrEP1SX+AcAAAAAgEfKzj03fk0RceXl3sYj090s6yq1ZcBGq5XdAKA0bvED1WXpD1SXz/hAWqG8p+1JK525nOmTD3EyAAAAAAAAAAAAAFTO3t32/0NV2f8P1WX/P1RXvv9/T8ntADafz/hArLCTv3D//4pnAQAAAAAAAAAAAADraWbu0tnxqanJixJvbY1mbGaiXq9fzv4XbJX2/M8T+VL4rdKeRYl8r9+DnVXe7yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDVfwEAAP//tsck3w==") setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000140)=0x7, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000300)=@secondary) keyctl$revoke(0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) 7m21.673916849s ago: executing program 4 (id=309): syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000700)={[{@delalloc}, {@quota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@abort}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@nobh}, {@inlinecrypt}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r1, 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x1020081, &(0x7f0000000e40)=ANY=[], 0x4, 0x1e3, &(0x7f0000000340)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wINUxI6u/MLNWeaus6Z9PtpUfy+Gp3oZvHyMDA8P8/hH2FEyHOgsN+kPgBR2aGEij//3+YbghQgdIhDExwdigDE4MmlB3OwMigB2UnMDAxhEHZqQyMDJFQdhYSOx/kppcHoZyclLTMnFQDEGEIIoxAhDG6+942MjKkMDAwcEDdx4gkX1xZlZ2Yk5NahM5ghXoDixSpDBxBB3Mfy1tHJgZbpPADxVdER3MjiA8LGwOk8DNkYGIwhLKNGRgZgqFsCwZ2Bj09PUSQIPlfigVhPjMx/h8MDEFdfGp0BoELsTBYB3uoYmPAssRgcQ9eBiO6CMj1cBGxt7tOY+p6SkuHKdDWy+CCi4GBAUPqEhdlJrNBYx2rGkT5CSpy1ZHKJxak2kC/JLdAv7iySjczNzE9NT01z8jI2MzAxMDA1EgfXBBBSDzlHwe4fOJCMp8Vh1o2RjaGisSSkiLDCgaGkiJDON8IQiKVuMHb8t+A9TCByz8mBg1liBmgpAL2Njt2OxihmAlMg1gazDgdPwpGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglEwCkbBKBgFJAF5BkbwKCh0ouo/DmAUAFYNCAAA//8zrmTZ") ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000080)={@desc={0x1, 0x0, @desc3}}) 7m19.932793104s ago: executing program 4 (id=314): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000440), &(0x7f00000003c0)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7m12.896662972s ago: executing program 4 (id=324): open(0x0, 0x80ff, 0x36) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) write$P9_RGETLOCK(r1, 0x0, 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r4, 0xfffffffffffffc01, 0x0) tee(r0, r4, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r3, &(0x7f0000032680)={0x2020}, 0x2020) 7m12.572833578s ago: executing program 34 (id=324): open(0x0, 0x80ff, 0x36) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) write$P9_RGETLOCK(r1, 0x0, 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r4, 0xfffffffffffffc01, 0x0) tee(r0, r4, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r3, &(0x7f0000032680)={0x2020}, 0x2020) 4m34.037017664s ago: executing program 3 (id=973): connect$can_bcm(0xffffffffffffffff, &(0x7f0000001ff0), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000f"], 0x20000078}}, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x7, @can={{}, 0x0, 0x2, 0x0, 0x0, "8bc7e9385559d457"}}, 0x38}}, 0x0) 4m32.843756068s ago: executing program 3 (id=977): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000340)={[{@init_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vVEUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aAAleTIwXY0w8eRD/CyVy5aQnD148GRKihqOJa952H3Tbty0tbV/lfT7JdufN7MvMY/l2ZqczbwOorMHsRy1id0RMp4j+dGXpCwbnn+7+/cnJ7JGiXn/jzxSpmZe/NDWf+7IfnRE9EfHzTyl2dSytd2bu0tnxqanJi83j4dlz08Mzc5f2nzk3fnry9OT50ZdGjxw+dPjIyIE1Xdflgrzj197/sP+zsbe/++afNPL9b2MpjsarzRcuvI71MhiDjX+TtLSo78h6V1aSjvm3Oha+xamzxAaxKvn71xURT0V/dMT9N68/Pn2t1MYBG6qeIupARSXxDxWVjwPyz/aLPwfXShmVAJvhzrH5CYCl8d85PzcYPY25ge13Uyyc1kkRsbaZuVY7IuLWzbFrp26OXYsNmocDil25GhFPF8V/asT/QPTEQCP+ay3xn40LTjSfs/zX11j/4qli8Q+bZz7+e5aN/2gT/+8siP9311j/4P3ke70t8d+71ksCAAAAAACAyrpxLCJeLPr7f+3e+p8oWP/TFxFH16H+wUXHS//+X7u9DtUABe4ci3ilcP1vLV/9O9DRTD3WWA/QlU6dmZo8EBGPR8S+6NqWHY8sU8f+z3d93a5ssLn+L39k9d9qrgVstuN257bWcybGZ8cf9rqBiDtXI54pXP+b7vX/qaD/z34fTD9gHbuev36iXdnK8Q9slPq3EXsL+//7d61Iy9+fY7gxHhjORwVLPfvxFz+0q3+t8e8WE/Dwsv5/+/LxP5AW3q9nZvV1HJzrrLcrW+v4vzu92bjlTHcz76Px2dmLIxHd6XhHltuSP7r6NsOjKI+HPF6y+N/33PLzf0Xj/96IWHSnsEh/te4pzj35b9/v7dpj/A/lyeJ/YlX9/+oTo9cHfmxX/4P1/4caff2+Zo75P5j3VR6m3a35BeHYWVS02e0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEdBLSJ2RKoN3UvXakNDEX0R8URsr01dmJl94dSFD85PZGWN7/+v5d/02z9/nPLv/x9YcDy66PhgROyMiC87ehvHQycvTE2UffEAAAAAAAAAAAAAAAAAAACwRfS12f+f+aOj7NYBG66z7AYApSmI/1/KaAew+fT/UF3iH6pL/EN1iX+oLvEP1SX+obrEP1SX+AcAAAAAgEfKzj03fk0RceXl3sYj090s6yq1ZcBGq5XdAKA0bvED1WXpD1SXz/hAWqG8p+1JK525nOmTD3EyAAAAAAAAAAAAAFTO3t32/0NV2f8P1WX/P1RXvv9/T8ntADafz/hArLCTv3D//4pnAQAAAAAAAAAAAADraWbu0tnxqanJixJvbY1mbGaiXq9fzv4XbJX2/M8T+VL4rdKeRYl8r9+DnVXe7yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDVfwEAAP//tsck3w==") setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000140)=0x7, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000300)=@secondary) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) 4m31.598907312s ago: executing program 3 (id=979): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r2, r2, 0x1, 0x2, &(0x7f00000001c0)="0090", 0x48, 0x1, 0x7, 0x8, 0x8, 0x1, 0x0, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) 4m31.026673064s ago: executing program 3 (id=985): r0 = gettid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x8000000) semget$private(0x0, 0x4000, 0x555) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x24020000) r7 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r7, 0x0) r8 = open_tree(0xffffffffffffff9c, 0x0, 0x81901) mount_setattr(r8, 0x0, 0x1000, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/12], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) timerfd_create(0x0, 0x0) 4m30.112097351s ago: executing program 3 (id=986): connect$can_bcm(0xffffffffffffffff, &(0x7f0000001ff0), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000f"], 0x20000078}}, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x7, @can={{}, 0x0, 0x2, 0x0, 0x0, "8bc7e9385559d457"}}, 0x38}}, 0x0) 4m29.623873931s ago: executing program 3 (id=990): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close(r1) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffffff00000000017c00000c0002"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4m14.177129244s ago: executing program 35 (id=990): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close(r1) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffffff00000000017c00000c0002"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4.1000555s ago: executing program 7 (id=3129): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x0, 0x0, 0x6}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, 0x0, 0x0) recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/55, 0x37}], 0x1}, 0x20003ff1}], 0x1, 0x183, 0x0) close(r1) 3.144072028s ago: executing program 7 (id=3145): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x1180c}, 0x50) 3.024552631s ago: executing program 7 (id=3148): r0 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x80ad}, 0x1c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000280)={0x1, {{0x2, 0x4e21, @multicast1}}, {{0x2, 0x4e23, @loopback}}}, 0x108) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@multicast1, @loopback, 0x1, 0x1, [@rand_addr=0x64010101]}, 0x14) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 2.795135785s ago: executing program 7 (id=3152): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close(r0) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) 2.56404154s ago: executing program 7 (id=3157): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r1 = accept4(r0, 0x0, 0x0, 0x80000) accept4$tipc(r1, &(0x7f0000000540), 0x0, 0x0) 2.453774972s ago: executing program 7 (id=3159): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$kcm(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x10) socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000104}, 0x4000841) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r4 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab0700040005"], 0xfe33) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x76}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x5, 0x8, 0xf}, 0x50) socket(0x8000000010, 0x2, 0x0) close(r5) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) 1.632006749s ago: executing program 6 (id=3168): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x128, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xf8, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x4c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x38d}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1c8e}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x7c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x10}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xfe}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK={0x5}]}}]}, 0x128}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1.50663449s ago: executing program 1 (id=3171): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1, 0x0, 0x0, 0x20000080}, 0x0) 1.421565152s ago: executing program 6 (id=3172): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x94, 0x2, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0xfffd}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfffffffb}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x200}, @CTA_SYNPROXY_ISN={0xfffffffffffffe81, 0x1, 0x1, 0x0, 0x80000000}]}, @CTA_TUPLE_ORIG={0x4c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0xb, 0x3, @remote}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 1.269430555s ago: executing program 1 (id=3174): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) read$alg(r1, &(0x7f0000000cc0)=""/4084, 0x835) sendmmsg$alg(r1, &(0x7f0000000c80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="7f1ad71c5e1e2ffd65015711202c22a16e97f0b88f833c486c5fbe2f289a0d0f74a06da438dab866494a247e9e4e4f06f21c7c3f5c4dc83ecf01cf0f3edeb9a676c8fb387ad8e1ef53ac7dfd6baf1ecf42036e181292251526714cf6d8fb4bce389c96bc0e24d3abc248a5b98fa279d377b558a6a1486d3a79e1164c19f1c333019380a90df8ef6b", 0x88}, {&(0x7f0000000600)="faab78d5e4201d43a65d20ccf90a2bc53c6384d81e049741816045278e7e25ee0c02080809000000000000009cd1df31c662ff364cbace61fcb7e067b266f3fed7c325d75bd964ef413b57037d7b69e34cdda89b0328e064119c9e8c7beb616f163ccf71e6f0ce625cddf3ac464cae067dc59d35ab8c", 0x76}, {&(0x7f0000002300)="5599e749c873ff12bae277e2d5027ac7b6e8af5edec249a07e720054d05658cc7c3d17e4ccebd593ef74c49b019f86fa066c575b64dc7a6b9e13c535b4f77a7a745e413de0e7b942cbc20fdfc28910c4c39b0924dfdd3ab53ef5012b7f468cd16db00b011daebe55a0649e207137473d9b4baa2e651fc99d366e780f3f2709ff8b8f682c0001ef29d0d0239498bfba4b21ebd57185c546de5767cc394bb38e2aa88245fd6f41f91cac995d2d1c145b5a4d03a13f8f6dc29c8e9a8e79a740e3746ff5e4b7749d27ecd8d24d43a25c8415f89d63ccc71e456c0c69c6d2fc9faf3dc9b89bbe39c2b39c4babe7baf6ba2e293d07d55e927687c6b99a0badf8dd96ba9c90ab0296824fbf2026bcd56c3faebd60ce7bfd96e264c345bc76f78be3fb69332f3a750ff1e338ebd97e131744ed866f691580bf7908157fe4fe5dc1f301ee9df4324a5bfc96e3fa48c24315a71eca2d636da924f3f94bacee29e7930f9176dcb6bc0032341f4f97bff618dbc1862ce7a1a794010a841f12f2d32c78bf67e786aeb002c3ea772043bd1645d87da8f44db008da4604a28106283d0c21d905f6558449d4ee8510a901c99140432ce551aec56ec5dd4dea78c643ec3f4ffd6f3426a49792c406b8d1e507c4e75afd5819bf584f1993ef6c0f88bc08bc21e6169cae147f95572ced2d1e6f971b41f74bcd816f16bb8b32cdde61870f6c9214bfc66bbe671a8521f4adb5c59d14b5b3e641542f85aada33542ef0e788bc0cb9f97c1e5c865b64494858c11d7f9ccfe7bc6058756b92798d6c4c1c37b726ae1b6dcdea8006b30c3a656a849620cdcfa8e3cf51fad226f6a14945ea770e60aa65cd736314ac361d2406b42e23d0ffe90dd7485e8c159ac27cd59ec29814c76e338d0269ff867480d69e7494d68dd4cbffba6e54de0915de3e56153308f2cb3d53f81d528eeee8c100466e431607ff96329dc9915fa828b2293a4f9e03f41086cffe5302b9c68c739ca38bdd64645d76963a0a80d0d2fcb18ea4ef405e17030f63fde3a92884501b82183ddfab50a17bdb3237878386045a9d0a4495eba8e2ced021f34fc76d85fd854e7978bfb52b80ee6f0cca0dfef78847bd8347433f44559927553639e6f948011f2d013e2a2b1890cff11a82284d79aab555c187ef7c3b7f248618f434a4542d29b7f703f2ade1dd45aad4bfdf992994011f058f4318ab65638060fcfc69a84561696ba64d7b9f58222d41df12431881e74c70a41b5be2e5770b779902248ba5b5c07740ab2c0b5cb9fc6c7f7f45ee89ec1e5992344ec7cded5863862864117421515df64c08735b1d2580c03812dcbb4bf25c6dfd9b0f28a87a7f4d5fdb5dd179d20f941bcfd20dfce6f5aa4ec897f8bcb57db091dc1dde7dc1b830d296e729aee7ac57a3ef81b7584a93b102ca54bd031f651db7727a81d287bcd057758a6b470b0d262ceb0fb322cfb9be8c4ad3e8fe15bd65fe0429f02295b062a0c2fd4119a38a0b2b9a42adb2e7ad855379e9b510a8e90afa4b112e2d7d069917807967d7d4c459a33173864ca5f52eb0c0d6220b8a3f077084c2a1a4b0693cda65bb1e41b6e4a2a4f9cc91a6b8afe5a7d69cfd745150f462593599d5418ac73a768c61d9a969f041eb439f45cf80e22b7cb1f8f2d1f82e675a47782aa37d73328b8053f370b4796003f7ab9d3f5235ac1f065bba0bc86c57f66e40ce813a2df65536e26f7a162d6ce7a8e770060694e82257326f3b6b235b89025f0f65e57b1fce9f356d508c0a845cdbd74dd1a0c246b0d43e3ee2f09f22e04379d4aad9829ac4cb9b2b47356d1c4ea5184a64e664f9099fc5bae50e0237b3bb0e072489804b00e77773db7a21c2759b64faa265835f5251a2305a01a10f3bfd3f905b1032d66efc02f2f0533aab76274366b5008d9e711e84ac6cc06d3c7201957a9c6d62b3ad45259c844af433f17331ad6ebd673362ad79a289fa24e7f992f4e7dcf195dfefd8bc2a76907a1f7bea048aefc3b315b42042b79b31586c7c6a67255dc3b5867fa9daafead5eadc48388c23fe635d0d5c1f8172f8fff8920c685b2bfd3c4e9e556567c425b215e8f74f916e10604c700fd71e2ee01e32894ecc1ff2e79f09b974c80cf3e77b164f67e5bc5c7ce564c00d588b54c6e3c0594c29c92fb058c9275725f68f9cd93ca8953b609f546a11957680168d88b433082c764d93cab2454056db1897c97a2ad109c0b7f4fccfd748e2f9a32cf18b0bfee0531826b3d33819477bff8addb1a49190f25689240c13fd2a2b0021580d0bad26f7f9ca2285580329dd658fba93ec594c262364345af9ad8795433a59e948f95ce195c65ed15e2a31a3c71c2d9426be29a644dc9562440fc8a4e96413818bc631a917819189db338e1cf8177cf5d489e003b70d1a8b73755da2b565eff1456f9ee9dc3d8c3b3dc2c87b6138579ba4f15e9d0f13dbe2e3253b52dab9151a156f1d9024d3f8d79bc3fd71b1c797d0601dcced11ef73caca856b6dbaddec16e27097e00f5fd9f017ef41614bfb084043c451f7c60981e605e92eb2df015808303216d609e1d9826167cc58ef90a4b5211ab113e654995f9b6897894b53", 0x737}], 0x3, 0x0, 0x0, 0x20000850}], 0x1, 0x4000080) 1.198108947s ago: executing program 5 (id=3175): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463ecc790180c2000003080600010800060400aacdaabbac1414bbaaaaaaaaaa23ac1414"], 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x20008080}, 0xc800) socketpair$unix(0x1, 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000140)={0x2000200b}) write$tun(0xffffffffffffffff, &(0x7f0000001e40)=ANY=[@ANYBLOB="000008000080030000000000000045000fc00000001100219078ac1414bbffffffff0420880b000000000000080050726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c9000086ddac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb0373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb158a4f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c3726f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153e8150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb070c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08070e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b168c0564c8b27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d557cd5ebf89f50b575b37b9a337f653919a569229009dea5789835fa2a2cf4df14640f647f3a4cb3991e0ee76bb4d7e6eda70eaff53d3bdade9d6f8d56a0000000000000080088be00000000100000000100000000000000080022eb0000000020000000020000000000000000020000080065580000000020e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084b5ec69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bcc313851e3d15bfafaa5ca38934269aedcf99d97de1b3b60f4e46e22e7499ff1858718fdaf125e935566e7895e5d5f13860a7069be6c51fe98c2bd6dd90dff5195aa91ed87bae868001f7433339f89ba0c2dc5b01815ce717b10179efdfa0b687f9a33ac84c"], 0xfce) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000108fdfffffffddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000042104020008001b000000000038001a8004002d80"], 0x60}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 1.190434237s ago: executing program 6 (id=3176): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_DREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "df"}]}], {0x14}}, 0x94}}, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000040)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x2, 0x1, 0x0, @rand_addr=0x64010101, @remote}, @dest_unreach={0x3, 0x3, 0x0, 0x0, 0x6, 0x1f, {0x15, 0x4, 0x3, 0x3a, 0x7ff, 0x68, 0x1ce2, 0xd9, 0x2f, 0xe5c, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x36}, {[@cipso={0x86, 0xa, 0x3, [{0x7, 0x2}, {0x1, 0x2}]}, @timestamp_addr={0x44, 0x34, 0x4c, 0x1, 0x0, [{@multicast2, 0x9}, {@loopback, 0x5}, {@loopback, 0x20005}, {@loopback}, {@remote, 0x329}, {@multicast2, 0x4}]}]}}}}}}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000940)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/81, 0x51}, {&(0x7f0000000540)=""/84, 0x54}], 0x2}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000040)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c0001000b080c00bdad01409bbc7a46", 0x5c}], 0x1}, 0xff0f000020000080) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 900.713993ms ago: executing program 5 (id=3177): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x33) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000dc0)={{r1, 0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x25, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002001f008500000082000000b7080000000000007b8af8ff00000000b7080000d80000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) 900.423623ms ago: executing program 1 (id=3178): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000004240)=0xc0000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 847.987184ms ago: executing program 6 (id=3179): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x124, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xf4, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x48, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x38d}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1c8e}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x7c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x10}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xfe}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK={0x5}]}}]}, 0x124}, 0x1, 0x0, 0x0, 0x80}, 0x0) 583.832389ms ago: executing program 6 (id=3180): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000d80)={0x14, r1, 0x301, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) 583.642609ms ago: executing program 5 (id=3181): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1, 0x0, 0x0, 0x20000080}, 0x0) 560.758969ms ago: executing program 1 (id=3182): r0 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x80ad}, 0x1c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000280)={0x1, {{0x2, 0x4e21, @multicast1}}, {{0x2, 0x4e23, @loopback}}}, 0x108) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@multicast1, @loopback, 0x1, 0x1, [@rand_addr=0x64010101]}, 0x14) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 379.947443ms ago: executing program 5 (id=3183): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x94, 0x2, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0xfffd}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfffffffb}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x200}, @CTA_SYNPROXY_ISN={0xfffffffffffffe81, 0x1, 0x1, 0x0, 0x80000000}]}, @CTA_TUPLE_ORIG={0x4c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0xb, 0x3, @remote}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 356.133993ms ago: executing program 1 (id=3184): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463ecc790180c2000003080600010800060400aacdaabbac1414bbaaaaaaaaaa23ac1414"], 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x20008080}, 0xc800) socketpair$unix(0x1, 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000140)={0x2000200b}) write$tun(0xffffffffffffffff, &(0x7f0000001e40)=ANY=[@ANYBLOB="000008000080030000000000000045000fc00000001100219078ac1414bbffffffff0420880b000000000000080050726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c9000086ddac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb0373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb158a4f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c3726f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153e8150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb070c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08070e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b168c0564c8b27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d557cd5ebf89f50b575b37b9a337f653919a569229009dea5789835fa2a2cf4df14640f647f3a4cb3991e0ee76bb4d7e6eda70eaff53d3bdade9d6f8d56a0000000000000080088be00000000100000000100000000000000080022eb0000000020000000020000000000000000020000080065580000000020e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084b5ec69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bcc313851e3d15bfafaa5ca38934269aedcf99d97de1b3b60f4e46e22e7499ff1858718fdaf125e935566e7895e5d5f13860a7069be6c51fe98c2bd6dd90dff5195aa91ed87bae868001f7433339f89ba0c2dc5b01815ce717b10179efdfa0b687f9a33ac84c"], 0xfce) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000108fdfffffffddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000042104020008001b000000000038001a8004002d80"], 0x60}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 268.463585ms ago: executing program 6 (id=3185): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) pread64(r0, 0x0, 0x0, 0x3) read(r0, 0x0, 0x0) write$ppp(r0, &(0x7f0000000200)="bc72", 0x2) 226.799276ms ago: executing program 5 (id=3186): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x60020, 0x4) 67.985259ms ago: executing program 1 (id=3187): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x124, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xf4, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x48, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x44, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x38d}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1c8e}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x7c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x10}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xfe}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK={0x5}]}}]}, 0x124}, 0x1, 0x0, 0x0, 0x80}, 0x0) 0s ago: executing program 5 (id=3188): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x33) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000dc0)={{r1, 0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%ps \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x25, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002001f008500000082000000b7080000000000007b8af8ff00000000b7080000d80000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) kernel console output (not intermixed with test programs): [ 377.430666][ T8677] loop1: detected capacity change from 0 to 1024 [ 377.451688][ T8677] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 377.569867][ T8682] netlink: 452 bytes leftover after parsing attributes in process `syz.6.616'. [ 378.032303][ T8691] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.608917][ T8697] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 378.735533][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.742224][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.513113][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 382.152181][ T5793] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 382.808683][ T8752] tipc: Started in network mode [ 382.834203][ T8752] tipc: Node identity 6692e35a1d4f, cluster identity 4711 [ 382.869440][ T8752] tipc: Enabled bearer , priority 0 [ 382.896992][ T8755] syzkaller0: entered promiscuous mode [ 382.923243][ T8755] syzkaller0: entered allmulticast mode [ 383.535000][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 384.026992][ T5837] tipc: Node number set to 2078139226 [ 384.611160][ T8760] tipc: Resetting bearer [ 384.750889][ T8751] tipc: Resetting bearer [ 384.925667][ T8751] tipc: Disabling bearer [ 385.275055][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 385.531251][ T8798] loop3: detected capacity change from 0 to 1024 [ 386.659936][ T8798] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 387.698064][ T5793] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 389.237637][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 389.803530][ T8847] loop5: detected capacity change from 0 to 1024 [ 389.874718][ T8847] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 390.068137][ T8849] syzkaller1: entered promiscuous mode [ 390.100593][ T8849] syzkaller1: entered allmulticast mode [ 391.523211][ T8852] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.618488][ T8861] netlink: 'syz.5.685': attribute type 30 has an invalid length. [ 391.775108][ T5869] hid-generic 0005:0007:0008.0006: unknown main item tag 0x0 [ 391.798311][ T5869] hid-generic 0005:0007:0008.0006: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 391.820613][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 392.231702][ T8869] fido_id[8869]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 392.719444][ T8880] loop5: detected capacity change from 0 to 1024 [ 392.755044][ T8880] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 393.948666][ T8890] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.238840][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 394.341776][ T42] hid-generic 0005:0007:0008.0007: unknown main item tag 0x0 [ 394.359671][ T42] hid-generic 0005:0007:0008.0007: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 394.572585][ T8905] fido_id[8905]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 395.595421][ T8921] raw_sendmsg: syz.1.706 forgot to set AF_INET. Fix it! [ 395.934389][ T8927] loop6: detected capacity change from 0 to 1024 [ 395.984351][ T8927] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 396.731723][ T8930] team_slave_0: entered promiscuous mode [ 396.737790][ T8930] team_slave_1: entered promiscuous mode [ 396.803185][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 396.822561][ T8930] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 396.930565][ T8935] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 397.240037][ T8949] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.507052][ T8954] loop1: detected capacity change from 0 to 1024 [ 397.515771][ T8954] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 398.358231][ T8] hid-generic 0005:0007:0008.0008: unknown main item tag 0x0 [ 398.408816][ T8] hid-generic 0005:0007:0008.0008: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 398.772373][ T8965] fido_id[8965]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 399.137719][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 399.356595][ T8977] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.556382][ T8981] loop3: detected capacity change from 0 to 1024 [ 399.573931][ T8981] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 400.660637][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 400.737694][ T9004] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.364178][ T9011] loop6: detected capacity change from 0 to 1024 [ 401.410758][ T8] hid-generic 0005:0007:0008.0009: unknown main item tag 0x0 [ 401.426979][ T9011] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 401.466554][ T8] hid-generic 0005:0007:0008.0009: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 401.822642][ T9015] fido_id[9015]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 402.376726][ T9024] syz.5.747 uses obsolete (PF_INET,SOCK_PACKET) [ 402.580665][ T5793] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 402.689888][ T9028] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.067899][ T5824] hid-generic 0005:0007:0008.000A: unknown main item tag 0x0 [ 403.103973][ T5824] hid-generic 0005:0007:0008.000A: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 403.469692][ T9041] fido_id[9041]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 403.576988][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 404.216094][ T9057] loop1: detected capacity change from 0 to 1024 [ 404.245886][ T9057] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 405.425816][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 405.532792][ T786] hid-generic 0005:0007:0008.000B: unknown main item tag 0x0 [ 405.807410][ T786] hid-generic 0005:0007:0008.000B: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 405.845465][ T9074] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.007213][ T9078] fido_id[9078]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 406.093241][ T9083] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 406.302387][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 406.549612][ T9096] loop3: detected capacity change from 0 to 1024 [ 406.574004][ T9096] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 407.296964][ T9101] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.374199][ T961] hid-generic 0005:0007:0008.000C: unknown main item tag 0x0 [ 407.453852][ T961] hid-generic 0005:0007:0008.000C: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 407.878921][ T9107] fido_id[9107]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 408.255603][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 408.677120][ T9123] loop5: detected capacity change from 0 to 1024 [ 408.706795][ T9123] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 408.777562][ T7417] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 409.079920][ T9131] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.211689][ T5824] hid-generic 0005:0007:0008.000D: unknown main item tag 0x0 [ 409.221486][ T5824] hid-generic 0005:0007:0008.000D: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 409.347630][ T9137] fido_id[9137]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 409.419542][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 409.934589][ T9154] loop6: detected capacity change from 0 to 1024 [ 409.951916][ T9154] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 410.221394][ T9156] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.538250][ T5869] hid-generic 0005:0007:0008.000E: unknown main item tag 0x0 [ 410.571802][ T5869] hid-generic 0005:0007:0008.000E: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 410.828369][ T9162] fido_id[9162]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 410.937425][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 412.020483][ T9181] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.265477][ T42] hid-generic 0005:0007:0008.000F: unknown main item tag 0x0 [ 412.293178][ T42] hid-generic 0005:0007:0008.000F: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 412.460364][ T9195] loop6: detected capacity change from 0 to 1024 [ 412.610648][ T9195] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 412.640413][ T9192] fido_id[9192]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 413.731304][ T9212] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.633054][ T9239] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.002040][ T9244] loop6: detected capacity change from 0 to 1024 [ 416.013500][ T9244] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 416.866798][ T7417] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 418.143661][ T9274] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.281053][ T5824] hid-generic 0005:0007:0008.0010: unknown main item tag 0x0 [ 418.402193][ T5824] hid-generic 0005:0007:0008.0010: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 418.890031][ T9280] fido_id[9280]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 419.022294][ T9287] loop6: detected capacity change from 0 to 1024 [ 419.026961][ C0] IPv4: Oversized IP packet from 127.0.0.1 [ 419.030747][ T9287] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 421.274976][ T9317] loop3: detected capacity change from 0 to 1024 [ 421.325191][ T9317] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 423.033176][ T9328] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.288170][ T5851] hid-generic 0005:0007:0008.0011: unknown main item tag 0x0 [ 423.388260][ T5851] hid-generic 0005:0007:0008.0011: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 423.760688][ T9336] fido_id[9336]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 424.187005][ T9350] netlink: 'syz.3.878': attribute type 1 has an invalid length. [ 424.189499][ T9347] loop6: detected capacity change from 0 to 1024 [ 424.196592][ T9350] netlink: 252 bytes leftover after parsing attributes in process `syz.3.878'. [ 424.214045][ T9347] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 424.232416][ T9350] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.796373][ T5837] hid-generic 0005:0007:0008.0012: unknown main item tag 0x0 [ 424.820141][ T5837] hid-generic 0005:0007:0008.0012: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 425.232993][ T9361] fido_id[9361]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 426.189285][ T9376] netlink: 'syz.5.887': attribute type 1 has an invalid length. [ 426.196987][ T9376] netlink: 252 bytes leftover after parsing attributes in process `syz.5.887'. [ 426.255460][ T9376] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.552664][ T9382] loop5: detected capacity change from 0 to 1024 [ 426.606907][ T9382] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 427.910697][ T9394] netlink: 16 bytes leftover after parsing attributes in process `syz.1.895'. [ 427.948428][ T9398] netlink: 'syz.3.897': attribute type 1 has an invalid length. [ 427.956458][ T9398] netlink: 252 bytes leftover after parsing attributes in process `syz.3.897'. [ 427.965942][ T9398] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.014030][ T9400] pimreg: entered allmulticast mode [ 428.073180][ T9400] pimreg: left allmulticast mode [ 428.684736][ T9411] loop6: detected capacity change from 0 to 1024 [ 428.695166][ T9411] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 430.217372][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 430.417624][ T9431] netlink: 'syz.5.909': attribute type 1 has an invalid length. [ 430.432411][ T9431] netlink: 252 bytes leftover after parsing attributes in process `syz.5.909'. [ 431.474827][ T9444] loop1: detected capacity change from 0 to 1024 [ 431.508947][ T961] hid-generic 0005:0007:0008.0013: unknown main item tag 0x0 [ 431.525862][ T9444] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 431.539493][ T961] hid-generic 0005:0007:0008.0013: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 432.033118][ T9451] fido_id[9451]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 432.123311][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 432.277218][ T9459] netlink: 'syz.5.918': attribute type 1 has an invalid length. [ 432.302628][ T9459] netlink: 252 bytes leftover after parsing attributes in process `syz.5.918'. [ 433.802335][ T5777] hid-generic 0005:0007:0008.0014: unknown main item tag 0x0 [ 433.881577][ T5777] hid-generic 0005:0007:0008.0014: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 434.205335][ T9477] fido_id[9477]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 434.271884][ T9479] loop5: detected capacity change from 0 to 1024 [ 434.325630][ T9479] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 435.557543][ T9489] netlink: 'syz.1.930': attribute type 9 has an invalid length. [ 435.570084][ T9489] netlink: 32 bytes leftover after parsing attributes in process `syz.1.930'. [ 435.588423][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 435.688545][ T9492] netlink: 'syz.6.931': attribute type 1 has an invalid length. [ 435.696688][ T9492] netlink: 252 bytes leftover after parsing attributes in process `syz.6.931'. [ 435.711538][ T42] hid-generic 0005:0007:0008.0015: unknown main item tag 0x0 [ 435.740352][ T42] hid-generic 0005:0007:0008.0015: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 436.089222][ T9500] fido_id[9500]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 437.135944][ T9510] loop3: detected capacity change from 0 to 1024 [ 437.204402][ T9510] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 437.260236][ T9514] netlink: 'syz.5.939': attribute type 30 has an invalid length. [ 438.057458][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 438.740342][ T9534] loop6: detected capacity change from 0 to 1024 [ 438.762071][ T9534] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 439.452333][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 440.217797][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.224156][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.654034][ T786] hid-generic 0005:0007:0008.0016: unknown main item tag 0x0 [ 440.738674][ T786] hid-generic 0005:0007:0008.0016: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 441.129799][ T9562] fido_id[9562]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 441.400401][ T9568] loop6: detected capacity change from 0 to 1024 [ 441.445986][ T9568] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 441.649093][ T5793] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 442.336873][ T9581] netlink: 'syz.3.965': attribute type 2 has an invalid length. [ 442.861866][ T5793] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 443.133186][ T9597] syzkaller1: entered promiscuous mode [ 443.163860][ T9597] syzkaller1: entered allmulticast mode [ 444.387420][ T5793] Bluetooth: hci0: link tx timeout [ 444.393601][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.417944][ T5793] Bluetooth: hci0: link tx timeout [ 444.423222][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.436369][ T5793] Bluetooth: hci0: link tx timeout [ 444.441795][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.450280][ T5793] Bluetooth: hci0: link tx timeout [ 444.455570][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.464053][ T5793] Bluetooth: hci0: link tx timeout [ 444.469589][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.478966][ T5793] Bluetooth: hci0: link tx timeout [ 444.484255][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.493657][ T5793] Bluetooth: hci0: link tx timeout [ 444.499023][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.507714][ T5793] Bluetooth: hci0: link tx timeout [ 444.513010][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.522709][ T5793] Bluetooth: hci0: link tx timeout [ 444.529198][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.542746][ T5793] Bluetooth: hci0: link tx timeout [ 444.548096][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.569072][ T5793] Bluetooth: hci0: link tx timeout [ 444.574346][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.583371][ T5793] Bluetooth: hci0: link tx timeout [ 444.592619][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.610339][ T5793] Bluetooth: hci0: link tx timeout [ 444.615598][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.631585][ T5793] Bluetooth: hci0: link tx timeout [ 444.636874][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.645327][ T5793] Bluetooth: hci0: link tx timeout [ 444.650815][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.658791][ T5793] Bluetooth: hci0: link tx timeout [ 444.664074][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.672233][ T5793] Bluetooth: hci0: link tx timeout [ 444.677545][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.692243][ T5793] Bluetooth: hci0: link tx timeout [ 444.697525][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.705919][ T5793] Bluetooth: hci0: link tx timeout [ 444.711874][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.720792][ T5793] Bluetooth: hci0: link tx timeout [ 444.726103][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.757424][ T5793] Bluetooth: hci0: link tx timeout [ 444.762690][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.778825][ T9611] loop3: detected capacity change from 0 to 1024 [ 444.795582][ T5793] Bluetooth: hci0: link tx timeout [ 444.801149][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.811740][ T5793] Bluetooth: hci0: link tx timeout [ 444.817016][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.836779][ T5793] Bluetooth: hci0: link tx timeout [ 444.843731][ T5793] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 444.865021][ T9611] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 445.017852][ T9613] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.773672][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 445.776123][ T5869] hid-generic 0005:0007:0008.0017: unknown main item tag 0x0 [ 445.858810][ T5869] hid-generic 0005:0007:0008.0017: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 445.962243][ T9624] fido_id[9624]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 446.926268][ T5793] Bluetooth: hci0: command 0x0406 tx timeout [ 447.522457][ T9640] loop5: detected capacity change from 0 to 1024 [ 447.601259][ T9640] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 447.975539][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 448.889215][ T5869] hid-generic 0005:0007:0008.0018: unknown main item tag 0x0 [ 448.946292][ T5869] hid-generic 0005:0007:0008.0018: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 449.947174][ T9666] fido_id[9666]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 450.491744][ T9674] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.936692][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 451.444426][ T9682] loop6: detected capacity change from 0 to 1024 [ 451.490902][ T9682] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 451.723425][ T5869] hid-generic 0005:0007:0008.0019: unknown main item tag 0x0 [ 451.767018][ T5869] hid-generic 0005:0007:0008.0019: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 453.316078][ T9702] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.339929][ T9696] fido_id[9696]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 453.645027][ T9704] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1011'. [ 453.857939][ T5786] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 455.500440][ T9722] loop5: detected capacity change from 0 to 1024 [ 455.531134][ T9722] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 457.289258][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 457.471643][ T9742] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1026'. [ 458.831091][ T9755] loop1: detected capacity change from 0 to 1024 [ 458.900241][ T9755] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 459.047636][ T5837] hid-generic 0005:0007:0008.001A: unknown main item tag 0x0 [ 459.108978][ T5837] hid-generic 0005:0007:0008.001A: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 459.473447][ T9759] fido_id[9759]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 460.771415][ T5786] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 460.781850][ T9772] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.136319][ T9781] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1039'. [ 462.447681][ T9789] loop1: detected capacity change from 0 to 1024 [ 462.499491][ T9789] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 463.648948][ T9802] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.137869][ T5793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 465.148597][ T5793] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 465.156769][ T5793] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 465.168368][ T5793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 465.176205][ T5793] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 465.186036][ T5793] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 465.342700][ T9819] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1052'. [ 465.905342][ T9826] loop5: detected capacity change from 0 to 1024 [ 465.955738][ T9826] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 466.680808][ T5837] hid-generic 0005:0007:0008.001B: unknown main item tag 0x0 [ 466.703356][ T5837] hid-generic 0005:0007:0008.001B: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 466.823797][ T9816] chnl_net:caif_netlink_parms(): no params data found [ 466.883530][ T9837] fido_id[9837]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 467.287454][ T5793] Bluetooth: hci4: command tx timeout [ 467.419074][ T9816] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.437398][ T9816] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.445318][ T9816] bridge_slave_0: entered allmulticast mode [ 467.494260][ T9816] bridge_slave_0: entered promiscuous mode [ 467.512618][ T9816] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.520866][ T9816] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.537692][ T9816] bridge_slave_1: entered allmulticast mode [ 467.545892][ T9816] bridge_slave_1: entered promiscuous mode [ 467.586202][ T9816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.600662][ T9816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.658838][ T9816] team0: Port device team_slave_0 added [ 467.670733][ T9816] team0: Port device team_slave_1 added [ 467.729748][ T9816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 467.736751][ T9816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.776492][ T9816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 467.798361][ T9816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 467.805342][ T9816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.832699][ T9816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 467.898482][ T9816] hsr_slave_0: entered promiscuous mode [ 467.905152][ T9816] hsr_slave_1: entered promiscuous mode [ 467.913599][ T9816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 467.921487][ T9816] Cannot create hsr debugfs directory [ 468.160134][ T9816] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 468.172606][ T9816] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 468.192025][ T9816] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 468.203145][ T9816] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 468.312321][ T9816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 468.335292][ T9816] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.390014][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.397173][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.406970][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.414171][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.726155][ T9816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 469.155526][ T9816] veth0_vlan: entered promiscuous mode [ 469.166540][ T9816] veth1_vlan: entered promiscuous mode [ 469.197071][ T9816] veth0_macvtap: entered promiscuous mode [ 469.206751][ T9816] veth1_macvtap: entered promiscuous mode [ 469.231250][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.242258][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.252246][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.262721][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.272978][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.283880][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.296174][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.306892][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.319681][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 469.338458][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.349205][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.359887][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.371012][ T5793] Bluetooth: hci4: command tx timeout [ 469.371035][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.386402][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.397997][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.408145][ T9816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.419029][ T9816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.430744][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.473695][ T3238] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.492323][ T9816] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.501319][ T9816] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.510358][ T9816] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.519589][ T9816] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.572187][ T3238] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.639318][ T3224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.647198][ T3224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.683776][ T3238] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.717153][ T6819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.725186][ T6819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.769400][ T3238] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.910107][ T5793] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 469.940327][ T9863] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.943682][ T961] hid-generic 0005:0007:0008.001C: unknown main item tag 0x0 [ 469.960853][ T961] hid-generic 0005:0007:0008.001C: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 470.162250][ T9869] fido_id[9869]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 471.447536][ T5793] Bluetooth: hci4: command tx timeout [ 472.556088][ T9899] loop6: detected capacity change from 0 to 1024 [ 472.682327][ T9899] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 472.827668][ T7417] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 473.044344][ T9906] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1066'. [ 473.205466][ T5793] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 473.323429][ T961] hid-generic 0005:0007:0008.001D: unknown main item tag 0x0 [ 473.333905][ T961] hid-generic 0005:0007:0008.001D: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 473.543772][ T5793] Bluetooth: hci4: command tx timeout [ 473.746551][ T9926] fido_id[9926]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 475.106035][ T9951] loop5: detected capacity change from 0 to 1024 [ 475.226299][ T9951] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 475.487644][ T5793] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 476.251073][ T9969] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1087'. [ 476.616969][ T9973] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1088'. [ 477.931418][ T5793] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 479.032987][T10011] loop6: detected capacity change from 0 to 1024 [ 479.122335][T10011] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 479.316639][T10018] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1102'. [ 480.571548][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 481.027518][ T3238] hsr_slave_0: left promiscuous mode [ 481.090969][ T3238] hsr_slave_1: left promiscuous mode [ 481.139024][ T3238] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 481.197057][ T3238] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 481.284371][ T3238] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 481.300980][ T3238] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 481.751580][T10054] loop7: detected capacity change from 0 to 1024 [ 481.803505][T10054] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 481.887800][ T3238] bridge_slave_1: left allmulticast mode [ 481.893505][ T3238] bridge_slave_1: left promiscuous mode [ 481.899366][ T3238] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.318500][ T3238] bridge_slave_0: left allmulticast mode [ 482.324214][ T3238] bridge_slave_0: left promiscuous mode [ 482.372008][ T3238] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.432389][ T3238] veth1_macvtap: left promiscuous mode [ 482.445308][ T3238] veth0_macvtap: left promiscuous mode [ 482.461670][ T3238] veth1_vlan: left promiscuous mode [ 482.467060][ T3238] veth0_vlan: left promiscuous mode [ 484.243915][ T5786] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 484.518495][ T42] hid-generic 0005:0007:0008.001E: unknown main item tag 0x0 [ 484.543462][ T42] hid-generic 0005:0007:0008.001E: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 484.743092][T10086] fido_id[10086]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 484.781306][T10088] loop1: detected capacity change from 0 to 1024 [ 484.825355][T10088] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 484.904186][T10092] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1123'. [ 485.512392][ T3238] team0 (unregistering): Port device team_slave_1 removed [ 486.218134][ T5786] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 487.367923][ T3238] team0 (unregistering): Port device team_slave_0 removed [ 487.599372][ T3238] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 487.599980][ T9970] hid-generic 0005:0007:0008.001F: unknown main item tag 0x0 [ 487.667662][ T9970] hid-generic 0005:0007:0008.001F: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 487.699459][ T3238] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 487.817021][T10111] fido_id[10111]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 488.064243][T10119] loop1: detected capacity change from 0 to 1024 [ 488.083222][T10119] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 488.517722][ T5786] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 488.975297][ T3238] bond0 (unregistering): Released all slaves [ 489.845265][T10040] bridge0: port 1(bridge_slave_0) entered listening state [ 490.838779][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 490.879153][T10149] loop7: detected capacity change from 0 to 1024 [ 490.951443][T10149] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 491.247497][ T7417] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 492.333082][T10169] bridge0: port 1(bridge_slave_0) entered listening state [ 492.669692][ T5777] hid-generic 0005:0007:0008.0020: unknown main item tag 0x0 [ 492.696924][ T5777] hid-generic 0005:0007:0008.0020: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 493.073044][T10176] fido_id[10176]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 493.826994][ T5786] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 494.177175][T10195] loop6: detected capacity change from 0 to 1024 [ 494.220334][T10195] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 494.334478][ T7417] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 494.369930][ T8] hid-generic 0005:0007:0008.0021: unknown main item tag 0x0 [ 494.390008][T10201] bridge0: port 1(bridge_slave_0) entered listening state [ 494.399373][ T8] hid-generic 0005:0007:0008.0021: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 494.697892][T10203] fido_id[10203]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 495.961365][ T5786] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 497.569515][ T5786] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 497.945028][T10263] loop6: detected capacity change from 0 to 1024 [ 497.963254][T10263] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 499.772847][ T5786] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 501.236226][T10317] loop5: detected capacity change from 0 to 1024 [ 501.262051][T10317] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 501.282901][ T5786] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 501.616276][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.623237][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.939892][T10350] netlink: 37 bytes leftover after parsing attributes in process `syz.7.1201'. [ 505.782545][T10385] loop6: detected capacity change from 0 to 1024 [ 505.895503][T10385] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 508.484769][T10403] netlink: 37 bytes leftover after parsing attributes in process `syz.5.1215'. [ 511.401675][T10468] loop7: detected capacity change from 0 to 1024 [ 511.449406][T10472] netlink: 'syz.5.1233': attribute type 16 has an invalid length. [ 511.493153][T10468] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 511.672685][T10460] netlink: 37 bytes leftover after parsing attributes in process `syz.6.1229'. [ 514.008407][T10504] netlink: 'syz.6.1243': attribute type 16 has an invalid length. [ 515.617812][T10519] netlink: 37 bytes leftover after parsing attributes in process `syz.1.1247'. [ 516.331792][T10549] netlink: 'syz.6.1253': attribute type 16 has an invalid length. [ 516.494667][T10551] loop5: detected capacity change from 0 to 1024 [ 516.527785][T10551] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 516.542216][T10556] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 517.654825][T10566] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1258'. [ 519.326186][T10595] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 520.397468][T10594] netlink: 37 bytes leftover after parsing attributes in process `syz.5.1266'. [ 521.902183][T10625] loop7: detected capacity change from 0 to 1024 [ 521.917032][T10625] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 522.419742][T10635] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 524.303063][T10664] loop6: detected capacity change from 0 to 1024 [ 524.476949][T10664] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 524.720091][T10668] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 526.147700][T10702] loop5: detected capacity change from 0 to 1024 [ 526.167339][T10702] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 527.139505][T10712] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 527.291897][ T7417] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 530.240557][T10758] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 530.856739][T10769] loop5: detected capacity change from 0 to 1024 [ 530.981297][T10769] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 531.801364][T10792] netlink: 'syz.5.1325': attribute type 16 has an invalid length. [ 532.239021][ T5851] hid-generic 0005:0007:0008.0022: unknown main item tag 0x0 [ 532.251176][ T5851] hid-generic 0005:0007:0008.0022: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 534.299268][T10805] fido_id[10805]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 534.416793][T10815] loop1: detected capacity change from 0 to 1024 [ 534.503497][T10815] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 535.659376][T10834] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1332'. [ 535.711430][T10841] netlink: 'syz.7.1335': attribute type 16 has an invalid length. [ 537.444066][T10872] loop1: detected capacity change from 0 to 1024 [ 537.531999][T10872] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 537.930993][T10881] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1346'. [ 539.041997][ T5851] hid-generic 0005:0007:0008.0023: unknown main item tag 0x0 [ 539.055307][ T5851] hid-generic 0005:0007:0008.0023: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 539.222585][T10896] netlink: 'syz.6.1348': attribute type 16 has an invalid length. [ 539.328964][T10895] fido_id[10895]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 541.015639][T10932] loop7: detected capacity change from 0 to 1024 [ 541.066261][T10932] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 542.429545][ T5851] hid-generic 0005:0007:0008.0024: unknown main item tag 0x0 [ 542.532819][ T5851] hid-generic 0005:0007:0008.0024: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 543.922720][T10972] loop6: detected capacity change from 0 to 1024 [ 544.007663][T10972] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 547.358628][T11011] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1387'. [ 547.695398][T11021] loop5: detected capacity change from 0 to 1024 [ 547.712038][T11021] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 549.660903][T11051] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1403'. [ 549.752675][T11054] loop1: detected capacity change from 0 to 1024 [ 549.770315][T11054] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 550.920758][T11067] lo: entered allmulticast mode [ 551.278855][T11082] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1415'. [ 551.343855][T11084] loop1: detected capacity change from 0 to 1024 [ 551.355175][T11084] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 551.410871][ T7417] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 552.275775][T11109] netlink: 52 bytes leftover after parsing attributes in process `syz.7.1427'. [ 552.305902][T11110] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 552.315890][T11110] dvmrp1: linktype set to 804 [ 552.369729][T11114] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check. [ 552.380218][T11115] loop5: detected capacity change from 0 to 1024 [ 552.434984][T11115] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 552.878913][T11124] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 553.194327][T11134] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1438'. [ 553.445120][T11139] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 553.458794][T11139] dvmrp1: linktype set to 804 [ 553.646965][T11143] loop7: detected capacity change from 0 to 1024 [ 553.673888][T11143] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 554.595157][T11169] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 554.600972][T11169] dvmrp1: linktype set to 804 [ 554.776930][T11175] loop6: detected capacity change from 0 to 1024 [ 554.794837][T11175] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 555.071777][T11183] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1458'. [ 555.703108][T11197] tipc: Started in network mode [ 555.713048][T11197] tipc: Node identity 5edc3bc81ddc, cluster identity 4711 [ 555.740082][T11197] tipc: Enabled bearer , priority 0 [ 555.758852][T11200] syzkaller0: entered promiscuous mode [ 555.765637][T11200] syzkaller0: entered allmulticast mode [ 555.804896][T11202] loop7: detected capacity change from 0 to 1024 [ 555.820834][T11202] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 555.942433][T11197] tipc: Resetting bearer [ 556.000113][T11196] tipc: Resetting bearer [ 556.187136][T11196] tipc: Disabling bearer [ 556.853471][T11229] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1479'. [ 556.857051][T11230] loop7: detected capacity change from 0 to 1024 [ 556.875023][T11230] EXT4-fs (loop7): bad geometry: first data block is 0 with a 1k block and cluster size [ 557.257925][T11235] tipc: Enabled bearer , priority 0 [ 557.266442][T11235] syzkaller0: entered promiscuous mode [ 557.272054][T11235] syzkaller0: entered allmulticast mode [ 557.335684][T11235] tipc: Resetting bearer [ 557.351589][T11233] tipc: Resetting bearer [ 557.403989][T11233] tipc: Disabling bearer [ 557.915928][T11255] loop5: detected capacity change from 0 to 1024 [ 557.949204][T11255] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 558.342382][T11264] netlink: 'syz.1.1495': attribute type 56 has an invalid length. [ 558.352343][T11264] netlink: 'syz.1.1495': attribute type 1 has an invalid length. [ 558.673626][T11277] tipc: Started in network mode [ 558.688459][T11277] tipc: Node identity 9a4a260b1a33, cluster identity 4711 [ 558.706034][T11277] tipc: Enabled bearer , priority 0 [ 558.709556][T11279] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1500'. [ 558.715678][T11277] syzkaller0: entered promiscuous mode [ 558.759169][T11277] syzkaller0: entered allmulticast mode [ 558.868210][T11277] tipc: Resetting bearer [ 558.913313][T11276] tipc: Resetting bearer [ 558.949526][T11276] tipc: Disabling bearer [ 559.227660][T11292] loop5: detected capacity change from 0 to 1024 [ 559.273386][T11292] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 560.022328][T11310] netlink: 'syz.5.1514': attribute type 56 has an invalid length. [ 560.032857][T11310] netlink: 'syz.5.1514': attribute type 1 has an invalid length. [ 560.335381][T11320] loop6: detected capacity change from 0 to 1024 [ 560.347845][T11320] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 561.241217][T11345] loop5: detected capacity change from 0 to 1024 [ 561.253353][T11345] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size [ 561.597743][T11350] netlink: 'syz.6.1531': attribute type 56 has an invalid length. [ 561.617020][T11350] netlink: 'syz.6.1531': attribute type 1 has an invalid length. [ 562.165339][T11370] loop6: detected capacity change from 0 to 1024 [ 562.179290][T11370] EXT4-fs (loop6): bad geometry: first data block is 0 with a 1k block and cluster size [ 562.654854][T11382] tipc: Enabled bearer , priority 0 [ 562.680125][T11382] syzkaller0: entered promiscuous mode [ 562.685653][T11382] syzkaller0: entered allmulticast mode [ 562.772439][T11382] tipc: Resetting bearer [ 562.802175][T11381] tipc: Resetting bearer [ 562.848414][T11381] tipc: Disabling bearer [ 563.055995][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.063238][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.573442][T11412] tipc: Enabled bearer , priority 0 [ 563.589792][T11412] syzkaller0: entered promiscuous mode [ 563.595763][T11412] syzkaller0: entered allmulticast mode [ 563.624036][T11412] tipc: Resetting bearer [ 563.634492][T11411] tipc: Resetting bearer [ 563.656628][T11411] tipc: Disabling bearer [ 564.611923][T11442] tipc: Enabled bearer , priority 0 [ 564.630074][T11442] syzkaller0: entered promiscuous mode [ 564.635580][T11442] syzkaller0: entered allmulticast mode [ 564.697948][T11442] tipc: Resetting bearer [ 564.723478][T11441] tipc: Resetting bearer [ 564.759376][T11441] tipc: Disabling bearer [ 565.801678][T11475] tipc: Enabled bearer , priority 0 [ 565.815817][T11475] syzkaller0: entered promiscuous mode [ 565.821942][T11475] syzkaller0: entered allmulticast mode [ 565.843228][T11475] tipc: Resetting bearer [ 565.869610][T11474] tipc: Resetting bearer [ 565.915998][T11474] tipc: Disabling bearer [ 566.590460][T11506] tipc: Enabled bearer , priority 0 [ 566.604819][T11506] syzkaller0: entered promiscuous mode [ 566.611522][T11506] syzkaller0: entered allmulticast mode [ 566.639180][T11506] tipc: Resetting bearer [ 566.657714][T11504] tipc: Resetting bearer [ 566.694920][T11504] tipc: Disabling bearer [ 567.321188][T11530] tipc: Enabled bearer , priority 0 [ 567.345247][T11530] syzkaller0: entered promiscuous mode [ 567.369765][T11530] syzkaller0: entered allmulticast mode [ 567.408437][T11530] tipc: Resetting bearer [ 567.431100][T11529] tipc: Resetting bearer [ 567.462620][T11529] tipc: Disabling bearer [ 567.632435][T11540] netlink: 'syz.7.1622': attribute type 16 has an invalid length. [ 567.650601][T11540] netlink: 568 bytes leftover after parsing attributes in process `syz.7.1622'. [ 568.066580][T11554] syzkaller0: entered promiscuous mode [ 568.072291][T11554] syzkaller0: entered allmulticast mode [ 570.244112][T11565] tipc: Enabling of bearer rejected, failed to enable media [ 570.263494][T11578] netlink: 'syz.5.1635': attribute type 16 has an invalid length. [ 570.273855][T11578] netlink: 568 bytes leftover after parsing attributes in process `syz.5.1635'. [ 570.638038][T11589] syzkaller1: entered promiscuous mode [ 570.643581][T11589] syzkaller1: entered allmulticast mode [ 570.716910][T11594] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1642'. [ 570.846883][T11598] pim6reg1: entered promiscuous mode [ 570.853673][T11598] pim6reg1: entered allmulticast mode [ 570.870458][T11598] netlink: 'syz.5.1644': attribute type 27 has an invalid length. [ 571.094012][T11598] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.506566][T11598] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 571.591631][T11598] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 571.987831][T11598] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.999407][T11598] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.009407][T11598] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.023786][T11598] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.093957][T11598] gre1: left promiscuous mode [ 572.099856][T11598] gre1: left allmulticast mode [ 572.107072][T11598] pim6reg1: left promiscuous mode [ 572.114348][T11598] pim6reg1: left allmulticast mode [ 572.121897][T11600] netlink: 'syz.6.1645': attribute type 16 has an invalid length. [ 572.136385][T11600] netlink: 568 bytes leftover after parsing attributes in process `syz.6.1645'. [ 572.358434][T11632] tipc: Enabled bearer , priority 0 [ 572.367048][T11633] syzkaller0: entered promiscuous mode [ 572.374665][T11633] syzkaller0: entered allmulticast mode [ 572.389919][T11639] tipc: Resetting bearer [ 572.443946][T11628] tipc: Resetting bearer [ 572.563270][T11628] tipc: Disabling bearer [ 572.844705][T11660] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1655'. [ 572.860033][T11661] netlink: 'syz.5.1656': attribute type 16 has an invalid length. [ 572.869832][T11661] netlink: 568 bytes leftover after parsing attributes in process `syz.5.1656'. [ 573.057585][T11667] netlink: 'syz.5.1659': attribute type 12 has an invalid length. [ 573.065674][T11667] netlink: 'syz.5.1659': attribute type 29 has an invalid length. [ 573.078807][T11667] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1659'. [ 573.093874][T11667] netlink: 'syz.5.1659': attribute type 1 has an invalid length. [ 573.101928][T11667] netlink: 'syz.5.1659': attribute type 2 has an invalid length. [ 573.109883][T11667] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1659'. [ 573.564097][T11682] netlink: 'syz.5.1666': attribute type 16 has an invalid length. [ 573.572670][T11682] netlink: 568 bytes leftover after parsing attributes in process `syz.5.1666'. [ 573.917936][T11691] tipc: Enabled bearer , priority 0 [ 573.939271][T11688] syzkaller0: entered promiscuous mode [ 573.944804][T11688] syzkaller0: entered allmulticast mode [ 574.041322][T11688] tipc: Resetting bearer [ 574.092951][T11687] tipc: Resetting bearer [ 574.186362][T11687] tipc: Disabling bearer [ 574.200169][T11699] bond0: Caught tx_queue_len zero misconfig [ 574.646704][T11708] netlink: 'syz.6.1677': attribute type 16 has an invalid length. [ 574.655685][T11708] netlink: 568 bytes leftover after parsing attributes in process `syz.6.1677'. [ 574.790898][T11712] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1678'. [ 575.123126][T11727] tipc: Enabled bearer , priority 0 [ 575.131056][T11727] syzkaller0: entered promiscuous mode [ 575.136632][T11727] syzkaller0: entered allmulticast mode [ 575.158011][T11727] tipc: Resetting bearer [ 575.169296][T11726] tipc: Resetting bearer [ 575.197912][T11726] tipc: Disabling bearer [ 576.071101][T11764] tipc: Enabled bearer , priority 0 [ 576.091623][T11764] syzkaller0: entered promiscuous mode [ 576.107828][T11764] syzkaller0: entered allmulticast mode [ 576.126692][T11764] tipc: Resetting bearer [ 576.135616][T11763] tipc: Resetting bearer [ 576.173648][T11763] tipc: Disabling bearer [ 576.344043][T11772] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1704'. [ 577.001054][T11791] tipc: Enabled bearer , priority 0 [ 577.031932][T11791] syzkaller0: entered promiscuous mode [ 577.048952][T11791] syzkaller0: entered allmulticast mode [ 577.112485][T11791] tipc: Resetting bearer [ 577.149549][T11789] tipc: Resetting bearer [ 577.194405][T11789] tipc: Disabling bearer [ 577.775971][T11822] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1726'. [ 578.309903][T11840] tipc: Enabled bearer , priority 0 [ 578.338916][T11840] syzkaller0: entered promiscuous mode [ 578.355727][T11840] syzkaller0: entered allmulticast mode [ 578.385623][T11840] tipc: Resetting bearer [ 578.397466][T11838] tipc: Resetting bearer [ 578.456749][T11838] tipc: Disabling bearer [ 578.576842][T11848] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1736'. [ 578.912857][T11863] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1742'. [ 579.172315][T11870] tipc: Started in network mode [ 579.181738][T11870] tipc: Node identity b64ab005d016, cluster identity 4711 [ 579.189207][T11870] tipc: Enabled bearer , priority 0 [ 579.196775][T11870] syzkaller0: entered promiscuous mode [ 579.202335][T11870] syzkaller0: entered allmulticast mode [ 579.217140][T11870] tipc: Resetting bearer [ 579.224418][T11869] tipc: Resetting bearer [ 579.244554][T11869] tipc: Disabling bearer [ 579.813084][T11887] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1751'. [ 580.227741][T11902] tipc: Enabled bearer , priority 0 [ 580.238282][T11902] syzkaller0: entered promiscuous mode [ 580.243795][T11902] syzkaller0: entered allmulticast mode [ 580.280446][T11902] tipc: Resetting bearer [ 580.304110][T11906] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1757'. [ 580.317430][T11901] tipc: Resetting bearer [ 580.386846][T11901] tipc: Disabling bearer [ 580.499617][T11912] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1762'. [ 581.367015][T11940] tipc: Enabled bearer , priority 0 [ 581.400542][T11940] syzkaller0: entered promiscuous mode [ 581.411272][T11940] syzkaller0: entered allmulticast mode [ 581.499468][T11938] tipc: Resetting bearer [ 581.586298][T11938] tipc: Disabling bearer [ 581.932026][T11964] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1780'. [ 582.418769][T11983] tipc: Enabled bearer , priority 0 [ 582.446270][T11983] syzkaller0: entered promiscuous mode [ 582.455874][T11983] syzkaller0: entered allmulticast mode [ 582.549972][T11981] tipc: Resetting bearer [ 582.618799][T11981] tipc: Disabling bearer [ 582.710765][T11993] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1792'. [ 583.456902][T12022] tipc: Enabled bearer , priority 0 [ 583.470285][T12022] syzkaller0: entered promiscuous mode [ 583.475905][T12022] syzkaller0: entered allmulticast mode [ 583.514775][T12021] tipc: Resetting bearer [ 583.585849][T12021] tipc: Disabling bearer [ 583.663153][T12031] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1805'. [ 584.302866][T12056] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1812'. [ 584.484344][T12060] tipc: Enabled bearer , priority 0 [ 584.504349][T12060] syzkaller0: entered promiscuous mode [ 584.517617][T12060] syzkaller0: entered allmulticast mode [ 584.580814][T12059] tipc: Resetting bearer [ 584.636458][T12059] tipc: Disabling bearer [ 585.320096][T12094] tipc: Enabled bearer , priority 0 [ 585.328419][T12094] syzkaller0: entered promiscuous mode [ 585.334189][T12094] syzkaller0: entered allmulticast mode [ 585.429482][T12093] tipc: Resetting bearer [ 585.524940][T12093] tipc: Disabling bearer [ 585.607939][T12025] Bluetooth: hci0: command 0x0406 tx timeout [ 585.820384][T12112] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1834'. [ 586.309532][T12130] tipc: Enabled bearer , priority 0 [ 586.329199][T12130] syzkaller0: entered promiscuous mode [ 586.334722][T12130] syzkaller0: entered allmulticast mode [ 586.362068][T12129] tipc: Resetting bearer [ 586.418749][T12129] tipc: Disabling bearer [ 586.756526][T12142] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1848'. [ 587.093206][T12156] tipc: Enabled bearer , priority 0 [ 587.144298][T12156] tipc: Resetting bearer [ 587.180438][T12154] tipc: Disabling bearer [ 587.190666][T12158] warning: `syz.7.1853' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 587.211933][T12158] tipc: Cannot configure node identity twice [ 587.363422][T12163] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1855'. [ 588.043525][T12187] tipc: Enabled bearer , priority 0 [ 588.065389][T12187] tipc: Resetting bearer [ 588.099702][T12186] tipc: Disabling bearer [ 588.693083][T12214] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1878'. [ 588.761735][T12217] tipc: Enabled bearer , priority 0 [ 588.772908][T12217] tipc: Resetting bearer [ 588.791475][T12216] tipc: Disabling bearer [ 589.558586][T12242] syzkaller0: entered promiscuous mode [ 589.564130][T12242] syzkaller0: entered allmulticast mode [ 590.184634][T12255] syz.1.1896 (12255) used greatest stack depth: 20040 bytes left [ 590.248297][T12266] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1900'. [ 590.405578][T12270] syzkaller0: entered promiscuous mode [ 590.412471][T12270] syzkaller0: entered allmulticast mode [ 591.252713][T12300] syzkaller0: entered promiscuous mode [ 591.258417][T12300] syzkaller0: entered allmulticast mode [ 591.686114][T12313] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1923'. [ 592.246433][T12324] syzkaller0: entered promiscuous mode [ 592.266555][T12324] syzkaller0: entered allmulticast mode [ 592.976908][T12348] syzkaller0: entered promiscuous mode [ 592.989966][T12348] syzkaller0: entered allmulticast mode [ 593.260954][T12355] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1942'. [ 593.948850][T12373] syzkaller0: entered promiscuous mode [ 593.954387][T12373] syzkaller0: entered allmulticast mode [ 594.774713][T12403] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1965'. [ 595.702964][T12427] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1976'. [ 595.753058][T12427] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.760589][T12427] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.395238][T12452] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1987'. [ 597.479870][T12485] tipc: Enabled bearer , priority 0 [ 597.492782][T12485] tipc: Resetting bearer [ 597.509816][T12484] tipc: Disabling bearer [ 598.212874][T12507] tipc: Enabled bearer , priority 0 [ 598.226424][T12507] tipc: Resetting bearer [ 598.333529][T12506] tipc: Disabling bearer [ 599.045336][T12534] netlink: 37 bytes leftover after parsing attributes in process `syz.1.2023'. [ 599.099831][T12544] tipc: Enabled bearer , priority 0 [ 599.119469][T12544] tipc: Resetting bearer [ 599.228938][T12543] tipc: Disabling bearer [ 600.123000][T12579] tipc: Enabled bearer , priority 0 [ 600.144547][T12579] tipc: Resetting bearer [ 600.253960][T12577] tipc: Disabling bearer [ 600.656811][T12592] netlink: 277 bytes leftover after parsing attributes in process `syz.6.2051'. [ 600.956715][T12603] tipc: Enabled bearer , priority 0 [ 600.976877][T12603] tipc: Resetting bearer [ 601.009793][T12601] tipc: Disabling bearer [ 601.653356][T12629] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 601.693408][T12633] tipc: Enabled bearer , priority 0 [ 601.733624][T12633] tipc: Resetting bearer [ 601.767952][T12630] tipc: Disabling bearer [ 602.746847][T12669] tipc: Enabling of bearer rejected, failed to enable media [ 604.073888][T12715] tipc: Enabling of bearer rejected, failed to enable media [ 604.803838][T12745] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2109'. [ 605.332003][T12761] tipc: Enabling of bearer rejected, failed to enable media [ 606.435555][T12803] tipc: Enabling of bearer rejected, failed to enable media [ 607.402549][T12837] tipc: Enabling of bearer rejected, failed to enable media [ 608.488779][T12879] tipc: Enabling of bearer rejected, failed to enable media [ 609.598357][T12921] tipc: Enabling of bearer rejected, failed to enable media [ 609.853716][T12934] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2178'. [ 610.165759][T12945] netlink: set zone limit has 8 unknown bytes [ 610.548151][T12957] tipc: Enabling of bearer rejected, failed to enable media [ 610.939323][T12975] C: renamed from team_slave_0 [ 610.970522][T12975] netlink: 'syz.5.2193': attribute type 4 has an invalid length. [ 610.997521][T12975] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2193'. [ 611.007744][T12975] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 611.646723][T12997] netdevsim netdevsim5: Direct firmware load for æ° failed with error -2 [ 611.659081][T13000] tipc: Enabling of bearer rejected, failed to enable media [ 611.669551][T12997] netdevsim netdevsim5: Falling back to sysfs fallback for: æ° [ 611.719199][T13004] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2207'. [ 612.085688][T13016] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2209'. [ 612.108296][ T5786] Bluetooth: hci4: link tx timeout [ 612.114158][ T5786] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 612.124006][T12025] Bluetooth: hci4: link tx timeout [ 612.130110][T12025] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 612.634903][T13039] tipc: Enabling of bearer rejected, failed to enable media [ 613.569642][T13070] tipc: Enabling of bearer rejected, failed to enable media [ 614.167352][T13019] Bluetooth: hci4: command 0x0406 tx timeout [ 614.385034][T13104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2245'. [ 614.395899][T13104] bridge_slave_1: left allmulticast mode [ 614.401980][T13104] bridge_slave_1: left promiscuous mode [ 614.408126][T13104] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.425514][T13104] bridge_slave_0: left allmulticast mode [ 614.431486][T13104] bridge_slave_0: left promiscuous mode [ 614.440704][T13104] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.662871][T13114] tipc: Enabling of bearer rejected, failed to enable media [ 614.850248][T13123] vlan2: entered allmulticast mode [ 614.866836][T13123] bridge_slave_0: entered allmulticast mode [ 615.254561][T13133] batman_adv: batadv0: Adding interface: vlan2 [ 615.263690][T13133] batman_adv: batadv0: The MTU of interface vlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.292281][T13133] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active [ 615.445357][T13142] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2258'. [ 615.465897][T13142] bridge_slave_1: left allmulticast mode [ 615.497323][T13142] bridge_slave_1: left promiscuous mode [ 615.503169][T13142] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.538515][T13142] bridge_slave_0: left allmulticast mode [ 615.544496][T13142] bridge_slave_0: left promiscuous mode [ 615.550784][T13142] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.794901][T13153] tipc: Enabled bearer , priority 0 [ 615.806586][T13153] tipc: Resetting bearer [ 615.826010][T13151] tipc: Disabling bearer [ 616.399337][T13171] tipc: Enabled bearer , priority 0 [ 616.407067][T13171] syzkaller0: entered promiscuous mode [ 616.413016][T13171] syzkaller0: entered allmulticast mode [ 616.455428][T13171] tipc: Resetting bearer [ 616.471021][T13169] tipc: Resetting bearer [ 616.526831][T13169] tipc: Disabling bearer [ 616.544225][T13173] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2272'. [ 616.553792][T13173] bridge_slave_1: left allmulticast mode [ 616.561266][T13173] bridge_slave_1: left promiscuous mode [ 616.567041][T13173] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.588318][T13173] bridge_slave_0: left allmulticast mode [ 616.594081][T13173] bridge_slave_0: left promiscuous mode [ 616.605713][T13173] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.761304][T13180] tipc: Enabled bearer , priority 0 [ 616.782751][T13180] tipc: Resetting bearer [ 616.842401][T13179] tipc: Disabling bearer [ 617.120432][T13191] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96 [ 617.294688][T13195] tipc: Enabled bearer , priority 0 [ 617.303731][T13195] syzkaller0: entered promiscuous mode [ 617.310052][T13195] syzkaller0: entered allmulticast mode [ 617.431633][T13195] tipc: Resetting bearer [ 617.516851][T13194] tipc: Resetting bearer [ 617.608423][T13194] tipc: Disabling bearer [ 617.704404][T13209] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2286'. [ 617.720270][T13207] tipc: Enabled bearer , priority 0 [ 617.745936][T13207] tipc: Resetting bearer [ 617.798482][T13205] tipc: Disabling bearer [ 617.910886][T13212] netlink: 10 bytes leftover after parsing attributes in process `syz.7.2288'. [ 618.528858][T13232] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2297'. [ 618.613916][T13236] syzkaller0: entered promiscuous mode [ 618.634456][T13236] syzkaller0: entered allmulticast mode [ 618.651617][T13238] tipc: Enabled bearer , priority 0 [ 618.700837][T13238] syzkaller0: entered promiscuous mode [ 618.706370][T13238] syzkaller0: entered allmulticast mode [ 618.826203][T13238] tipc: Resetting bearer [ 618.855339][T13235] tipc: Resetting bearer [ 618.976117][T13235] tipc: Disabling bearer [ 619.500058][T13266] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2311'. [ 619.580012][T13272] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2310'. [ 619.610379][T13271] syzkaller0: entered promiscuous mode [ 619.615911][T13271] syzkaller0: entered allmulticast mode [ 620.431125][T13302] syzkaller0: entered promiscuous mode [ 620.439113][T13302] syzkaller0: entered allmulticast mode [ 621.334406][T13336] syzkaller0: entered promiscuous mode [ 621.354933][T13336] syzkaller0: entered allmulticast mode [ 621.880202][T13353] tipc: Enabled bearer , priority 0 [ 621.897932][T13353] syzkaller0: entered promiscuous mode [ 621.932484][T13353] syzkaller0: entered allmulticast mode [ 621.997032][T13353] tipc: Resetting bearer [ 622.018046][T13352] tipc: Resetting bearer [ 622.066660][T13352] tipc: Disabling bearer [ 623.113747][T13371] syzkaller0: entered promiscuous mode [ 623.156250][T13371] syzkaller0: entered allmulticast mode [ 623.197971][T13374] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2358'. [ 623.502674][T13386] tipc: Enabled bearer , priority 0 [ 623.512061][T13386] syzkaller0: entered promiscuous mode [ 623.518149][T13386] syzkaller0: entered allmulticast mode [ 623.553114][T13386] tipc: Resetting bearer [ 623.574187][T13385] tipc: Resetting bearer [ 623.604863][T13385] tipc: Disabling bearer [ 624.308411][T13397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2369'. [ 624.474971][T13404] syzkaller0: entered promiscuous mode [ 624.494301][T13404] syzkaller0: entered allmulticast mode [ 624.494309][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.506521][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.669021][T13410] tipc: Enabled bearer , priority 0 [ 624.686846][T13410] syzkaller0: entered promiscuous mode [ 624.692750][T13410] syzkaller0: entered allmulticast mode [ 624.772981][T13410] tipc: Resetting bearer [ 624.799084][T13409] tipc: Resetting bearer [ 625.187793][T13409] tipc: Disabling bearer [ 625.205055][T13420] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2380'. [ 625.594818][T13432] syzkaller0: entered promiscuous mode [ 625.601105][T13432] syzkaller0: entered allmulticast mode [ 625.930174][T13442] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2389'. [ 626.105264][T13450] tipc: Enabled bearer , priority 0 [ 626.127883][T13447] syzkaller0: entered promiscuous mode [ 626.133649][T13447] syzkaller0: entered allmulticast mode [ 626.147753][T13450] syzkaller0: entered promiscuous mode [ 626.165368][T13450] syzkaller0: entered allmulticast mode [ 626.459990][T13450] tipc: Resetting bearer [ 626.473351][T13449] tipc: Resetting bearer [ 626.499897][T13449] tipc: Disabling bearer [ 626.774179][T13468] netlink: 'syz.7.2397': attribute type 10 has an invalid length. [ 626.805747][T13468] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 626.862932][T13468] netlink: 'syz.7.2397': attribute type 12 has an invalid length. [ 627.016099][T13475] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2402'. [ 627.416093][T13488] tipc: Enabled bearer , priority 0 [ 627.423873][T13488] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 627.441797][T13488] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 627.455979][T13488] tipc: Resetting bearer [ 627.472635][T13488] tipc: Resetting bearer [ 627.483912][T13490] syzkaller0: entered promiscuous mode [ 627.491422][T13490] syzkaller0: entered allmulticast mode [ 627.528898][ T3238] tipc: Resetting bearer [ 627.800735][T13498] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2412'. [ 628.012653][T13504] netlink: 'syz.6.2413': attribute type 10 has an invalid length. [ 628.246877][T13504] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 628.337768][T13511] netlink: 'syz.6.2413': attribute type 12 has an invalid length. [ 628.385431][T13517] tipc: Enabled bearer , priority 0 [ 628.412265][T13517] syzkaller0: entered promiscuous mode [ 628.425352][T13517] syzkaller0: entered allmulticast mode [ 628.464138][T13517] tipc: Resetting bearer [ 628.482811][T13516] tipc: Resetting bearer [ 628.516420][T13516] tipc: Disabling bearer [ 628.527012][T11617] tipc: Node number set to 1717350405 [ 628.532858][T13521] syzkaller0: entered promiscuous mode [ 628.540207][T13521] syzkaller0: entered allmulticast mode [ 628.720601][T13528] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2422'. [ 629.365661][T13545] tipc: Enabled bearer , priority 0 [ 629.375900][T13545] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 629.393185][T13545] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 629.408571][T13545] tipc: Resetting bearer [ 629.433016][T13545] tipc: Resetting bearer [ 629.583114][T13551] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2434'. [ 629.593481][T13551] bridge_slave_1: left allmulticast mode [ 629.599191][T13551] bridge_slave_1: left promiscuous mode [ 629.604940][T13551] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.616093][T13551] bridge_slave_0: left allmulticast mode [ 629.622332][T13551] bridge_slave_0: left promiscuous mode [ 629.628174][T13551] bridge0: port 1(bridge_slave_0) entered disabled state [ 629.772150][T13554] netlink: 'syz.1.2435': attribute type 10 has an invalid length. [ 629.795020][T13554] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 629.904641][T13554] netlink: 'syz.1.2435': attribute type 12 has an invalid length. [ 630.395020][T13578] tipc: Enabling of bearer rejected, already enabled [ 630.417278][ T8] tipc: Node number set to 1124088776 [ 631.542869][T13019] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 631.553317][T13019] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 631.562286][T13019] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 631.571779][T13019] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 631.580050][T13019] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 631.589139][T13019] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 632.209516][T13618] tipc: Enabling of bearer rejected, already enabled [ 632.337536][T13623] tipc: Enabled bearer , priority 0 [ 632.364946][T13600] chnl_net:caif_netlink_parms(): no params data found [ 632.560275][T13623] tipc: Resetting bearer [ 632.701344][T13600] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.715581][T13600] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.724829][T13600] bridge_slave_0: entered allmulticast mode [ 632.732992][T13600] bridge_slave_0: entered promiscuous mode [ 632.772723][T13600] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.786847][T13600] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.796996][T13600] bridge_slave_1: entered allmulticast mode [ 632.817114][T13600] bridge_slave_1: entered promiscuous mode [ 632.914575][T13600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 632.943783][T13600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.011661][T13600] team0: Port device team_slave_0 added [ 633.021286][T13600] team0: Port device team_slave_1 added [ 633.055441][ T3224] bond0: (slave netdevsim0): Releasing backup interface [ 633.071347][T13646] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode [ 633.078918][T13646] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode [ 633.086701][T13646] tipc: Resetting bearer [ 633.112819][T13600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 633.119896][T13600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 633.146333][T13600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 633.173384][T13600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 633.180719][T13600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 633.209447][T13600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 633.390649][T13600] hsr_slave_0: entered promiscuous mode [ 633.406786][T13600] hsr_slave_1: entered promiscuous mode [ 633.418938][T13600] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 633.426552][T13600] Cannot create hsr debugfs directory [ 633.607440][ T5786] Bluetooth: hci3: command tx timeout [ 633.768152][ T3224] tipc: Left network mode [ 633.816502][T13659] tipc: Enabling of bearer rejected, already enabled [ 633.965711][T13665] netlink: 48 bytes leftover after parsing attributes in process `syz.7.2474'. [ 634.535286][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2478'. [ 635.158357][T13699] tipc: Enabling of bearer rejected, already enabled [ 635.688012][ T5786] Bluetooth: hci3: command tx timeout [ 635.736439][T13718] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2488'. [ 636.444971][T13600] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 636.481507][T13600] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 636.501938][T13735] tipc: Enabling of bearer rejected, already enabled [ 636.555643][T13600] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 636.573088][T13600] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 636.680355][ T3224] hsr_slave_0: left promiscuous mode [ 636.690211][ T3224] hsr_slave_1: left promiscuous mode [ 636.705997][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 636.775615][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 637.767756][ T5786] Bluetooth: hci3: command tx timeout [ 637.768315][ T3224] team0 (unregistering): Port device team_slave_1 removed [ 637.828469][ T3224] team0 (unregistering): Port device C removed [ 637.872579][ T3224] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 637.916505][ T3224] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.444399][ T3224] bond0 (unregistering): Released all slaves [ 638.751009][T13600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 638.790183][T13780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2499'. [ 638.841872][T13600] 8021q: adding VLAN 0 to HW filter on device team0 [ 638.864238][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.871516][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 638.895299][T13782] tipc: Enabling of bearer rejected, already enabled [ 638.915231][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.922483][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 639.743267][T13600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 639.847680][ T5786] Bluetooth: hci3: command tx timeout [ 639.983361][T13807] tipc: Enabling of bearer rejected, already enabled [ 640.270948][T13817] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2510'. [ 640.900031][T13600] veth0_vlan: entered promiscuous mode [ 640.964970][T13600] veth1_vlan: entered promiscuous mode [ 641.055784][T13600] veth0_macvtap: entered promiscuous mode [ 641.083899][T13600] veth1_macvtap: entered promiscuous mode [ 641.155044][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.177365][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.199578][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.227627][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.247598][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.267325][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.289717][T13600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.321536][T13833] tipc: Enabling of bearer rejected, already enabled [ 641.342196][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.377534][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.397643][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.421363][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.441674][T13600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.455668][T13600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.478255][T13600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.509460][T13839] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2519'. [ 641.535301][T13600] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.551868][T13600] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.571052][T13600] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.590588][T13600] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.804734][ T6819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.837021][ T6819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 641.916274][ T1124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.941800][ T1124] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.492151][T13853] netlink: 'syz.5.2450': attribute type 10 has an invalid length. [ 642.542973][T13853] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 642.657628][T13856] netlink: 'syz.5.2450': attribute type 12 has an invalid length. [ 643.078764][T13865] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 643.112284][T13865] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 643.197519][T13868] tipc: Enabling of bearer rejected, already enabled [ 643.408656][T13870] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2528'. [ 643.427284][T13870] bridge_slave_1: left allmulticast mode [ 643.432985][T13870] bridge_slave_1: left promiscuous mode [ 643.458489][T13870] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.510265][T13870] bridge_slave_0: left allmulticast mode [ 643.515981][T13870] bridge_slave_0: left promiscuous mode [ 643.549709][T13870] bridge0: port 1(bridge_slave_0) entered disabled state [ 643.822920][T13019] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 643.836193][T13019] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 643.847946][T13019] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 643.877663][T13019] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 643.889267][T13019] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 643.905180][T13019] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 645.272968][T13876] chnl_net:caif_netlink_parms(): no params data found [ 645.308957][T13893] tipc: Started in network mode [ 645.314125][T13893] tipc: Node identity 080211000001, cluster identity 4711 [ 645.321693][T13893] tipc: Enabled bearer , priority 0 [ 645.400625][ T3224] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.620915][ T3224] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.735239][T13901] netlink: 'syz.7.2538': attribute type 10 has an invalid length. [ 645.950511][ T3224] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.983812][T13901] netlink: 'syz.7.2538': attribute type 12 has an invalid length. [ 646.004409][T13876] bridge0: port 1(bridge_slave_0) entered blocking state [ 646.014194][ T5786] Bluetooth: hci2: command tx timeout [ 646.031453][T13876] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.047545][T13876] bridge_slave_0: entered allmulticast mode [ 646.068439][T13876] bridge_slave_0: entered promiscuous mode [ 646.091090][T13876] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.108676][T13876] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.116084][T13876] bridge_slave_1: entered allmulticast mode [ 646.133426][T13876] bridge_slave_1: entered promiscuous mode [ 646.146941][T13907] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 646.156736][T13907] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 646.176225][T13907] tipc: Resetting bearer [ 646.217419][T13911] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2540'. [ 646.295302][ T3224] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 646.437429][T11617] tipc: Node number set to 134418688 [ 646.448943][T13876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.484456][T13876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.680020][T13876] team0: Port device team_slave_0 added [ 646.704437][T13876] team0: Port device team_slave_1 added [ 647.111459][ T3224] tipc: Disabling bearer [ 647.186215][ T3224] tipc: Left network mode [ 647.211820][T13876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 647.247460][T13876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.306601][T13876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.331877][T13876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.349749][T13876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.407782][T13876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.524297][T13931] tipc: Enabling of bearer rejected, already enabled [ 647.742517][T13876] hsr_slave_0: entered promiscuous mode [ 647.750453][T13876] hsr_slave_1: entered promiscuous mode [ 647.760781][T13876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.777196][T13876] Cannot create hsr debugfs directory [ 648.087611][ T5786] Bluetooth: hci2: command tx timeout [ 648.130230][ T3224] batman_adv: batadv0: Removing interface: vlan2 [ 648.572101][ T3224] bond0: (slave wlan1): Releasing backup interface [ 648.903602][ T3224] hsr_slave_0: left promiscuous mode [ 648.927660][ T3224] hsr_slave_1: left promiscuous mode [ 648.948145][ T3224] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 648.955614][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 648.989149][ T3224] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 648.996741][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 649.140219][ T3224] team_slave_0: left promiscuous mode [ 649.146010][ T3224] team_slave_1: left promiscuous mode [ 649.170870][ T3224] veth1_macvtap: left promiscuous mode [ 649.176594][ T3224] veth0_macvtap: left promiscuous mode [ 649.192695][ T3224] veth1_vlan: left promiscuous mode [ 649.202744][ T3224] veth0_vlan: left promiscuous mode [ 650.072102][ T3224] team0 (unregistering): Port device team_slave_1 removed [ 650.123136][ T3224] team0 (unregistering): Port device team_slave_0 removed [ 650.168615][ T5786] Bluetooth: hci2: command tx timeout [ 650.175274][ T3224] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 650.228825][ T3224] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 650.740489][ T3224] bond0 (unregistering): Released all slaves [ 650.765147][ T3224] lo (unregistering): left allmulticast mode [ 650.774655][T13966] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2549'. [ 650.953921][T13876] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 651.003591][T13876] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 651.036020][T13876] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 651.276459][T13876] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 651.310171][T13992] tipc: Enabling of bearer rejected, already enabled [ 651.318802][T13993] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 651.332865][T13993] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 651.365812][T13993] tipc: Resetting bearer [ 651.717926][T13876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 651.745514][T13876] 8021q: adding VLAN 0 to HW filter on device team0 [ 651.760824][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.768061][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 651.825232][ T3238] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.832479][ T3238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 651.871778][T14013] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2559'. [ 652.247921][ T5786] Bluetooth: hci2: command tx timeout [ 652.394159][T13876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 652.529465][T13876] veth0_vlan: entered promiscuous mode [ 652.554422][T13876] veth1_vlan: entered promiscuous mode [ 652.623530][T13876] veth0_macvtap: entered promiscuous mode [ 652.656089][T13876] veth1_macvtap: entered promiscuous mode [ 652.716922][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.734761][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.746140][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.757461][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.767693][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.778266][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.820591][T13876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.854627][T14029] tipc: Enabling of bearer rejected, already enabled [ 653.192279][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.205215][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.216419][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.227478][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.240485][T13876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 653.251491][T13876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.267069][T13876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 653.335454][T13876] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.371326][T13876] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.391113][T13876] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.417469][T13876] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.499277][T14035] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2567'. [ 653.650661][ T6819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.667633][ T6819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 653.757851][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.788990][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.110643][T14048] tipc: Enabling of bearer rejected, already enabled [ 654.410918][T14057] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2576'. [ 655.282872][T14075] syzkaller0: entered promiscuous mode [ 655.307345][T14075] syzkaller0: entered allmulticast mode [ 655.390279][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2586'. [ 655.402795][T14077] tipc: Enabling of bearer rejected, already enabled [ 655.583761][T14081] netlink: 'syz.1.2587': attribute type 10 has an invalid length. [ 655.643581][T14081] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 655.695695][T14081] netlink: 'syz.1.2587': attribute type 12 has an invalid length. [ 656.418667][T14104] tipc: Started in network mode [ 656.423614][T14104] tipc: Node identity 080211000001, cluster identity 4711 [ 656.440006][T14104] tipc: Enabled bearer , priority 0 [ 656.450051][ T1124] tipc: Resetting bearer [ 656.482904][T14101] tipc: Enabling of bearer rejected, failed to enable media [ 656.509429][T14104] tipc: Resetting bearer [ 657.120737][T14120] netlink: 'syz.7.2604': attribute type 10 has an invalid length. [ 657.122163][T14122] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2605'. [ 657.166726][T14120] netlink: 'syz.7.2604': attribute type 12 has an invalid length. [ 657.196308][T14120] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 657.216946][T14120] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 657.245196][T14120] tipc: Resetting bearer [ 657.385087][T14126] tipc: Enabling of bearer rejected, failed to enable media [ 657.404955][T14126] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 657.417415][T14126] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 657.441072][T14126] tipc: Resetting bearer [ 657.507334][ T9970] tipc: Node number set to 134418688 [ 657.682733][T14133] tipc: Enabling of bearer rejected, already enabled [ 658.174172][T14146] sch_tbf: burst 2 is lower than device lo mtu (65550) ! [ 658.283788][T14148] netlink: 'syz.6.2616': attribute type 10 has an invalid length. [ 658.338708][T14150] tipc: Enabling of bearer rejected, failed to enable media [ 658.359055][T14152] team_slave_0: entered promiscuous mode [ 658.364852][T14152] team_slave_1: entered promiscuous mode [ 658.374273][T14152] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 658.384453][T14148] netlink: 'syz.6.2616': attribute type 12 has an invalid length. [ 658.408017][T14148] mac80211_hwsim hwsim15 syzkaller0: left promiscuous mode [ 658.425702][T14148] mac80211_hwsim hwsim15 syzkaller0: left allmulticast mode [ 658.446289][T14148] tipc: Resetting bearer [ 658.594885][T14155] mac80211_hwsim hwsim21 syzkaller0: entered promiscuous mode [ 658.612630][T14155] mac80211_hwsim hwsim21 syzkaller0: entered allmulticast mode [ 658.623896][T14155] tipc: Resetting bearer [ 659.388658][T14173] tipc: Enabling of bearer rejected, already enabled [ 659.418294][T14173] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 659.462349][T14173] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 659.488236][T14173] tipc: Resetting bearer [ 659.509695][T14179] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 2, id = 0 [ 659.633777][T14182] tipc: Enabling of bearer rejected, failed to enable media [ 659.687532][T14184] netlink: 'syz.6.2629': attribute type 10 has an invalid length. [ 659.718483][T14184] netlink: 'syz.6.2629': attribute type 12 has an invalid length. [ 659.740450][T14184] mac80211_hwsim hwsim15 syzkaller0: left promiscuous mode [ 659.757251][T14184] mac80211_hwsim hwsim15 syzkaller0: left allmulticast mode [ 659.775507][T14184] tipc: Resetting bearer [ 660.703691][T14206] tipc: Enabling of bearer rejected, failed to enable media [ 660.914632][T14212] netlink: 'syz.6.2642': attribute type 10 has an invalid length. [ 660.942856][T14212] netlink: 'syz.6.2642': attribute type 12 has an invalid length. [ 661.548582][T14230] tipc: Enabling of bearer rejected, failed to enable media [ 661.753447][T14236] netlink: 'syz.1.2653': attribute type 10 has an invalid length. [ 661.895160][T14236] netlink: 'syz.1.2653': attribute type 12 has an invalid length. [ 662.516047][T14265] tipc: Enabling of bearer rejected, failed to enable media [ 662.525766][T14265] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 662.535183][T14265] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 662.552577][T14265] tipc: Resetting bearer [ 662.574447][T14267] netlink: 'syz.7.2665': attribute type 10 has an invalid length. [ 662.744600][T14268] netlink: 'syz.7.2665': attribute type 12 has an invalid length. [ 663.541750][T14295] tipc: Enabling of bearer rejected, failed to enable media [ 663.950379][T14305] netlink: 'syz.5.2678': attribute type 10 has an invalid length. [ 664.001315][T14305] netlink: 'syz.5.2678': attribute type 12 has an invalid length. [ 664.026293][T14305] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 664.038305][T14305] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 664.050386][T14305] tipc: Resetting bearer [ 664.656713][T14318] tipc: Enabling of bearer rejected, failed to enable media [ 664.685938][T14318] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 664.717337][T14318] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 664.725349][T14318] tipc: Resetting bearer [ 665.244584][T13019] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 665.254570][T13019] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 665.263554][T13019] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 665.271885][T13019] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 665.280716][T13019] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 665.288425][T13019] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 665.952930][T14333] netlink: 'syz.7.2690': attribute type 10 has an invalid length. [ 665.983900][T14333] netlink: 'syz.7.2690': attribute type 12 has an invalid length. [ 666.018504][T14333] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 666.025782][T14333] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 666.050181][T14333] tipc: Resetting bearer [ 666.154255][T14326] chnl_net:caif_netlink_parms(): no params data found [ 666.506041][T14326] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.537374][T14326] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.545253][T14326] bridge_slave_0: entered allmulticast mode [ 666.587576][T14326] bridge_slave_0: entered promiscuous mode [ 666.612840][T14326] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.620332][T14326] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.637705][T14326] bridge_slave_1: entered allmulticast mode [ 666.649226][T14326] bridge_slave_1: entered promiscuous mode [ 666.822837][T14351] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 666.863998][T14351] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 666.881836][T14351] tipc: Resetting bearer [ 666.956145][ T3224] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.995464][T14326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 667.020304][T14326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 667.369488][ T5786] Bluetooth: hci1: command tx timeout [ 667.459247][ T3224] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.572051][T14326] team0: Port device team_slave_0 added [ 667.681383][ T3224] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.716076][T14326] team0: Port device team_slave_1 added [ 667.813989][ T3224] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.844123][T14326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 667.854800][T14326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.888919][T14326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 667.918497][T14326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 667.925487][T14326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.973901][T14326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.142667][T14326] hsr_slave_0: entered promiscuous mode [ 668.184241][T14326] hsr_slave_1: entered promiscuous mode [ 668.202413][T14326] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 668.210279][T14326] Cannot create hsr debugfs directory [ 668.237351][T14372] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 668.295268][T14370] netlink: 'syz.7.2701': attribute type 10 has an invalid length. [ 668.391962][T14370] netlink: 'syz.7.2701': attribute type 12 has an invalid length. [ 668.428510][T14376] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 668.500891][T14370] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 668.516335][T14370] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 668.535750][T14370] tipc: Resetting bearer [ 668.661522][ T3224] tipc: Disabling bearer [ 668.734755][ T3224] tipc: Left network mode [ 669.447244][ T5786] Bluetooth: hci1: command tx timeout [ 671.085522][ T3224] bond0: (slave wlan1): Releasing backup interface [ 671.144366][T14422] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 671.165544][T14422] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 671.177012][T14422] tipc: Resetting bearer [ 671.387533][T14326] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 671.417652][T14326] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 671.440613][T14326] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 671.529382][ T3224] hsr_slave_0: left promiscuous mode [ 671.533996][ T5786] Bluetooth: hci1: command tx timeout [ 671.545204][ T3224] hsr_slave_1: left promiscuous mode [ 671.558310][ T3224] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 671.565775][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 671.618300][ T3224] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 671.636002][ T3224] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 671.692383][ T3224] veth1_macvtap: left promiscuous mode [ 671.716894][ T3224] veth0_macvtap: left promiscuous mode [ 671.732239][ T3224] veth1_vlan: left promiscuous mode [ 671.747393][ T3224] veth0_vlan: left promiscuous mode [ 673.050217][ T3224] team0 (unregistering): Port device team_slave_1 removed [ 673.102839][ T3224] team0 (unregistering): Port device team_slave_0 removed [ 673.151691][ T3224] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 673.203610][ T3224] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 673.609829][ T5786] Bluetooth: hci1: command tx timeout [ 673.731175][ T3224] bond0 (unregistering): Released all slaves [ 673.770500][T14326] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 673.786969][T14439] netlink: 'syz.7.2717': attribute type 10 has an invalid length. [ 673.796392][T14446] netlink: 'syz.7.2717': attribute type 12 has an invalid length. [ 674.085723][T14326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 674.155173][T14326] 8021q: adding VLAN 0 to HW filter on device team0 [ 674.208697][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.215887][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 674.260729][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.267990][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 674.365403][T14326] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 674.380668][T14326] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 674.836558][T14492] netlink: 'syz.1.2730': attribute type 10 has an invalid length. [ 674.875205][T14492] netlink: 'syz.1.2730': attribute type 12 has an invalid length. [ 675.166779][T14326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 675.995221][T14520] netlink: 'syz.7.2740': attribute type 10 has an invalid length. [ 676.026820][T14520] netlink: 'syz.7.2740': attribute type 12 has an invalid length. [ 676.101945][T14326] veth0_vlan: entered promiscuous mode [ 676.126662][T14326] veth1_vlan: entered promiscuous mode [ 676.189903][T14326] veth0_macvtap: entered promiscuous mode [ 676.208520][T14326] veth1_macvtap: entered promiscuous mode [ 676.238348][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.256353][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.266551][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.277257][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.287240][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.298986][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.311195][T14326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 676.325716][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.338994][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.350415][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.361089][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.371422][T14326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.382128][T14326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.393249][T14326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 676.416286][T14326] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.426355][T14326] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.435552][T14326] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.447353][T14326] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 676.565640][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 676.583871][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 676.609383][T14533] tipc: Enabling of bearer rejected, already enabled [ 676.627888][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 676.635830][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 677.122361][ C1] vxcan1: j1939_tp_rxtimer: 0xffff88801ef39800: rx timeout, send abort [ 677.133156][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88801ef39800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 677.332586][T14545] netlink: 'syz.6.2750': attribute type 10 has an invalid length. [ 677.376609][T14545] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 677.453031][T14545] netlink: 'syz.6.2750': attribute type 12 has an invalid length. [ 677.571640][T14554] tipc: Enabling of bearer rejected, already enabled [ 677.670818][T14558] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2755'. [ 677.683152][T14558] bridge_slave_1: left allmulticast mode [ 677.692076][T14558] bridge_slave_1: left promiscuous mode [ 677.698366][T14558] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.724646][T14558] bridge_slave_0: left allmulticast mode [ 677.733839][T14558] bridge_slave_0: left promiscuous mode [ 677.744591][T14558] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.460522][T14585] tipc: Enabling of bearer rejected, already enabled [ 679.561564][T14618] tipc: Started in network mode [ 679.577356][T14618] tipc: Node identity 080211000001, cluster identity 4711 [ 679.591439][T14618] tipc: Enabled bearer , priority 0 [ 679.652174][T14618] tipc: Resetting bearer [ 680.191674][T14632] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2784'. [ 680.647366][ T7720] tipc: Node number set to 134418688 [ 681.121588][T14654] tipc: Enabling of bearer rejected, already enabled [ 681.148352][T14654] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode [ 681.172276][T14654] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode [ 681.194226][T14654] tipc: Resetting bearer [ 681.791002][T14663] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2797'. [ 682.622394][T14678] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2805'. [ 682.655391][T14678] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2805'. [ 682.677623][T14678] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2805'. [ 682.821541][T14684] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2807'. [ 684.021257][T14716] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2819'. [ 684.771056][T14725] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2825'. [ 684.808959][T14725] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2825'. [ 685.408637][T14743] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2831'. [ 685.828742][T14754] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2837'. [ 685.935436][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.942029][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.297718][T14766] netlink: 'syz.6.2843': attribute type 10 has an invalid length. [ 686.418292][T14766] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode [ 686.425605][T14766] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode [ 686.451020][T14766] tipc: Resetting bearer [ 686.767524][T14781] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode [ 686.787717][T14781] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 687.224880][T14793] netlink: 'syz.6.2856': attribute type 10 has an invalid length. [ 687.303233][T14795] tipc: Enabling of bearer rejected, already enabled [ 687.525989][T14803] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2861'. [ 688.456119][T14815] netlink: 'syz.6.2867': attribute type 10 has an invalid length. [ 688.957526][T14823] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2871'. [ 689.465410][T14836] netlink: 'syz.1.2876': attribute type 10 has an invalid length. [ 689.654991][T14842] tipc: Enabling of bearer rejected, already enabled [ 690.751994][T14863] netlink: 'syz.6.2887': attribute type 10 has an invalid length. [ 690.983288][T14866] tipc: Enabling of bearer rejected, already enabled [ 691.769702][T14879] tipc: Enabling of bearer rejected, already enabled [ 691.837629][T14879] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode [ 691.845171][T14879] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode [ 691.885940][T14879] tipc: Resetting bearer [ 692.155971][T14888] netlink: 'syz.6.2897': attribute type 10 has an invalid length. [ 692.203623][T14888] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode [ 692.235725][T14888] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode [ 692.257974][T14888] tipc: Resetting bearer [ 693.249762][T14904] tipc: Enabling of bearer rejected, already enabled [ 693.285140][T14904] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode [ 693.309308][T14904] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode [ 693.317507][T14904] tipc: Resetting bearer [ 693.398631][T14910] netlink: 'syz.5.2907': attribute type 10 has an invalid length. [ 693.441345][T14910] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 693.458141][T14910] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 693.481719][T14910] tipc: Resetting bearer [ 694.092448][T14929] tipc: Enabling of bearer rejected, already enabled [ 694.109370][T14929] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 694.124355][T14929] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 694.149307][T14929] tipc: Resetting bearer [ 694.257769][T14933] netlink: 'syz.7.2918': attribute type 10 has an invalid length. [ 694.309175][T14933] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 694.316474][T14933] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 694.343791][T14933] tipc: Resetting bearer [ 694.614061][T14946] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2921'. [ 694.983067][T14957] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2927'. [ 695.176986][T14960] tipc: Enabling of bearer rejected, already enabled [ 695.220326][T14963] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 695.239822][T14963] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 695.260686][T14963] tipc: Resetting bearer [ 695.350557][T14966] netlink: 'syz.5.2931': attribute type 10 has an invalid length. [ 695.391864][T14966] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 695.417258][T14966] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 695.438122][T14966] tipc: Resetting bearer [ 695.726351][T14978] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2935'. [ 696.165998][T14989] tipc: Enabling of bearer rejected, already enabled [ 696.216403][T14991] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 696.254793][T14991] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 696.287721][T14991] tipc: Resetting bearer [ 696.570899][T15001] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2943'. [ 696.879771][T15009] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2948'. [ 696.996856][T15014] netlink: 'syz.5.2949': attribute type 41 has an invalid length. [ 697.111921][T15017] netlink: 'syz.7.2950': attribute type 10 has an invalid length. [ 697.165914][T15017] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 697.223766][T15017] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 697.291555][ T7417] udevd[7417]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 697.302179][T15017] tipc: Resetting bearer [ 697.360188][ T7417] udevd[7417]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 697.407499][T15022] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2952'. [ 697.569847][T15024] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 697.613969][T15024] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 697.646046][T15024] tipc: Resetting bearer [ 698.201006][T15046] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2960'. [ 698.933636][T15071] netlink: 'syz.5.2969': attribute type 10 has an invalid length. [ 698.972412][T15071] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 698.988742][T15071] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 699.008090][T15071] tipc: Resetting bearer [ 699.267540][T15082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2972'. [ 699.663648][T15096] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 699.685899][T15096] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 699.716723][T15096] tipc: Resetting bearer [ 700.061311][T15109] netlink: 'syz.6.2981': attribute type 10 has an invalid length. [ 700.111582][T15109] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode [ 700.125914][T15109] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode [ 700.135036][T15109] tipc: Resetting bearer [ 700.196958][T15111] netlink: 'syz.5.2982': attribute type 3 has an invalid length. [ 700.931467][T15134] netlink: 'syz.6.2992': attribute type 10 has an invalid length. [ 701.171223][T15141] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2995'. [ 701.819705][T15156] netlink: 'syz.5.3002': attribute type 10 has an invalid length. [ 701.863961][T15156] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 701.873029][T15156] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 701.883428][T15156] tipc: Resetting bearer [ 702.316192][T15170] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3006'. [ 703.178856][T15198] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3020'. [ 703.861496][T15217] netlink: 'syz.7.3027': attribute type 10 has an invalid length. [ 703.900552][T15217] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 703.917312][T15217] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 703.928254][T15217] tipc: Resetting bearer [ 704.793580][T15238] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3037'. [ 705.075593][T15242] netlink: 'syz.7.3039': attribute type 10 has an invalid length. [ 705.709555][T15256] netlink: 'syz.5.3046': attribute type 1 has an invalid length. [ 705.737242][T15256] netlink: 248 bytes leftover after parsing attributes in process `syz.5.3046'. [ 705.959892][T15265] netlink: 'syz.5.3049': attribute type 10 has an invalid length. [ 707.207885][T15285] netlink: 'syz.6.3059': attribute type 10 has an invalid length. [ 707.235641][T15288] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 707.552114][T15298] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode [ 707.559919][T15298] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode [ 707.569656][T15298] tipc: Resetting bearer [ 708.010378][T15308] netlink: 'syz.6.3071': attribute type 10 has an invalid length. [ 708.025713][T15308] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode [ 708.038908][T15308] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode [ 708.046719][T15308] tipc: Resetting bearer [ 708.389388][T15319] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 708.405531][T15319] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 708.427605][T15319] tipc: Resetting bearer [ 710.301185][T15372] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode [ 710.318133][T15372] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode [ 710.356665][T15372] tipc: Resetting bearer [ 711.133182][T15424] netlink: 'syz.5.3103': attribute type 10 has an invalid length. [ 711.173998][T15424] mac80211_hwsim hwsim19 syzkaller0: left promiscuous mode [ 711.181478][T15424] mac80211_hwsim hwsim19 syzkaller0: left allmulticast mode [ 711.202390][T15424] tipc: Resetting bearer [ 711.896762][T15444] Bluetooth: MGMT ver 1.22 [ 714.087653][T15520] netlink: 'syz.5.3147': attribute type 10 has an invalid length. [ 714.525212][T15538] tipc: Enabling of bearer rejected, failed to enable media [ 714.548093][T15538] mac80211_hwsim hwsim19 syzkaller0: entered promiscuous mode [ 714.572083][T15538] mac80211_hwsim hwsim19 syzkaller0: entered allmulticast mode [ 714.617586][T15538] tipc: Resetting bearer [ 714.703749][T15544] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 714.732227][T15544] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 714.747836][T15544] tipc: Resetting bearer [ 715.917883][T13019] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 715.928760][T13019] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 715.937294][T13019] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 715.950051][T13019] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 715.963913][T13019] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 715.974216][T13019] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 716.842619][T15574] chnl_net:caif_netlink_parms(): no params data found [ 717.149989][T10947] ================================================================== [ 717.158117][T10947] BUG: KASAN: slab-use-after-free in __mutex_lock+0x6cb/0xcc0 [ 717.165619][T10947] Read of size 8 at addr ffff88807849c0a0 by task khidpd_00070008/10947 [ 717.173976][T10947] [ 717.176326][T10947] CPU: 1 PID: 10947 Comm: khidpd_00070008 Not tainted syzkaller #0 [ 717.184242][T10947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 717.194321][T10947] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 717.197629][T10947] [ 717.200590][T10947] dump_stack_lvl+0x16c/0x230 [ 717.205305][T10947] ? __lock_acquire+0x7c80/0x7c80 [ 717.210373][T10947] ? show_regs_print_info+0x20/0x20 [ 717.215607][T10947] ? load_image+0x3b0/0x3b0 [ 717.220137][T10947] ? __virt_addr_valid+0x469/0x540 [ 717.225287][T10947] print_report+0xac/0x220 [ 717.229738][T10947] ? __mutex_lock+0x6cb/0xcc0 [ 717.234446][T10947] kasan_report+0x117/0x150 [ 717.238979][T10947] ? __mutex_lock+0x6cb/0xcc0 [ 717.243698][T10947] __mutex_lock+0x6cb/0xcc0 [ 717.248243][T10947] ? __mutex_lock+0x4e8/0xcc0 [ 717.252981][T10947] ? l2cap_unregister_user+0x6a/0x1a0 [ 717.258390][T10947] ? mutex_lock_nested+0x20/0x20 [ 717.263712][T10947] ? __wake_up+0x11f/0x190 [ 717.268159][T10947] ? __wake_up_bit+0x1e0/0x1e0 [ 717.272949][T10947] ? _raw_spin_unlock+0x40/0x40 [ 717.277823][T10947] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 717.283840][T10947] l2cap_unregister_user+0x6a/0x1a0 [ 717.289094][T10947] hidp_session_thread+0x3c8/0x410 [ 717.294236][T10947] ? hidp_session_get+0x80/0x80 [ 717.299126][T10947] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 717.305058][T10947] ? hidp_session_thread+0x410/0x410 [ 717.310380][T10947] ? hidp_session_thread+0x410/0x410 [ 717.315692][T10947] ? __kthread_parkme+0x7a/0x1c0 [ 717.320669][T10947] ? __kthread_parkme+0x162/0x1c0 [ 717.325733][T10947] kthread+0x2fa/0x390 [ 717.329841][T10947] ? hidp_session_get+0x80/0x80 [ 717.334737][T10947] ? kthread_blkcg+0xd0/0xd0 [ 717.339355][T10947] ret_from_fork+0x48/0x80 [ 717.343801][T10947] ? kthread_blkcg+0xd0/0xd0 [ 717.348418][T10947] ret_from_fork_asm+0x11/0x20 [ 717.353230][T10947] [ 717.356272][T10947] [ 717.358616][T10947] Allocated by task 9816: [ 717.362959][T10947] kasan_set_track+0x4e/0x70 [ 717.367576][T10947] __kasan_kmalloc+0x8f/0xa0 [ 717.372192][T10947] __kmalloc+0xb4/0x240 [ 717.376377][T10947] hci_alloc_dev_priv+0x28/0x2040 [ 717.381433][T10947] vhci_create_device+0x11b/0x650 [ 717.386487][T10947] vhci_write+0x3b5/0x470 [ 717.390844][T10947] vfs_write+0x43b/0x940 [ 717.395206][T10947] ksys_write+0x147/0x250 [ 717.399559][T10947] do_syscall_64+0x55/0xb0 [ 717.404000][T10947] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 717.409941][T10947] [ 717.412286][T10947] Freed by task 9816: [ 717.416282][T10947] kasan_set_track+0x4e/0x70 [ 717.420912][T10947] kasan_save_free_info+0x2e/0x50 [ 717.425961][T10947] ____kasan_slab_free+0x126/0x1e0 [ 717.431097][T10947] slab_free_freelist_hook+0x130/0x1b0 [ 717.436592][T10947] __kmem_cache_free+0xba/0x1f0 [ 717.441482][T10947] bt_host_release+0x82/0x90 [ 717.446115][T10947] device_release+0x96/0x1c0 [ 717.450823][T10947] kobject_put+0x221/0x470 [ 717.455272][T10947] vhci_release+0x15d/0x1a0 [ 717.459810][T10947] __fput+0x234/0x970 [ 717.463817][T10947] task_work_run+0x1ce/0x250 [ 717.468430][T10947] do_exit+0x90b/0x23c0 [ 717.472610][T10947] do_group_exit+0x21b/0x2d0 [ 717.477224][T10947] get_signal+0x12fc/0x1400 [ 717.481759][T10947] arch_do_signal_or_restart+0x96/0x780 [ 717.487330][T10947] exit_to_user_mode_loop+0x70/0x110 [ 717.492646][T10947] exit_to_user_mode_prepare+0xf6/0x180 [ 717.498225][T10947] syscall_exit_to_user_mode+0x1a/0x50 [ 717.503723][T10947] do_syscall_64+0x61/0xb0 [ 717.508168][T10947] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 717.514091][T10947] [ 717.516434][T10947] Last potentially related work creation: [ 717.522161][T10947] kasan_save_stack+0x3e/0x60 [ 717.526861][T10947] __kasan_record_aux_stack+0xaf/0xc0 [ 717.532261][T10947] insert_work+0x3d/0x310 [ 717.536612][T10947] __queue_work+0xc39/0x1020 [ 717.541222][T10947] queue_work_on+0x121/0x1e0 [ 717.545828][T10947] l2cap_chan_send+0x3a3/0x2580 [ 717.550713][T10947] l2cap_sock_sendmsg+0x1ae/0x2c0 [ 717.555756][T10947] ____sys_sendmsg+0x5bf/0x950 [ 717.560630][T10947] ___sys_sendmsg+0x220/0x290 [ 717.565339][T10947] __sys_sendmmsg+0x275/0x4a0 [ 717.570037][T10947] __x64_sys_sendmmsg+0xa0/0xb0 [ 717.574898][T10947] do_syscall_64+0x55/0xb0 [ 717.579320][T10947] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 717.585221][T10947] [ 717.587547][T10947] Second to last potentially related work creation: [ 717.594126][T10947] kasan_save_stack+0x3e/0x60 [ 717.598805][T10947] __kasan_record_aux_stack+0xaf/0xc0 [ 717.604183][T10947] insert_work+0x3d/0x310 [ 717.608520][T10947] __queue_work+0xd2c/0x1020 [ 717.613111][T10947] queue_work_on+0x121/0x1e0 [ 717.617703][T10947] process_scheduled_works+0xa45/0x15b0 [ 717.623255][T10947] worker_thread+0xa55/0xfc0 [ 717.627847][T10947] kthread+0x2fa/0x390 [ 717.631918][T10947] ret_from_fork+0x48/0x80 [ 717.636336][T10947] ret_from_fork_asm+0x11/0x20 [ 717.641106][T10947] [ 717.643433][T10947] The buggy address belongs to the object at ffff88807849c000 [ 717.643433][T10947] which belongs to the cache kmalloc-8k of size 8192 [ 717.657486][T10947] The buggy address is located 160 bytes inside of [ 717.657486][T10947] freed 8192-byte region [ffff88807849c000, ffff88807849e000) [ 717.671369][T10947] [ 717.673693][T10947] The buggy address belongs to the physical page: [ 717.680101][T10947] page:ffffea0001e12600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78498 [ 717.690251][T10947] head:ffffea0001e12600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 717.699182][T10947] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 717.707508][T10947] page_type: 0xffffffff() [ 717.711839][T10947] raw: 00fff00000000840 ffff888017842280 ffffea0001e9dc00 dead000000000003 [ 717.720422][T10947] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 717.729003][T10947] page dumped because: kasan: bad access detected [ 717.735417][T10947] page_owner tracks the page as allocated [ 717.741130][T10947] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5449, tgid 5449 (S41dhcpcd), ts 45584540867, free_ts 45552991264 [ 717.761450][T10947] post_alloc_hook+0x1cd/0x210 [ 717.766224][T10947] get_page_from_freelist+0x195c/0x19f0 [ 717.771776][T10947] __alloc_pages+0x1e3/0x460 [ 717.776374][T10947] alloc_slab_page+0x5d/0x170 [ 717.781058][T10947] new_slab+0x87/0x2e0 [ 717.785138][T10947] ___slab_alloc+0xc6d/0x1300 [ 717.789821][T10947] __kmem_cache_alloc_node+0x1a2/0x260 [ 717.795286][T10947] kmalloc_trace+0x2a/0xe0 [ 717.799707][T10947] tomoyo_init_log+0x1104/0x1f10 [ 717.804649][T10947] tomoyo_supervisor+0x32d/0x1080 [ 717.809693][T10947] tomoyo_env_perm+0x14a/0x1e0 [ 717.814485][T10947] tomoyo_find_next_domain+0x1594/0x1a60 [ 717.820147][T10947] tomoyo_bprm_check_security+0x116/0x170 [ 717.825888][T10947] security_bprm_check+0x62/0xa0 [ 717.830832][T10947] bprm_execve+0xa51/0x16f0 [ 717.835344][T10947] do_execveat_common+0x51b/0x6c0 [ 717.840374][T10947] page last free stack trace: [ 717.845051][T10947] free_unref_page_prepare+0x7ce/0x8e0 [ 717.850516][T10947] free_unref_page+0x32/0x2e0 [ 717.855204][T10947] __unfreeze_partials+0x1cf/0x210 [ 717.860324][T10947] put_cpu_partial+0x17c/0x250 [ 717.865096][T10947] __slab_free+0x31d/0x410 [ 717.869524][T10947] qlist_free_all+0x75/0xe0 [ 717.874031][T10947] kasan_quarantine_reduce+0x143/0x160 [ 717.879493][T10947] __kasan_slab_alloc+0x22/0x80 [ 717.884348][T10947] slab_post_alloc_hook+0x6e/0x4d0 [ 717.889465][T10947] __kmem_cache_alloc_node+0x13e/0x260 [ 717.894929][T10947] __kmalloc+0xa4/0x240 [ 717.899091][T10947] tomoyo_supervisor+0xb70/0x1080 [ 717.904123][T10947] tomoyo_env_perm+0x14a/0x1e0 [ 717.908900][T10947] tomoyo_find_next_domain+0x1594/0x1a60 [ 717.914540][T10947] tomoyo_bprm_check_security+0x116/0x170 [ 717.920268][T10947] security_bprm_check+0x62/0xa0 [ 717.925213][T10947] [ 717.927537][T10947] Memory state around the buggy address: [ 717.933164][T10947] ffff88807849bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 717.941246][T10947] ffff88807849c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 717.949313][T10947] >ffff88807849c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 717.957384][T10947] ^ [ 717.962506][T10947] ffff88807849c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 717.970573][T10947] ffff88807849c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 717.978636][T10947] ================================================================== [ 717.988269][T10947] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 717.995499][T10947] CPU: 1 PID: 10947 Comm: khidpd_00070008 Not tainted syzkaller #0 [ 718.003412][T10947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 718.013484][T10947] Call Trace: [ 718.016767][T10947] [ 718.019703][T10947] dump_stack_lvl+0x16c/0x230 [ 718.024395][T10947] ? show_regs_print_info+0x20/0x20 [ 718.029601][T10947] ? load_image+0x3b0/0x3b0 [ 718.034114][T10947] panic+0x2c0/0x710 [ 718.038026][T10947] ? bpf_jit_dump+0xd0/0xd0 [ 718.042551][T10947] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 718.048450][T10947] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 718.054348][T10947] ? _raw_spin_unlock+0x40/0x40 [ 718.059199][T10947] ? print_memory_metadata+0x314/0x400 [ 718.064666][T10947] ? __mutex_lock+0x6cb/0xcc0 [ 718.069350][T10947] check_panic_on_warn+0x84/0xa0 [ 718.074295][T10947] ? __mutex_lock+0x6cb/0xcc0 [ 718.078981][T10947] end_report+0x6f/0x140 [ 718.083226][T10947] kasan_report+0x128/0x150 [ 718.087824][T10947] ? __mutex_lock+0x6cb/0xcc0 [ 718.092514][T10947] __mutex_lock+0x6cb/0xcc0 [ 718.097030][T10947] ? __mutex_lock+0x4e8/0xcc0 [ 718.101718][T10947] ? l2cap_unregister_user+0x6a/0x1a0 [ 718.107099][T10947] ? mutex_lock_nested+0x20/0x20 [ 718.112047][T10947] ? __wake_up+0x11f/0x190 [ 718.116468][T10947] ? __wake_up_bit+0x1e0/0x1e0 [ 718.121244][T10947] ? _raw_spin_unlock+0x40/0x40 [ 718.126098][T10947] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 718.132085][T10947] l2cap_unregister_user+0x6a/0x1a0 [ 718.137301][T10947] hidp_session_thread+0x3c8/0x410 [ 718.142435][T10947] ? hidp_session_get+0x80/0x80 [ 718.147291][T10947] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 718.153189][T10947] ? hidp_session_thread+0x410/0x410 [ 718.158479][T10947] ? hidp_session_thread+0x410/0x410 [ 718.163767][T10947] ? __kthread_parkme+0x7a/0x1c0 [ 718.168720][T10947] ? __kthread_parkme+0x162/0x1c0 [ 718.173762][T10947] kthread+0x2fa/0x390 [ 718.177832][T10947] ? hidp_session_get+0x80/0x80 [ 718.182687][T10947] ? kthread_blkcg+0xd0/0xd0 [ 718.187283][T10947] ret_from_fork+0x48/0x80 [ 718.191717][T10947] ? kthread_blkcg+0xd0/0xd0 [ 718.196308][T10947] ret_from_fork_asm+0x11/0x20 [ 718.201082][T10947] [ 718.204325][T10947] Kernel Offset: disabled [ 718.208659][T10947] Rebooting in 86400 seconds..