last executing test programs: 13.221447665s ago: executing program 4 (id=672): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 12.943462965s ago: executing program 4 (id=674): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a30bf328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d12e7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de83150199521e525cf14a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b5879f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13776204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cdd582699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caea66e789115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edcd3f35cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000100)={&(0x7f0000000340)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chroot(&(0x7f0000000040)='./file0\x00') read$FUSE(r0, &(0x7f000000a180)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(r0, &(0x7f0000000240)={0x28, 0x0, r1, {{0x6, 0x3ff, 0x2, r2}}}, 0x28) syz_fuse_handle_req(r0, &(0x7f0000006140)="e0332f8f5747b9f778142cc174a9b5f0244b78bb6346cb5fc9135b8220090ee698fddc241870359d32327f299718466d88c89e68097036bb35abfe03e3c02234dcdb2c7d1209c657485ca1aa3f2fb80e71397b80fca6f3cf2367fb19eb95e5b4a0170063374645d9e020099ffd7def3d94cd29412b3d7b7a47bc70121be848cfcecea78d41a93622b134bd06e84dec07a9e5abc29cb02d5b9091e748cffacf48352628822bab7b24a17bdf4b3f3bd9fb17793496aa6490da3f58039ce5b40745dd63f82d93bed80b50ca5742d67d39029a98db95c9392e2d5fd9a35bad30cfe98682b5a069738a12c3cfd25949106cfc839202fd21c2b28e44be73280d5037351ead2dd1c277d9cc9088c6b14365eb0937ea9685f6b26232293803260f2c8cfe176b55df304bc2865b8f52581afc4beed445ae8cc405cb7bcc51103aef812c41437c5b070a3591ad0964677f4f9017bb300727dfab009056bee3671a9694be2e2f2173fcc06ceba5aed0d9da697cd88365c5c354788efcc705e90d572e34e9e566fc206a8167970ecb9cbc43f4d9de4d43688582b6600dfcfc7379c831e756a45835647bd87879a3e3942c61b9ea2c2af35d49a4caa9a109b0beb972996ff8924ea371e15dc48efd12b1203a7f1fe354977fcf9e4ee2c8f210387e551ddb55e5f67ee6bb9bc8772649693b0adf24606e8ccc59f020834d8cbfcadfa1770549fe464dfc412308fbaee8d30bd20c002794bfb923bac6b490841248d12ad9a0e54d1d96e3aff5dc4930a6c8b7c75264a46af7a6339725fb84e0363463ebaaaf58d6b9309ae7c87a8df8c68d2487d684011de1fa7645f3f48cf3bb61bee8bcace2f8ef5f967f2765f8086aeaa5dcc34c84e379a7ddd6438cccb5b8098dfbffffffffffffeadbc4ad2b2ef98412a46f74a171ad056429dbb723cdb9ca9f9f03170dba2870e5988b7cb755599d1eb8f7eaf5c8ded4b56022cb479d0bdfae18f69f9ecc42f4c181ea10838229ba5db7f088ad8d5f77e49c1fd93ed6b983c43b23c7eeb1233f0c114885057a27cd3f67a309e3fecba241836bc92308b830b10b04af6c9595b44e859b9ca7ef079e151fdd500060787be3a7a5b3e23b06ec70f087134504f8b8e7b6799ebfe14f698ba7a813a380e6f92cace9230aa8094a2465f7224e2becad469d0aaf0e48b0098eacfb17abdb69bb2ebba97a09d2b739b532d70db91fcb0fcb38bccdc01d7c8113024ea8b619e385e58d31899721416e10b408504a9c4fcf870d21051227440a616cf62f6637b62eceaee09029f88009be02269cb5e5ed090c6f5e6c652c31214aef301bd23ec2504f90991cd27539c1b8b54db51825e951d076cd0e70f56de4b91894ce22049205483a0fe7d7886b36118bebd96d138980e26604b6e70a7275c6b81501143119a8c2c271558202eda196704ef9ae3c33301e1afbe56d069ce4926bf531d960f3df58192f3da558adc169d48d39e24e04e95c406b34b1f4ed2726ef0f6a67dd84c75636984191d019cebfa883fdf99affcdb4c874614a5312455403895891daf7469d6721583ccd1290ab05b14516f22965fc52c4a528f1a5c20cc133fea279d9efc991ec4d51d2654daceda234f6d3b0c635db697aba3eeaf8356319adba42428266ac09a6e6495ca8f60c1c4e052068511696296e88ef86a591948627ba97df634e0063eb5f208df00a069b1213c29e58cf76f591253d60de9d7c01d29992ccc728140299c429fec0df9d90f83fa2467ce00de83b16d10c7edb80ff8d4b1b19eea9bd1e2783a0d41215c9cf23bc3ca1ff414e3f29aadba00c5a8d5b44c28c10e99140e5428278e54bfd880a93fd1b54b560422ab2bfcf120a7902373b6442c6e9867b19aa0a6b77b1634ab6fd1c8a1d90d99ebb9ebcb89d593562b266fbc53c40501f9298690283c45059b3f6ee278e46cb3904c947446c28af8855b2a68e6e0c0da205a6e12fdd15b393d579039b31c1a54230ac2ea13cf1f5540046b4dcccdd731fff7323c4880e5d2d8668d8a7f08920715c17ef9652eb55f224c82a6fdb970dbf1032403f283bd868a23f4785a6ab9c0bcd2308dba1a1f258ae512cf64784e501008db366ab7093a6cc4b6ee86154d44a1a15c10834602dd5ccf730f6d1142ac19d113496dbcb80021cb5733924265d082a8453b5c21e0245e4a2627e8df090da6a129ee49c58c1a7437369acdee15f5e4e5638f05d9f6391572d9890219def702a013a2b05239664dba44feec2a9508a3200b47de03e6a784bca2f3633df534af33da0a95a34ca845b61a22ff55a5a4c04ff9e06e7162f458a8c56e106e75ffb76a921f4057dd73d5f3801aa78ca4c78d6b79bce560404c2fe3d57876287f73e84c27c486ffb997951f9e0b3aa81a5e7804ac7360add11e7851842d0ed8df041c999e50226fef006373bbb53d5d8e9d1653924e60234fd0b6645b821746f3d88591ff66e294e8e958ca425ddbc7d604f7cbbcb9d5fe0d4ad53878eb16bc801def1005e1eb12a6d4924d2179948e7aa542f2600ba3c6c600629d64c529c7326c1f38aa4e1a6cc259e58f86400d65d67856c8f4fffc33ad4c279dc05367307f562f8127f37b03c3cf38a97cfde0c02aad8ac40d347a9e0a496f227c068dc6c666fb2b6a18990f607399b0707d135752d93739e1840b5b4c125c81eeeb318869b408f87778451e49f3ad988a8aa97672989ad367833ff7e7f0e79c37ac794fe466623e122127fb94ebbc01bc775183b26b2dc407b1aa1a55d4ce04dbe1df4fba0377fea4c4bfa5a37c4dd733fd116b9c7f50b11dd512ad68646b9ddca295fe27bee78476901fbb5c8d2856ae0e9e21ab26e3587c1325f1fa28edb4081f2ba309d5fc39f7f54abbd0d5a152c2f7e3a8b3a5ef6e097b109061c91124f41f33055a7bb86706629f614d40346715cf2fe387ef4e4fc6646839824d3ef85eeac85bc5e681320f6fa7057e0a10de8c4678b48510f77b91bb397dd1209eaba8ea1f237c348e9e0d7af1229e2c04b6560e48e3a7491f3066b63a8923becdcfd8594c1c55098a51283b599765b049831cacd9478e5e996c778d524b476f6677218c94886d7548be7617e5796e35bb3c9b13d70e4897867d85f0350e9329985f051fb556b861aef7dead54e6b29b9ad837cb4774f47a5371ef034612aa0c151345546b876b53e9f2c06e3ce0113e67eba8842f4ac5b51a61315bf050078c710dcf14371d9593730b1d0302ef999f488bbf42b7360171da98ad68932bda4937358fd1d0c2bcd04f7dbe2beaffa0d53cccda316cb19270cf4aa56695ef3203b49fe92d1623cc1d714da6b8f94112db1781562ab2ae50bda23debd55da440434299c992f2f8c264310d6d8ccdd042737db0253d6889d8bf36fe99a131b73300c9798b8fd58b5fc681b97e71230cd3094e441fe5cf1294bbc28f41146f06e39d5e19e673dd489dbddfc16fe281160a8008e375025cbf25e84945f2f0a5ffb2cd58273328ea9d7533b2f0861eff95823cea18dc1877183fefab808bda0890f91f1d79b36953b138fd62caea3411900647a4afadfecade2ff6274175f06614d108daaf9821c413a137e33c826957953bb39e2d852097f978c3577abcb71d68b45794247d8e82614979708f6d6d0e469828206b22913d6d320d815d42c0d943640c63196f703f946089f535eac511e26c6a5a529e875eb15aaf65fd50dcbaf37a009f2f9081cdbc744cf7aa2336913e89f1961581ad4bb6aeb1d23a787e2d3f99639871df5842c30581263d5139128f0a3f37ef48bb636d7aae06581de6baa55a12019d3ed831950915fdc1eee819dd01047bda606f2852699529718c99606246a92bb1dd9435d8f3a48646c0e423441bc783be358c0c91e6846419b6c0a81354500cb2721834dc11ba40c3bbe5717e5142922a168ca0e20fc269ea584c7f68ff7cced62c4277385368b4ad596b79c45a9c4575c37f300cab37a5693cb777fabed412934d3a77505b17cb2628119ddff45f3fcbffb50386eb9cfb6f82b37fa852ad4b65bf8e2898b11bf051cb7fb0fa81cbf81b9ceebb05498aeb2691eb15297edd682976d5a4f444cdaa82f063bc4482c28c4e6257c7cf3e5ee5a502c6527b77b12725e7526ff896ee2f8066536dce04d63072a34c19d533d4dbdb93e7185482cbf7510c5eef2f8aebebad011727cd8061a367b7e1868252bb43d9a74c9c6a10539e357d5367fac69a9296fe5a79a2e5b45950ff462e0e882aa32ff7f29b5644e5311f3e0b076c58683de29ad9dd8b2c92a41ca8313ac997e44981e82aec550bbf6c88adf3d54e9fdf93d9dce95289e9086043d888f19d209cbea79f8f5b2c81b2c3889eae1cb5305e282b883c4cfa3798eceeabb442a74ff6a8470020a296ef01d8e32553663c844e67e5a3a44375f0074ce9547a6c489ee86d7652219491f35c6b904d51a26c3d2cc77d8ff97050dd0d0aed4a1ecf1db7ac48673a1dcc70ac16f709dcf4b90148aede5302111ceaa3a81c49b724cfa206283b62513f96c1da77efafe2d2d08a5f391ab690b5d974ceed2e95e85b1039def0e94c79cc0aa1de1f8133e985adfadf4a657710487b265bb6692fd2b91a06ac98d50b052b8a13168e2638b93209238fbe67f4590a81a2cdbcc479ca9178720a6ec05bc9457f27ad2e2fd2f4e9c643ef85b6287a01f7fd597799cce7d6464ed3c95110733d4ba92314ba3dd81e51f541a6e37f8bb14376e41560f9049b4ff349a467defc205f915a345b5f06d090645180ca642c719f03e9813bff7fd635660efe38b022130d42f2cedd792bcba2bfb14385c6d1cbe5ff2e38c22f1f8d5e4d93d296042507e43f24ff904827b16f2a3572d26078d7fdb0cfdbe2e6bee07b94ae441e510681c96f97ef0ddbd7efbd80ce0689f6e2022a189dd2937d3eadd82a154a5fac91b5ef48523706957b8d5f55077973e9a036009d745a6df39ba154dc59c4ef784d62b3f2d782dc508242a1b0e4cc294b6e62e98ef946f0d984c3174cf86b8a0beb615f046ec50dd0c8a9c0f36df60bd162f1130f894085e7c47b6c28ff336f5d75166c1840e7ad07204fc10ce976505f6aece0316d8c65b973f61cea2fe4c6db722717985c25249f041c07a86b878702a8c9ab7c33fe41039041aa38489b02a28f18d69ab34619e9e35514c54592c8059984ace64b5302b5f22d68c35c7ffb23c63ce877a1e1b160dd2c329eabcc0e1e3072021bd811de3c0c7a68af20ddb9e2912b7eecc2a8cf083a252d0fe31629b20559f7b976e4d8625644385c692b8cdc2886a42d750962d0dee10a1546ecb7ef961216cc456d2450a44aab07014fe0be076ca6bcb46b644af844b2ad8b3817f1895a5d579af3dc937541f4b7e9203e7a7af534b406d8f6e3bc555d767603122ab1c4e62de19d6af63be8e39fe45732859d6d92e11f1a847f7d62764b6364aa7f95f03cc7deba178fb03a467da5be71657ae50ff6bf93c51efb7d19ac9887e92fe5f3c9d545209eff307c9e02073bd3404827e148aa63c135ed668589bdfec38cb47716201a9d02f1b03993f89e96b33b32e52ddffb0580dac45422ba7a3fef76e519a3dc8d12eac60c2d2f8c4303aafa3e80135c403360d51c9cdeba3ffb31e664302f587e0e983ede7f9b2bfe2bc64bd5029cfa88445e043e08f3e9affee25e980e75d2664738726e3d2eade7dce0ece78a514bbbe5a54c121374d079e3b05996052d66889742232b73e950e1a9892e7352c9e546a8cfb48332d2b2be6327208ca51dc2869a562581947f62b0d5bfb3e0911d4854f822d6738b4deb195840d2bbae0b074b8d1e1010c24ec00052dce7d259e3044aab1a99d261fb3b49cf09dfc85473f94db06d49e202ca12182283d48144f8389a5301679901600bf8130d36315b277a99204b85a1598f84bd2d4c4893108f6717bf44234181467d6eeee61e1823268b5c60bf04d0e13e429f411b51adfca20ff1a1b1eee203d59b03da1643c3e9fc474a91470116c6c5275542adb10f3adae2ae87e88b93f334e0ceb6216fc081e8d84d8b0a503196dc50599b22b89b807627b427a815aea0dbca69e5fb215ee996395d8a21a1c67ac295be33c6517504e1f00f579f8c484873cc670b5b9e787b1c30ca1f0b25f8bb8f4bde3b3f4fa730c292cbf97b25068ba9c65f78c555d5f75d52a57958d7111e824f3afa16484f625abf62afc80654c36fd9f8284466422fb18e08274e8febc719d45b784974d50d187ad2349429af3f7930252a4d45997762e9d5f5493d408ca144532aa89aa3d43c46951dafb8f81794e2e9679ce238cfe86e112f4f046d87feec3be04461032819d62f217faa71fa9dc6da8861015567d1f7309090e25b7015dcc6d72a5e7ba53296ab1bc72467ac50831628cf5238155aed3fb189a8b527ebd38771e16454fe51e3edde55cea454414690491207c23f6cf33aaeeda432de2d1ede04e039a16245e66cce6f4e4ea534f290f02a2a81a46d6ffea7967dfbe37461f83d472091156594852823392efc953f4ac099d74e2d0328d9f47bd952352981a34055acd0273309484ab56afa85ff0c22fb53ac5d7cc8e346b4c2f38a4e2451738146b7b90c14f826c7dbc1b2be79d83772a8d629f2dfaf15286a15be1ea22a05d4ee3de6a6bfb7e208dbbcc88e77baac940d6438aeeb77c3a32db08b46e79545b65f7f3c1bd433092bc9116668c338ab35c01cb5871167868c6b61bd4c0ca5f96e5ce2465da06c4a3208340d5bb9a32fcbc6f691787de7211da062616272c77c62ac83e4cb29fb954ab27d9009877b79be54acd336bfe2a6e087abaab004743f5ea4ec8ddfb8086920e8e458a413adb98077a3cf860513cc8a453eb129556c871be7e7232a6130c4332819ad17b289fdb31f8f8854dffb4cfeca6d792567b444c750820a2a8a2e0f93779e61a4966650909369fc8bd5bd2bad4ff95cc8a14f6cd83ae6411b4bfe1a9b5cdf1fcf32c54cef1731edc47d41fa581376b25006fc859b98805d70a157e501a2cb2ab425340965213adfecdb5addb2b4b2ec5cc6935e4e279bb98283fb20dfcd8a2c91aefda9dc5a57bba4d8803d1eb0f4ba9529de01e39c2aa60a91267c31d036a3f669b9377661837f58c6950fdf38986ea13ff5e9c4d966bf999002da1a854d54aa225b259d91eb88425328e7d13b06dea321a151a8dfc44755214da97168e8acf027d66b7fff45ded94fcde53ff80342d4595644549c4ed827225596e2b30480e94eb049b6cd718fe8424d044bb5098e0206047ddb81755e3cb92131dd47ec754b64c4b78f663e364cf8a74cdd9857c81316dc4ccd5f02a84b310abfbc9d6a23ee6d1eaf6b8fc1544cfeb06002c8a40fb0e49859d2073a7b1cb112713518ad5e007d0a256f901469bfa5cae98841f877faeb584d41bfe695da72ca5700ae085f39c99f769502ea9f43c0b84ca4611441d5adb3e5d0a426297e535258748169cad487f97d171c0630642943508206ce648aad2971297f3d4037d73e5fbc73460ca7401b7dbd7807273ae077a81fd0d4bc90b6068e3ec95afcfeab16619306fb23942a4308e8253b35f4912df392dfc5daf35dd842a5a1f78fc294cbdbd504056f0c7779121b5b3db7461e43f347452476f3b0bb22e63aa23cb9d3e797c6c95513058d8fb2c27864ac0e1f5001c988e29c79bfa4236c7be41dee5561d825c1f0fbebc0c06cc4712e88ad5efd94f4eb4e93794af42a9752a2ebc57dc2f3881c75bbb23ad25b69619f9f5b07fe114ba291d2b5b4c1c175e1aa3ee3eda55e6126b3ad1e613bf8e0bbac727b879e7796fa0ad100893677a18b53f5eb31db43a97370d3749afa92fd0291fa96b05daa6beb43b9c1c11d9515976976d1cc1e44f35d317299ceb68ea2545f2a2b92b4e1046f6f92c33aae6995593189bb2611576599fd765b8e6fe2e88674ffd57ee8252287b1904d622c36a502db45c72b0d5fc3d983cc44bc955eb43911404667a4ab147d72b69ef2514dfb820ad75758e85df88499cea94ed658b4c1c2f49fe2bbb8d2dd97f844a6df289296cfb9cd5bc8d17aa235e2c4501b1422b25acd6dbc3a91d03904c545320524f9034955ab02f5d058097c37d23984baf808d28b3e12821eb8919a77c1b6a8bdeceecfcc487c39db592817dd378a7c5127b427e7279b2a82f6b8eec6b3fabe0947e353e7a386475b15011de93e2f2891f772ef90f4aba1ee1c4d7321c81ce4dcaa378daeabb93182c319494436dbe67d252a01291cacb59686ebd53c6df21c083e98fa299cf5e9b59f1ccea95c62b1437c8ff8754a6372b5b879ebc3241f6430871eafe35337d75cb68c42862846df4342ab434f7f0a7b9f66824e1e696e3dbecde179592774b7511e5a7a1a06ba601eb5f2a935c7cef0f83ecd412a84afdd05120fceb1afb6445ebfcdf12c2287bfb75dddccc45afb4f5bb1308d39309c92c0b61a322d5229881fa5d598113cce54107036ca9f63fe863d257c706fe89d5c7ae59a459c6f15ba48d80da4aff541797b26418acddb987df3544bc4918cdbbdd8dd1bc2163c89635044e7b4da878457727a667c0146a12b4c46639497243259bfe4aa5ea50eb79f39fa9209256c9a685e3e39d6d8b6a9ca7d3554fbff0908ad6c6ecf68e506c20b16cd4a98e3ada9eb0cb3eb0b75b13b6d80bf99eddf2282da52cec085d3a725b71c29395d605e1eb26143290946a3a0d24347fa46145735dbf4eabc12150b8d5f7eeca804d7ed1fecd0132d1b94ebec65cbc07dfd4d54a5140567e77c646bd92666922c43aca8e482c59b970fa43087eb76d6715e4e8e5ebe54ca391383ef685b133534fcc1e5c5eb56f9d76a888506c4ac8d289c37039e0c4f927b0e11e85c5c7ec1cf4b19bebee6014cb89ee57f2ade8d166005e956d46a0c01f60b58299479e8a59a2e88f1a7ffd08b27d92fc2772b338959bd0a1c9cb95075c3cc17043c818345b29b76c0b8ed41c8c7259cc780c657cb9509daec1558453cfe061f54e08523a55d3223897559d51096b680802144f1dfbc114cee5ba322e007c2af0c08867291dd732bfe4b24d1d5ae517a7f5903c369ac6b157d42eb6ca8c0d7b50fd533a56c814e7cf04db3012eebd53ec1b123d65ab1e462d9f9182b690d56a88ad5a1f4d89f1749b005e88085505cc6d7de8eeee08def67bc1d1519d44b7a62dc07e491f328f786956d9200f00d78829e6af7c1a5835366201374b9487330920d4c57e2f7073292e173acc2424bb0d5e0e9448b4c02f9cfc99bc408110b6a3e9bc3799e4b178c2871069bc7d9ceba564378f02b2932c36f159478b5facd452b595a86d119216af9d860bd3997305320159a69a70fc62284141d23d2dc1e5394b271d99e5570450f1c55807e96c7cbe1b7c2e3e96f69fecf0f375e36e0d2acf319e37199e98486a8d145ce2d996c1909402744cce63664a75e480b197c345360321e830e5572d1d7bfe5a129a67fa98e6eda5268fa588047859daa11d087d0dbf0ccc7e120e3a5820cb4f5dc06748317e3f866518eb66e39dc8a68a7411b3403fc8eeab8283dee4d767e8e5842ed922e03ae5b3c9c494d5ebc61527ccd1222740fedd9e469ba6b30761cf387d654081c7e63182860e4548748058914a9cea01caf074fe6a78fafa2b45c516f9f20af9ac6773a400fa9661a872f6b55f0ed52a9be9e9c35502604b924f0eb628d6545da322e0713f9a5587e87e4b04fa495423b7c72093b764adfd1430a2e608b7af3d2bf80fef00e5b69abe386618274921ff57621bb99739de2e066ff17e95eba027f6a35170af3a69e93359a9643e155832d45c1aa9a8f71ad35504b99d3d0a1c11ae108664ea36f4dcded083aee17ac9efe7ee3fdf7b63c7c09bcef62caa88708510d45cea79d323083ddbfe7e5d3d9138f206a7af82ef1d26c85015c3e55a285a35d0052546493536b9061db27291a9292033753b7bddac63dac6f6271689240e43523c434a65e1d35299e386c953d0c92f21057e0b7883e049d20961e75069587eb3df6206496f76bbfd96635bb19837ba2ab193d79072ffb8829306b63697ff104a65031b8a38c24cca9ba23d5cdf753169a00fe2b2c3849f234a7029b657b3324c10d553e601aa97d17024f7bf5a99f96392f4a079a83daa27f4e3b512ee8536e764ce4dc36fd0874dfa502a693e55bd9f116202c5e906703e2c43d84448598b7af78aa60a205c152841e75e23436738ccaa6bbcef87e6a237d86d1a5e38e56c162cd6d61a4fb8b410b1643ad557a22348edfa82c23db11c9abdd8141fce263a66537512e93a930a4801ad862a902c7c1e00eb7c7466b1351318b7196c2a9016c55a05e104e124bdb568132f9397e31b10d04e5284bd029ea2f6a3ed11854e09b5871d6a725c21a9ef5d7e729a90a8206d5f61e6e42e47dda3e31b9134d47872a0dd7a576b665ec6ceaa5fd7d85ed7feede9ac9fc23e40241c0318077edda75b62eb271e28fb3705f7b4950c14b721a3a74a7a4e4de02cef5de76a1602b906016c0892ef37db51b0a1dd53f28b3d896f20abbad1ad0e0220960423267fc6e1779d1150fd584dd184bb43278d2d68ff21ac0daeef5408348cb80f4a9e0e606f6048bbaa517289451f084fffb63c5d904788cfc310b5495528a58f4650dafc4e4675b99d35ebab710ac6fefcee6c51a2835510fb6d2dbd8f97c3e53fb7a23c3f3c0283eb2271504581b9c1fa31e35c117e56a5d668a9c57df3b4e1129ca019a8b877fa4a22768dfbdd9d2154e17f4a7755b065090d88982471bfb242d89af5c6782693a6ab1b1be74dfa5655ac3b5ef4ace8dc595803cf4025bdf5c0e9fbe7a12a3a313311809591da08a2cc6cd8480dc960e1f79fa208440a0e589be5756c36d5830a51c4bdc39c2a85c0431bae3a7331b2ffdf23623693d343a7938a8a8a4dd4d523c6450a705bccbb38427f06f4f84a18adf303c0ddecf4ce2b6cdde4e09a4c31816195f0fe9f05fcdc0609f8a75ad2f23d5c24faaf346c13ec0512a5c29477ac561c878085d1a323f6bab08e2fb9ee57d7bb621ef21caf3609d74036c6dc1d7be0b6058d89dcb8d9aa4462fa0a740be66e3fdaa957f27c5a26dc586ac8c927ab2d7cf1b761798ea4191be8f4423cf1a6727d0c5f27a9969a753573afa584dea82678f3471ba36d726c396d68c671e579120f1a11cd50fa66b26fc2d6cb74ba07edbd5d3a288cf58ed1255381df02b2fb8983b7cf833433d1ab8fdef12651c3507e4b69fbc4b234678cca36761e8da434e5f036f204a1400da15277ef27ac140e2d574b89c0fd617da27e6ce862883bbe81c288834b9477d0d440c15dad505b363fcc1cfef8e2e3a96438809505844196acd0af751dedfced67f209c2ffa9c6da842c93ff4b5fd54a67df904f2f31b4236728c99582a667a8461d397770a657ffa7d514b0f076d7f35e9704a836e7882a2acf0a0ec2158ac7234953c3696abdc791c0b163ee76fbcc5adc18b6fa0f51f76f3d313a0d891f1deb69f6e44289b1aa43a768b8d13270959763a2c45129daeea493a5b0d7b36753b223dca9a8037368653400", 0x2000, &(0x7f00000005c0)={&(0x7f00000002c0)={0x50, 0xffffffffffffffac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 11.00990453s ago: executing program 4 (id=679): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) 10.063490547s ago: executing program 2 (id=681): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], 0x0}, 0x90) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x0, 0x4000}, 0x10) socket$kcm(0x2, 0x1, 0x0) 9.908632773s ago: executing program 2 (id=682): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) shmctl$IPC_SET(0x0, 0x1, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x54) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x3a) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth1_virt_wifi\x00'}, 0x6, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'ip6tnl0\x00', {}, 'macvtap0\x00', {}, 0x0, 0x1b}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4, 'team_slave_0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8) sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)="80003ee9620ca1ce", 0x8, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) 9.79630821s ago: executing program 4 (id=684): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[], 0xfdef) 9.19506356s ago: executing program 0 (id=686): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, 0x0) 8.580317069s ago: executing program 0 (id=688): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x80000c, &(0x7f0000001200)=ANY=[@ANYBLOB='nls=ascii,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c706172743d3078303030303030303030303030303062622c6e6f626172726965722c6e6f626172726965722c63726561746f723d7fcfb5b72c706172743d3078303030303030303030303030303130312c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030302c6465636f6d706f73652c666f7263652c6e6f6465636f6d706f73652c626172726965722c6e6f6465636f6d706f73652c747970653db029e1c02c7569643d", @ANYRESDEC, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES8=0x0], 0x5, 0x6fe, &(0x7f0000000b00)="$eJzs3TtsG+cdAPD/URQluoAjJ36kRYAQMZAWFWpLFpRWXeoWRaEhKIJ06EzYckyYlgNJKWSjqJU+9g6ZOqWDtqBDke4G2rlBiiKrxgAFsmTSVBZ3vONDpEjKliU1+f2E43133+O++x/vjuRB+AL42lqdj/KTSGJ1/s3tdHlvd6k5tbs0k2c3I6ISEaWIcnsWyXpkuTfzKb6ZrszLJ52G/9W/nQ8aK29/9uXe5+2lcj5l5ZO+euNVBlft5FPUImIqnw+aPqTFjw9uvq+9W4e2N6nuHqYBu1oELv70TK3CM2sN2OnkffTv7HWgzsVzneRRzlvgjEra980BcxHp2T4b0b7r51eH0sn27vjtnHYHAAAA4KiqR6/ywn7sx3acfx7dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK+qfPz/JJ9KRboWSTH+fyVfF3n6DBo/EOKnM+35k+ffGQAAAAAAAAB47l7dj/3YjvPFcivJnvm/1vOM/xvxXmzGWmzEtdiOemzFVmzEYkTM9TRU2a5vbW0sZjUjLo6oeSM+GVLzxuF9vHnM+wwAAAAAAAAAZ9zsmPx704Prfhur3ef/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFiQRU+1ZNl0s0nNRKkfEbFFuJ+KTiKicbm+PJBm28snJ9wMAAACeyWz/YjI7QZ0XHsd+bMf5YrmVZN/5L2ffl2fjvViPrWjEVjRjLW7n36HTb/2lvd2l5t7u0v10Gmz3x18cqetZi9H+7WH4ll/OSlTjTjSyNdfiViTRypTyVl7e211K5/eH9+v9tE/Jj3IjejPVk76dvlz5OEv/sf9XhPKRdvEplQ7NmctypzsRWcj7lta4UERgeCT6js6wt0l55JYWo9T55efigS21+n9mGR7z90fv87kDpYb+cnMqDkbiRpQ6R+jy6JhHfPtvH/3ybnP93t07m/NnZ5eGejy2xMFILPVE4spXKBLjLWSRuNRZXo2fxS9iPr6YeSs2ohG/inpsxVqtyK/n7+f0dW50pD4917v01riepOdkrXP9GtanWvT1KWrx0yxVj9eyY/rfViOSeBARa/FG9ncjFjtXg+4RvjS639lZX5rgStvj6neyWSdMUT287F8ma/K4pHG90BPX3mvuXJbXu6YbpReHRqm4101+P+pR/laeSFv43cj7w0k7GInFnki8dNj7pR3SP2d3k83m+r2Nu/V3J9ze6/k8PY/+MPwucUrXlnRvXozZfOcuFF1pPc7zXurcYfvjVcmfuLSVBvIuderNxfloxM/jQdzuO1O/H8uxHCtZ6ctZ6emBO1aad6XTUv81PM1LP2mVOw92ej9vPYhm+/MQAGfbue+eq1T/U/1n9cPq76t3q2/O/mTmBzOvVGL6H9M/LC9MvV56JflrfBi/6X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnt7mw0f36s3m2sbwRGl4VjK6Vr3ZKgYSG1GmL5Hko/ZMUDjZfPioNbbB0YmZvHtPWf04E8UwfOML10a2U36mbiQ7B4/X7PhjUYzyNMEmkoGAp5WfOnTFlrtrps/AoTyYqI0uU5ksdFmieMP2ZB393VsddrymImJY4TEXjqnjuPoAp+n61v13r28+fPS9xv36O2vvrK1PLy+vLKwsv7F0/U6jubbQfu2pcCKD3wInoffjREf6weTVgaID47KOGKgVAAAAAAAAAAAAeI5O4n8hTnsfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9vq/NRfhJJLC5cW0iX93aXmulUpLslyxFRiojk1xHJ3yNuRnuKuZ7mksO280Fj5e3Pvtz7vNtWuShfitg5tN5kdvIpahExlc+Pq71b49urdJMzQ7KTTmTSgF0tAgen7X8BAAD//5CS7ds=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0xfffffffffffffffd, 0xbb) 8.485445805s ago: executing program 2 (id=689): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x10, &(0x7f00000003c0)=ANY=[], 0xfe, 0x267, &(0x7f0000000740)="$eJzs3cFqU1kYB/AvbTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruiu+gr6BLt4ILcesLiCBVcGNddSFE6k3bpCaxUdOI/f02/Tj3+3POSS/30kVPrvy6vLSwsra4u7sT+XwmsuUox14mijESo5HaCgDge7LXaMSbRmrYawEATof3PwCcPb3e/5mtw7Hzp78yAGBQvujv/5GBLAkAGLCLly7/P1upzF1IknzE8vZ6db2a/kyvzy7G9ahHLaaiEO8iGofS+t//KnNTyb6Xxcgvbzbzm+vV0fb8dBSi2Dk/naSi2pofi4lm/tlE1GImCvFT5/xMx/wP8ecfLfOXohBPr8ZK1GMh9rNpPhcRG9NJ8s+5yrF87kMfAAAAAAAAAAAAAAAAAAAAAAAMQik5VGw//yY9v6dU6nY9zbeeDzTe83yg4+fzZOOX7HD3DgAAAAAAAAAAAAAAAAAAAN+KtZu3lubr9dpqr+LGk3uPdnJp4JPNvYtMc97+Uts9e8ZPtotjxY+/v7jT6VIucv1+Pp9XjEVE60jSnPLhbwOc9GsVj3eu/fzX2uTf3Xoi2zpye3+rbT1dbqTsoD7w14WIrj35vm/I1uL+QVF++1HPwa1UWx0f9i9u8m55/sHG81cnTfV4aDRGB/EoAgAAAAAAAAAAAAAAAACAM+/on36HvRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJ6j7//vt8hF20i+a/PWsPcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvAwAA//8InpRb") r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x4143c, 0x0) io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000180)='a', 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x0, r0, 0x0, 0x0, 0x4}]) 8.466359862s ago: executing program 1 (id=690): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fcae68da850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) readlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000004040)=""/4092, 0xffc) 8.03004275s ago: executing program 1 (id=691): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000005800)='./file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000280)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x48, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x48}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 8.029351055s ago: executing program 0 (id=692): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], 0x0}, 0x90) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x0, 0x4000}, 0x10) socket$kcm(0x2, 0x1, 0x0) 8.028754001s ago: executing program 2 (id=693): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0xfdef) 6.660616093s ago: executing program 1 (id=694): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000000000406d0486c0000000000001090224000100000000090400000103000000092100000001220500090581030000000000af411083b716cf3b0b1c2978dce4f71260863eed14aa1533187fceb712d3fdb64561fb2c1c844c29e2e072504eea77e2492c8735df6c5c8821dc2c327f5eb450317052eb9bd473fd"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000003c0)=0x70, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000900)=[{0x6, 0x0, 0x0, 0xec}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 5.911613681s ago: executing program 0 (id=695): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) 4.616362014s ago: executing program 3 (id=697): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0) recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/12, 0xc}, 0x1ff}, {{0x0, 0x0, 0x0}, 0x800}], 0x2, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 3.690458992s ago: executing program 3 (id=698): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, 0x0) 3.562017553s ago: executing program 3 (id=699): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @link_local={0x7}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}, {0x0, 0x0, 0x28, 0x0, @wg=@data={0x4, 0x0, 0x0, "20029476b3addfab81507b25977f5d53"}}}}}}, 0x0) 3.344045414s ago: executing program 3 (id=700): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) shmctl$IPC_SET(0x0, 0x1, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x54) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x3a) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth1_virt_wifi\x00'}, 0x6, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'ip6tnl0\x00', {}, 'macvtap0\x00', {}, 0x0, 0x1b}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4, 'team_slave_0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8) sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)="80003ee9620ca1ce", 0x8, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) 2.00992985s ago: executing program 1 (id=701): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf", 0xb5) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.826092747s ago: executing program 1 (id=702): r0 = socket$kcm(0xa, 0x0, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) r4 = socket(0x10, 0x2, 0x0) write(r4, &(0x7f0000000000)="240000001e005f80024000000000000002000000010000000000080008000100000000ff", 0x24) syz_mount_image$ext4(&(0x7f0000000380)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x2008800, &(0x7f0000000280)={[{@barrier_val={'barrier', 0x3d, 0x1b}}, {@noblock_validity}]}, 0x1, 0x633, &(0x7f0000000bc0)="$eJzs3c9rVNceAPDvnUx+mLz3EuXx3vMtaqAUhdbERC1SCtW9iP2xazepiWKNRkxKGxGMYDeF7roQuuqi9s+o4NZ/oItC6aoUpLQuapE65d7MnVwnMzG/ZiZOPh+45px7M/ecG/PNOffMOXcC2LVGI2IsIvZHxNUkYrhwrJz9W8q+Kf2+R7/dOJduSVQq7/6axI2byVLxXEn161D1xX8NL+/a17O63PnF65emZmdnrlXz4wuXr47PL14/fPHy1IWZCzNXJl+fPHH82PETE0e2dH17C+nTtz/6ZPjzM+9/89WTZOLbH84kcTK9ukx6XfWv7d9SyenPbDQqyx4X96c/1xNbPPdO8cdw/nuyIqnfwY6WxkBvRPw3hqOn8L85HJ+93dGKAS1VSSJvo4BdJ9lU/A9sf0WANsv7Afm9faP74AYa3NEDL5qHp5YHpJZjvzci8vgvZ2N+EQPZ2MDgo+SZcZ4kIrY2MrcsLePB/TO30y2ajMMBrbF0Kx/lrm//kyw2R2Igyw0+Kj0T/6XClu5/ZyOF9q0kR+sOiX9on6VbEfG/avvfFxuJ/3IU4v/DTZYv/gEAAAAAAGD73DsVEa81mv9Xqs3/6Wsw/2coIk5uQ/nPf/+vlC/RS7ahOKDg4amINxvO/83DLkZ6qrl/ZvMBepPzF2dnjkTEvyLiUPT2p/mJuvOWCunDX+y706z84vy/dEvLf3C/OL249Eu5biHu9NTClL8GsHUPb0X8P5v/e6C659n5P2n7nzRo/9P4vrrOMva9cvdsMV+pVG7m6cbxvzwXGGitytcRBxu2/ysNbLL28znGs/7AeN4rWO2lJ4WFRnXEP3RO2v4PNo//Ws+79rye+Y2dvy8iji6Wm4X/OuK/cf+/L3mvJwpLCT6dWli4NhHRl5xevX9yY3WGbpXHQx4vafwfennt8b9a/78Qh3siYmmdZf7n6dBPzY5p/6Fz0vifXrv/P5JU2//I2v9aR2Ddicm7I99lZ2rwXLiz62r/j2Vt+qHqnmz8D6gqrdqz3gDtSHUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AVXioh/RFIaq6VLpbGxiKGI+HcMlmbn5hdePT/38ZXp9Fj2+f+l/JN+h5fzSf75/yOF/GRd/mhE7I2IL3v2ZPmxc3Oz052+eAAAAAAAAAAAAAAAAAAAANghhrI1/5X++vX/qZ97Ol07oOXK1a/PifeBdtQFaK/ypl9Z6d/WigBtt/n4B15064//3pbWA2i/5vH/+Eklk+eTpHj09xbXC2g9/X/YvTYZ/94ehC7QIP5HO1EPoN3WHNO7U0t59x+6kvt/AAAAAADoKnsP3Ps+iYilN/ZkW6qvesxkf+hupU5XAOgYc3hh9yrPdboGQKe4xwdW1vX/WWl0vPns/6Q1FQIAAAAAAAAAAAAAVjm43/p/2K3WXv9vbj90szXW/zcKfo8LgC7S/KM/tP3Q7dzjA89r7a3/BwAAAAAAAAAAAIAdYOD6panZ2Zlr84tbTETEj5UkYqvnaZL4oMGht1pUVksTS1M7ohrbmnjamjP3RsTOuMB2J/JHcHSwGh3+uwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANT8HQAA//9EIykl") r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000a00010000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003cd4431af3eb97a900000000000001000000020000000a00000200000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000ffff00000000000000000000ffff0a010100"/400], 0x190) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0xffffffffffffff06, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000030a03000000000000000000020000000c00024000000000000000010900010073797a300000000014000000020a0104000000000000000000000000140000001100010000000000efffffffffffff09004d16d110c4e7b73e306cd12a7290eedff6bb4091543cdb151fec7c6dfb8ad10842df75fa125f421faaca4b54f120ae6b6054a5ff8fdd90cc06c26b4eeea7a7e140ad9f521bce7596376387cd4adc1897157198e2156d264e3396bf7d70"], 0x68}}, 0x0) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0xc8100) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000009c0)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0300000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000000000008000500", @ANYRES32=r10, @ANYBLOB="08000a0004328a9df65b6a5fbb5b15bb00b3e3570d267be3ccf231e38bae3063916b2d7dd99a0d5760a62adb36e5000c6792efbe8742a2e9f530c3f28076bd000e9f5e91d99d8c15a28fd25a58caca08abe24c428be647c82c7a02a5899bf4923b6daf1e93dab669d39ac7e0b99971b3111d5ac0bf2a8cb9238140fd784ce62b91e1763a89837f05b7bf48418156cb25e97f278e7872c58ec5504ea10e729b2f670e043bacf136be46ab78", @ANYRES32=r8, @ANYBLOB="b07470788cf39fd9e0690056324d0c4be2630fe8192f3a6055e4b65f0625f6dc32be4015a1f7d780554c3fb7643c4529831f", @ANYRES16=r3], 0x54}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3800000055000100000000000000000007008209071d6ccb80322ba9cdda896bd9b699ee79df46f63f3611c241d9b8342c7a029b6621c32a3d7c36b6738e7e9206254646d26a274a86cf4d650018754c60933d4080b7a8deda0f2c4a5c6a344cfed6de1c5e72695a5b9fe49c7546a111aa4c3a00e57e6cb38bb26d", @ANYRES32=r6, @ANYRESHEX=r9, @ANYRES32=r6, @ANYRES8=r7], 0x38}}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r11 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r11, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r2, &(0x7f0000001200), 0x0, 0x2, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x8, 0x4, 0x21}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r12}, 0x38) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r12, &(0x7f00000000c0), 0x20000000}, 0x20) 1.250573379s ago: executing program 0 (id=703): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x80000c, &(0x7f0000001200)=ANY=[@ANYBLOB='nls=ascii,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c706172743d3078303030303030303030303030303062622c6e6f626172726965722c6e6f626172726965722c63726561746f723d7fcfb5b72c706172743d3078303030303030303030303030303130312c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030302c6465636f6d706f73652c666f7263652c6e6f6465636f6d706f73652c626172726965722c6e6f6465636f6d706f73652c747970653db029e1c02c7569643d", @ANYRESDEC, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES8=0x0], 0x5, 0x6fe, &(0x7f0000000b00)="$eJzs3TtsG+cdAPD/URQluoAjJ36kRYAQMZAWFWpLFpRWXeoWRaEhKIJ06EzYckyYlgNJKWSjqJU+9g6ZOqWDtqBDke4G2rlBiiKrxgAFsmTSVBZ3vONDpEjKliU1+f2E43133+O++x/vjuRB+AL42lqdj/KTSGJ1/s3tdHlvd6k5tbs0k2c3I6ISEaWIcnsWyXpkuTfzKb6ZrszLJ52G/9W/nQ8aK29/9uXe5+2lcj5l5ZO+euNVBlft5FPUImIqnw+aPqTFjw9uvq+9W4e2N6nuHqYBu1oELv70TK3CM2sN2OnkffTv7HWgzsVzneRRzlvgjEra980BcxHp2T4b0b7r51eH0sn27vjtnHYHAAAA4KiqR6/ywn7sx3acfx7dAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK+qfPz/JJ9KRboWSTH+fyVfF3n6DBo/EOKnM+35k+ffGQAAAAAAAAB47l7dj/3YjvPFcivJnvm/1vOM/xvxXmzGWmzEtdiOemzFVmzEYkTM9TRU2a5vbW0sZjUjLo6oeSM+GVLzxuF9vHnM+wwAAAAAAAAAZ9zsmPx704Prfhur3ef/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFiQRU+1ZNl0s0nNRKkfEbFFuJ+KTiKicbm+PJBm28snJ9wMAAACeyWz/YjI7QZ0XHsd+bMf5YrmVZN/5L2ffl2fjvViPrWjEVjRjLW7n36HTb/2lvd2l5t7u0v10Gmz3x18cqetZi9H+7WH4ll/OSlTjTjSyNdfiViTRypTyVl7e211K5/eH9+v9tE/Jj3IjejPVk76dvlz5OEv/sf9XhPKRdvEplQ7NmctypzsRWcj7lta4UERgeCT6js6wt0l55JYWo9T55efigS21+n9mGR7z90fv87kDpYb+cnMqDkbiRpQ6R+jy6JhHfPtvH/3ybnP93t07m/NnZ5eGejy2xMFILPVE4spXKBLjLWSRuNRZXo2fxS9iPr6YeSs2ohG/inpsxVqtyK/n7+f0dW50pD4917v01riepOdkrXP9GtanWvT1KWrx0yxVj9eyY/rfViOSeBARa/FG9ncjFjtXg+4RvjS639lZX5rgStvj6neyWSdMUT287F8ma/K4pHG90BPX3mvuXJbXu6YbpReHRqm4101+P+pR/laeSFv43cj7w0k7GInFnki8dNj7pR3SP2d3k83m+r2Nu/V3J9ze6/k8PY/+MPwucUrXlnRvXozZfOcuFF1pPc7zXurcYfvjVcmfuLSVBvIuderNxfloxM/jQdzuO1O/H8uxHCtZ6ctZ6emBO1aad6XTUv81PM1LP2mVOw92ej9vPYhm+/MQAGfbue+eq1T/U/1n9cPq76t3q2/O/mTmBzOvVGL6H9M/LC9MvV56JflrfBi/6X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnt7mw0f36s3m2sbwRGl4VjK6Vr3ZKgYSG1GmL5Hko/ZMUDjZfPioNbbB0YmZvHtPWf04E8UwfOML10a2U36mbiQ7B4/X7PhjUYzyNMEmkoGAp5WfOnTFlrtrps/AoTyYqI0uU5ksdFmieMP2ZB393VsddrymImJY4TEXjqnjuPoAp+n61v13r28+fPS9xv36O2vvrK1PLy+vLKwsv7F0/U6jubbQfu2pcCKD3wInoffjREf6weTVgaID47KOGKgVAAAAAAAAAAAAeI5O4n8hTnsfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9vq/NRfhJJLC5cW0iX93aXmulUpLslyxFRiojk1xHJ3yNuRnuKuZ7mksO280Fj5e3Pvtz7vNtWuShfitg5tN5kdvIpahExlc+Pq71b49urdJMzQ7KTTmTSgF0tAgen7X8BAAD//5CS7ds=") getdents(0xffffffffffffffff, &(0x7f0000000080)=""/43, 0x2b) getdents(0xffffffffffffffff, 0xfffffffffffffffd, 0xbb) 1.183971241s ago: executing program 3 (id=704): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCADDRT(0xffffffffffffffff, 0x5411, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x90) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000240), 0x240880, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) syz_emit_ethernet(0x164, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb88a8270081003a000001b135f6dd6de9060bfb02eb2a3b6d6b45ef52cdcd62091c29d9b70210f068e66543d0c003000000000000003dcf2572e75560f9ffc4163a20e1889d8dd3618e920195f463abe3c6e0901e1e3965f182ea08415e403971a63d7e0ce2476c439221005482e7b95a5c40751a2d9e35cb31e0774ed0f5442ae6a1deb3627b66d9e90a3806e65d4844fa6d75c1458d63599742f3e20602f47268943526192b952fe26b1f41472cbb7d95113cd7eb13c404bb5b5dd579c4e9f435ff9d391d99e62d419f575fc098a9"], 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) 1.092280506s ago: executing program 4 (id=705): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x78, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0x78}}, 0x0) 1.043254394s ago: executing program 2 (id=706): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000380), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xa9b, 0x5}, 0x48) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', r2}, 0x18) 185.953416ms ago: executing program 3 (id=707): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup2(r0, r1) sendmmsg$inet(r2, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a00)="316f825a3d29f96a2093a917017b4cd30000000000000035ed313e19d6", 0x1d}, {&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23374ec7c4aadbb8b985f14893a91d750e168350685e0f4f079d2d8e79be174e", 0xa7}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25c951279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef3", 0xde}, {&(0x7f0000000500)="fff5c0293353db83a683db60266a3867d03f740f4f0a7bafe7be9b2bac0bf1b2019dbde5f640c897ac57789fb8490642b47a96f0d03ec69d1f6e90e86be7fb3ef9e76969438283b0ab8d31b707ddd3b453f5ed67232e172945aecaf6dd89d72d7a429ef6d0dcc5f0d9cc15dba0", 0x6d}], 0x4}}], 0x1, 0x0) sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001340)={0x33c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_NODE={0x150, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x65, 0x3, "82bc53704ab4c13199ac5424884ba508fb42ac529181043c252e22b8b4da8b60b8b955b760d4c6f06634f5550e7e901177c406f802e08d30637d41f2d904604a7d2bb829412d5d4d381d5cfb5b044d4b81deb3b44ffced9979d600f9a8711fac05"}, @TIPC_NLA_NODE_ID={0x41, 0x3, "650b190fb9505102165dea3620d1b5f68f9349cee7a89f0baefa15e35e8fddc2480dc011adcb1ecc7a9fff5d0f64080a0c8998298870ab9e23426d1061"}, @TIPC_NLA_NODE_ID={0x45, 0x3, "c0b77ef5f912e156682c17da2b24eea11baf91b71d57172c534eed7f96b0c2227d22396a9aec6dbe4d57fdbfccdfc771f6f80f8b9c5fe40fa86984988c035f6f78"}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "9c3db97f6ba02f46568e1b445699c3b27057ee488b0c13520e"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_BEARER={0xec, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'pimreg0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x18}}}}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @remote}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @broadcast}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @private2}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x0, @private1}}}}]}]}, 0x33c}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 160.274174ms ago: executing program 4 (id=708): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a500000023"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000180)=ANY=[], 0x6, 0x2be, &(0x7f0000000300)="$eJzs3EtrE1EUwPHT9JWmtMlCFAXpQTe6GdroWgzSghiw1EZ8gDBtJxoyJiUTKhGxduVW/BAuSpfdFbRfoBt3unHjrhvBhV2IkcyjjzSl1Sadtvn/oMxt7j2ZcyeTcO6QyfqDd8/zWcfImmWJRFU6REQ2RBISkUCHv4247R7Z7o1c7f/55eK9h4/upNLp0QnVsdTktaSqDg59fPGqzx+20itriSfrP5Lf186unV//M/ks52jO0UKxrKZOFb+VzSnb0pmckzdUx23LdCzNFRyr5PUXvf6sXZydrahZmBmIzZYsx1GzUNG8VdFyUculippPzVxBDcPQgZhgP5nFiQkz9Z/B001OBi1SKqXMThHp29WTWQwlIQAAEKr6+j9SK+mbV/8vXVot999fHvTr/5WeRvX/9a/ec+2o/6Mi0vL6f3dF1F4OVf/jhKjV/zH//etaeLw07Dao/wEAAAAAAAAAAAAAAAAAAAAAOAk2qtV4tVqNB9vgr1dEoiIS/B92nmgNXv/2tnXjXtegiP12LjOX8bb+gFURscWSYYnLb/d88NXawb2AWpOQT/a8Hz8/l+l0e1JZybnxIxKXRH18tTp2Oz06op6d8d0S2x6flLicaRyfbBjfI1cub4s3JC6fp6Uotsy45/VW/OsR1Vt303Xxfe44AAAAAABOA0M3NVy/G8Ze/V785vq64fUBb3093HB93iUXusKdOwAAAAAA7cKpvMybtm2VTl0jmOFBo4LvMoSSc7DzgwxekGNweCMHSrW+MSQith5278Flo73GyHiTZhr511Pi3PsPv5p3nG8sR/eZacsa3Uf3CQQAAADgqGwV/cEjN8NNCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANnQUPycW9hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+JvAAAA//9JOg68") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2) 104.251406ms ago: executing program 0 (id=709): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d000110000000090400"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, &(0x7f0000001680)="f3", 0x1) 25.736805ms ago: executing program 1 (id=710): syz_emit_ethernet(0x117, &(0x7f0000000640)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xe1, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x4, 0x4, 0x0, 0x2, [{0x2, 0xa, "a78c000005dc8080a2030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005060000000000000000"}, {0x19, 0xe, "f952ef00c0fb2ad066f2ecbb6dae05b472c6821715f751cfd461cdbb28572d29bc8113b785017f38d9d942c293060ad88e4e7c0a90e393536a0fe32c93ae7fbf9cd93a5178d619224776ddd5fe6ce769212219a9c462a1f61e40c5b3dc8fafedbeec6db2828264fa60288acad7a891"}]}}}}}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4) set_mempolicy(0x3, &(0x7f0000000040)=0x10000000005, 0x7) set_mempolicy(0x8000, &(0x7f0000000000)=0x1, 0x26d5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, 0x0, &(0x7f00000013c0)) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x0, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000140)='./file2\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x2) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)) prlimit64(0x0, 0x0, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x3) ioctl$TCFLSH(r3, 0x540b, 0x0) timer_create(0x0, 0x0, &(0x7f0000000200)) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0x0, 0x800}, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x7, 0x2) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') pread64(r4, &(0x7f0000000180)=""/38, 0x26, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x0, 0x1, 0x2}) socket$nl_xfrm(0x10, 0x3, 0x6) 0s ago: executing program 2 (id=711): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): using interface batadv_slave_0 (retrying later): interface not active [ 143.544209][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.591233][ T6309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.599131][ T6309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.600478][ T5639] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.636368][ T6309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.995356][ T6309] hsr_slave_0: entered promiscuous mode [ 144.029231][ T6309] hsr_slave_1: entered promiscuous mode [ 144.062770][ T6309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.082236][ T6309] Cannot create hsr debugfs directory [ 144.137743][ T5233] Bluetooth: hci1: command tx timeout [ 144.659413][ T6147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.780938][ T5244] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 144.793940][ T5244] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 144.806553][ T5402] hsr_slave_0: left promiscuous mode [ 144.812102][ T5244] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 144.828543][ T5244] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 144.836312][ T5244] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 144.845731][ T5402] hsr_slave_1: left promiscuous mode [ 144.845762][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 144.906798][ T5402] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.914322][ T5402] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.932824][ T5402] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.943249][ T5402] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.979603][ T5402] veth1_macvtap: left promiscuous mode [ 144.985213][ T5402] veth0_macvtap: left promiscuous mode [ 145.000057][ T5402] veth1_vlan: left promiscuous mode [ 145.005447][ T5402] veth0_vlan: left promiscuous mode [ 145.402338][ T5402] team0 (unregistering): Port device team_slave_1 removed [ 145.452352][ T5402] team0 (unregistering): Port device team_slave_0 removed [ 145.853816][ T6051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.920574][ T6147] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.002774][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.010043][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.102614][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.109828][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.216903][ T5233] Bluetooth: hci1: command tx timeout [ 146.410286][ T6051] veth0_vlan: entered promiscuous mode [ 146.482906][ T6051] veth1_vlan: entered promiscuous mode [ 146.573312][ T6051] veth0_macvtap: entered promiscuous mode [ 146.639101][ T6051] veth1_macvtap: entered promiscuous mode [ 146.649423][ T6401] chnl_net:caif_netlink_parms(): no params data found [ 146.736318][ T5402] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.821572][ T5402] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.839870][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.850745][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.864234][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.875053][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.886858][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.897734][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.911062][ T6051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 146.936609][ T5233] Bluetooth: hci2: command tx timeout [ 146.954009][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.965061][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.975069][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.985694][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.995669][ T6051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.013056][ T6051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.024823][ T6051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.052078][ T5402] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.094141][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.108785][ T6401] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.115989][ T6401] bridge_slave_0: entered allmulticast mode [ 147.124580][ T6401] bridge_slave_0: entered promiscuous mode [ 147.133132][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.141351][ T6401] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.148805][ T6401] bridge_slave_1: entered allmulticast mode [ 147.155858][ T6401] bridge_slave_1: entered promiscuous mode [ 147.185433][ T6401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.223995][ T5402] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.243956][ T6051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.254044][ T6051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.263580][ T6051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.272576][ T6051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.289115][ T6401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.344897][ T6401] team0: Port device team_slave_0 added [ 147.357853][ T6309] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 147.367735][ T6309] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 147.383645][ T6309] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 147.399361][ T6401] team0: Port device team_slave_1 added [ 147.431380][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.445034][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.471364][ T6401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.482904][ T6309] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 147.515110][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.525098][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.552296][ T6401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.574553][ T6147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.773133][ T6401] hsr_slave_0: entered promiscuous mode [ 147.779882][ T6401] hsr_slave_1: entered promiscuous mode [ 147.789854][ T6401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 147.799659][ T6401] Cannot create hsr debugfs directory [ 147.818814][ T5402] bridge_slave_1: left allmulticast mode [ 147.825359][ T5402] bridge_slave_1: left promiscuous mode [ 147.833119][ T5402] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.842076][ T5402] bridge_slave_0: left allmulticast mode [ 147.848139][ T5402] bridge_slave_0: left promiscuous mode [ 147.853897][ T5402] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.141693][ T5402] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.153374][ T5402] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 148.167452][ T5402] bond0 (unregistering): Released all slaves [ 148.324658][ T5568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.341725][ T5568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.471645][ T5402] hsr_slave_0: left promiscuous mode [ 148.484641][ T5402] hsr_slave_1: left promiscuous mode [ 148.491377][ T5402] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.499051][ T5402] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.507150][ T5402] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.514565][ T5402] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.534297][ T5402] veth1_macvtap: left promiscuous mode [ 148.553490][ T5402] veth0_macvtap: left promiscuous mode [ 148.559206][ T5402] veth1_vlan: left promiscuous mode [ 148.564467][ T5402] veth0_vlan: left promiscuous mode [ 149.010315][ T5402] team0 (unregistering): Port device team_slave_1 removed [ 149.016721][ T5233] Bluetooth: hci2: command tx timeout [ 149.054617][ T5402] team0 (unregistering): Port device team_slave_0 removed [ 149.415852][ T5568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.424435][ T5568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.568393][ T6147] veth0_vlan: entered promiscuous mode [ 149.629818][ T6147] veth1_vlan: entered promiscuous mode [ 149.738422][ T6309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.887499][ T6309] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.900424][ T6147] veth0_macvtap: entered promiscuous mode [ 149.918777][ T6147] veth1_macvtap: entered promiscuous mode [ 150.639089][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.674159][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.684934][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.696239][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.708474][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.729466][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.741486][ T6147] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.753153][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.764724][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.776346][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.787929][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.798972][ T6147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.809766][ T6147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.821488][ T6147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.844301][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.853062][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.886128][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.893352][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.948621][ T6147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.966786][ T6147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.975655][ T6147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.984923][ T6147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.097297][ T5233] Bluetooth: hci2: command tx timeout [ 151.148525][ T6401] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 151.162556][ T6401] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 151.178977][ T6401] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.199186][ T6401] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.207027][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.214901][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.269358][ T1076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.278251][ T1076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.476092][ T6401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.530515][ T6401] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.581037][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.588228][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.616730][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.624416][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.690078][ T6309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.814693][ T6401] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 151.828529][ T6401] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.024874][ T6309] veth0_vlan: entered promiscuous mode [ 152.078772][ T6309] veth1_vlan: entered promiscuous mode [ 152.097615][ T6458] loop0: detected capacity change from 0 to 2048 [ 152.647870][ T6458] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.993793][ T6309] veth0_macvtap: entered promiscuous mode [ 153.030126][ T6309] veth1_macvtap: entered promiscuous mode [ 153.086457][ T29] audit: type=1326 audit(1723580256.888:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6457 comm="syz.0.227" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 153.158818][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.176664][ T5233] Bluetooth: hci2: command tx timeout [ 153.196838][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.220498][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.277458][ T6477] dlm: no local IP address has been set [ 153.283374][ T6477] dlm: cannot start dlm midcomms -107 [ 153.312052][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.324216][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.335992][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.349076][ T6464] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 153.372111][ T1170] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 153.385145][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.403096][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.460851][ T6309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.471692][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.541683][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.565507][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.585861][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.609145][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.646666][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.677929][ T1170] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.683213][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.706556][ T1170] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 153.734390][ T1170] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 153.755214][ T1170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.762041][ T6309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.788024][ T1170] usb 5-1: config 0 descriptor?? [ 153.800317][ T6309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.858075][ T6309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.965931][ T6401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.007724][ T6309] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.044461][ T6309] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.086598][ T6309] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.095414][ T6309] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.202859][ T1170] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 154.245853][ T1170] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 154.286542][ T1170] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 154.327074][ T1170] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 154.369574][ T1170] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 154.437270][ T1170] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 154.465311][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.483733][ T6401] veth0_vlan: entered promiscuous mode [ 154.498266][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.502131][ T1170] usb 5-1: USB disconnect, device number 5 [ 154.574939][ T6401] veth1_vlan: entered promiscuous mode [ 154.622307][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.643699][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.653909][ T6401] veth0_macvtap: entered promiscuous mode [ 154.672339][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.690441][ T6401] veth1_macvtap: entered promiscuous mode [ 154.752335][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.792323][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.822931][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.838419][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.848907][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.861054][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.871408][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.882649][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.896541][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 154.911414][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.932545][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 154.956475][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.974378][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 154.986336][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.019551][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 155.051357][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.067150][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 155.077276][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.091095][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.103645][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.158371][ T9] usb 1-1: config 0 descriptor?? [ 155.209455][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.244136][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.261713][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.302536][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.335399][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.358260][ T6401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.392527][ T6401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.436246][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.494534][ T6401] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.525858][ T6401] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.557883][ T6401] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.604009][ T6401] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.618325][ T6540] 9pnet_fd: Insufficient options for proto=fd [ 155.665604][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 155.718252][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 155.818536][ T9] usb 1-1: USB disconnect, device number 5 [ 155.843928][ T6540] warning: `syz.2.238' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 155.974143][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.029260][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.100731][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.157911][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.414577][ T6556] loop2: detected capacity change from 0 to 2048 [ 156.472899][ T6556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.507097][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 156.770656][ T5279] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 156.904331][ T29] audit: type=1326 audit(1723580260.718:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6555 comm="syz.2.243" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2697799f9 code=0x0 [ 156.967086][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 157.281061][ T5279] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.333268][ T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 157.343131][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.364901][ T5279] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 157.375097][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 157.400913][ T5279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.426995][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 157.454624][ T5279] usb 4-1: config 0 descriptor?? [ 157.476661][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 157.520762][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 157.582191][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 157.618240][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.703662][ T1170] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 157.769471][ T6592] netlink: 'syz.0.249': attribute type 10 has an invalid length. [ 157.874579][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 157.882388][ T9] usbtmc 5-1:16.0: can't read capabilities [ 157.947017][ T5279] ath6kl: Unsupported hardware version: 0x0 [ 157.964464][ T5279] ath6kl: Failed to init ath6kl core: -22 [ 157.978341][ T6592] batman_adv: batadv0: Adding interface: team0 [ 157.978806][ T5279] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 157.993386][ T6592] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.019064][ T6592] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 158.030558][ T6593] netlink: 'syz.0.249': attribute type 10 has an invalid length. [ 158.039007][ T6593] netlink: 2 bytes leftover after parsing attributes in process `syz.0.249'. [ 158.048185][ T6593] team0: entered promiscuous mode [ 158.053603][ T6593] team_slave_0: entered promiscuous mode [ 158.060409][ T6593] team_slave_1: entered promiscuous mode [ 158.072176][ T6593] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.079634][ T6593] batman_adv: batadv0: Interface activated: team0 [ 158.086302][ T6593] batman_adv: batadv0: Interface deactivated: team0 [ 158.093079][ T6593] batman_adv: batadv0: Removing interface: team0 [ 158.542143][ T1170] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.566543][ T1170] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 158.593871][ T46] usb 4-1: USB disconnect, device number 5 [ 158.601572][ T5277] usb 5-1: USB disconnect, device number 6 [ 158.631305][ T6593] bridge0: port 3(team0) entered blocking state [ 158.655316][ T1170] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 158.674949][ T6593] bridge0: port 3(team0) entered disabled state [ 158.685016][ T1170] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.707492][ T1170] usb 2-1: config 0 descriptor?? [ 158.718288][ T6593] team0: entered allmulticast mode [ 158.723447][ T6593] team_slave_0: entered allmulticast mode [ 158.747380][ T6593] team_slave_1: entered allmulticast mode [ 158.755733][ T6593] bridge0: port 3(team0) entered blocking state [ 158.762664][ T6593] bridge0: port 3(team0) entered forwarding state [ 159.161079][ T1170] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 159.177019][ T1170] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 159.184854][ T1170] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 159.214121][ T1170] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 159.242394][ T1170] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 159.267699][ T1170] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 160.425933][ T5278] usb 2-1: USB disconnect, device number 3 [ 160.742152][ T6624] loop3: detected capacity change from 0 to 2048 [ 160.832676][ T6630] netlink: 'syz.2.260': attribute type 11 has an invalid length. [ 160.849383][ T6624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.867057][ T6630] netlink: 80220 bytes leftover after parsing attributes in process `syz.2.260'. [ 161.446059][ T29] audit: type=1326 audit(1723580265.038:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.3.257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09141799f9 code=0x0 [ 161.817545][ T6309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.985763][ T6680] netlink: 'syz.0.272': attribute type 11 has an invalid length. [ 164.026560][ T6680] netlink: 80220 bytes leftover after parsing attributes in process `syz.0.272'. [ 164.325136][ T6691] loop0: detected capacity change from 0 to 2048 [ 164.387623][ T6691] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.494820][ T6647] loop2: detected capacity change from 0 to 40427 [ 164.506557][ T5278] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 164.836022][ T29] audit: type=1326 audit(1723580268.648:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6690 comm="syz.0.275" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 165.258181][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.278267][ T5278] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.300077][ T5278] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 165.336560][ T5278] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 165.345663][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.409050][ T5278] usb 2-1: config 0 descriptor?? [ 165.736685][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 165.901029][ T5278] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 166.094568][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 166.126470][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 166.508489][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 166.519452][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 166.529876][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 166.549491][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 166.583103][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.631687][ T5278] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 166.639848][ T5278] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 166.648110][ T5278] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 166.656150][ T5278] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 166.670151][ T5278] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 166.718924][ T5278] usb 2-1: USB disconnect, device number 4 [ 166.807970][ T5233] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 166.841459][ T9] usb 3-1: usb_control_msg returned -32 [ 166.902162][ T9] usbtmc 3-1:16.0: can't read capabilities [ 166.944315][ T6731] fuse: Unknown parameter '0x0000000000000006' [ 168.064509][ T6722] loop0: detected capacity change from 0 to 32768 [ 169.034473][ T5233] Bluetooth: hci1: command tx timeout [ 169.561898][ T6722] workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR [ 169.562215][ T6722] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 170.341302][ T6722] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc [ 170.410789][ T9] usb 3-1: USB disconnect, device number 5 [ 170.887094][ T6755] loop0: detected capacity change from 0 to 2048 [ 170.925267][ T6755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.367568][ T29] audit: type=1326 audit(1723580276.164:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6753 comm="syz.0.292" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 172.540410][ T6761] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 172.646910][ T6780] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 173.229240][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.316522][ T5276] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 173.342012][ T6783] loop1: detected capacity change from 0 to 16 [ 173.392138][ T6783] erofs: (device loop1): mounted with root inode @ nid 36. [ 173.546508][ T5276] usb 3-1: Using ep0 maxpacket: 8 [ 173.563917][ T5276] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 173.607071][ T5276] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 173.631709][ T5276] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 173.670755][ T5276] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 173.731988][ T5276] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 173.773575][ T5276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.054738][ T5276] usb 3-1: usb_control_msg returned -32 [ 174.073818][ T5276] usbtmc 3-1:16.0: can't read capabilities [ 174.426621][ C1] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 174.458767][ T6807] usbtmc 3-1:16.0: Unable to send data, error -71 [ 174.994727][ T6811] loop0: detected capacity change from 0 to 2048 [ 174.997368][ T6801] loop4: detected capacity change from 0 to 40427 [ 175.034498][ T6801] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 175.043477][ T6801] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 175.057132][ T6811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.103798][ T6801] F2FS-fs (loop4): invalid crc value [ 175.126020][ T6801] F2FS-fs (loop4): Found nat_bits in checkpoint [ 175.331153][ T29] audit: type=1326 audit(1723580280.144:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.0.312" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 175.512680][ T6801] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 175.594419][ T6801] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 175.693617][ T9] usb 3-1: USB disconnect, device number 6 [ 175.707610][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.820420][ T6801] syz.4.307: attempt to access beyond end of device [ 175.820420][ T6801] loop4: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 175.889616][ T6804] loop3: detected capacity change from 0 to 40427 [ 175.926138][ T6804] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 175.933819][ T6804] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 175.942907][ T29] audit: type=1804 audit(1723580280.744:71): pid=6823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.307" name="/newroot/14/file2/file1" dev="loop4" ino=10 res=1 errno=0 [ 175.999787][ T6804] F2FS-fs (loop3): invalid crc value [ 176.043867][ T6804] F2FS-fs (loop3): Found nat_bits in checkpoint [ 176.114825][ T6147] syz-executor: attempt to access beyond end of device [ 176.114825][ T6147] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 176.146813][ T6147] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 176.254786][ T6804] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 176.271100][ T6834] binder: 6830:6834 ioctl c0306201 0 returned -14 [ 176.271423][ T6804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 176.300896][ T6834] binder_alloc: 6830: binder_alloc_buf size 12312 failed, no address space [ 176.309935][ T6834] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 176.312496][ T6804] F2FS-fs (loop3): Unrecognized mount option "ÿÿ0xffffffffffffffff¤ Z*¬ð¿Ë m˜.Dc8'ñ@Ø×C9Gö9œùõ?À9†Så¦{»1Ÿ¿JÆöÌÕ¬¿á5 æÒÔŒöÀ‰Ýöqqÿ³±Yˆç³”ÅÚóá" or missing value [ 176.436187][ T6309] syz-executor: attempt to access beyond end of device [ 176.436187][ T6309] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 176.465506][ T6309] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 176.489419][ T6837] netlink: 'syz.1.319': attribute type 11 has an invalid length. [ 176.536630][ T6837] netlink: 80220 bytes leftover after parsing attributes in process `syz.1.319'. [ 181.039348][ T6860] loop4: detected capacity change from 0 to 16 [ 181.084842][ T6860] erofs: (device loop4): mounted with root inode @ nid 36. [ 181.380504][ T6872] loop1: detected capacity change from 0 to 2048 [ 181.468939][ T6872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.070652][ T29] audit: type=1326 audit(1723580286.844:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6866 comm="syz.1.330" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 182.644725][ T6871] loop0: detected capacity change from 0 to 40427 [ 182.686488][ T6871] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 182.713670][ T6871] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 182.723766][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.763861][ T6871] F2FS-fs (loop0): invalid crc value [ 182.825491][ T6871] F2FS-fs (loop0): Found nat_bits in checkpoint [ 182.861537][ T6863] loop2: detected capacity change from 0 to 40427 [ 182.930170][ T6863] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 182.953111][ T6863] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 182.999320][ T6863] F2FS-fs (loop2): invalid crc value [ 183.029845][ T6863] F2FS-fs (loop2): Found nat_bits in checkpoint [ 183.087488][ T6871] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 183.105278][ T6871] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 183.181727][ T6871] syz.0.331: attempt to access beyond end of device [ 183.181727][ T6871] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 183.214744][ T6871] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 183.223844][ T6863] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 183.231418][ T6863] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 183.355580][ T6863] syz.2.328: attempt to access beyond end of device [ 183.355580][ T6863] loop2: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 183.420877][ T29] audit: type=1804 audit(1723580288.234:73): pid=6892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.328" name="/newroot/51/file2/file1" dev="loop2" ino=10 res=1 errno=0 [ 183.542958][ T5641] syz-executor: attempt to access beyond end of device [ 183.542958][ T5641] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 183.589762][ T5641] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 183.841282][ T6897] loop1: detected capacity change from 0 to 2048 [ 183.882999][ T6899] loop4: detected capacity change from 0 to 2048 [ 183.941483][ T6897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.971858][ T6899] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.348312][ T29] audit: type=1326 audit(1723580289.164:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6896 comm="syz.4.337" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf47b799f9 code=0x0 [ 185.331751][ T6147] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.119172][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.666665][ T6942] loop1: detected capacity change from 0 to 16 [ 188.694313][ T6942] erofs: (device loop1): mounted with root inode @ nid 36. [ 188.905936][ T6951] loop4: detected capacity change from 0 to 2048 [ 189.346221][ T6959] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 189.932808][ T5231] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 189.987792][ T6951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.237356][ T6964] loop3: detected capacity change from 0 to 2048 [ 190.298452][ T6964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.319817][ T5231] usb 3-1: Using ep0 maxpacket: 32 [ 190.353139][ T5231] usb 3-1: New USB device found, idVendor=06cd, idProduct=0107, bcdDevice=44.fe [ 190.415558][ T29] audit: type=1326 audit(1723580295.224:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.352" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09141799f9 code=0x0 [ 190.467699][ T5231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.540409][ T5231] usb 3-1: config 0 descriptor?? [ 190.594683][ T5231] keyspan 3-1:0.0: Keyspan 1 port adapter converter detected [ 190.625369][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 84 [ 190.663143][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 190.679923][ T29] audit: type=1326 audit(1723580295.494:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6949 comm="syz.4.350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf47b799f9 code=0x0 [ 190.714206][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 82 [ 190.740713][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 190.773471][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 190.782477][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 190.792634][ T5231] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 190.804150][ T5231] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 190.881635][ T6309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.091185][ T5344] usb 3-1: USB disconnect, device number 7 [ 191.157305][ T5344] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 191.196115][ T5344] keyspan 3-1:0.0: device disconnected [ 191.442086][ T6939] loop0: detected capacity change from 0 to 40427 [ 191.470865][ T6939] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 191.483253][ T6976] loop3: detected capacity change from 0 to 4096 [ 191.508378][ T6939] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 191.542137][ T6939] F2FS-fs (loop0): invalid crc value [ 191.579002][ T6939] F2FS-fs (loop0): Found nat_bits in checkpoint [ 191.702539][ T6976] overlayfs: upper fs does not support tmpfile. [ 191.750919][ T6976] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 192.174419][ T6985] pim6reg: entered allmulticast mode [ 192.206976][ T6985] pim6reg: left allmulticast mode [ 192.573480][ T6997] loop1: detected capacity change from 0 to 2048 [ 192.633641][ T6997] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.204720][ T29] audit: type=1326 audit(1723580298.014:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.357" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 193.732091][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.914150][ T6147] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.951858][ T1076] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.114571][ T1076] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.191953][ T7032] loop2: detected capacity change from 0 to 2048 [ 194.272989][ T7032] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.349405][ T7042] loop4: detected capacity change from 0 to 16 [ 194.362101][ T1076] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.467040][ T7042] erofs: (device loop4): mounted with root inode @ nid 36. [ 194.567986][ T29] audit: type=1326 audit(1723580299.374:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7030 comm="syz.2.363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2697799f9 code=0x0 [ 194.656870][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.663245][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.710320][ T7052] netlink: 'syz.0.368': attribute type 1 has an invalid length. [ 194.730532][ T1076] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.807509][ T5244] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 194.851601][ T5244] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 194.862236][ T5244] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 194.870925][ T5244] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 194.882235][ T5244] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 194.912602][ T5244] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 195.045017][ T7065] loop0: detected capacity change from 0 to 16 [ 195.072325][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.081735][ T7065] erofs: (device loop0): mounted with root inode @ nid 36. [ 195.247306][ T7065] overlayfs: missing 'workdir' [ 195.401235][ T1076] bridge_slave_1: left allmulticast mode [ 195.411860][ T1076] bridge_slave_1: left promiscuous mode [ 195.429806][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.449171][ T7106] netlink: 'syz.2.370': attribute type 11 has an invalid length. [ 195.461382][ T7106] netlink: 251 bytes leftover after parsing attributes in process `syz.2.370'. [ 195.497434][ T1076] bridge_slave_0: left allmulticast mode [ 195.506677][ T1076] bridge_slave_0: left promiscuous mode [ 195.512574][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.591983][ T7124] loop2: detected capacity change from 0 to 2048 [ 196.666910][ T7124] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.801867][ T7136] loop0: detected capacity change from 0 to 2048 [ 196.935609][ T7136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.958931][ T7040] loop1: detected capacity change from 0 to 40427 [ 197.000173][ T7040] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 197.007445][ T7040] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 197.016584][ T5244] Bluetooth: hci1: command tx timeout [ 197.139936][ T7040] F2FS-fs (loop1): invalid crc value [ 197.319353][ T7040] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4) [ 197.478221][ T29] audit: type=1326 audit(1723580302.284:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7123 comm="syz.2.373" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2697799f9 code=0x0 [ 197.760554][ T29] audit: type=1326 audit(1723580302.564:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.0.374" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 197.976657][ T7135] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 198.057040][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.604786][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 198.651393][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.671066][ T1076] bond0 (unregistering): Released all slaves [ 198.756171][ T7160] pim6reg: entered allmulticast mode [ 198.776125][ T7183] loop2: detected capacity change from 0 to 2048 [ 198.793391][ T7160] pim6reg: left allmulticast mode [ 198.868374][ T7183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.156629][ T5244] Bluetooth: hci1: command tx timeout [ 199.532746][ T7207] loop4: detected capacity change from 0 to 16 [ 199.692087][ T29] audit: type=1326 audit(1723580304.504:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7181 comm="syz.2.379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2697799f9 code=0x0 [ 199.750216][ T7207] erofs: (device loop4): mounted with root inode @ nid 36. [ 200.104782][ T7055] chnl_net:caif_netlink_parms(): no params data found [ 200.205380][ T1076] hsr_slave_0: left promiscuous mode [ 200.234626][ T1076] hsr_slave_1: left promiscuous mode [ 200.266656][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.281300][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.317871][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.336058][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.447139][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.459528][ T1076] veth1_macvtap: left promiscuous mode [ 200.465112][ T1076] veth0_macvtap: left promiscuous mode [ 200.507582][ T1076] veth1_vlan: left promiscuous mode [ 200.517108][ T1076] veth0_vlan: left promiscuous mode [ 200.817365][ T7312] loop0: detected capacity change from 0 to 16 [ 200.900039][ T7312] erofs: (device loop0): mounted with root inode @ nid 36. [ 200.992700][ T7312] overlayfs: missing 'lowerdir' [ 201.177092][ T5244] Bluetooth: hci1: command tx timeout [ 201.206805][ T7135] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 201.263076][ T7318] loop1: detected capacity change from 0 to 2048 [ 201.335454][ T7318] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.529399][ T7323] loop0: detected capacity change from 0 to 2048 [ 201.552346][ T7323] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 201.613196][ T7323] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 201.644995][ T7323] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 201.711170][ T7323] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 201.778803][ T7323] System zones: 0-19 [ 201.807011][ T7323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.917498][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.938205][ T7323] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.383: Directory hole found for htree leaf block 0 [ 202.398436][ T7337] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.383: Directory hole found for htree leaf block 0 [ 203.256569][ T5244] Bluetooth: hci1: command tx timeout [ 203.352339][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.793531][ T7356] input: syz0 as /devices/virtual/input/input5 [ 204.305634][ T1076] team0 (unregistering): Port device team_slave_1 removed [ 204.408343][ T1076] team0 (unregistering): Port device team_slave_0 removed [ 204.885395][ T7348] loop2: detected capacity change from 0 to 40427 [ 204.894795][ T7348] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 204.907769][ T7348] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 204.925531][ T7348] F2FS-fs (loop2): invalid crc value [ 204.945588][ T7348] F2FS-fs (loop2): Found nat_bits in checkpoint [ 204.966531][ T5277] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 205.043699][ T7348] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 205.055330][ T7348] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 205.177129][ T5277] usb 1-1: Using ep0 maxpacket: 8 [ 205.191419][ T5277] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 205.212611][ T5277] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 205.234797][ T5277] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.287658][ T5277] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.311740][ T5277] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.323060][ T5277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.565230][ T5277] usb 1-1: usb_control_msg returned -32 [ 205.575176][ T5277] usbtmc 1-1:16.0: can't read capabilities [ 205.607229][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.885867][ T7393] netlink: 'syz.2.391': attribute type 11 has an invalid length. [ 205.902254][ T7393] netlink: 80220 bytes leftover after parsing attributes in process `syz.2.391'. [ 205.958109][ C0] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 205.989152][ T7394] usbtmc 1-1:16.0: Unable to send data, error -71 [ 206.115382][ T7364] pim6reg: entered allmulticast mode [ 206.128431][ T7364] pim6reg: left allmulticast mode [ 206.402289][ T7391] loop1: detected capacity change from 0 to 32768 [ 206.414427][ T7391] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.392 (7391) [ 206.472784][ T7391] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 206.494529][ T7429] loop4: detected capacity change from 0 to 2048 [ 206.496559][ T7391] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 206.522029][ T7055] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.542554][ T7055] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.550365][ T7391] BTRFS info (device loop1): using free-space-tree [ 206.563851][ T7055] bridge_slave_0: entered allmulticast mode [ 206.568789][ T7438] loop2: detected capacity change from 0 to 2048 [ 206.581212][ T7055] bridge_slave_0: entered promiscuous mode [ 206.606841][ T7055] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.614228][ T7055] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.633025][ T7055] bridge_slave_1: entered allmulticast mode [ 206.640851][ T7055] bridge_slave_1: entered promiscuous mode [ 206.657679][ T7429] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.682517][ T7438] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 206.738231][ T7438] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 206.932444][ T7438] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 206.952262][ T7438] System zones: 0-19 [ 206.960654][ T7055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.961134][ T7438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.013937][ T7055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.026885][ T7438] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.394: Directory hole found for htree leaf block 0 [ 207.270925][ T7055] team0: Port device team_slave_0 added [ 207.330106][ T7055] team0: Port device team_slave_1 added [ 207.365402][ T29] audit: type=1326 audit(1723580312.174:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.4.393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf47b799f9 code=0x0 [ 207.605465][ T7541] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.394: Directory hole found for htree leaf block 0 [ 207.620323][ T7481] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 208.132860][ T46] usb 1-1: USB disconnect, device number 6 [ 208.207605][ T7055] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.214618][ T7055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.258614][ T5641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.313510][ T7055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.414301][ T7055] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.436427][ T7055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.527861][ T7055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.626675][ T1076] bridge_slave_1: left allmulticast mode [ 208.650149][ T1076] bridge_slave_1: left promiscuous mode [ 208.671528][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.707702][ T1076] bridge_slave_0: left allmulticast mode [ 208.713705][ T1076] bridge_slave_0: left promiscuous mode [ 208.726648][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.888349][ T7593] loop2: detected capacity change from 0 to 4096 [ 209.139911][ T7593] overlayfs: upper fs does not support tmpfile. [ 209.177440][ T7593] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 209.225844][ T6401] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 210.352476][ T6147] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.408547][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 210.482018][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.511843][ T1076] bond0 (unregistering): Released all slaves [ 210.619299][ T5244] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 210.764782][ T7647] fuse: Unknown parameter '0x0000000000000006' [ 211.893291][ T7055] hsr_slave_0: entered promiscuous mode [ 211.928294][ T7055] hsr_slave_1: entered promiscuous mode [ 211.945160][ T7055] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.966567][ T7055] Cannot create hsr debugfs directory [ 212.062121][ T7670] pim6reg: entered allmulticast mode [ 212.097663][ T7670] pim6reg: left allmulticast mode [ 212.601761][ T7622] loop1: detected capacity change from 0 to 40427 [ 212.611269][ T7622] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 212.631952][ T7622] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 212.679457][ T7622] F2FS-fs (loop1): invalid crc value [ 212.691605][ T1076] hsr_slave_0: left promiscuous mode [ 212.697925][ T5244] Bluetooth: hci4: command tx timeout [ 212.726816][ T7622] F2FS-fs (loop1): Found nat_bits in checkpoint [ 212.776678][ T1076] hsr_slave_1: left promiscuous mode [ 212.818860][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.826342][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.885010][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.923788][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.016786][ T7622] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 213.065387][ T1076] veth1_macvtap: left promiscuous mode [ 213.081817][ T7622] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 213.106573][ T1076] veth0_macvtap: left promiscuous mode [ 213.124715][ T1076] veth1_vlan: left promiscuous mode [ 213.145408][ T1076] veth0_vlan: left promiscuous mode [ 213.207663][ T5233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 213.218006][ T5233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 213.227901][ T5233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 213.237767][ T5233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 213.245871][ T5233] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 213.257489][ T5233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 213.685315][ T7759] loop4: detected capacity change from 0 to 4096 [ 213.823264][ T7759] overlayfs: upper fs does not support tmpfile. [ 213.850503][ T7759] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 213.902872][ T7767] loop1: detected capacity change from 0 to 16 [ 213.947687][ T7767] erofs: (device loop1): mounted with root inode @ nid 36. [ 213.975776][ T7767] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 214.006770][ T7767] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 214.177456][ T7774] loop1: detected capacity change from 0 to 2048 [ 214.247042][ T7774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.247612][ T7746] loop0: detected capacity change from 0 to 32768 [ 214.267703][ T7746] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.407 (7746) [ 214.302393][ T7746] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 214.346966][ T7746] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 214.355729][ T7746] BTRFS info (device loop0): using free-space-tree [ 214.802965][ T29] audit: type=1326 audit(1723580320.618:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7773 comm="syz.1.410" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 215.266699][ T6051] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.271475][ T1076] team0 (unregistering): Port device team_slave_1 removed [ 215.351505][ T5233] Bluetooth: hci3: command tx timeout [ 215.417319][ T1076] team0 (unregistering): Port device team_slave_0 removed [ 215.775058][ T7812] loop0: detected capacity change from 0 to 2048 [ 215.840873][ T7812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.004903][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.255988][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.416784][ T5233] Bluetooth: hci3: command tx timeout [ 217.881886][ T7833] loop0: detected capacity change from 0 to 40427 [ 217.949259][ T7833] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 217.981485][ T7833] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 218.093007][ T7833] F2FS-fs (loop0): invalid crc value [ 218.129234][ T7833] F2FS-fs (loop0): Found nat_bits in checkpoint [ 218.328189][ T7833] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 218.337718][ T7833] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 218.478386][ T5244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 218.490630][ T5244] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 218.508392][ T5244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 218.529016][ T5244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 218.540119][ T5244] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 218.550875][ T5244] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 218.756995][ T7747] chnl_net:caif_netlink_parms(): no params data found [ 218.975055][ T1076] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.087360][ T1076] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.330988][ T8024] loop1: detected capacity change from 0 to 32768 [ 219.351947][ T8024] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.420 (8024) [ 219.353735][ T1076] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.402199][ T8101] loop0: detected capacity change from 0 to 2048 [ 219.444485][ T8024] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 219.458745][ T1076] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.464910][ T8024] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 219.489241][ T8024] BTRFS info (device loop1): using free-space-tree [ 219.506009][ T5244] Bluetooth: hci3: command tx timeout [ 219.514349][ T8101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.530222][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.540749][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.556664][ T7747] bridge_slave_0: entered allmulticast mode [ 219.583891][ T7747] bridge_slave_0: entered promiscuous mode [ 219.796325][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.804304][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.812979][ T7747] bridge_slave_1: entered allmulticast mode [ 219.821120][ T7747] bridge_slave_1: entered promiscuous mode [ 220.179413][ T7055] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 220.232515][ T29] audit: type=1326 audit(1723580326.038:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.0.422" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 220.399658][ T7747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.459656][ T7055] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 220.487605][ T7055] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 220.542085][ T7747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.623202][ T5244] Bluetooth: hci4: command tx timeout [ 220.783646][ T7055] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 220.917759][ T7950] chnl_net:caif_netlink_parms(): no params data found [ 220.943248][ T7747] team0: Port device team_slave_0 added [ 220.980291][ T7747] team0: Port device team_slave_1 added [ 221.239944][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.266771][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.357281][ T7747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.398071][ T6401] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 221.461902][ T1076] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.503963][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.537104][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.571571][ T7747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.582612][ T5244] Bluetooth: hci3: command tx timeout [ 221.599004][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.912118][ T1076] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.968188][ T7950] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.975352][ T7950] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.004476][ T8386] loop1: detected capacity change from 0 to 2048 [ 222.014177][ T7950] bridge_slave_0: entered allmulticast mode [ 222.028162][ T7950] bridge_slave_0: entered promiscuous mode [ 222.059886][ T8386] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.076625][ T5244] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 222.080511][ T7950] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.096109][ T7950] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.103574][ T7950] bridge_slave_1: entered allmulticast mode [ 222.111087][ T7950] bridge_slave_1: entered promiscuous mode [ 223.149583][ T8132] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 223.162977][ T8397] fuse: Unknown parameter '0x0000000000000006' [ 223.170796][ T5244] Bluetooth: hci4: command tx timeout [ 223.179657][ T29] audit: type=1326 audit(1723580328.978:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8385 comm="syz.1.425" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 224.218342][ T5233] Bluetooth: hci0: command tx timeout [ 224.260960][ T1076] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.390533][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.484332][ T7747] hsr_slave_0: entered promiscuous mode [ 224.495947][ T7747] hsr_slave_1: entered promiscuous mode [ 224.511935][ T7747] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 224.534652][ T7747] Cannot create hsr debugfs directory [ 224.565663][ T1076] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.593022][ T7950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.669426][ T7950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.933158][ T7950] team0: Port device team_slave_0 added [ 224.961853][ T7950] team0: Port device team_slave_1 added [ 225.118929][ T7950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.140000][ T7950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.176147][ T7950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 225.254369][ T7950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 225.263300][ T7950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.290194][ T5244] Bluetooth: hci4: command tx timeout [ 225.298838][ T7950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 225.447798][ T7055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.535911][ T1076] bridge_slave_1: left allmulticast mode [ 225.556649][ T1076] bridge_slave_1: left promiscuous mode [ 225.577932][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.598860][ T1076] bridge_slave_0: left allmulticast mode [ 225.609871][ T8481] loop0: detected capacity change from 0 to 40427 [ 225.614020][ T1076] bridge_slave_0: left promiscuous mode [ 225.630263][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.639566][ T8481] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 225.647562][ T8481] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 225.658080][ T1076] bridge_slave_1: left allmulticast mode [ 225.663796][ T1076] bridge_slave_1: left promiscuous mode [ 225.690614][ T8481] F2FS-fs (loop0): invalid crc value [ 225.701540][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.725999][ T1076] bridge_slave_0: left allmulticast mode [ 225.730183][ T8481] F2FS-fs (loop0): Found nat_bits in checkpoint [ 225.732401][ T1076] bridge_slave_0: left promiscuous mode [ 225.747257][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.875517][ T8481] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 225.883186][ T8481] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 225.958916][ T8481] syz.0.428: attempt to access beyond end of device [ 225.958916][ T8481] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 225.973929][ T8481] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 226.979546][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 226.994216][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.007869][ T1076] bond0 (unregistering): Released all slaves [ 227.127605][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.141038][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.153773][ T1076] bond0 (unregistering): Released all slaves [ 227.342274][ T5244] Bluetooth: hci4: command tx timeout [ 227.351001][ T7950] hsr_slave_0: entered promiscuous mode [ 227.366295][ T7950] hsr_slave_1: entered promiscuous mode [ 227.379448][ T7950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.388931][ T7950] Cannot create hsr debugfs directory [ 227.679990][ T7055] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.776251][ T8662] loop1: detected capacity change from 0 to 2048 [ 227.860831][ T8662] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.889695][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.896877][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.090502][ T8672] loop0: detected capacity change from 0 to 2048 [ 228.215599][ T8672] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.371009][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.378360][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.413242][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.431377][ T29] audit: type=1326 audit(1723580335.250:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8660 comm="syz.1.431" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 228.700037][ T8734] loop0: detected capacity change from 0 to 2048 [ 228.738995][ T8734] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.962916][ T1076] hsr_slave_0: left promiscuous mode [ 228.970085][ T1076] hsr_slave_1: left promiscuous mode [ 228.999919][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.007883][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.055975][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.064097][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.137865][ T1076] hsr_slave_0: left promiscuous mode [ 229.166706][ T1076] hsr_slave_1: left promiscuous mode [ 229.186635][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.194131][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.231027][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.249854][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.384268][ T1076] veth1_macvtap: left promiscuous mode [ 229.390724][ T1076] veth0_macvtap: left promiscuous mode [ 229.396965][ T1076] veth1_vlan: left promiscuous mode [ 229.402526][ T1076] veth0_vlan: left promiscuous mode [ 229.409428][ T1076] veth1_macvtap: left promiscuous mode [ 229.415135][ T1076] veth0_macvtap: left promiscuous mode [ 229.427072][ T1076] veth1_vlan: left promiscuous mode [ 229.432556][ T1076] veth0_vlan: left promiscuous mode [ 229.566721][ T29] audit: type=1326 audit(1723580336.340:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.0.434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff482b799f9 code=0x0 [ 229.911093][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.192197][ T5244] Bluetooth: hci2: unexpected event 0x04 length: 14 > 10 [ 230.336581][ T8778] fuse: Unknown parameter '0x0000000000000006' [ 230.561012][ T8676] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 231.633236][ T6051] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.828432][ T8797] binder: BINDER_SET_CONTEXT_MGR already set [ 231.850080][ T8797] binder: 8796:8797 ioctl 4018620d 20000100 returned -16 [ 231.877711][ T8797] binder: 8796:8797 ioctl c0306201 0 returned -14 [ 232.145179][ T8805] loop0: detected capacity change from 0 to 4096 [ 232.216634][ T5244] Bluetooth: hci2: command tx timeout [ 232.250141][ T8805] overlayfs: upper fs does not support tmpfile. [ 232.271052][ T8805] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 232.386698][ T8784] loop1: detected capacity change from 0 to 40427 [ 232.408791][ T8784] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 232.425720][ T8784] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 232.452927][ T8784] F2FS-fs (loop1): invalid crc value [ 232.510228][ T8784] F2FS-fs (loop1): Found nat_bits in checkpoint [ 232.624798][ T8784] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 232.637513][ T1076] team0 (unregistering): Port device team_slave_1 removed [ 232.647299][ T8784] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 232.708712][ T8784] syz.1.436: attempt to access beyond end of device [ 232.708712][ T8784] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 232.733962][ T1076] team0 (unregistering): Port device team_slave_0 removed [ 232.764347][ T8784] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 233.856122][ T8845] loop1: detected capacity change from 0 to 40427 [ 233.864092][ T8845] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 233.884532][ T8845] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 233.910486][ T8845] F2FS-fs (loop1): invalid crc value [ 233.931106][ T8845] F2FS-fs (loop1): Found nat_bits in checkpoint [ 234.040624][ T8845] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 234.056793][ T8845] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 234.113875][ T6401] syz-executor: attempt to access beyond end of device [ 234.113875][ T6401] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 234.153703][ T6401] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.343244][ T1076] team0 (unregistering): Port device team_slave_1 removed [ 234.428044][ T1076] team0 (unregistering): Port device team_slave_0 removed [ 234.518321][ T8862] loop1: detected capacity change from 0 to 2048 [ 234.567768][ T8862] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.687932][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.795753][ T8871] loop1: detected capacity change from 0 to 2048 [ 234.849767][ T8871] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.235345][ T29] audit: type=1326 audit(1723580343.041:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8870 comm="syz.1.442" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c6ef799f9 code=0x0 [ 235.620411][ T7747] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 235.856690][ T7747] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 235.901212][ T7747] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 235.947752][ T7747] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 236.362925][ T7055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.521158][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.666171][ T7055] veth0_vlan: entered promiscuous mode [ 236.779567][ T7055] veth1_vlan: entered promiscuous mode [ 236.810736][ T7950] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 236.845049][ T7950] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 236.906888][ T7747] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.941884][ T7950] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 236.972288][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.979526][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.006049][ T5233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.014929][ T7950] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 237.023696][ T5233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.032962][ T5233] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.050401][ T5233] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.075469][ T5233] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 237.084519][ T5233] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 237.085471][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.098758][ T5402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.282192][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.303027][ T7055] veth0_macvtap: entered promiscuous mode [ 237.394664][ T8959] binder: 8958:8959 ioctl c0306201 0 returned -14 [ 237.428692][ T1076] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.493358][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 237.549667][ T1076] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.842830][ T7055] veth1_macvtap: entered promiscuous mode [ 238.182990][ T1076] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.509592][ T1076] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.538323][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.557119][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.573002][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.584632][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.602529][ T7055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.659482][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.674258][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.685223][ T7055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.696031][ T7055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.711201][ T7055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.741207][ T7950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.764273][ T7055] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.773772][ T7055] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.783027][ T7055] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.791870][ T7055] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.851901][ T7950] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.982610][ T1076] team0: left allmulticast mode [ 238.989691][ T1076] team_slave_0: left allmulticast mode [ 238.995588][ T1076] team_slave_1: left allmulticast mode [ 239.001992][ T1076] bridge0: port 3(team0) entered disabled state [ 239.010338][ T1076] bridge_slave_1: left allmulticast mode [ 239.023715][ T1076] bridge_slave_1: left promiscuous mode [ 239.029687][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.040436][ T1076] bridge_slave_0: left allmulticast mode [ 239.046145][ T1076] bridge_slave_0: left promiscuous mode [ 239.053309][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.182218][ T5244] Bluetooth: hci0: command tx timeout [ 239.385976][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 239.401020][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 239.412089][ T1076] bond0 (unregistering): Released all slaves [ 239.431603][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.438792][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.534128][ T9052] loop1: detected capacity change from 0 to 2048 [ 239.596154][ T9052] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.622490][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.690418][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.733518][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.740693][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.835353][ T9103] loop1: detected capacity change from 0 to 16 [ 239.846823][ T9103] erofs: (device loop1): mounted with root inode @ nid 36. [ 239.886125][ T8942] chnl_net:caif_netlink_parms(): no params data found [ 239.952949][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.018877][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.046679][ T1076] hsr_slave_0: left promiscuous mode [ 240.078481][ T1076] hsr_slave_1: left promiscuous mode [ 240.094732][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.103826][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.118680][ T1076] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.126707][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.165276][ T1076] veth1_macvtap: left promiscuous mode [ 240.171493][ T1076] veth0_macvtap: left promiscuous mode [ 240.177644][ T1076] veth1_vlan: left promiscuous mode [ 240.183212][ T1076] veth0_vlan: left promiscuous mode [ 240.864770][ T1076] team_slave_1 (unregistering): left promiscuous mode [ 240.877190][ T1076] team0 (unregistering): Port device team_slave_1 removed [ 240.932578][ T1076] team_slave_0 (unregistering): left promiscuous mode [ 240.943175][ T1076] team0 (unregistering): Port device team_slave_0 removed [ 241.256751][ T5244] Bluetooth: hci0: command tx timeout [ 241.569565][ T7950] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 241.721304][ T5402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.751765][ T5402] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.802528][ T8942] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.833749][ T8942] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.883218][ T8942] bridge_slave_0: entered allmulticast mode [ 241.904834][ T8942] bridge_slave_0: entered promiscuous mode [ 241.947993][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.964455][ T8942] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.973476][ T8942] bridge_slave_1: entered allmulticast mode [ 241.992816][ T8942] bridge_slave_1: entered promiscuous mode [ 242.090519][ T7747] veth0_vlan: entered promiscuous mode [ 242.172724][ T8942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.213449][ T7747] veth1_vlan: entered promiscuous mode [ 242.252781][ T8942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.444712][ T5244] Bluetooth: hci2: unexpected event 0x04 length: 14 > 10 [ 242.458435][ T8942] team0: Port device team_slave_0 added [ 242.475416][ T8942] team0: Port device team_slave_1 added [ 242.592072][ T9247] fuse: Unknown parameter '0x0000000000000006' [ 243.336599][ T5244] Bluetooth: hci0: command tx timeout [ 243.363346][ T7747] veth0_macvtap: entered promiscuous mode [ 243.398338][ T7950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.473366][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.507697][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.614855][ T8942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.695437][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.706648][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.740430][ T8942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.748334][ T9284] binder: BINDER_SET_CONTEXT_MGR already set [ 243.758881][ T9284] binder: 9283:9284 ioctl 4018620d 20000040 returned -16 [ 243.804288][ T9284] binder: 9283:9284 ioctl c0306201 0 returned -14 [ 243.861018][ T7747] veth1_macvtap: entered promiscuous mode [ 243.952274][ T8942] hsr_slave_0: entered promiscuous mode [ 244.000343][ T8942] hsr_slave_1: entered promiscuous mode [ 244.072946][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.126470][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.150100][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.180078][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.281245][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.327653][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.339051][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.350526][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.361530][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.421753][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.456508][ T5244] Bluetooth: hci2: command tx timeout [ 244.875026][ T9243] loop3: detected capacity change from 0 to 40427 [ 244.882898][ T9243] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 244.890196][ T9243] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 244.941396][ T7747] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.950495][ T9243] F2FS-fs (loop3): invalid crc value [ 244.987366][ T7747] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.023106][ T7747] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.032079][ T9243] F2FS-fs (loop3): Found nat_bits in checkpoint [ 245.060323][ T7747] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.189463][ T9243] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 245.216888][ T9243] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 245.299847][ T29] audit: type=1804 audit(1723580354.107:89): pid=9243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.360" name="/newroot/0/file2/file1" dev="loop3" ino=10 res=1 errno=0 [ 245.412273][ T7055] syz-executor: attempt to access beyond end of device [ 245.412273][ T7055] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 245.428210][ T5244] Bluetooth: hci0: command tx timeout [ 245.436757][ T7055] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 245.485222][ T1076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.552659][ T1076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.576154][ T7950] veth0_vlan: entered promiscuous mode [ 245.644138][ T7950] veth1_vlan: entered promiscuous mode [ 245.686312][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.721392][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.898199][ T7950] veth0_macvtap: entered promiscuous mode [ 245.945810][ T7950] veth1_macvtap: entered promiscuous mode [ 246.203541][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 246.232914][ T9448] loop2: detected capacity change from 0 to 2048 [ 246.245849][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.257117][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 246.275364][ T9448] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 246.284108][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.309227][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 246.339898][ T9448] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 246.352632][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.365808][ T9368] loop1: detected capacity change from 0 to 40427 [ 246.389989][ T7950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 246.407856][ T9368] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 246.414872][ T9368] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 246.424869][ T9468] loop3: detected capacity change from 0 to 16 [ 246.433884][ T9448] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 246.455988][ T9468] erofs: (device loop3): mounted with root inode @ nid 36. [ 246.468278][ T9448] System zones: 0-19 [ 246.480389][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.506226][ T9368] F2FS-fs (loop1): invalid crc value [ 246.512485][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.516081][ T9448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.553299][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.577081][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.590565][ T9368] F2FS-fs (loop1): Found nat_bits in checkpoint [ 246.600686][ T7950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.626700][ T7950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.648040][ T7950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 246.682312][ T7950] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.686982][ T9481] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.404: Directory hole found for htree leaf block 0 [ 246.744099][ T7950] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.766815][ T7950] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.810157][ T9368] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 246.819025][ T9368] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 247.025517][ T9448] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.404: Directory hole found for htree leaf block 0 [ 247.241855][ T7950] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.257446][ T9368] syz.1.455: attempt to access beyond end of device [ 247.257446][ T9368] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 247.283691][ T9368] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 247.578584][ T8942] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 247.619489][ T7747] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.624290][ T8942] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 247.703663][ T8942] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 247.777125][ T8942] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 247.855254][ T5568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.871931][ T5568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.035956][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.059851][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.313397][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.443868][ T9526] loop4: detected capacity change from 0 to 16 [ 248.465524][ T8942] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.525050][ T5568] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.532244][ T5568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.552431][ T9526] erofs: (device loop4): mounted with root inode @ nid 36. [ 248.621476][ T9526] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 248.642879][ T9526] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 248.652830][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.660019][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.688747][ T5244] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 248.831726][ T9540] fuse: Unknown parameter '0x0000000000000006' [ 250.139145][ T8942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 250.696521][ T5244] Bluetooth: hci3: command tx timeout [ 250.781878][ T8942] veth0_vlan: entered promiscuous mode [ 250.924864][ T8942] veth1_vlan: entered promiscuous mode [ 251.034987][ T8942] veth0_macvtap: entered promiscuous mode [ 251.099897][ T8942] veth1_macvtap: entered promiscuous mode [ 251.168770][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.194160][ T9583] netlink: 'syz.3.469': attribute type 1 has an invalid length. [ 251.228023][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.271674][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.327757][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.368133][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.398626][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.436458][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.474718][ T9599] loop4: detected capacity change from 0 to 16 [ 251.487498][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.505138][ T9599] erofs: (device loop4): mounted with root inode @ nid 36. [ 251.521284][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 251.631769][ T9599] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 251.643067][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.688926][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.699978][ T9599] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 251.908391][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.048195][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.129412][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.211955][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.802310][ T5244] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 252.814675][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.852998][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.948063][ T9616] fuse: Unknown parameter '0x0000000000000006' [ 253.169799][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.299836][ T9619] loop3: detected capacity change from 0 to 2048 [ 253.342420][ T8942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.398435][ T8942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.432508][ T9619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.465238][ T8942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.500047][ T8942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.626688][ T9624] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 253.745640][ T9632] loop2: detected capacity change from 0 to 16 [ 253.792937][ T9632] erofs: (device loop2): mounted with root inode @ nid 36. [ 253.802680][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.475'. [ 253.887861][ T9634] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 254.690182][ T5568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.762959][ T5568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.857949][ T5244] Bluetooth: hci3: command tx timeout [ 256.058124][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.064495][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.086146][ T5568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.097669][ T9671] netlink: 'syz.4.479': attribute type 1 has an invalid length. [ 256.230008][ T29] audit: type=1326 audit(1723580367.049:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9618 comm="syz.3.474" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f148a1799f9 code=0x0 [ 256.448032][ T5568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.763676][ T7055] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.985333][ T9697] loop1: detected capacity change from 0 to 16 [ 257.019942][ T9697] erofs: (device loop1): mounted with root inode @ nid 36. [ 257.072419][ T9692] loop0: detected capacity change from 0 to 2048 [ 257.218657][ T9692] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.564667][ T9701] mmap: syz.3.483 (9701) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 257.815458][ T5244] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 257.943344][ T9721] fuse: Unknown parameter '0x0000000000000006' [ 259.016501][ T9710] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 259.676387][ T29] audit: type=1326 audit(1723580371.487:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.0.444" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a04d799f9 code=0x0 [ 259.908756][ T5244] Bluetooth: hci4: command tx timeout [ 260.619006][ T9723] loop1: detected capacity change from 0 to 40427 [ 260.639515][ T9723] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 260.668477][ T9723] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 260.723493][ T9723] F2FS-fs (loop1): invalid crc value [ 260.763346][ T9723] F2FS-fs (loop1): Found nat_bits in checkpoint [ 261.966509][ T9759] netlink: 'syz.2.491': attribute type 1 has an invalid length. [ 263.538787][ T9777] loop3: detected capacity change from 0 to 16 [ 263.587124][ T9777] erofs: (device loop3): mounted with root inode @ nid 36. [ 263.754309][ T8942] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.901181][ T9810] netlink: 'syz.3.502': attribute type 11 has an invalid length. [ 264.953055][ T9810] netlink: 134820 bytes leftover after parsing attributes in process `syz.3.502'. [ 265.305995][ T9826] loop1: detected capacity change from 0 to 16 [ 265.342296][ T9826] erofs: (device loop1): mounted with root inode @ nid 36. [ 265.364996][ T9825] loop0: detected capacity change from 0 to 2048 [ 265.413657][ T9825] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 267.489376][ T29] audit: type=1326 audit(1723580379.107:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9823 comm="syz.0.507" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a04d799f9 code=0x0 [ 267.512066][ T9829] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 267.656624][ T5231] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 267.856599][ T5231] usb 5-1: Using ep0 maxpacket: 16 [ 268.126960][ T5231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 268.394601][ T5231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 268.444285][ T5231] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 268.456501][ T8942] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.476280][ T5231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.527807][ T5231] usb 5-1: config 0 descriptor?? [ 268.752555][ T9878] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 268.825434][ T9858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.863935][ T9858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.992043][ T9888] netlink: 'syz.1.517': attribute type 11 has an invalid length. [ 269.022937][ T9888] netlink: 134820 bytes leftover after parsing attributes in process `syz.1.517'. [ 269.131734][ T5231] usbhid 5-1:0.0: can't add hid device: -71 [ 269.155990][ T5231] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 269.192284][ T5231] usb 5-1: USB disconnect, device number 7 [ 269.208128][ T9896] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.519'. [ 270.749243][ T9938] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 271.045820][ T9948] loop3: detected capacity change from 0 to 4096 [ 271.161508][ T9948] overlayfs: failed to resolve './file0': -2 [ 271.236752][ T5280] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 271.476601][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 271.519985][ T5280] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.566165][ T5280] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 271.620441][ T5280] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 271.655206][ T5280] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 271.676701][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.711052][ T5280] usb 2-1: Product: syz [ 271.730038][ T5280] usb 2-1: Manufacturer: syz [ 271.772578][ T9971] binder: 9970:9971 ioctl c0306201 0 returned -14 [ 271.774673][ T5280] usb 2-1: SerialNumber: syz [ 273.810997][T10002] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 273.844873][T10004] loop4: detected capacity change from 0 to 512 [ 273.931557][T10004] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 273.944961][T10004] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 273.991860][T10004] Quota error (device loop4): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 274.003585][T10004] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 274.014050][T10004] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.541: Failed to acquire dquot type 0 [ 274.238216][ T5280] cdc_ncm 2-1:1.0: bind() failure [ 274.251935][ T5280] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 274.276537][ T5280] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 274.856609][ T5280] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 274.900096][ T5280] usb 2-1: USB disconnect, device number 5 [ 275.018063][ T7950] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 275.142456][T10038] loop4: detected capacity change from 0 to 16 [ 275.159722][T10038] erofs: (device loop4): mounted with root inode @ nid 36. [ 276.459916][T10060] binder: 10056:10060 ioctl c0306201 0 returned -14 [ 276.911281][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.553'. [ 276.922028][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.553'. [ 277.236184][T10084] loop0: detected capacity change from 0 to 2048 [ 277.359392][T10084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 278.644205][T10041] coredump: 69(syz.3.545): interrupted: fatal signal pending [ 278.652662][T10041] coredump: 69(syz.3.545): written to core: VMAs: 34, size 80515072; core: 24226694 bytes, pos 33050624 [ 279.316258][ T29] audit: type=1326 audit(1723580391.127:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10078 comm="syz.0.557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a04d799f9 code=0x0 [ 279.869691][T10156] pim6reg: entered allmulticast mode [ 279.900687][T10156] pim6reg: left allmulticast mode [ 279.925518][T10162] loop3: detected capacity change from 0 to 16 [ 279.959699][T10162] erofs: (device loop3): mounted with root inode @ nid 36. [ 282.144727][T10092] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 282.204773][T10169] loop2: detected capacity change from 0 to 40427 [ 282.243567][ T8942] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.293824][T10169] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 283.125587][T10169] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 283.188589][T10169] F2FS-fs (loop2): Unable to read 2th superblock [ 283.393618][T10200] loop1: detected capacity change from 0 to 512 [ 283.454468][T10200] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 283.621582][T10200] EXT4-fs (loop1): 1 truncate cleaned up [ 283.635882][T10200] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.691183][ T29] audit: type=1804 audit(1723580395.507:94): pid=10200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.581" name="/newroot/88/file2/bus" dev="loop1" ino=18 res=1 errno=0 [ 283.775871][T10213] loop4: detected capacity change from 0 to 16 [ 283.807093][ T29] audit: type=1804 audit(1723580395.527:95): pid=10200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.581" name="/newroot/88/file2/bus" dev="loop1" ino=18 res=1 errno=0 [ 283.812967][T10213] erofs: (device loop4): mounted with root inode @ nid 36. [ 283.855196][ T6401] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.524662][T10245] loop3: detected capacity change from 0 to 764 [ 284.563771][T10245] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 284.630747][T10245] Symlink component flag not implemented [ 284.663408][T10245] Symlink component flag not implemented [ 284.679583][T10245] Symlink component flag not implemented (128) [ 284.686007][T10245] Symlink component flag not implemented (122) [ 284.686664][T10216] loop0: detected capacity change from 0 to 1764 [ 284.769993][T10216] iso9660: Bad value for 'block' [ 284.916787][ T5280] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 285.149205][ T5280] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.180991][ T5280] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.194308][ T5280] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 285.194390][ T5280] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.80 [ 285.194418][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.208837][ T5280] usb 5-1: config 0 descriptor?? [ 285.509912][T10284] loop1: detected capacity change from 0 to 16 [ 285.559346][T10284] erofs: (device loop1): mounted with root inode @ nid 36. [ 285.661448][ T5244] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 285.794885][T10290] fuse: Unknown parameter '0xffffffffffffffff' [ 287.746602][ T5244] Bluetooth: hci1: command tx timeout [ 287.861385][ T5280] usbhid 5-1:0.0: can't add hid device: -71 [ 287.880372][ T5280] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 287.902191][T10320] netlink: 'syz.0.605': attribute type 11 has an invalid length. [ 287.933503][ T5280] usb 5-1: USB disconnect, device number 8 [ 287.942762][T10320] netlink: 134820 bytes leftover after parsing attributes in process `syz.0.605'. [ 288.240709][ T5244] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 288.374698][T10346] fuse: Unknown parameter '0xffffffffffffffff' [ 290.300935][ T5244] Bluetooth: hci0: command tx timeout [ 292.191392][T10385] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 292.554488][T10387] loop0: detected capacity change from 0 to 256 [ 292.592849][T10387] vfat: Bad value for 'dmask' [ 292.690960][T10387] loop0: detected capacity change from 0 to 512 [ 292.713480][ T5236] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 292.713761][ T5233] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 293.736069][T10387] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 294.739502][ T5244] Bluetooth: hci2: command 0x0406 tx timeout [ 294.816461][ T5233] Bluetooth: hci3: command tx timeout [ 294.821906][ T5233] Bluetooth: hci1: command tx timeout [ 296.829841][T10408] loop4: detected capacity change from 0 to 2048 [ 297.167706][T10440] loop3: detected capacity change from 0 to 2048 [ 297.258065][T10440] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 297.314002][T10440] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 297.386847][T10440] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 297.435116][T10440] System zones: 0-19 [ 297.449352][T10440] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.481026][T10452] netlink: 8 bytes leftover after parsing attributes in process `syz.1.632'. [ 297.493621][T10440] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.629: Directory hole found for htree leaf block 0 [ 297.819837][T10455] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.629: Directory hole found for htree leaf block 0 [ 298.628288][ T7055] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.094490][T10466] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 299.758703][ T5244] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 300.055229][T10489] loop2: detected capacity change from 0 to 16 [ 300.287774][T10489] erofs: (device loop2): mounted with root inode @ nid 36. [ 301.034078][T10513] loop2: detected capacity change from 0 to 2048 [ 301.078013][T10513] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 301.113684][T10513] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 301.178161][T10513] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 301.206938][T10513] System zones: 0-19 [ 301.216599][T10513] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 301.341468][T10513] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.646: Directory hole found for htree leaf block 0 [ 301.676583][T10534] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.646: Directory hole found for htree leaf block 0 [ 301.826564][ T5244] Bluetooth: hci1: command tx timeout [ 302.217775][ T7747] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.457767][T10546] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 302.557924][T10495] loop0: detected capacity change from 0 to 40427 [ 302.599945][T10495] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 302.642975][T10495] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 302.687004][T10495] F2FS-fs (loop0): invalid crc value [ 302.698126][T10556] loop2: detected capacity change from 0 to 16 [ 302.723768][T10495] F2FS-fs (loop0): Found nat_bits in checkpoint [ 302.766249][T10556] erofs: (device loop2): mounted with root inode @ nid 36. [ 302.840805][T10564] loop3: detected capacity change from 0 to 128 [ 302.864972][T10564] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 302.919452][T10564] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 302.991543][T10495] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 303.024639][T10495] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 303.091704][T10495] syz.0.643: attempt to access beyond end of device [ 303.091704][T10495] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 303.135997][T10495] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 303.307749][ T7055] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 303.703526][T10587] netlink: 'syz.3.663': attribute type 23 has an invalid length. [ 304.029239][T10600] loop0: detected capacity change from 0 to 256 [ 304.075351][T10551] loop1: detected capacity change from 0 to 40427 [ 304.110949][ T29] audit: type=1804 audit(1723580418.910:96): pid=10600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.662" name="/newroot/27/file0/bus" dev="loop0" ino=1048652 res=1 errno=0 [ 304.156637][T10551] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 304.189803][T10551] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 304.220867][T10551] F2FS-fs (loop1): invalid crc value [ 304.244920][T10551] F2FS-fs (loop1): Found nat_bits in checkpoint [ 304.496936][T10551] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 304.524385][T10551] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 304.586738][ T29] audit: type=1804 audit(1723580419.400:97): pid=10551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.655" name="/newroot/109/file2/file1" dev="loop1" ino=10 res=1 errno=0 [ 304.657447][ T6401] syz-executor: attempt to access beyond end of device [ 304.657447][ T6401] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 304.700344][ T6401] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 305.698856][T10620] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 307.154348][ T5244] Bluetooth: hci3: unexpected event 0x04 length: 14 > 10 [ 307.193604][T10656] loop0: detected capacity change from 0 to 1024 [ 307.302124][T10659] fuse: Unknown parameter '0x0000000000000006' [ 307.436585][ T5244] Bluetooth: hci0: link tx timeout [ 307.446795][ T5244] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 307.469578][ T5244] Bluetooth: hci0: link tx timeout [ 307.474951][ T5244] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 307.912680][T10656] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 307.953759][T10656] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 307.996827][T10656] EXT4-fs (loop0): orphan cleanup on readonly fs [ 308.050819][T10656] EXT4-fs error (device loop0): ext4_free_blocks:6590: comm syz.0.677: Freeing blocks not in datazone - block = 0, count = 4096 [ 309.036761][T10656] EXT4-fs (loop0): 1 orphan inode deleted [ 309.043538][T10656] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 309.177175][ T5233] Bluetooth: hci3: command tx timeout [ 309.213476][T10679] netlink: 36 bytes leftover after parsing attributes in process `syz.4.679'. [ 309.263123][ T8942] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.516671][ T5233] Bluetooth: hci0: command 0x0406 tx timeout [ 309.679580][T10702] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 310.311231][ T5280] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 310.413829][T10710] syz.1.687 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 310.508189][ T5280] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 310.533223][T10713] loop0: detected capacity change from 0 to 1024 [ 310.592521][ T5280] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 310.661716][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.711716][T10718] loop2: detected capacity change from 0 to 256 [ 310.726742][ T5280] usb 4-1: Product: syz [ 310.737543][ T5280] usb 4-1: Manufacturer: syz [ 310.752717][ T5280] usb 4-1: SerialNumber: syz [ 310.860730][ T29] audit: type=1804 audit(1723580426.677:98): pid=10718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.689" name="/newroot/55/file0/bus" dev="loop2" ino=1048653 res=1 errno=0 [ 310.940601][ T62] hfsplus: b-tree write err: -5, ino 4 [ 311.409654][ T5280] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 311.934212][ T5233] Bluetooth: hci0: command 0x0406 tx timeout [ 311.974898][ T5280] cdc_ncm 4-1:1.0: bind() failure [ 312.474826][ T5280] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 312.482859][ T5280] cdc_ncm 4-1:1.1: bind() failure [ 313.431714][ T5279] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 313.649633][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.661741][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.681044][ T5279] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 313.690346][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.716050][ T5279] usb 2-1: config 0 descriptor?? [ 313.915423][T10547] coredump: 114(syz.4.648): written to core: VMAs: 37, size 92401664; core: 71656602 bytes, pos 92409856 [ 314.110443][ T5276] usb 4-1: USB disconnect, device number 6 [ 316.439198][T10786] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 316.905807][ T5279] usbhid 2-1:0.0: can't add hid device: -71 [ 316.924025][ T5279] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 316.944076][ T5279] usb 2-1: USB disconnect, device number 6 [ 317.372172][T10799] loop1: detected capacity change from 0 to 1024 [ 317.406559][T10799] EXT4-fs (loop1): Can't support bigalloc feature without extents feature [ 317.406559][T10799] [ 317.426774][T10799] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 317.511533][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.518466][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.751525][T10756] netlink: 36 bytes leftover after parsing attributes in process `syz.0.695'. [ 317.781188][T10807] bridge0: entered promiscuous mode [ 317.846897][T10807] bridge0: left promiscuous mode [ 317.985016][T10821] loop0: detected capacity change from 0 to 1024 [ 318.011150][T10826] netlink: 'syz.4.705': attribute type 1 has an invalid length. [ 318.022552][T10808] netlink: 32 bytes leftover after parsing attributes in process `syz.1.702'. [ 318.915375][ T1076] hfsplus: b-tree write err: -5, ino 4 [ 318.975307][T10841] loop4: detected capacity change from 0 to 128 [ 319.041349][T10838] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN PTI [ 319.054089][T10838] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 319.062558][T10838] CPU: 0 UID: 0 PID: 10838 Comm: syz.3.707 Not tainted 6.11.0-rc3-next-20240813-syzkaller #0 [ 319.073018][T10838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 319.083127][T10838] RIP: 0010:__lock_acquire+0x69/0x2040 [ 319.088645][T10838] Code: b6 04 30 84 c0 0f 85 87 16 00 00 45 31 f6 83 3d 28 c5 a8 0e 00 0f 84 ac 13 00 00 89 54 24 54 89 5c 24 68 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 c9 2c 8c 00 48 be 00 00 00 00 00 fc [ 319.108395][T10838] RSP: 0018:ffffc9000ffb70d0 EFLAGS: 00010002 [ 319.114480][T10838] RAX: 0000000000000004 RBX: 0000000000000001 RCX: 0000000000000001 [ 319.122459][T10838] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000020 [ 319.130554][T10838] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 319.138535][T10838] R10: dffffc0000000000 R11: fffffbfff2030fbe R12: ffff88806acb5a00 [ 319.146523][T10838] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000020 [ 319.154501][T10838] FS: 00007f1489bff6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 319.163441][T10838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 319.170075][T10838] CR2: 0000000020001340 CR3: 000000002b1fc000 CR4: 00000000003506f0 [ 319.178076][T10838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 319.186070][T10838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 319.194080][T10838] Call Trace: [ 319.197366][T10838] [ 319.200301][T10838] ? __die_body+0x5f/0xb0 [ 319.204747][T10838] ? die_addr+0xb0/0xe0 [ 319.208908][T10838] ? exc_general_protection+0x3dd/0x5d0 [ 319.214599][T10838] ? asm_exc_general_protection+0x26/0x30 [ 319.220338][T10838] ? __lock_acquire+0x69/0x2040 [ 319.225204][T10838] ? tcp_retransmit_skb+0x208/0x3e0 [ 319.230514][T10838] ? tcp_xmit_retransmit_queue+0x7b7/0xac0 [ 319.236343][T10838] lock_acquire+0x1ed/0x550 [ 319.240877][T10838] ? send_sigurg+0x5a/0x3d0 [ 319.245397][T10838] ? __pfx_lock_acquire+0x10/0x10 [ 319.250435][T10838] ? tcp_ack+0x470a/0x6bc0 [ 319.254882][T10838] _raw_read_lock_irqsave+0xdd/0x130 [ 319.260197][T10838] ? send_sigurg+0x5a/0x3d0 [ 319.264731][T10838] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 319.270720][T10838] send_sigurg+0x5a/0x3d0 [ 319.275067][T10838] sk_send_sigurg+0x6e/0x2f0 [ 319.279661][T10838] tcp_check_urg+0x207/0x740 [ 319.284283][T10838] tcp_urg+0x15c/0x450 [ 319.288361][T10838] ? __pfx_tcp_urg+0x10/0x10 [ 319.292963][T10838] ? ktime_get+0x9b/0xb0 [ 319.297215][T10838] tcp_rcv_established+0xfaf/0x2020 [ 319.302422][T10838] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.308769][T10838] ? __pfx_tcp_rcv_established+0x10/0x10 [ 319.314412][T10838] tcp_v4_do_rcv+0x96d/0xc70 [ 319.319013][T10838] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 319.324130][T10838] __release_sock+0x214/0x350 [ 319.328827][T10838] release_sock+0x61/0x1f0 [ 319.333253][T10838] sk_stream_wait_memory+0x762/0xfa0 [ 319.338572][T10838] ? __pfx_sk_stream_wait_memory+0x10/0x10 [ 319.344410][T10838] ? __pfx_woken_wake_function+0x10/0x10 [ 319.350084][T10838] ? __tcp_push_pending_frames+0xd6/0x360 [ 319.355826][T10838] tcp_sendmsg_locked+0x1471/0x4e10 [ 319.361055][T10838] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 319.366609][T10838] ? __local_bh_enable_ip+0x168/0x200 [ 319.371996][T10838] ? do_raw_spin_unlock+0x13c/0x8b0 [ 319.377205][T10838] tcp_sendmsg+0x30/0x50 [ 319.381452][T10838] __sock_sendmsg+0x1a6/0x270 [ 319.386133][T10838] __sys_sendto+0x3a4/0x4f0 [ 319.390644][T10838] ? do_sock_setsockopt+0x3e2/0x720 [ 319.395859][T10838] ? __pfx___sys_sendto+0x10/0x10 [ 319.400907][T10838] ? do_futex+0x33b/0x560 [ 319.405283][T10838] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 319.411296][T10838] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.417647][T10838] __x64_sys_sendto+0xde/0x100 [ 319.422455][T10838] do_syscall_64+0xf3/0x230 [ 319.426965][T10838] ? clear_bhb_loop+0x35/0x90 [ 319.431852][T10838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.437758][T10838] RIP: 0033:0x7f148a1799f9 [ 319.442284][T10838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.461993][T10838] RSP: 002b:00007f1489bff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 319.470443][T10838] RAX: ffffffffffffffda RBX: 00007f148a315f80 RCX: 00007f148a1799f9 [ 319.478433][T10838] RDX: 00000000000020c8 RSI: 00000000200012c0 RDI: 0000000000000003 [ 319.486411][T10838] RBP: 00007f148a1e78ee R08: 0000000000000000 R09: 0000000000000027 [ 319.494382][T10838] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 319.502355][T10838] R13: 0000000000000000 R14: 00007f148a315f80 R15: 00007fffce1dc0a8 [ 319.510340][T10838] [ 319.513396][T10838] Modules linked in: [ 319.517310][T10838] ---[ end trace 0000000000000000 ]--- [ 319.522789][T10838] RIP: 0010:__lock_acquire+0x69/0x2040 [ 319.528268][T10838] Code: b6 04 30 84 c0 0f 85 87 16 00 00 45 31 f6 83 3d 28 c5 a8 0e 00 0f 84 ac 13 00 00 89 54 24 54 89 5c 24 68 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 c9 2c 8c 00 48 be 00 00 00 00 00 fc [ 319.547912][T10838] RSP: 0018:ffffc9000ffb70d0 EFLAGS: 00010002 [ 319.554002][T10838] RAX: 0000000000000004 RBX: 0000000000000001 RCX: 0000000000000001 [ 319.561983][T10838] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000020 [ 319.569983][T10838] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 319.577957][T10838] R10: dffffc0000000000 R11: fffffbfff2030fbe R12: ffff88806acb5a00 [ 319.585934][T10838] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000020 [ 319.593907][T10838] FS: 00007f1489bff6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 319.602840][T10838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 319.609427][T10838] CR2: 0000000020001340 CR3: 000000002b1fc000 CR4: 00000000003506f0 [ 319.617404][T10838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 319.625377][T10838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 319.633352][T10838] Kernel panic - not syncing: Fatal exception [ 319.639683][T10838] Kernel Offset: disabled [ 319.644005][T10838] Rebooting in 86400 seconds..