last executing test programs: 10.527996603s ago: executing program 1 (id=1311): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) dup2(r1, r1) sendto$inet6(r1, &(0x7f0000000000)="7800000018001f05b9409b0dffff000d0203be040205060506014007480012000f000000fac8388827a685a168d9a4c6040045653600648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902003a03004a32000400040012000a00000000000000000000080756ede4ccbe5880", 0xffe6, 0x20008081, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000280), 0x5, 0x201) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x20000000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) capset(&(0x7f0000000000), 0x0) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0xb, @pix={0x38305343, 0x0, 0x38414761, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) 7.668889772s ago: executing program 0 (id=1326): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) kexec_load(0x0, 0x2, &(0x7f0000000900)=[{0x0, 0x0, 0x200000000}, {0x0, 0x0, 0x0, 0x8000}], 0x0) 7.5679623s ago: executing program 1 (id=1327): r0 = socket(0x10, 0x3, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f00000000c0)=0x269, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, 0x1a, 0xa01}, 0x14}}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = syz_open_dev$loop(&(0x7f0000000240), 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(r2, 0x40081271) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x4380000, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f0000001180)=[{0x20000000, 0xff00, 0x0}], 0x1, 0x0) close(0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0xc851) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010006797a5f"], 0x80}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PORT={0x6, 0x2, 0x1, 0x0, 0x4e21}, @IFLA_MACSEC_ES={0x5, 0xa, 0xf7}]}}}]}, 0x44}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000c000000850000008200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000000850000007d000000bf91000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x2e, &(0x7f0000001500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x8, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0) fanotify_init(0x10, 0x101000) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="11000004", @ANYRES16=r7, @ANYBLOB="000226bd7000ffdbdf250300000005000500f8000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) 6.664727848s ago: executing program 1 (id=1329): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001c40)=""/23, 0x17}}], 0x1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 6.523332754s ago: executing program 0 (id=1330): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x21000f, &(0x7f00000001c0)={[{@data_journal}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2006}}], [{@subj_role={'subj_role', 0x3d, '(\xbc](,((^'}}, {@pcr={'pcr', 0x3d, 0x39}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@subj_user={'subj_user', 0x3d, '\xachMs\xf1\xe5\x81:Wi\x96pe\t\x9d\xcc\xe4\xaa\xf6\x87Y\xcb\x03%\x9f\xc2\x87y8\xf4\nk_\xab\xc0h\xaeb\xf6\x93Y\t~\xf8+T\b3\x04\x00\xc5\x92\x12\xd0\xb2\xff\xad\x06\x8a3\xe2\xb2\"\x92\xda2\xfb\xa8\x8d\x9c\x90\xda>\xf1\xdd\xaf\r\x8d#\xfc\xe8P\xed\x9d\xe6\bz\x9dA\xa3\x8dn\xdfH\xcaz\xff\xdfj\xa5T\xf0\f&\x99?\xcdbL\x06\xce\x95\xabH\xc0|\xafw\xfc\xda\xd9\xbb\xdd0mu\x99\x93unxw\xc2\x19o\xe7\xd7(\xc93\x9ef\xc5\n\xc2\x00ugi\'\a\xd0\x93\xf9\xd48\'Vv\xd1\xaeD\xf0\xa4\x7f\xb5T|Y\xe6Y\xf2.Q\x82\xbe\x1a\xed\x04EHv^*\xfazX\xe78\x92\xa1'}}]}, 0x1, 0x51c, &(0x7f0000000cc0)="$eJzs3cFvI1cZAPBvnLibdFOSAodSqaWiRdkCaycNbaMe2iIhbpVA5b5EiRNFceIodtpNVEEqzlwQEpU4ceKCxB+AhPonVJUqwR0BAiHYwoEDMGjG423iHZNEje2V8/tJ43nzdma+79nr8cy8yUwA19YzEfF6RExFxPMRMV/UV4ohTrpDNt/H995Zz4Yk0vTNvyWRZHXpD9YjL/VeI24Wi810R6XaR8c7a81m46CYrnd29+vto+Pb27trW42txt7KyvJLqy+vvri6dMkWfaW0NmvXq9/800n84luv/uZrb//+zl9ufT8p2h9F2y4Z6EK670k1ey/um46Ig2EEG4Opoj3VcScCAMCFZPtvn42IL+X7//Mxle/N5ezSAQAAwIRIX5uLfycRKQAAADCxXouIuUgqteJ637moVGq17jW8n49HK81Wu/PVzdbh3kb2bxELUa1sbjcbS8U1tQtRTbLp5bz8yfQLfdMrEfF4RPxkfjafrq23mhvjPvkBAAAA18TNvuP/f853j/8BAACACbMw7gQAAACAoRt0/J+MOA8AAABgePT/AwAAwET79htvZEPae/71xltHhzutt25vNNo7td3D9dp662C/ttVqbeX37Ns9b33NVmv/67F3eLfeabQ79fbR8Z3d1uFe5872mUdgAwAAACP0+Bff/10ScSNemY2TV2bzukeyl6kBC7hWACZG5TIz/3F4eQCjN+hnfhRLA+M1Pe4EgPE5GXcCwLidudVHyU7B6Yt3zpwz+GB4OQEAAFdr8Qt5/3/e93+6/z87BKg+OHt6Y/QpAkNyqf5/YKKU9uD/KBLdAjD5Ltn//+Gw8gBGr+oaPrj2znvUx8Cbd3xQfqLwQWl67roAAIChmsuHpFIr+gLnolKp1SIey//Uv5psbjcbSxHxmYj47Xz1Rja9nC+ZeDwgAAAAAAAAAAAAAAAAAAAAAAAAAFxQmiaRAgAAABMtovLnpHj+1+L8c3P95wceSf41n48j4u2fvfnTu2udzsFyVv/3+/Wd94r6F8ZxBgMAAADo1ztO7x3HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBV+vjeO+u9YZRx//qNiFgoiz8dM/l4JqoR8eg/kpg+tVwSEVNXEP/k3Yh4oix+kqUVC0UW/fErETE7mvhPpWlaGv/mFcSH6+z9bPvzetn3rxLP5OPy7/90MXxag7d/lfvbv6kB27/HLhjjyY9+VR8Y/92IJ6fLtz+9+MmA+M+WrbDkTfned4+PB8VPfx6xWPr7k5yJVe/s7tfbR8e3t3fXthpbjb2VleWXVl9efXF1qb653Wws1Tej2VgqjfHjp379376q/6RdeftjQPyFc9r/XFaonm5Mf5gi2Ed3732uW6z2rSKPf+vZ8s//iV78GxHRFz/7P/Hl4ncgW9Fir3zSLZ/29C8/fLo0sSL+xoD2n/f53xq00j7Pf+eHf7jgrADACLSPjnfWms3GwdAL76VpOqpYCg9hYebhSEPh/MJVnNkCAAAeNp/s9I87EwAAAAAAAAAAAAAAAAAAALi+2kdRGfbtxPpjnoynqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/9f/AgAA//+I1uMz") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) ioctl$FITHAW(0xffffffffffffffff, 0xc0045878) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001100010000000000000000000000000a"], 0x28}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000130a0102000000000000000057000000080003400000000161f11ab794390a7598c9aaebec10840208b663173b479d7afb7a306db9f863f0f46ee206ac0b00788f82522696744e57e0357539f648274d1cabd3cab0d6d02221acaee8a92463f5433d85e80a93214cbd106e91ccce40"], 0x1c}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r4, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, 0xa}, @void, @void}}}, 0x1c}}, 0x0) 5.942253289s ago: executing program 1 (id=1334): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xff07, 0x0, 0x0, 0x0, 0x0, "5f330000a90100f9"}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, 0x0) poll(&(0x7f0000000180)=[{r1, 0xcf9aa395655278ed}, {r1, 0xc}], 0x2, 0xe7f1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f00000006c0)=0xa) 5.223498394s ago: executing program 0 (id=1336): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1c09c, &(0x7f0000000340)=ANY=[@ANYBLOB='part=0x0000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c73657373696f6e3d3078666666666666666666666666666637662c6e6c733d63703836362c626172726965722c6e6f6465636f6d706f73652c706172743d3078303030303030303030303030303030332c756d61736b3d30303030303030303030303030303030303030303030312c63726561746f723d85f194712c626172726965722c63726561746f723d65fe04c22c626172726965722c6465636f6d706f73652c666f7263652c7569643d", @ANYRESHEX=0x0, @ANYBLOB="2c63726561746f723da90781e42c626138726965722c706172743d3078303030303030303030303030303030312c00"], 0x1, 0x6da, &(0x7f0000004980)="$eJzs3UtoHOcdAPD/rFarXRUcOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdmZ1Ur7lKzHJv39xMx8M99z/rMzsw/EBPB/a3k2ys8iieXZN7fS9d2dhebEzsJUnt2MiEpElCLKrUUka5Hl3smn+Ha6MS+f9Ovnw9Wltz//aveL1lo5n7LypUH1eqh0b9rOp6hHxES+7DbZp8VPjnZ/qL27fdsbVdLewzRgN4rAxV+eq1V4bvtdttt5H/8nmw+qfpzzFhhTSeu+2WUmYjoiqhGtu35+dSid7+hO3/ZFDwAAAACOq3b8Ki/sxV5sxaWzGA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8U+XP/0/yqVSk65EUz/+v5NsiT4+h4Q9C/GyqtXx29oMBAAAAAAAAgDP36l7sxVZcKtb3k+w3/9c6fuP/VrwXG7ES63EztqIRm7EZ6zEfETMdDVW2Gpub6/NZzYgrA2rejk971Lzdf4x3TnmfAQAAAAAAAGDMVYfkP5zs3vb7WD74/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZBEjHRWmTTlSI9E6VyRFQjopKW2474tEh/TSS9Nj47/3EAAADAc6keXk2qI9R54f3Yi624VKzvJ9ln/mvZ5+VqvBdrsRmrsRnNWIl7+Wfo9FN/aXdnobm7s/Aonbrb/emXxxp61mK0vnvo3fPLWYla3I/VbMvNuBtJ7GdKeSsv7+4spMtHvcf1QTqm5Ce5AaOZ6EjfS2fXP8nSfz78LUL5WLt4QqW+OTNZ7mQ7InP52NIal4sI9I7E0KNTHtjTfJTa3/xcGdxT75h/MLj36SOlen5zcyGORuJ2lNpH6NrgSER89x8f//pBc+3hg/sbs+OzSz29P7TE0UgsdETi+jcoEsPNZZG42l5fjl/Er2I2vpx6K9ZjNX4TjdiMlXqR38hfz+l8ZnCkPpvuXHtr2EjSc7Levn71GlM9Do0p6vHzLNWI17JjeilWI4nHEbESb2R/t2O+fTU4OMJXRzjrSyNcaTvc+F62aIcpav3L/m20Jk9LGtfLHXHtvObOZHmdWw6i9GLPKBX3utHvRx3K38kTaQt/GHh/OG9HIzHfEYmX+r1eWiH9634632iuPVx/0Hh3xP5ez5fpefSnsbpLpEf4xajmO3c5myfZOTWX5b3UvsMejlcl/8WlpdSVd7Vdr3Wm/jIex71DZ+oPYzEWYykrfS0rPdl1x0rzrrdbOnwNT/PSd1rl9g87ne+3Hkez9X4IgPE2/f3pSu2/tX/XPqr9sfag9mb1Z1M/mnqlEpP/mvxxeW7i9dIryd/jo/jdwed/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg5DaePH3YaDZX1nsnSr2zksG1Gs394kFiA8ocSiT5o3JGKJxsPHm6P7TBwYmpfHgnrH6aieJpjcML189wGMn20eNVHX4siqc8jdBF0hXwtPKJx1z0fLBlcgwO5dFE/fQaLF6wHVnHf/XWeh2viYjoVXjIhWPiNK4+wEW6tfno3VsbT57+YPVR452Vd1bWJhcXl+aWFt9YuHV/tbky15p3VDiXh98C56Hz7URbJSJeHV53wINaAQAAAAAAAAAAgDN0Hv8LcdH7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy9Lc9G+VkkMT93cy5d391ZaKZTkT4oWY6IUkQkv41I/hlxJ1pTzHQ0l/Tr58PVpbc//2r3i4O2ykX5UsR233qj2c6nqEfERL48rfbuDm+vcpCc6pGdtCOTBuxGETi4aP8LAAD//7co7JU=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 5.100832237s ago: executing program 2 (id=1337): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x3ff, 0x6, 0xfff, 0x400, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22, 0x0, @empty}, 0x1c) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={0xffffffffffffffff, 0x9, {0x0, 0x0, 0x0, 0x67a, 0x7f, 0x0, 0x6, 0x1f, 0x10, "ec8903ffa443916865138834eafce332599710d8cc50f0be87bd2e19f8c98fc4183edc749fc590264e03e98fecdb36d00e8116fa2e46476b7deebd0d2a5267e2", "83e0a66cdfe02575bdd5ef648bd8a03c0f080fec344750785ae4fcbd579a7b52a4942471962293fca5c1f9a6d950fa3b74db5dc2d095152258c188512751c799", "856c101cdf74edef00c4a85ecc35a42751935d8c44f625251f462acd7e06c1ec", [0xe66f, 0xa]}}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f0000000140)=[{0x35, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xe12b}, {0x16}]}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000680000006800000002000000000000000000000d0a0000000000000000000006", @ANYRES64=r4, @ANYRES32=r0, @ANYRES8, @ANYRES16=r4, @ANYRES64=r5, @ANYRESHEX=r2], &(0x7f0000000f40)=""/4089, 0x82, 0xff9, 0x5}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1c94a6fb08bb1fb4, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{0x9, 0x33, 0x0, 0x1}, {0x7fff, 0x9, 0x80, 0x4}, {0x4, 0xf, 0x3f, 0x2}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) r8 = memfd_create(&(0x7f0000000440)='\x107m\xadJ\xdc:F\xa0\x06\xe6\xbb\xb8\xb0\xe8\xc3\x87\x12+\x8fY\xee\xc7\xd0,\xc6\x01*\x88\x14U\xde\xfa:\xee\xe8\x1d\x91F\x86)', 0x0) finit_module(r8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES64], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3e}, 0x90) ftruncate(0xffffffffffffffff, 0xc17a) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r9, 0x3, r6, 0x5}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f00000016c0), 0x3af4701e) r11 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDFONTOP_SET(r11, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x1e, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 5.035862112s ago: executing program 1 (id=1338): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e13, @remote={0x63}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty}}}], 0x20, 0x74}}], 0x40002a4, 0x0) 4.906598891s ago: executing program 3 (id=1340): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) kexec_load(0x0, 0x2, &(0x7f0000000900)=[{0x0, 0x0, 0x200000000}, {0x0, 0x0, 0x0, 0x8000}], 0x0) 4.777119078s ago: executing program 1 (id=1341): r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, 0x0, &(0x7f0000000300)) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000340)={0x0, 0xfd, "0959ef19d6dc1991aa4617333524dc3a3859df07b884f9e5421b44db8f511d27807e4db63072409cf8bc6a1928539686066c53cf1ef01c71e1d2587c8c5defeabcbefa4424d7782b8ec411433b41b48ae4f8380935b08f57d8cf5b5e286b1f62fe5cf7bbb8c8265db0ef663f382690b6cd1b1c4aa24d64ecfa9088d41f2acf45c7fecbe112f9079ef73dea680c878296964d6f7e65083585a9bf01d2d7b9f70d6deffb1a44baf5cf311435860f6e72a496ba27d755a3f1d699e03083c903988596ce449481a1ecb6e90c01fcc522e68651f14a1657ebd7520cdd7675ce45c686d71b3ee77a6222c68cb48f4c367487a3459c40c5dca90b39116f5701a1"}, &(0x7f0000000480)=0x105) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x60c2, 0x0) inotify_init() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000500)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x8002}}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x5c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(michael_mic-generic,pcbc(fcrypt-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ddb097cb", 0x4) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') ppoll(&(0x7f0000000280)=[{r6}], 0x1, 0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file1\x00', 0x10b0c2, 0x0) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 4.647996888s ago: executing program 4 (id=1342): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000700)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000001c0), 0x4) 4.487532983s ago: executing program 3 (id=1343): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x22}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 4.436715165s ago: executing program 0 (id=1344): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001c40)=""/23, 0x17}}], 0x1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 4.356225201s ago: executing program 4 (id=1345): mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000540)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x4) 4.237839295s ago: executing program 3 (id=1346): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x1, 0x8, 0x8}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = io_uring_setup(0x336b, &(0x7f0000000280)={0x0, 0xcb31, 0x0, 0x0, 0xd8}) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x20000023896) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "7a58beca39ed2d5a99bbc404200000f3bd5a8e"}) socket$inet_dccp(0x2, 0x6, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=0x0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xa58, 0x0, 0x0, 0x3}}, 0x50) 4.22534854s ago: executing program 4 (id=1347): setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x64, 0x24, 0xe0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0xff13, 0x0, 0xffffffff, 0xfffffffb}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x80000000}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x80000001, 0x9}}]}}}]}, 0x64}}, 0x0) bind$packet(r0, &(0x7f0000000400)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="1555f6acfd136f8ed06375bd86dd", 0xe, 0x0, 0x0, 0x0) 4.088027737s ago: executing program 0 (id=1348): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xff07, 0x0, 0x0, 0x0, 0x0, "5f330000a90100f9"}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, 0x0) poll(&(0x7f0000000180)=[{r1, 0xcf9aa395655278ed}, {r1, 0xc}], 0x2, 0xe7f1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f00000006c0)=0xa) 4.057574466s ago: executing program 2 (id=1349): ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0/file0\x00'}) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r0, 0x4068aea3, &(0x7f0000000240)) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000000)=0x1) 3.374465547s ago: executing program 3 (id=1350): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x21000f, &(0x7f00000001c0)={[{@data_journal}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2006}}], [{@subj_role={'subj_role', 0x3d, '(\xbc](,((^'}}, {@pcr={'pcr', 0x3d, 0x39}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@subj_user={'subj_user', 0x3d, '\xachMs\xf1\xe5\x81:Wi\x96pe\t\x9d\xcc\xe4\xaa\xf6\x87Y\xcb\x03%\x9f\xc2\x87y8\xf4\nk_\xab\xc0h\xaeb\xf6\x93Y\t~\xf8+T\b3\x04\x00\xc5\x92\x12\xd0\xb2\xff\xad\x06\x8a3\xe2\xb2\"\x92\xda2\xfb\xa8\x8d\x9c\x90\xda>\xf1\xdd\xaf\r\x8d#\xfc\xe8P\xed\x9d\xe6\bz\x9dA\xa3\x8dn\xdfH\xcaz\xff\xdfj\xa5T\xf0\f&\x99?\xcdbL\x06\xce\x95\xabH\xc0|\xafw\xfc\xda\xd9\xbb\xdd0mu\x99\x93unxw\xc2\x19o\xe7\xd7(\xc93\x9ef\xc5\n\xc2\x00ugi\'\a\xd0\x93\xf9\xd48\'Vv\xd1\xaeD\xf0\xa4\x7f\xb5T|Y\xe6Y\xf2.Q\x82\xbe\x1a\xed\x04EHv^*\xfazX\xe78\x92\xa1'}}]}, 0x1, 0x51c, &(0x7f0000000cc0)="$eJzs3cFvI1cZAPBvnLibdFOSAodSqaWiRdkCaycNbaMe2iIhbpVA5b5EiRNFceIodtpNVEEqzlwQEpU4ceKCxB+AhPonVJUqwR0BAiHYwoEDMGjG423iHZNEje2V8/tJ43nzdma+79nr8cy8yUwA19YzEfF6RExFxPMRMV/UV4ohTrpDNt/H995Zz4Yk0vTNvyWRZHXpD9YjL/VeI24Wi810R6XaR8c7a81m46CYrnd29+vto+Pb27trW42txt7KyvJLqy+vvri6dMkWfaW0NmvXq9/800n84luv/uZrb//+zl9ufT8p2h9F2y4Z6EK670k1ey/um46Ig2EEG4Opoj3VcScCAMCFZPtvn42IL+X7//Mxle/N5ezSAQAAwIRIX5uLfycRKQAAADCxXouIuUgqteJ637moVGq17jW8n49HK81Wu/PVzdbh3kb2bxELUa1sbjcbS8U1tQtRTbLp5bz8yfQLfdMrEfF4RPxkfjafrq23mhvjPvkBAAAA18TNvuP/f853j/8BAACACbMw7gQAAACAoRt0/J+MOA8AAABgePT/AwAAwET79htvZEPae/71xltHhzutt25vNNo7td3D9dp662C/ttVqbeX37Ns9b33NVmv/67F3eLfeabQ79fbR8Z3d1uFe5872mUdgAwAAACP0+Bff/10ScSNemY2TV2bzukeyl6kBC7hWACZG5TIz/3F4eQCjN+hnfhRLA+M1Pe4EgPE5GXcCwLidudVHyU7B6Yt3zpwz+GB4OQEAAFdr8Qt5/3/e93+6/z87BKg+OHt6Y/QpAkNyqf5/YKKU9uD/KBLdAjD5Ltn//+Gw8gBGr+oaPrj2znvUx8Cbd3xQfqLwQWl67roAAIChmsuHpFIr+gLnolKp1SIey//Uv5psbjcbSxHxmYj47Xz1Rja9nC+ZeDwgAAAAAAAAAAAAAAAAAAAAAAAAAFxQmiaRAgAAABMtovLnpHj+1+L8c3P95wceSf41n48j4u2fvfnTu2udzsFyVv/3+/Wd94r6F8ZxBgMAAADo1ztO7x3HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBV+vjeO+u9YZRx//qNiFgoiz8dM/l4JqoR8eg/kpg+tVwSEVNXEP/k3Yh4oix+kqUVC0UW/fErETE7mvhPpWlaGv/mFcSH6+z9bPvzetn3rxLP5OPy7/90MXxag7d/lfvbv6kB27/HLhjjyY9+VR8Y/92IJ6fLtz+9+MmA+M+WrbDkTfned4+PB8VPfx6xWPr7k5yJVe/s7tfbR8e3t3fXthpbjb2VleWXVl9efXF1qb653Wws1Tej2VgqjfHjp379376q/6RdeftjQPyFc9r/XFaonm5Mf5gi2Ed3732uW6z2rSKPf+vZ8s//iV78GxHRFz/7P/Hl4ncgW9Fir3zSLZ/29C8/fLo0sSL+xoD2n/f53xq00j7Pf+eHf7jgrADACLSPjnfWms3GwdAL76VpOqpYCg9hYebhSEPh/MJVnNkCAAAeNp/s9I87EwAAAAAAAAAAAAAAAAAAALi+2kdRGfbtxPpjnoynqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/9f/AgAA//+I1uMz") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) ioctl$FITHAW(0xffffffffffffffff, 0xc0045878) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001100010000000000000000000000000a"], 0x28}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000130a0102000000000000000057000000080003400000000161f11ab794390a7598c9aaebec10840208b663173b479d7afb7a306db9f863f0f46ee206ac0b00788f82522696744e57e0357539f648274d1cabd3cab0d6d02221acaee8a92463f5433d85e80a93214cbd106e91ccce40"], 0x1c}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r4, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, 0xa}, @void, @void}}}, 0x1c}}, 0x0) 3.244044061s ago: executing program 4 (id=1351): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e13, @remote={0x63}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty}}}], 0x20, 0x74}}], 0x40002a4, 0x0) 3.227302205s ago: executing program 0 (id=1352): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x4b44, &(0x7f0000000040)={0x2, {0xc, 0x0, 0x801, 0x0, 0x3}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x40005504, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYRESDEC], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b500)=""/153, 0x10}], 0x1}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x0, 0x9, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000000)={'veth0_virt_wifi\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) 3.118257832s ago: executing program 4 (id=1353): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) kexec_load(0x0, 0x2, &(0x7f0000000900)=[{0x0, 0x0, 0x200000000}, {0x0, 0x0, 0x0, 0x8000}], 0x0) 2.7777692s ago: executing program 2 (id=1354): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1c09c, &(0x7f0000000340)=ANY=[@ANYBLOB='part=0x0000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c73657373696f6e3d3078666666666666666666666666666637662c6e6c733d63703836362c626172726965722c6e6f6465636f6d706f73652c706172743d3078303030303030303030303030303030332c756d61736b3d30303030303030303030303030303030303030303030312c63726561746f723d85f194712c626172726965722c63726561746f723d65fe04c22c626172726965722c6465636f6d706f73652c666f7263652c7569643d", @ANYRESHEX=0x0, @ANYBLOB="2c63726561746f723da90781e42c626138726965722c706172743d3078303030303030303030303030303030312c00"], 0x1, 0x6da, &(0x7f0000004980)="$eJzs3UtoHOcdAPD/rFarXRUcOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdmZ1Ur7lKzHJv39xMx8M99z/rMzsw/EBPB/a3k2ys8iieXZN7fS9d2dhebEzsJUnt2MiEpElCLKrUUka5Hl3smn+Ha6MS+f9Ovnw9Wltz//aveL1lo5n7LypUH1eqh0b9rOp6hHxES+7DbZp8VPjnZ/qL27fdsbVdLewzRgN4rAxV+eq1V4bvtdttt5H/8nmw+qfpzzFhhTSeu+2WUmYjoiqhGtu35+dSid7+hO3/ZFDwAAAACOq3b8Ki/sxV5sxaWzGA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8U+XP/0/yqVSk65EUz/+v5NsiT4+h4Q9C/GyqtXx29oMBAAAAAAAAgDP36l7sxVZcKtb3k+w3/9c6fuP/VrwXG7ES63EztqIRm7EZ6zEfETMdDVW2Gpub6/NZzYgrA2rejk971Lzdf4x3TnmfAQAAAAAAAGDMVYfkP5zs3vb7WD74/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZBEjHRWmTTlSI9E6VyRFQjopKW2474tEh/TSS9Nj47/3EAAADAc6keXk2qI9R54f3Yi624VKzvJ9ln/mvZ5+VqvBdrsRmrsRnNWIl7+Wfo9FN/aXdnobm7s/Aonbrb/emXxxp61mK0vnvo3fPLWYla3I/VbMvNuBtJ7GdKeSsv7+4spMtHvcf1QTqm5Ce5AaOZ6EjfS2fXP8nSfz78LUL5WLt4QqW+OTNZ7mQ7InP52NIal4sI9I7E0KNTHtjTfJTa3/xcGdxT75h/MLj36SOlen5zcyGORuJ2lNpH6NrgSER89x8f//pBc+3hg/sbs+OzSz29P7TE0UgsdETi+jcoEsPNZZG42l5fjl/Er2I2vpx6K9ZjNX4TjdiMlXqR38hfz+l8ZnCkPpvuXHtr2EjSc7Levn71GlM9Do0p6vHzLNWI17JjeilWI4nHEbESb2R/t2O+fTU4OMJXRzjrSyNcaTvc+F62aIcpav3L/m20Jk9LGtfLHXHtvObOZHmdWw6i9GLPKBX3utHvRx3K38kTaQt/GHh/OG9HIzHfEYmX+r1eWiH9634632iuPVx/0Hh3xP5ez5fpefSnsbpLpEf4xajmO3c5myfZOTWX5b3UvsMejlcl/8WlpdSVd7Vdr3Wm/jIex71DZ+oPYzEWYykrfS0rPdl1x0rzrrdbOnwNT/PSd1rl9g87ne+3Hkez9X4IgPE2/f3pSu2/tX/XPqr9sfag9mb1Z1M/mnqlEpP/mvxxeW7i9dIryd/jo/jdwed/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg5DaePH3YaDZX1nsnSr2zksG1Gs394kFiA8ocSiT5o3JGKJxsPHm6P7TBwYmpfHgnrH6aieJpjcML189wGMn20eNVHX4siqc8jdBF0hXwtPKJx1z0fLBlcgwO5dFE/fQaLF6wHVnHf/XWeh2viYjoVXjIhWPiNK4+wEW6tfno3VsbT57+YPVR452Vd1bWJhcXl+aWFt9YuHV/tbky15p3VDiXh98C56Hz7URbJSJeHV53wINaAQAAAAAAAAAAgDN0Hv8LcdH7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy9Lc9G+VkkMT93cy5d391ZaKZTkT4oWY6IUkQkv41I/hlxJ1pTzHQ0l/Tr58PVpbc//2r3i4O2ykX5UsR233qj2c6nqEfERL48rfbuDm+vcpCc6pGdtCOTBuxGETi4aP8LAAD//7co7JU=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 2.769680248s ago: executing program 4 (id=1355): syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="003abccf37e5c15ce78ebf37186c657d5b886f72bbad7a1f99b7f2ff72b00f17fc9e86586e26f5e1b6c7d58eb995831190d14e4d0a62aabc9693ad4b7b54b4670b36827852901ed4f96e17acb7f366e2cdb58f1b"], 0x1, 0x191, &(0x7f0000000280)="$eJw0kL9rU1EcxT/f+15+1FJLDChUMA8VX18wJu9VRZyeuDjkgYNLQaEhjW3xpdomg68kJu7+AS5SMgiCm+LWQcHB0UHIkledxQ6dSgep3Ho73Pu553LuuV/OamejkwP+7veahCCAxWl+IdhAUV8AB4bvDX8aDv6Di0Ynhm8M5zrJ1pNGHLc2ndsOzt1X4gCvHeZvUYARZxV7QoiM93vNoXjCcp1yH6uyzpw9i8WR22NR2BC3DrPVbvtZtZNsVdbajZXWSms9CBZu1q7XajeC6uO1uFX7hHiJqG/TfbyIXMSU1yfjHcqpyjv1+9wLe4dySvYRS7vW/KWrE9ozR3fAKyF8dvfITezVknrAFfIP9Yj3dAcjrAinzpTC5vibELmvPohv/7APMor80LKuNZ/Gy4NFJYfZ7VD+5MUfk3F9grLPQgGmKS4xojTRsfFJQZzhC4MUJyVM2U4Z71KUHe15aTz2UO9vjTrPBcjyvNHtbvpZ+CpuRKBXAWaO41TE5bpO+GjeGPDdHP4FAAD//6PoXBY=") syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) r6 = open(&(0x7f0000000140)='./file1\x00', 0x10f0c2, 0x0) ftruncate(r6, 0x200004) sendfile(r5, r6, 0x0, 0x80001d00c0d1) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2.5041453s ago: executing program 2 (id=1356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x22}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 462.073166ms ago: executing program 3 (id=1357): mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000540)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x4) 326.550694ms ago: executing program 2 (id=1358): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001c40)=""/23, 0x17}}], 0x1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 64.087149ms ago: executing program 3 (id=1359): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x3ff, 0x6, 0xfff, 0x400, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22, 0x0, @empty}, 0x1c) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={0xffffffffffffffff, 0x9, {0x0, 0x0, 0x0, 0x67a, 0x7f, 0x0, 0x6, 0x1f, 0x10, "ec8903ffa443916865138834eafce332599710d8cc50f0be87bd2e19f8c98fc4183edc749fc590264e03e98fecdb36d00e8116fa2e46476b7deebd0d2a5267e2", "83e0a66cdfe02575bdd5ef648bd8a03c0f080fec344750785ae4fcbd579a7b52a4942471962293fca5c1f9a6d950fa3b74db5dc2d095152258c188512751c799", "856c101cdf74edef00c4a85ecc35a42751935d8c44f625251f462acd7e06c1ec", [0xe66f, 0xa]}}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f0000000140)=[{0x35, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xe12b}, {0x16}]}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000680000006800000002000000000000000000000d0a0000000000000000000006", @ANYRES64=r4, @ANYRES32=r0, @ANYRES8, @ANYRES16=r4, @ANYRES64=r5, @ANYRESHEX=r2], &(0x7f0000000f40)=""/4089, 0x82, 0xff9, 0x5}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1c94a6fb08bb1fb4, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{0x9, 0x33, 0x0, 0x1}, {0x7fff, 0x9, 0x80, 0x4}, {0x4, 0xf, 0x3f, 0x2}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) r8 = memfd_create(&(0x7f0000000440)='\x107m\xadJ\xdc:F\xa0\x06\xe6\xbb\xb8\xb0\xe8\xc3\x87\x12+\x8fY\xee\xc7\xd0,\xc6\x01*\x88\x14U\xde\xfa:\xee\xe8\x1d\x91F\x86)', 0x0) finit_module(r8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES64], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3e}, 0x90) ftruncate(0xffffffffffffffff, 0xc17a) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r9, 0x3, r6, 0x5}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f00000016c0), 0x3af4701e) r11 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDFONTOP_SET(r11, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x1e, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 0s ago: executing program 2 (id=1360): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000a40)=ANY=[], 0x0) kernel console output (not intermixed with test programs): atadv0: Adding interface: batadv_slave_1 [ 210.522952][ T6969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.554032][ T6969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.971725][ T7017] team0: Port device team_slave_0 added [ 210.981971][ T7017] team0: Port device team_slave_1 added [ 210.993694][ T6741] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 211.017797][ T6741] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 211.180510][ T6741] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 211.260519][ T7017] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.276723][ T7017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.346658][ T7017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.372068][ T7017] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.386879][ T7017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.413739][ T7017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.515354][ T6741] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 211.552151][ T6969] hsr_slave_0: entered promiscuous mode [ 211.573420][ T6969] hsr_slave_1: entered promiscuous mode [ 211.582310][ T6969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.596294][ T6969] Cannot create hsr debugfs directory [ 211.736645][ T5103] Bluetooth: hci3: command tx timeout [ 211.811793][ T63] hsr_slave_0: left promiscuous mode [ 211.828233][ T63] hsr_slave_1: left promiscuous mode [ 211.854382][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.864508][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.881506][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.894426][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.912649][ T5913] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 211.927047][ T63] veth1_macvtap: left promiscuous mode [ 211.932886][ T63] veth0_macvtap: left promiscuous mode [ 211.939507][ T63] veth1_vlan: left allmulticast mode [ 211.944882][ T63] veth1_vlan: left promiscuous mode [ 211.951910][ T63] veth0_vlan: left promiscuous mode [ 212.384318][ T63] macvlan0 (unregistering): left allmulticast mode [ 212.980761][ T63] team0 (unregistering): Port device team_slave_1 removed [ 213.032673][ T63] team0 (unregistering): Port device team_slave_0 removed [ 213.817313][ T5103] Bluetooth: hci3: command tx timeout [ 213.878336][ T7017] hsr_slave_0: entered promiscuous mode [ 213.893135][ T7017] hsr_slave_1: entered promiscuous mode [ 214.136098][ T6822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.391726][ T6822] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.492945][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.500288][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.589884][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.597101][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.624315][ T6741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.727442][ T6741] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.769767][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.776987][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.790858][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.798090][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.820108][ T6822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 215.008701][ T6969] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 215.038909][ T6969] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 215.114288][ T7017] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.148043][ T6969] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 215.168562][ T6969] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 215.246799][ T7017] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.361058][ T6741] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 215.388821][ T6822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.471199][ T7017] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.670232][ T7017] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.820051][ T6822] veth0_vlan: entered promiscuous mode [ 216.011622][ T6741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.029393][ T6822] veth1_vlan: entered promiscuous mode [ 216.050975][ T6969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.214459][ T6969] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.250591][ T7017] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 216.288140][ T7017] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 216.341713][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.349002][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.365090][ T7017] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 216.389088][ T7017] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 216.484038][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.491326][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.621536][ T6822] veth0_macvtap: entered promiscuous mode [ 216.735272][ T6822] veth1_macvtap: entered promiscuous mode [ 216.881305][ T6822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 216.901377][ T6822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.913168][ T6822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 216.924265][ T6822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.950240][ T6822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.961606][ T6822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 216.973805][ T6822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.017937][ T6822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.030016][ T6822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.045291][ T6822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.109238][ T6822] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.131365][ T6822] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.144757][ T6822] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.154078][ T6822] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.407386][ T6741] veth0_vlan: entered promiscuous mode [ 217.492576][ T6741] veth1_vlan: entered promiscuous mode [ 217.523832][ T7017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.620369][ T7017] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.661711][ T2821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.704986][ T2527] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.712234][ T2527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.712686][ T2821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.789929][ T2527] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.797159][ T2527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.853231][ T6969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.914497][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.934842][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.960839][ T6741] veth0_macvtap: entered promiscuous mode [ 218.030927][ T7017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 218.085955][ T6741] veth1_macvtap: entered promiscuous mode [ 218.362725][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.439612][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.497771][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.559263][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.609407][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.700161][ T7184] loop0: detected capacity change from 0 to 256 [ 218.706743][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.759648][ T6741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.813452][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.855034][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.897136][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.924419][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.935313][ T6741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.966445][ T6741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.988671][ T6741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.036774][ T6741] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.067754][ T6741] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.105114][ T6741] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.123808][ T6741] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.154937][ T6969] veth0_vlan: entered promiscuous mode [ 219.279903][ T6969] veth1_vlan: entered promiscuous mode [ 219.336028][ T7017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.620652][ T2821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.634438][ T2821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.820786][ T6969] veth0_macvtap: entered promiscuous mode [ 219.846249][ T2821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.849641][ T6969] veth1_macvtap: entered promiscuous mode [ 219.876212][ T2821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.339773][ T7017] veth0_vlan: entered promiscuous mode [ 220.410404][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.460159][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.491048][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.535018][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.564027][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.595317][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.639066][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.666632][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.711852][ T6969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.789928][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.861913][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.908081][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.966679][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.996787][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.022175][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.061303][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.093515][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.130733][ T6969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.182467][ T7017] veth1_vlan: entered promiscuous mode [ 221.344211][ T6969] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.381267][ T6969] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.426741][ T6969] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.781055][ T6969] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.956270][ T7017] veth0_macvtap: entered promiscuous mode [ 222.100585][ T7017] veth1_macvtap: entered promiscuous mode [ 222.175032][ T7237] loop0: detected capacity change from 0 to 512 [ 222.243804][ T7237] EXT4-fs: Ignoring removed nobh option [ 222.279019][ T7237] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 222.304878][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.346880][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.372526][ T7237] EXT4-fs (loop0): 1 truncate cleaned up [ 222.395632][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.408272][ T7237] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.428727][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.467106][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.526800][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.569962][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.610180][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.647494][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.703786][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.776140][ T7250] 9pnet_fd: Insufficient options for proto=fd [ 223.117576][ T7017] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.188591][ T6822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.256670][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.301999][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.334051][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.366518][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.383302][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.404990][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.418408][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.429984][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.447007][ T7017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.486788][ T7017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.511453][ T7017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.530293][ T5114] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 223.547422][ T5114] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 223.556807][ T5114] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 223.576335][ T5114] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 223.593077][ T7017] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.596869][ T5114] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 223.609810][ T5114] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 223.621067][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.660667][ T7017] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.669576][ T7017] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.670261][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.678443][ T7017] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.848159][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.857013][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.012840][ T2821] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.199812][ T2821] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.507266][ T2821] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.657260][ T5103] Bluetooth: hci5: command tx timeout [ 225.734739][ T2821] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.812786][ T2803] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.825598][ T2803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.103211][ T7271] loop3: detected capacity change from 0 to 32768 [ 226.114977][ T7271] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.415 (7271) [ 226.169908][ T7271] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 226.190622][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.193227][ T7271] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 226.207560][ T7271] BTRFS info (device loop3): using free-space-tree [ 226.228952][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.540340][ T5103] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 226.551352][ T5103] Bluetooth: hci1: Injecting HCI hardware error event [ 226.564256][ T5114] Bluetooth: hci1: hardware error 0x00 [ 226.699401][ T7271] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 226.773245][ T2821] bridge_slave_1: left allmulticast mode [ 226.802945][ T2821] bridge_slave_1: left promiscuous mode [ 226.818715][ T2821] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.873875][ T2821] bridge_slave_0: left allmulticast mode [ 226.894285][ T6969] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 226.907857][ T2821] bridge_slave_0: left promiscuous mode [ 226.913702][ T2821] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.739152][ T5103] Bluetooth: hci5: command tx timeout [ 228.621290][ T7337] loop3: detected capacity change from 0 to 128 [ 228.777524][ T5114] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 229.319645][ T2821] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.342016][ T2821] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.376137][ T2821] bond0 (unregistering): Released all slaves [ 229.446059][ T7323] netlink: 'syz.4.462': attribute type 10 has an invalid length. [ 229.537215][ T7323] team0: Device veth1_macvtap failed to register rx_handler [ 229.716760][ T7323] syz.4.462 (7323) used greatest stack depth: 18224 bytes left [ 229.817179][ T5114] Bluetooth: hci5: command tx timeout [ 229.858982][ T7253] chnl_net:caif_netlink_parms(): no params data found [ 230.031719][ T7356] loop3: detected capacity change from 0 to 764 [ 230.052225][ T7358] loop1: detected capacity change from 0 to 256 [ 230.746675][ T7356] Symlink component flag not implemented [ 230.777022][ T7356] Symlink component flag not implemented [ 230.803511][ T7356] Symlink component flag not implemented (129) [ 230.820180][ T7348] loop2: detected capacity change from 0 to 32768 [ 230.845082][ T7356] Symlink component flag not implemented (6) [ 230.873021][ T7348] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.468 (7348) [ 230.945731][ T7348] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 230.992532][ T7367] loop1: detected capacity change from 0 to 512 [ 231.020991][ T7367] EXT4-fs: Ignoring removed nobh option [ 231.036704][ T7348] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 231.058791][ T7367] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 231.088986][ T7348] BTRFS info (device loop2): using free-space-tree [ 231.206410][ T7367] EXT4-fs (loop1): 1 truncate cleaned up [ 231.217990][ T7367] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.286606][ T2821] hsr_slave_0: left promiscuous mode [ 231.299085][ T7354] mmap: syz.4.471 (7354) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 231.319115][ T29] audit: type=1804 audit(1720335470.022:40): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.474" name="/newroot/67/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 231.369761][ T29] audit: type=1804 audit(1720335470.022:41): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/67/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 231.398737][ T2821] hsr_slave_1: left promiscuous mode [ 231.464024][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.476609][ T29] audit: type=1804 audit(1720335470.022:42): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/67/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 231.508863][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.526652][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.602918][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.626046][ T7348] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 231.644844][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.811368][ T2821] veth1_macvtap: left promiscuous mode [ 231.876629][ T2821] veth0_macvtap: left promiscuous mode [ 231.882380][ T2821] veth1_vlan: left promiscuous mode [ 231.896762][ T5114] Bluetooth: hci5: command tx timeout [ 231.932586][ T2821] veth0_vlan: left promiscuous mode [ 231.990891][ T7017] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 234.772405][ T7427] loop2: detected capacity change from 0 to 764 [ 234.849751][ T7430] loop1: detected capacity change from 0 to 512 [ 234.877047][ T7430] EXT4-fs: Ignoring removed nobh option [ 234.882784][ T7433] Symlink component flag not implemented [ 234.898041][ T7433] Symlink component flag not implemented [ 234.903254][ T7430] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 234.903881][ T7433] Symlink component flag not implemented (129) [ 234.921815][ T7433] Symlink component flag not implemented (6) [ 234.971527][ T7430] EXT4-fs (loop1): 1 truncate cleaned up [ 234.979290][ T7430] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.990330][ T7437] syz.3.486 uses obsolete (PF_INET,SOCK_PACKET) [ 235.011447][ T29] audit: type=1804 audit(1720335473.712:43): pid=7430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.485" name="/newroot/69/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 235.073191][ T29] audit: type=1804 audit(1720335473.742:44): pid=7430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.485" name="/newroot/69/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 235.114494][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.128021][ T29] audit: type=1804 audit(1720335473.752:45): pid=7430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.485" name="/newroot/69/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 235.494395][ T2821] team0 (unregistering): Port device team_slave_1 removed [ 235.554688][ T2821] team0 (unregistering): Port device team_slave_0 removed [ 235.715881][ T7442] loop1: detected capacity change from 0 to 32768 [ 235.731454][ T7442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.487 (7442) [ 235.781246][ T7442] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 235.802155][ T7442] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 235.826068][ T7442] BTRFS info (device loop1): using free-space-tree [ 236.006770][ T7442] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 236.112209][ T5913] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 236.685131][ T7464] netlink: 210620 bytes leftover after parsing attributes in process `syz.1.489'. [ 236.712265][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.730069][ T7253] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.747629][ T7253] bridge_slave_0: entered allmulticast mode [ 236.764750][ T7253] bridge_slave_0: entered promiscuous mode [ 236.835937][ T7253] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.852723][ T7253] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.869297][ T7253] bridge_slave_1: entered allmulticast mode [ 236.904746][ T7253] bridge_slave_1: entered promiscuous mode [ 237.113784][ T7253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.135942][ T7478] netlink: 'syz.4.493': attribute type 7 has an invalid length. [ 237.143891][ T7478] netlink: 'syz.4.493': attribute type 39 has an invalid length. [ 237.241413][ T7253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.457585][ T7253] team0: Port device team_slave_0 added [ 237.500442][ T7253] team0: Port device team_slave_1 added [ 237.510158][ T7484] loop4: detected capacity change from 0 to 512 [ 237.522070][ T7484] EXT4-fs: Ignoring removed nobh option [ 237.530319][ T7484] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 237.567437][ T7484] EXT4-fs (loop4): 1 truncate cleaned up [ 237.588173][ T7484] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.702910][ T7253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.760134][ T7253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.926999][ T29] audit: type=1804 audit(1720335476.512:46): pid=7484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.496" name="/newroot/15/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 238.000983][ T7253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.018238][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.067744][ T29] audit: type=1804 audit(1720335476.532:47): pid=7484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.496" name="/newroot/15/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 238.091832][ T7253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.174367][ T7253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.201049][ T29] audit: type=1804 audit(1720335476.532:48): pid=7484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.496" name="/newroot/15/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 238.322707][ T7253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.573453][ T7507] netlink: 'syz.4.501': attribute type 3 has an invalid length. [ 239.158546][ T7493] loop3: detected capacity change from 0 to 32768 [ 239.180993][ T7493] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.497 (7493) [ 239.321434][ T7493] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 239.334076][ T7493] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 239.348632][ T7493] BTRFS info (device loop3): using free-space-tree [ 239.492312][ T7493] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 239.602114][ T2821] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 239.610372][ T6969] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 239.665509][ T2821] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 239.692288][ T2821] bond0 (unregistering): Released all slaves [ 239.792808][ T7253] hsr_slave_0: entered promiscuous mode [ 239.813710][ T7253] hsr_slave_1: entered promiscuous mode [ 239.844561][ T7253] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.872191][ T7253] Cannot create hsr debugfs directory [ 239.930032][ T7549] loop4: detected capacity change from 0 to 512 [ 239.952585][ T7549] EXT4-fs: Ignoring removed nobh option [ 239.971272][ T7549] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 240.013416][ T7549] EXT4-fs (loop4): 1 truncate cleaned up [ 240.054516][ T7549] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.156753][ T29] audit: type=1804 audit(1720335478.832:49): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.507" name="/newroot/18/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 240.258819][ T29] audit: type=1804 audit(1720335478.832:50): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.507" name="/newroot/18/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 240.262828][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.328362][ T29] audit: type=1804 audit(1720335478.832:51): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.507" name="/newroot/18/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 240.913356][ T2821] hsr_slave_0: left promiscuous mode [ 240.937390][ T2821] hsr_slave_1: left promiscuous mode [ 240.956660][ T25] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 240.982251][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.995169][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.017479][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.025230][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 241.060516][ T2821] veth1_macvtap: left promiscuous mode [ 241.068781][ T2821] veth0_macvtap: left promiscuous mode [ 241.074656][ T2821] veth1_vlan: left allmulticast mode [ 241.097951][ T2821] veth1_vlan: left promiscuous mode [ 241.114595][ T2821] veth0_vlan: left promiscuous mode [ 241.177296][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 241.210172][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.264746][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.313214][ T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 241.353755][ T25] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 241.375591][ T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 241.395193][ T25] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 241.433547][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 241.474303][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.505118][ T25] usb 5-1: Product: syz [ 241.521895][ T25] usb 5-1: Manufacturer: syz [ 241.537309][ T25] usb 5-1: SerialNumber: syz [ 242.275719][ T5114] Bluetooth: Unexpected continuation frame (len 10) [ 242.285881][ T7602] loop2: detected capacity change from 0 to 4096 [ 242.386082][ T7602] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 242.993270][ T7602] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 243.129375][ T2821] macvlan0 (unregistering): left allmulticast mode [ 243.715323][ T7606] loop1: detected capacity change from 0 to 2048 [ 243.743836][ T2821] team0 (unregistering): Port device team_slave_1 removed [ 243.754162][ T7606] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.779138][ T7606] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.843041][ T2821] team0 (unregistering): Port device team_slave_0 removed [ 243.906402][ T7606] EXT4-fs error (device loop1): ext4_find_dest_de:2066: inode #2: block 16: comm syz.1.518: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 244.000512][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.140564][ T7611] loop1: detected capacity change from 0 to 164 [ 244.168705][ T7611] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 244.194976][ T7611] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 244.502504][ T7615] netlink: 28 bytes leftover after parsing attributes in process `syz.1.520'. [ 244.511715][ T7615] netlink: 24 bytes leftover after parsing attributes in process `syz.1.520'. [ 244.650698][ T25] cdc_ncm 5-1:1.0: bind() failure [ 244.668311][ T7613] netlink: 4 bytes leftover after parsing attributes in process `syz.1.520'. [ 244.727527][ T25] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 244.734415][ T25] cdc_ncm 5-1:1.1: bind() failure [ 244.790418][ T25] usb 5-1: USB disconnect, device number 6 [ 244.981366][ T7623] overlayfs: missing 'lowerdir' [ 245.345952][ T7635] loop1: detected capacity change from 0 to 2048 [ 245.467390][ T7635] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 245.546723][ T7635] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.817908][ T7635] EXT4-fs error (device loop1): ext4_find_dest_de:2066: inode #2: block 16: comm syz.1.528: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 246.039575][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.352313][ T7667] netlink: 36 bytes leftover after parsing attributes in process `syz.1.532'. [ 246.739143][ T7253] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 246.854014][ T7253] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 246.890402][ T7683] overlayfs: missing 'lowerdir' [ 246.894309][ T7680] netlink: 'syz.2.536': attribute type 16 has an invalid length. [ 246.920685][ T7680] netlink: 48 bytes leftover after parsing attributes in process `syz.2.536'. [ 246.968209][ T7680] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.021819][ T7253] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 247.074893][ T7253] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 247.247642][ T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 247.427210][ T7253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.450422][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 247.469483][ T25] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 247.510132][ T7253] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.517337][ T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 247.529705][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.550121][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.557359][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.573091][ T7687] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 247.624390][ T2527] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.631650][ T2527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.792304][ T7253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 247.843034][ T7701] loop2: detected capacity change from 0 to 2048 [ 247.945132][ T7701] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 247.976156][ T7701] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.098804][ T25] usb 2-1: USB disconnect, device number 5 [ 248.146635][ T2527] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 248.188356][ T7701] EXT4-fs error (device loop2): ext4_find_dest_de:2066: inode #2: block 16: comm syz.2.542: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 248.320842][ T7017] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.376831][ T2527] usb 4-1: Using ep0 maxpacket: 32 [ 248.381363][ T7253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.394495][ T2527] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 248.403396][ T2527] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 248.415057][ T2527] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 248.425362][ T2527] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 248.435981][ T2527] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 248.446651][ T2527] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 248.482030][ T2527] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 248.506837][ T2527] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.548965][ T2527] usb 4-1: config 0 descriptor?? [ 248.575894][ T7253] veth0_vlan: entered promiscuous mode [ 248.605065][ T7253] veth1_vlan: entered promiscuous mode [ 248.691145][ T7253] veth0_macvtap: entered promiscuous mode [ 248.724602][ T7253] veth1_macvtap: entered promiscuous mode [ 248.787405][ T2527] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 248.819977][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.847274][ T2527] usb 4-1: USB disconnect, device number 4 [ 248.876515][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.928394][ T2527] usblp0: removed [ 248.944242][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.027346][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.037304][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.047839][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.057799][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.068425][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.145876][ T7253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.386750][ T2527] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 249.491875][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.613546][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.633973][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.666314][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.692610][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.716551][ T2527] usb 4-1: Using ep0 maxpacket: 32 [ 249.730001][ T2527] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 249.749116][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.762690][ T2527] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 249.783641][ T7253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.814229][ T2527] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 249.831135][ T7253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.850645][ T7253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.864969][ T7253] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.887027][ T7253] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.895786][ T7253] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.895912][ T2527] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 249.939009][ T7253] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.979525][ T2527] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 250.022022][ T2527] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 250.076744][ T2527] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 250.087018][ T7742] overlayfs: missing 'lowerdir' [ 250.113558][ T2527] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.134829][ T2527] usb 4-1: config 0 descriptor?? [ 250.375208][ T2821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.462283][ T2527] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 250.466391][ T2821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.185832][ T2527] IPVS: starting estimator thread 0... [ 251.218152][ T2527] usb 4-1: USB disconnect, device number 5 [ 251.306746][ T7756] IPVS: using max 16 ests per chain, 38400 per kthread [ 251.559423][ T2527] usblp0: removed [ 251.635249][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.679755][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.366775][ T5148] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 253.353697][ T5148] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 253.418329][ T5148] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 253.444160][ T5148] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 253.481167][ T5148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.547164][ T7776] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 254.007975][ T7812] netlink: 56 bytes leftover after parsing attributes in process `syz.0.564'. [ 254.014739][ T7814] loop4: detected capacity change from 0 to 512 [ 255.313254][ T7814] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz.4.565: bad orphan inode 17 [ 255.401588][ T7814] ext4_test_bit(bit=16, block=4) = 1 [ 255.451539][ T7814] is_bad_inode(inode)=0 [ 255.464033][ T2527] usb 3-1: USB disconnect, device number 5 [ 255.493790][ T7814] NEXT_ORPHAN(inode)=0 [ 255.528630][ T5148] IPVS: starting estimator thread 0... [ 255.541961][ T7814] max_ino=32 [ 255.565328][ T7814] i_nlink=1 [ 255.593374][ T7814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.646733][ T7823] IPVS: using max 18 ests per chain, 43200 per kthread [ 255.750907][ T7833] loop2: detected capacity change from 0 to 64 [ 255.794275][ T7832] loop0: detected capacity change from 0 to 2048 [ 255.865311][ T7832] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.955056][ T7829] kvm: emulating exchange as write [ 255.979735][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.986242][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.016867][ T29] audit: type=1800 audit(1720335494.712:52): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.568" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 256.172918][ T7842] loop1: detected capacity change from 0 to 1024 [ 256.187775][ T7842] journal_path: Lookup failure for './file0/file0' [ 256.194387][ T7842] EXT4-fs: error: could not find journal device path [ 256.254580][ T7253] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.456858][ T7852] loop3: detected capacity change from 0 to 8 [ 256.578431][ T7852] SQUASHFS error: Unable to read directory block [629:46] [ 256.794438][ T7861] loop2: detected capacity change from 0 to 64 [ 256.845277][ T7865] syz.1.577[7865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.845621][ T7865] syz.1.577[7865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.746381][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.445592][ T5155] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 261.110315][ T5097] IPVS: starting estimator thread 0... [ 261.236695][ T7891] IPVS: using max 17 ests per chain, 40800 per kthread [ 261.456872][ T5155] usb 4-1: device not accepting address 6, error -71 [ 262.114504][ T7920] loop2: detected capacity change from 0 to 16 [ 262.144546][ T7920] erofs: (device loop2): mounted with root inode @ nid 36. [ 262.212830][ T7920] erofs: (device loop2): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 36 [ 262.223718][ T7920] syz.2.591: attempt to access beyond end of device [ 262.223718][ T7920] loop2: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16 [ 263.231061][ T7932] loop0: detected capacity change from 0 to 512 [ 263.312100][ T7932] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.326849][ T7932] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 263.407012][ T7940] batadv_slave_0: entered promiscuous mode [ 263.435164][ T7937] batadv_slave_0: left promiscuous mode [ 264.157048][ T7948] netlink: 28 bytes leftover after parsing attributes in process `syz.2.596'. [ 264.400565][ T7253] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.749435][ T7956] loop0: detected capacity change from 0 to 256 [ 265.637667][ T7962] overlayfs: missing 'workdir' [ 265.877703][ T7971] loop2: detected capacity change from 0 to 512 [ 265.999003][ T7975] loop1: detected capacity change from 0 to 16 [ 266.027517][ T7975] erofs: (device loop1): mounted with root inode @ nid 36. [ 266.107262][ T7975] erofs: (device loop1): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 36 [ 266.117794][ T7975] syz.1.603: attempt to access beyond end of device [ 266.117794][ T7975] loop1: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16 [ 266.559916][ T7971] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.904674][ T7971] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.227003][ T7017] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.387597][ T7992] netlink: 28 bytes leftover after parsing attributes in process `syz.1.608'. [ 269.605414][ T8021] loop0: detected capacity change from 0 to 256 [ 269.643538][ T8021] FAT-fs (loop0): Unrecognized mount option "s`ortname=loweb" or missing value [ 270.028595][ T8028] tipc: Failed to remove unknown binding: 66,1,1/0:1284324971/1284324973 [ 270.062224][ T8030] overlayfs: missing 'workdir' [ 270.073280][ T8028] tipc: Failed to remove unknown binding: 66,1,1/0:1284324971/1284324973 [ 271.647544][ T8028] loop0: detected capacity change from 0 to 40427 [ 271.668698][ T8028] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 271.696934][ T8028] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 271.757195][ T8028] F2FS-fs (loop0): invalid crc value [ 271.793133][ T8028] F2FS-fs (loop0): Found nat_bits in checkpoint [ 271.890686][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 272.235177][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 272.252931][ T8073] overlayfs: missing 'workdir' [ 272.290906][ T8028] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 272.317063][ T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 272.351794][ T8028] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 272.383179][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 273.070901][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.132819][ T8061] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 275.416887][ T5154] usb 5-1: USB disconnect, device number 7 [ 275.908324][ T8106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'. [ 276.058298][ T52] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 276.081411][ T52] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 276.434336][ T5114] Bluetooth: hci0: unexpected cc 0x2039 length: 4 > 1 [ 278.060391][ T8149] overlayfs: missing 'lowerdir' [ 278.539266][ T8160] batadv0: entered promiscuous mode [ 278.548587][ T8160] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 278.560885][ T8164] input: syz0 as /devices/virtual/input/input6 [ 278.561163][ T8160] batadv0: left promiscuous mode [ 278.644118][ T8169] loop4: detected capacity change from 0 to 16 [ 278.799088][ T8169] erofs: (device loop4): mounted with root inode @ nid 36. [ 278.878919][ T8169] erofs: (device loop4): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 36 [ 278.890448][ T8169] syz.4.656: attempt to access beyond end of device [ 278.890448][ T8169] loop4: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16 [ 279.588181][ T8168] fuse: Unknown parameter '0x0000000000000006' [ 279.892760][ T8164] could not allocate digest TFM handle sha384-arm64 [ 279.901930][ T5097] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 280.146578][ T5097] usb 1-1: Using ep0 maxpacket: 16 [ 280.153769][ T5097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xDF has an invalid bInterval 0, changing to 7 [ 280.179865][ T5097] usb 1-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 280.207451][ T5097] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.215612][ T5097] usb 1-1: Product: syz [ 280.247225][ T5097] usb 1-1: Manufacturer: syz [ 280.251902][ T5097] usb 1-1: SerialNumber: syz [ 280.300318][ T5097] usb 1-1: config 0 descriptor?? [ 280.347653][ T8192] overlayfs: missing 'lowerdir' [ 280.554532][ T5097] powermate: Expected payload of 3--6 bytes, found 512 bytes! [ 280.588862][ T5097] input: Griffin PowerMate as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7 [ 280.669958][ C1] powermate: config urb returned -71 [ 280.675859][ C1] powermate: config urb returned -71 [ 280.681503][ C1] powermate: config urb returned -71 [ 280.687152][ C1] powermate: config urb returned -71 [ 280.740493][ C1] powermate 1-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 280.770723][ T5097] usb 1-1: USB disconnect, device number 4 [ 281.076735][ T5154] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 281.297178][ T5154] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.915534][ T8225] overlayfs: missing 'lowerdir' [ 282.046039][ T5154] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.083986][ T5154] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.151674][ T5154] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.215813][ T5154] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 282.305981][ T5154] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 282.402238][ T5154] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 282.456808][ T5154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.501063][ T5154] usb 2-1: Product: syz [ 282.538187][ T5154] usb 2-1: Manufacturer: syz [ 282.567445][ T5154] usb 2-1: SerialNumber: syz [ 282.817616][ T8247] input: syz0 as /devices/virtual/input/input8 [ 282.837111][ T8200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.667'. [ 282.924061][ T5154] cdc_ncm 2-1:1.0: bind() failure [ 282.956345][ T8251] fuse: Unknown parameter '0x0000000000000006' [ 283.111525][ T5154] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 283.161154][ T5154] cdc_ncm 2-1:1.1: bind() failure [ 283.240981][ T5154] usb 2-1: USB disconnect, device number 6 [ 283.258627][ T8247] could not allocate digest TFM handle sha384-arm64 [ 283.277516][ T58] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 283.476559][ T58] usb 4-1: Using ep0 maxpacket: 16 [ 283.483826][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xDF has an invalid bInterval 0, changing to 7 [ 283.519404][ T58] usb 4-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 283.536775][ T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.571479][ T58] usb 4-1: Product: syz [ 283.575719][ T58] usb 4-1: Manufacturer: syz [ 283.585208][ T8261] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 283.597193][ T58] usb 4-1: SerialNumber: syz [ 283.606007][ T8261] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 283.617669][ T58] usb 4-1: config 0 descriptor?? [ 283.665671][ T8261] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 283.900989][ T8269] bridge0: port 3(syz_tun) entered blocking state [ 283.926849][ T58] powermate: Expected payload of 3--6 bytes, found 512 bytes! [ 283.946711][ T8269] bridge0: port 3(syz_tun) entered disabled state [ 283.957483][ T58] input: Griffin PowerMate as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input9 [ 283.969663][ T8269] syz_tun: entered allmulticast mode [ 284.014093][ C0] powermate: config urb returned -71 [ 284.019776][ C0] powermate: config urb returned -71 [ 284.025393][ C0] powermate: config urb returned -71 [ 284.031067][ C0] powermate: config urb returned -71 [ 284.058213][ T8269] syz_tun: entered promiscuous mode [ 284.068614][ T58] usb 4-1: USB disconnect, device number 8 [ 284.068683][ C0] powermate 4-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 284.086242][ T8269] bridge0: port 3(syz_tun) entered blocking state [ 284.093980][ T8269] bridge0: port 3(syz_tun) entered forwarding state [ 285.276652][ T5148] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 285.399086][ T8299] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 285.426542][ T8299] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 285.455531][ T8299] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 285.499678][ T5148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.521170][ T5148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.536688][ T5155] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 285.552943][ T5148] usb 4-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 285.578273][ T5148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.601994][ T5148] usb 4-1: config 0 descriptor?? [ 285.665648][ T8302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.702'. [ 285.760142][ T5155] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.799179][ T5155] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.826414][ T5155] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 285.851616][ T5155] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 285.862653][ T5155] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 285.883000][ T5155] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 285.893386][ T8306] bridge0: port 3(syz_tun) entered blocking state [ 285.916667][ T8306] bridge0: port 3(syz_tun) entered disabled state [ 285.929653][ T5155] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 285.942276][ T8306] syz_tun: entered allmulticast mode [ 285.955233][ T5155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.969433][ T8306] syz_tun: entered promiscuous mode [ 285.974777][ T5155] usb 1-1: Product: syz [ 285.995030][ T5155] usb 1-1: Manufacturer: syz [ 286.005180][ T8306] bridge0: port 3(syz_tun) entered blocking state [ 286.012812][ T8306] bridge0: port 3(syz_tun) entered forwarding state [ 286.021120][ T5155] usb 1-1: SerialNumber: syz [ 286.113848][ T5148] apple 0003:05AC:0262.0002: hidraw0: USB HID v0.00 Device [HID 05ac:0262] on usb-dummy_hcd.3-1/input0 [ 286.268219][ T5148] usb 4-1: USB disconnect, device number 9 [ 286.287298][ T8297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.700'. [ 286.345599][ T5155] cdc_ncm 1-1:1.0: bind() failure [ 286.371026][ T5155] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 286.378258][ T5155] cdc_ncm 1-1:1.1: bind() failure [ 286.401737][ T5155] usb 1-1: USB disconnect, device number 5 [ 286.597379][ T8320] loop2: detected capacity change from 0 to 256 [ 287.028377][ T8322] block nbd3: shutting down sockets [ 287.057959][ T8327] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 287.095953][ T8327] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 287.176248][ T8327] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 287.657187][ T8343] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 288.308164][ T8355] loop3: detected capacity change from 0 to 2048 [ 288.646336][ T8358] loop1: detected capacity change from 0 to 256 [ 289.044487][ T8357] loop3: p1 < > p4 [ 289.053118][ T8357] loop3: p4 size 8388608 extends beyond EOD, truncated [ 289.070591][ T8355] loop3: p1 < > p4 [ 289.075900][ T8355] loop3: p4 size 8388608 extends beyond EOD, truncated [ 289.355307][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 289.373031][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 289.751668][ T8365] loop3: detected capacity change from 0 to 1764 [ 291.513739][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 291.565305][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 292.104506][ T5154] libceph: connect (1)[c::]:6789 error -101 [ 292.222359][ T5154] libceph: mon0 (1)[c::]:6789 connect error [ 292.336842][ T5148] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 292.540770][ T5148] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.569261][ T5148] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.579942][ T5148] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 292.580676][ T8372] ceph: No mds server is up or the cluster is laggy [ 292.591442][ T5148] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 292.598312][ T5097] libceph: connect (1)[c::]:6789 error -101 [ 292.616077][ T5148] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 292.665088][ T5148] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 292.675336][ T5097] libceph: mon0 (1)[c::]:6789 connect error [ 292.757049][ T5148] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 292.781586][ T5148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.829148][ T5148] usb 2-1: Product: syz [ 292.841236][ T5148] usb 2-1: Manufacturer: syz [ 292.849420][ T5148] usb 2-1: SerialNumber: syz [ 293.224818][ T5154] libceph: connect (1)[c::]:6789 error -101 [ 293.243192][ T5154] libceph: mon0 (1)[c::]:6789 connect error [ 293.268938][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.726'. [ 293.308796][ T5148] cdc_ncm 2-1:1.0: bind() failure [ 293.448943][ T5148] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 293.505617][ T5148] cdc_ncm 2-1:1.1: bind() failure [ 293.654835][ T5148] usb 2-1: USB disconnect, device number 7 [ 295.569713][ T8403] loop4: detected capacity change from 0 to 2048 [ 295.582664][ T8400] loop2: detected capacity change from 0 to 1764 [ 297.109860][ T8402] loop4: p1 < > p4 [ 297.120028][ T8402] loop4: p4 size 8388608 extends beyond EOD, truncated [ 297.134508][ T8403] loop4: p1 < > p4 [ 297.141581][ T8403] loop4: p4 size 8388608 extends beyond EOD, truncated [ 297.468425][ T8406] loop1: detected capacity change from 0 to 256 [ 297.555207][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 297.664606][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 297.806183][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 297.812558][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 299.485500][ T8434] loop4: detected capacity change from 0 to 32768 [ 299.603959][ T8434] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.745 (8434) [ 299.655447][ T8434] BTRFS info (device loop4): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 299.665999][ T8434] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 299.675788][ T8434] BTRFS info (device loop4): using free-space-tree [ 300.222697][ T8434] btrfs: Deprecated parameter 'usebackuproot' [ 300.229243][ T8434] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 300.239003][ T8434] BTRFS info (device loop4 state M): resize thread pool 4 -> 9 [ 300.246652][ T8434] BTRFS info (device loop4 state M): rebuilding free space tree [ 300.257854][ T8434] BTRFS error (device loop4 state M): trying to do action 2 to bytenr 5341184 num_bytes 4096 but there is no existing entry! [ 300.271634][ T8434] BTRFS error (device loop4 state M): Ref action 2, root 10, ref_root 10, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 300.286059][ T8434] btrfs_force_cow_block+0xf44/0x1da0 [ 300.292840][ T8434] btrfs_cow_block+0x35e/0xa40 [ 300.297907][ T8434] btrfs_search_slot+0xbdd/0x30d0 [ 300.303133][ T8434] clear_free_space_tree+0xc4/0x330 [ 300.308570][ T8434] btrfs_rebuild_free_space_tree+0x109/0x490 [ 300.314741][ T8434] btrfs_start_pre_rw_mount+0xeed/0x1300 [ 300.320592][ T8434] btrfs_reconfigure+0xaf0/0x2be0 [ 300.325803][ T8434] reconfigure_super+0x445/0x880 [ 300.331067][ T8434] path_mount+0xc22/0xfa0 [ 300.335569][ T8434] __se_sys_mount+0x2d6/0x3c0 [ 300.340493][ T8434] do_syscall_64+0xf3/0x230 [ 300.345177][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.414311][ T8434] BTRFS info (device loop4 state M): allowing degraded mounts [ 300.421876][ T8434] BTRFS info (device loop4 state M): using spread ssd allocation scheme [ 300.430272][ T8434] BTRFS info (device loop4 state M): force clearing of disk cache [ 300.438147][ T8434] BTRFS info (device loop4 state M): trying to use backup root at mount time [ 300.520221][ T6741] BTRFS info (device loop4): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 300.923036][ T8458] loop1: detected capacity change from 0 to 2048 [ 301.629505][ T8459] loop1: p1 < > p4 [ 301.662596][ T8459] loop1: p4 size 8388608 extends beyond EOD, truncated [ 301.711679][ T8458] loop1: p1 < > p4 [ 301.717932][ T8458] loop1: p4 size 8388608 extends beyond EOD, truncated [ 302.147884][ T5154] libceph: connect (1)[c::]:6789 error -101 [ 302.154076][ T5154] libceph: mon0 (1)[c::]:6789 connect error [ 302.169696][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 302.220290][ T5154] libceph: connect (1)[c::]:6789 error -101 [ 302.228173][ T5211] udevd[5211]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 302.261479][ T5154] libceph: mon0 (1)[c::]:6789 connect error [ 302.311066][ T8477] loop3: detected capacity change from 0 to 256 [ 302.403064][ T5211] udevd[5211]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 302.403803][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 302.584288][ T2527] libceph: connect (1)[c::]:6789 error -101 [ 302.600894][ T2527] libceph: mon0 (1)[c::]:6789 connect error [ 302.684878][ T8467] ceph: No mds server is up or the cluster is laggy [ 304.099873][ T8490] loop3: detected capacity change from 0 to 32768 [ 304.126988][ T8490] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.759 (8490) [ 304.323343][ T8490] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 304.333763][ T8490] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 304.342582][ T8490] BTRFS info (device loop3): using free-space-tree [ 305.319179][ T8490] btrfs: Deprecated parameter 'usebackuproot' [ 305.325337][ T8490] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 305.334896][ T8490] BTRFS info (device loop3 state M): resize thread pool 4 -> 9 [ 305.342595][ T8490] BTRFS info (device loop3 state M): rebuilding free space tree [ 305.353060][ T8490] BTRFS error (device loop3 state M): trying to do action 2 to bytenr 5341184 num_bytes 4096 but there is no existing entry! [ 305.366122][ T8490] BTRFS error (device loop3 state M): Ref action 2, root 10, ref_root 10, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 305.380086][ T8490] btrfs_force_cow_block+0xf44/0x1da0 [ 305.385679][ T8490] btrfs_cow_block+0x35e/0xa40 [ 305.390717][ T8490] btrfs_search_slot+0xbdd/0x30d0 [ 305.395951][ T8490] clear_free_space_tree+0xc4/0x330 [ 305.401457][ T8490] btrfs_rebuild_free_space_tree+0x109/0x490 [ 305.409956][ T8490] btrfs_start_pre_rw_mount+0xeed/0x1300 [ 305.415864][ T8490] btrfs_reconfigure+0xaf0/0x2be0 [ 305.421230][ T8490] reconfigure_super+0x445/0x880 [ 305.426396][ T8490] path_mount+0xc22/0xfa0 [ 305.430972][ T8490] __se_sys_mount+0x2d6/0x3c0 [ 305.435871][ T8490] do_syscall_64+0xf3/0x230 [ 305.440689][ T8490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.485082][ T8515] loop2: detected capacity change from 0 to 2048 [ 305.557381][ T8490] BTRFS info (device loop3 state M): allowing degraded mounts [ 305.564951][ T8490] BTRFS info (device loop3 state M): using spread ssd allocation scheme [ 305.573557][ T8490] BTRFS info (device loop3 state M): force clearing of disk cache [ 305.581449][ T8490] BTRFS info (device loop3 state M): trying to use backup root at mount time [ 306.482242][ T6969] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 306.496025][ T8516] loop2: p1 < > p4 [ 306.524832][ T8516] loop2: p4 size 8388608 extends beyond EOD, truncated [ 306.541081][ T8515] loop2: p1 < > p4 [ 306.546119][ T8515] loop2: p4 size 8388608 extends beyond EOD, truncated [ 306.845002][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 306.845231][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 307.010409][ T5211] udevd[5211]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 307.011221][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 307.383838][ T8532] loop2: detected capacity change from 0 to 256 [ 309.035989][ T8550] loop3: detected capacity change from 0 to 32768 [ 309.046577][ T8550] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.774 (8550) [ 309.083608][ T8550] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 309.095950][ T8550] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 309.105004][ T8550] BTRFS info (device loop3): using free-space-tree [ 309.924979][ T8549] loop0: detected capacity change from 0 to 32768 [ 309.941002][ T8550] btrfs: Deprecated parameter 'usebackuproot' [ 309.947226][ T8550] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 309.956811][ T8550] BTRFS info (device loop3 state M): resize thread pool 4 -> 9 [ 309.964434][ T8550] BTRFS info (device loop3 state M): rebuilding free space tree [ 309.973147][ T8550] BTRFS error (device loop3 state M): trying to do action 2 to bytenr 5341184 num_bytes 4096 but there is no existing entry! [ 309.986320][ T8550] BTRFS error (device loop3 state M): Ref action 2, root 10, ref_root 10, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 310.000292][ T8550] btrfs_force_cow_block+0xf44/0x1da0 [ 310.005900][ T8550] btrfs_cow_block+0x35e/0xa40 [ 310.010983][ T8550] btrfs_search_slot+0xbdd/0x30d0 [ 310.017480][ T8550] clear_free_space_tree+0xc4/0x330 [ 310.022922][ T8550] btrfs_rebuild_free_space_tree+0x109/0x490 [ 310.030302][ T8550] btrfs_start_pre_rw_mount+0xeed/0x1300 [ 310.036177][ T8550] btrfs_reconfigure+0xaf0/0x2be0 [ 310.041523][ T8550] reconfigure_super+0x445/0x880 [ 310.046772][ T8550] path_mount+0xc22/0xfa0 [ 310.051329][ T8550] __se_sys_mount+0x2d6/0x3c0 [ 310.056234][ T8550] do_syscall_64+0xf3/0x230 [ 310.061061][ T8550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.082466][ T8550] BTRFS info (device loop3 state M): allowing degraded mounts [ 310.090333][ T8550] BTRFS info (device loop3 state M): using spread ssd allocation scheme [ 310.098883][ T8550] BTRFS info (device loop3 state M): force clearing of disk cache [ 310.106896][ T8550] BTRFS info (device loop3 state M): trying to use backup root at mount time [ 310.930607][ T6969] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 311.054812][ T8549] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 311.141200][ T8549] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 311.178518][ T8549] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 311.178518][ T8549] running recovery passes: check_allocations [ 311.240593][ T8583] loop2: detected capacity change from 0 to 64 [ 311.493328][ T8549] bcachefs (loop0): accounting_read... done [ 311.526564][ T8549] bcachefs (loop0): alloc_read... done [ 311.547631][ T8549] bcachefs (loop0): stripes_read... done [ 311.555333][ T8549] bcachefs (loop0): snapshots_read... done [ 311.596773][ T8549] bcachefs (loop0): check_allocations... [ 311.633068][ T8549] btree ptr not marked in member info btree allocated bitmap [ 311.633136][ T8549] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 311.714801][ T8595] loop1: detected capacity change from 0 to 256 [ 311.743128][ T8549] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10 [ 311.753509][ T8549] bcachefs (loop0): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 311.771746][ T8549] bcachefs (loop0): bch2_gc_btree(): error fsck_errors_not_fixed [ 311.806793][ T8549] bcachefs (loop0): bch2_gc_btrees(): error fsck_errors_not_fixed [ 311.843309][ T5114] Bluetooth: Fragment is too long (len 16, expected 2) [ 311.893805][ T8549] bcachefs (loop0): bch2_check_allocations(): error fsck_errors_not_fixed [ 311.916232][ T8549] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 311.929637][ T8549] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 311.947537][ T8549] bcachefs (loop0): shutting down [ 312.018858][ T8549] bcachefs (loop0): shutdown complete [ 314.042755][ T8623] loop1: detected capacity change from 0 to 2048 [ 314.377054][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 314.688045][ T8624] loop1: p1 < > p4 [ 314.693793][ T8624] loop1: p4 size 8388608 extends beyond EOD, truncated [ 314.751266][ T8623] loop1: p1 < > p4 [ 314.756287][ T8623] loop1: p4 size 8388608 extends beyond EOD, truncated [ 315.000264][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 315.031159][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 315.174887][ T5211] udevd[5211]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 315.191489][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 315.213554][ T8628] syz.3.791: attempt to access beyond end of device [ 315.213554][ T8628] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 315.278701][ T8628] gfs2: error -5 reading superblock [ 315.719126][ T8644] loop3: detected capacity change from 0 to 256 [ 316.256138][ T8653] ceph: No mds server is up or the cluster is laggy [ 316.354519][ T8] libceph: connect (1)[c::]:6789 error -101 [ 316.361531][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 317.110401][ T8] libceph: connect (1)[c::]:6789 error -101 [ 317.164838][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 317.429945][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.436898][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.605486][ T8664] loop4: detected capacity change from 0 to 2048 [ 317.615516][ T5114] Bluetooth: hci2: unexpected event for opcode 0x0c24 [ 317.690505][ T5148] libceph: connect (1)[c::]:6789 error -101 [ 317.710580][ T5148] libceph: mon0 (1)[c::]:6789 connect error [ 317.977878][ T8665] loop4: p1 < > p4 [ 318.050986][ T8665] loop4: p4 size 8388608 extends beyond EOD, truncated [ 318.197837][ T8664] loop4: p1 < > p4 [ 318.202851][ T8664] loop4: p4 size 8388608 extends beyond EOD, truncated [ 318.384645][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 318.400191][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 318.571808][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 318.585940][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 318.990913][ T8676] loop4: detected capacity change from 0 to 1024 [ 319.358181][ T8676] hfsplus: xattr searching failed [ 319.379329][ T8680] hfsplus: xattr searching failed [ 319.732676][ T63] hfsplus: b-tree write err: -5, ino 3 [ 322.323595][ T8706] loop1: detected capacity change from 0 to 256 [ 322.679514][ T8712] loop2: detected capacity change from 0 to 1024 [ 322.957027][ T8712] hfsplus: cannot replace xattr [ 323.632677][ T29] audit: type=1326 audit(1720335562.332:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8718 comm="syz.2.818" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2dc775bd9 code=0x0 [ 324.098048][ T8736] loop3: detected capacity change from 0 to 2048 [ 324.123469][ T5103] Bluetooth: hci0: unexpected event for opcode 0x0c24 [ 324.392578][ T8736] loop3: p1 < > p4 [ 324.432729][ T8736] loop3: p4 size 8388608 extends beyond EOD, truncated [ 324.985390][ T5197] udevd[5197]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 325.020469][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 326.095735][ T8738] tty tty4: ldisc open failed (-12), clearing slot 3 [ 326.354278][ T8740] loop0: detected capacity change from 0 to 32768 [ 326.522494][ T8752] loop4: detected capacity change from 0 to 256 [ 326.835314][ T8740] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=16.0 EiB,nojournal_transaction_names [ 326.918475][ T8740] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 326.953611][ T8740] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 326.953611][ T8740] running recovery passes: check_allocations [ 327.127205][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 327.170129][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 327.285623][ T8767] loop4: detected capacity change from 0 to 1024 [ 327.458107][ T8767] hfsplus: cannot replace xattr [ 327.964944][ T8740] bcachefs (loop0): accounting_read... done [ 327.996673][ T8740] bcachefs (loop0): alloc_read... done [ 328.036613][ T8740] bcachefs (loop0): stripes_read... done [ 328.066644][ T8740] bcachefs (loop0): snapshots_read... done [ 328.072768][ T8740] bcachefs (loop0): check_allocations... [ 328.153795][ T8740] bcachefs (loop0): pointer to nonexistent bucket 0:2077 [ 328.318227][ T8776] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 328.337323][ T8740] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 8 [ 328.795520][ T8740] bcachefs (loop0): bch2_gc_mark_key(): error EIO [ 328.803435][ T8740] bcachefs (loop0): bch2_gc_btree(): error EIO [ 328.811206][ T8740] btree node read error for alloc, shutting down [ 328.869019][ T8740] bcachefs (loop0): bch2_gc_btrees(): error fsck_errors_not_fixed [ 328.932125][ T8740] bcachefs (loop0): bch2_check_allocations(): error fsck_errors_not_fixed [ 328.989474][ T8740] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 329.085037][ T8740] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 329.112894][ T8740] bcachefs (loop0): shutting down [ 329.176999][ T5114] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 329.177358][ T5105] Bluetooth: hci4: command 0x1003 tx timeout [ 329.240259][ T8740] bcachefs (loop0): shutdown complete [ 329.903178][ T5114] Bluetooth: hci3: command 0x0406 tx timeout [ 331.380149][ T29] audit: type=1326 audit(1720335570.082:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.1.838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06c775bd9 code=0x0 [ 331.673242][ T8778] loop4: detected capacity change from 0 to 40427 [ 331.688591][ T8778] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 331.703657][ T8778] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 331.730393][ T8778] F2FS-fs (loop4): invalid crc value [ 331.759686][ T8778] F2FS-fs (loop4): Found nat_bits in checkpoint [ 331.972165][ T8806] loop3: detected capacity change from 0 to 256 [ 333.356791][ T8823] netlink: 'syz.4.845': attribute type 25 has an invalid length. [ 333.413123][ T8823] netlink: 'syz.4.845': attribute type 7 has an invalid length. [ 333.837650][ T8828] loop3: detected capacity change from 0 to 256 [ 334.876920][ T8828] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 335.038765][ T29] audit: type=1800 audit(1720335573.742:55): pid=8828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.847" name="file0" dev="loop3" ino=1048618 res=0 errno=0 [ 335.205084][ T29] audit: type=1326 audit(1720335573.902:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8842 comm="syz.4.853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ed6375bd9 code=0x0 [ 335.253761][ T8844] loop1: detected capacity change from 0 to 256 [ 336.031491][ T8858] loop3: detected capacity change from 0 to 1024 [ 336.270721][ T8858] hfsplus: cannot replace xattr [ 337.046670][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 337.455461][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.621265][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.634098][ T8] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 338.643728][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.696807][ T8] usb 5-1: config 0 descriptor?? [ 339.224791][ T8] hid-multitouch 0003:1FD2:6007.0003: unknown main item tag 0x7 [ 339.247162][ T8] hid-multitouch 0003:1FD2:6007.0003: item fetching failed at offset 3/5 [ 339.266910][ T8] hid-multitouch 0003:1FD2:6007.0003: probe with driver hid-multitouch failed with error -22 [ 339.298731][ T5152] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 339.342135][ T29] audit: type=1326 audit(1720335578.022:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8879 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x7ffc0000 [ 339.373699][ T8883] loop2: detected capacity change from 0 to 256 [ 339.432470][ T5097] usb 5-1: USB disconnect, device number 8 [ 339.441438][ T29] audit: type=1326 audit(1720335578.022:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8879 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x7ffc0000 [ 339.515075][ T29] audit: type=1326 audit(1720335578.032:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8879 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f4893f75bd9 code=0x7ffc0000 [ 339.563869][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.575062][ T29] audit: type=1326 audit(1720335578.032:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8879 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x7ffc0000 [ 339.605048][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.632515][ T29] audit: type=1326 audit(1720335578.032:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8879 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x7ffc0000 [ 339.654659][ T5152] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 339.654698][ T5152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.675672][ T5152] usb 1-1: config 0 descriptor?? [ 340.774435][ T5152] usb 1-1: language id specifier not provided by device, defaulting to English [ 343.188087][ T5152] uclogic 0003:256C:006D.0004: failed retrieving Huion firmware version: -71 [ 343.216599][ T5152] uclogic 0003:256C:006D.0004: failed probing parameters: -71 [ 343.224257][ T5152] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71 [ 343.259290][ T5152] usb 1-1: USB disconnect, device number 6 [ 343.614748][ T8925] loop4: detected capacity change from 0 to 256 [ 344.126386][ T29] audit: type=1326 audit(1720335582.812:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8937 comm="syz.3.890" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 345.234581][ T8909] loop1: detected capacity change from 0 to 40427 [ 345.249257][ T8909] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 345.263310][ T8909] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 345.285473][ T8909] F2FS-fs (loop1): invalid crc value [ 345.310916][ T8909] F2FS-fs (loop1): Found nat_bits in checkpoint [ 345.442537][ T8909] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 345.451722][ T8909] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 345.679011][ T2821] kworker/u8:9: attempt to access beyond end of device [ 345.679011][ T2821] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 345.829937][ T8974] loop0: detected capacity change from 0 to 256 [ 345.997719][ T8977] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 346.171684][ T29] audit: type=1326 audit(1720335584.872:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8980 comm="syz.2.903" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2dc775bd9 code=0x0 [ 349.809789][ T29] audit: type=1326 audit(1720335588.502:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9024 comm="syz.1.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06c775bd9 code=0x0 [ 350.608306][ T9042] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 352.834558][ T29] audit: type=1326 audit(1720335591.532:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9072 comm="syz.3.932" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 354.399503][ T9103] netlink: 52 bytes leftover after parsing attributes in process `syz.3.942'. [ 354.524912][ T9110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.945'. [ 354.559031][ T9110] netlink: 12 bytes leftover after parsing attributes in process `syz.3.945'. [ 354.936885][ T9117] loop4: detected capacity change from 0 to 128 [ 355.761327][ T9117] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 357.072855][ T9135] loop4: detected capacity change from 0 to 512 [ 357.085962][ T9135] EXT4-fs: Ignoring removed nobh option [ 357.106327][ T9135] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 357.139718][ T9135] EXT4-fs (loop4): 1 truncate cleaned up [ 357.147692][ T9135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 357.152367][ T9104] loop0: detected capacity change from 0 to 40427 [ 357.174603][ T29] audit: type=1804 audit(1720335595.872:66): pid=9135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.952" name="/newroot/116/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 357.177242][ T9104] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 357.204403][ T9104] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 357.233607][ T9104] F2FS-fs (loop0): invalid crc value [ 357.255370][ T29] audit: type=1804 audit(1720335595.902:67): pid=9135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.952" name="/newroot/116/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 357.281483][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.286751][ T9104] F2FS-fs (loop0): Found nat_bits in checkpoint [ 357.306077][ T29] audit: type=1804 audit(1720335595.902:68): pid=9135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.952" name="/newroot/116/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 358.439705][ T9149] netlink: 52 bytes leftover after parsing attributes in process `syz.2.955'. [ 358.946725][ T9164] loop4: detected capacity change from 0 to 128 [ 359.105864][ T9164] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 359.483122][ T9166] loop2: detected capacity change from 0 to 512 [ 359.561698][ T9166] EXT4-fs: Ignoring removed nobh option [ 359.663099][ T9166] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 360.869076][ T9166] EXT4-fs (loop2): 1 truncate cleaned up [ 360.876163][ T9166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 361.335714][ T7017] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.229389][ T5114] Bluetooth: hci5: command tx timeout [ 366.605952][ T9226] use of bytesused == 0 is deprecated and will be removed in the future, [ 366.628502][ T9226] use the actual size instead. [ 366.783665][ T9234] loop4: detected capacity change from 0 to 512 [ 366.791188][ T9234] EXT4-fs: Ignoring removed nobh option [ 366.798888][ T9234] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 367.237015][ T9234] EXT4-fs (loop4): 1 truncate cleaned up [ 367.348698][ T9234] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 367.679682][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.041922][ T9285] loop3: detected capacity change from 0 to 512 [ 371.062889][ T9285] EXT4-fs: Ignoring removed nobh option [ 371.082144][ T9285] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 371.816864][ T5114] Bluetooth: hci5: command 0x0406 tx timeout [ 372.145534][ T9285] EXT4-fs (loop3): 1 truncate cleaned up [ 372.152943][ T9285] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 373.138434][ T6969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.606783][ T9313] kAFS: No cell specified [ 377.982080][ T9338] loop3: detected capacity change from 0 to 512 [ 377.998100][ T9338] EXT4-fs: Ignoring removed nobh option [ 378.222960][ T9338] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 378.982192][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.368489][ T9338] EXT4-fs (loop3): 1 truncate cleaned up [ 379.766102][ T9338] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 379.912197][ T29] audit: type=1804 audit(1720335618.612:69): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1010" name="/newroot/124/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 379.977806][ T5103] Bluetooth: hci5: command 0x0406 tx timeout [ 380.018965][ T29] audit: type=1804 audit(1720335618.662:70): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1010" name="/newroot/124/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 380.094796][ T6969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.145496][ T29] audit: type=1804 audit(1720335618.672:71): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1010" name="/newroot/124/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 381.627437][ T9390] loop1: detected capacity change from 0 to 512 [ 382.069972][ T9397] loop4: detected capacity change from 0 to 512 [ 382.123062][ T9397] EXT4-fs: Ignoring removed nobh option [ 382.176726][ T29] audit: type=1326 audit(1720335620.862:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9392 comm="syz.3.1026" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 382.232056][ T9397] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 382.280986][ T9390] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.329295][ T9397] EXT4-fs (loop4): 1 truncate cleaned up [ 382.360760][ T9397] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 382.373869][ T9390] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 382.462994][ T29] audit: type=1804 audit(1720335621.162:73): pid=9397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1027" name="/newroot/131/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 382.579696][ T29] audit: type=1804 audit(1720335621.192:74): pid=9397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1027" name="/newroot/131/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 382.610052][ T29] audit: type=1804 audit(1720335621.202:75): pid=9397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1027" name="/newroot/131/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 382.649226][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.649955][ T29] audit: type=1800 audit(1720335621.242:76): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1025" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 382.690007][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.927576][ T9411] loop1: detected capacity change from 0 to 1024 [ 382.997268][ T9411] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.058621][ T9418] binder: 9407:9418 ioctl 4018620d 0 returned -22 [ 384.233513][ T9430] fuse: Unknown parameter 'Dd' [ 384.951808][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 385.129836][ T9439] loop2: detected capacity change from 0 to 512 [ 385.137473][ T9439] EXT4-fs: Ignoring removed nobh option [ 385.148522][ T9439] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 385.463973][ T9439] EXT4-fs (loop2): 1 truncate cleaned up [ 385.519756][ T9439] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 386.205690][ T29] audit: type=1804 audit(1720335624.902:77): pid=9439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1040" name="/newroot/132/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 386.286214][ T29] audit: type=1804 audit(1720335624.922:78): pid=9439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1040" name="/newroot/132/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 386.339780][ T7017] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.370269][ T29] audit: type=1804 audit(1720335624.932:79): pid=9439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1040" name="/newroot/132/file0/bus" dev="loop2" ino=18 res=1 errno=0 [ 388.106693][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1043'. [ 388.174829][ T9460] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 389.359879][ T9483] loop0: detected capacity change from 0 to 512 [ 389.429877][ T9483] EXT4-fs: Ignoring removed nobh option [ 389.482009][ T9483] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 389.610931][ T9483] EXT4-fs (loop0): 1 truncate cleaned up [ 389.627904][ T9483] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 389.699152][ T29] audit: type=1804 audit(1720335628.402:80): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1053" name="/newroot/73/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 389.750296][ T29] audit: type=1804 audit(1720335628.432:81): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1053" name="/newroot/73/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 389.867050][ T29] audit: type=1804 audit(1720335628.472:82): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1053" name="/newroot/73/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 389.918178][ T7253] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.939629][ T9499] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1059'. [ 390.286973][ T4547] udevd[4547]: worker [5197] terminated by signal 33 (Unknown signal 33) [ 390.356565][ T4547] udevd[4547]: worker [5197] failed while handling '/devices/virtual/block/loop0' [ 390.887869][ T29] audit: type=1326 audit(1720335629.572:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9510 comm="syz.2.1064" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2dc775bd9 code=0x0 [ 391.817512][ T9532] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1069'. [ 392.000189][ T9538] loop0: detected capacity change from 0 to 512 [ 392.040593][ T9538] EXT4-fs: Ignoring removed nobh option [ 392.077300][ T9538] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 392.133366][ T9538] EXT4-fs (loop0): 1 truncate cleaned up [ 392.151401][ T9538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 392.215942][ T29] audit: type=1804 audit(1720335630.912:84): pid=9538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1070" name="/newroot/76/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 392.261510][ T29] audit: type=1804 audit(1720335630.952:85): pid=9538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1070" name="/newroot/76/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 392.314124][ T29] audit: type=1804 audit(1720335631.012:86): pid=9538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1070" name="/newroot/76/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 392.423402][ T7253] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.530656][ T9548] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1075'. [ 392.876553][ T29] audit: type=1326 audit(1720335631.562:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9557 comm="syz.1.1079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06c775bd9 code=0x0 [ 392.885795][ T9555] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 393.113050][ T9561] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 393.855707][ T9576] loop4: detected capacity change from 0 to 512 [ 393.867751][ T9576] EXT4-fs: Ignoring removed nobh option [ 393.875926][ T9576] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 393.929185][ T9576] EXT4-fs (loop4): 1 truncate cleaned up [ 393.946186][ T9576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 393.969456][ T29] audit: type=1804 audit(1720335632.672:88): pid=9576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1086" name="/newroot/149/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 393.993538][ T29] audit: type=1804 audit(1720335632.692:89): pid=9576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1086" name="/newroot/149/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 394.128951][ T29] audit: type=1804 audit(1720335632.832:90): pid=9583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1086" name="/newroot/149/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 394.226209][ T6741] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 394.265700][ T9590] vivid-000: disconnect [ 394.293092][ T9590] vivid-000: reconnect [ 394.471117][ T9594] loop4: detected capacity change from 0 to 164 [ 394.550970][ T9599] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 394.604263][ T9601] loop1: detected capacity change from 0 to 512 [ 394.683321][ T9601] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz.1.1092: casefold flag without casefold feature [ 394.810277][ T9601] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.1092: couldn't read orphan inode 15 (err -117) [ 394.888491][ T9601] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 395.051185][ T29] audit: type=1326 audit(1720335633.742:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9606 comm="syz.4.1095" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ed6375bd9 code=0x0 [ 396.572103][ T9628] vivid-000: disconnect [ 396.613301][ T9628] vivid-000: reconnect [ 396.810340][ T5913] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.887146][ T9630] loop0: detected capacity change from 0 to 1024 [ 396.999172][ T9630] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 397.070552][ T9633] netlink: 'syz.0.1103': attribute type 1 has an invalid length. [ 397.116441][ T9633] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.1103'. [ 397.146561][ T9633] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1103'. [ 397.245311][ T9636] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 397.294629][ T9635] loop3: detected capacity change from 0 to 2048 [ 397.374807][ T9635] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 397.400373][ T2821] hfsplus: b-tree write err: -5, ino 4 [ 397.477478][ T29] audit: type=1326 audit(1720335636.172:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9637 comm="syz.1.1106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06c775bd9 code=0x0 [ 397.479525][ T9626] loop2: detected capacity change from 0 to 32768 [ 397.564357][ T9622] loop4: detected capacity change from 0 to 32768 [ 397.592544][ T9622] XFS (loop4): sunit and swidth must be specified together [ 397.684262][ T9626] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1101 (9626) [ 397.836366][ T9626] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 398.230297][ T9626] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 398.446721][ T9626] BTRFS info (device loop2): using free-space-tree [ 398.738443][ T9645] loop3: detected capacity change from 0 to 4096 [ 398.819400][ T9645] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 398.841654][ T2869] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.867210][ T9626] BTRFS info (device loop2): rebuilding free space tree [ 398.909359][ T9645] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 399.054609][ T2869] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.345307][ T2869] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.055075][ T9680] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 400.177694][ T7017] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 400.198417][ T2869] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.461009][ T29] audit: type=1326 audit(1720335639.162:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9685 comm="syz.3.1120" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 400.724827][ T5114] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 400.737030][ T5114] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 400.755127][ T5114] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 400.764136][ T5114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 400.779368][ T5114] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 400.788352][ T5114] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 402.064920][ T2869] bridge_slave_1: left allmulticast mode [ 402.097120][ T2869] bridge_slave_1: left promiscuous mode [ 402.122770][ T2869] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.264502][ T2869] bridge_slave_0: left allmulticast mode [ 402.294811][ T2869] bridge_slave_0: left promiscuous mode [ 402.322689][ T2869] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.350060][ T9708] loop0: detected capacity change from 0 to 256 [ 402.411729][ T9708] FAT-fs (loop0): count of clusters too big (2360318) [ 402.432342][ T9710] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 402.460463][ T9708] FAT-fs (loop0): Can't find a valid FAT filesystem [ 402.864746][ T5114] Bluetooth: hci2: command tx timeout [ 403.432665][ T9720] loop1: detected capacity change from 0 to 128 [ 403.470829][ T9720] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 403.606775][ T29] audit: type=1326 audit(1720335642.302:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa06c775bd9 code=0x0 [ 404.713937][ T2869] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 404.808211][ T2869] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 404.878700][ T2869] bond0 (unregistering): Released all slaves [ 404.921572][ T9736] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 404.941977][ T5114] Bluetooth: hci2: command tx timeout [ 405.015686][ T9708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1127'. [ 405.944101][ T29] audit: type=1326 audit(1720335644.642:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9747 comm="syz.0.1144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0297b75bd9 code=0x0 [ 405.976754][ T9752] loop1: detected capacity change from 0 to 128 [ 406.039715][ T9752] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 406.583983][ T9770] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 407.036585][ T5114] Bluetooth: hci2: command tx timeout [ 407.309205][ T2869] hsr_slave_0: left promiscuous mode [ 407.388963][ T2869] hsr_slave_1: left promiscuous mode [ 407.418387][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.442275][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.468433][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.490392][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.604773][ T2869] veth0_macvtap: left promiscuous mode [ 407.614055][ T2869] veth1_vlan: left promiscuous mode [ 407.620566][ T2869] veth0_vlan: left promiscuous mode [ 408.563453][ T9805] loop2: detected capacity change from 0 to 256 [ 408.571443][ T9805] FAT-fs (loop2): Unrecognized mount option "1844674407370955161500000000000000000000004" or missing value [ 409.096571][ T5114] Bluetooth: hci2: command tx timeout [ 409.712402][ T9809] loop2: detected capacity change from 0 to 128 [ 409.751903][ T9809] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 409.859609][ T2869] team0 (unregistering): Port device team_slave_1 removed [ 409.914763][ T2869] team0 (unregistering): Port device team_slave_0 removed [ 409.946025][ T29] audit: type=1326 audit(1720335648.642:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9812 comm="syz.2.1159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2dc775bd9 code=0x0 [ 410.451431][ T9783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1150'. [ 410.526190][ T9688] chnl_net:caif_netlink_parms(): no params data found [ 410.635211][ T9817] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 410.913952][ T9823] syz.1.1163[9823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 410.914132][ T9823] syz.1.1163[9823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 411.027103][ T9829] syz.2.1164[9829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 411.348978][ T9829] syz.2.1164[9829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 411.611731][ T9688] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.750781][ T9688] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.772365][ T9688] bridge_slave_0: entered allmulticast mode [ 411.781009][ T9688] bridge_slave_0: entered promiscuous mode [ 411.801730][ T9688] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.810076][ T9688] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.817943][ T9688] bridge_slave_1: entered allmulticast mode [ 411.833609][ T9688] bridge_slave_1: entered promiscuous mode [ 412.066229][ T9688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.148925][ T9688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.161932][ T2869] IPVS: stop unused estimator thread 0... [ 412.246626][ T2527] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 412.318797][ T9688] team0: Port device team_slave_0 added [ 412.357700][ T9688] team0: Port device team_slave_1 added [ 412.367989][ T9861] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 412.435569][ T29] audit: type=1326 audit(1720335651.132:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.3.1173" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 412.473275][ T2527] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 412.499879][ T2527] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 412.530022][ T9688] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 412.531588][ T2527] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 412.552488][ T9688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.556569][ T2527] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 412.594347][ T2527] usb 1-1: SerialNumber: syz [ 412.604955][ T9688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.618958][ T9847] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 412.714264][ T9688] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 412.750512][ T9688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.860850][ T9688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 412.949827][ T9843] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 413.656870][ T2527] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 413.698209][ T9688] hsr_slave_0: entered promiscuous mode [ 413.723021][ T2527] usb 1-1: USB disconnect, device number 7 [ 413.776988][ T9688] hsr_slave_1: entered promiscuous mode [ 413.786843][ T9886] syz.3.1177[9886] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.787028][ T9886] syz.3.1177[9886] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 413.823862][ T9688] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 413.881726][ T9688] Cannot create hsr debugfs directory [ 415.059381][ T9908] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 415.184878][ T29] audit: type=1326 audit(1720335653.872:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9910 comm="syz.3.1186" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 415.890577][ T9936] loop0: detected capacity change from 0 to 1024 [ 415.892423][ T9937] syz.2.1191[9937] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 415.907274][ T9937] syz.2.1191[9937] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.031727][ T2781] hfsplus: b-tree write err: -5, ino 4 [ 416.304760][ T9688] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 416.470399][ T9688] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 416.565261][ T9688] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 416.584589][ T9953] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 416.620752][ T9688] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 416.979614][ T9964] loop3: detected capacity change from 0 to 1024 [ 416.985983][ T9966] syz.2.1202[9966] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.990470][ T9966] syz.2.1202[9966] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 417.003702][ T9688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.135197][ T9688] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.184118][ T2781] hfsplus: b-tree write err: -5, ino 4 [ 417.195562][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.202865][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.304566][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.311840][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.208952][ T9688] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.851133][T10007] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 419.287655][ T9688] veth0_vlan: entered promiscuous mode [ 419.372835][ T9688] veth1_vlan: entered promiscuous mode [ 419.410001][ T9976] loop2: detected capacity change from 0 to 40427 [ 419.473221][ T9976] F2FS-fs (loop2): Fix alignment : done, start(4096) end(16896) block(12288) [ 419.654313][ T9976] F2FS-fs (loop2): Found nat_bits in checkpoint [ 419.798483][ T9688] veth0_macvtap: entered promiscuous mode [ 419.889514][ T9688] veth1_macvtap: entered promiscuous mode [ 420.043530][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.086861][ T9976] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 420.089596][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.139670][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.171158][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.217234][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.274427][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.325319][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.346549][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.387704][ T9688] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.429058][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.485629][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.538125][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.569543][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.596824][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.649003][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.699292][ T9688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.756692][ T9688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.788770][ T9688] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 420.832982][ T9688] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.871285][ T9688] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.900887][ T9688] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.930988][ T9688] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.205148][ T2869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.224932][ T2869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.335453][ T2869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.368668][ T2869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.583623][T10050] vivid-000: disconnect [ 421.599308][T10050] vivid-000: reconnect [ 422.945200][T10038] loop1: detected capacity change from 0 to 40427 [ 422.997790][T10038] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 423.076066][T10038] F2FS-fs (loop1): Found nat_bits in checkpoint [ 424.454167][T10102] loop3: detected capacity change from 0 to 512 [ 424.986578][T10102] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 425.169342][T10102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 425.189300][ T5151] udevd[5151]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 425.209226][T10102] ext4 filesystem being mounted at /168/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 425.429696][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1233'. [ 425.742694][ T6969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 427.935648][T10202] loop3: detected capacity change from 0 to 256 [ 428.004736][T10203] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 428.034685][T10202] FAT-fs (loop3): count of clusters too big (2360318) [ 428.086995][T10202] FAT-fs (loop3): Can't find a valid FAT filesystem [ 428.313662][T10202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1257'. [ 428.345222][T10212] loop0: detected capacity change from 0 to 8 [ 430.175472][T10241] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 431.847681][T10273] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 431.939196][T10272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1282'. [ 431.946106][T10276] loop0: detected capacity change from 0 to 512 [ 431.984984][T10272] bridge_slave_1: left allmulticast mode [ 431.985994][T10276] ext4: Unknown parameter 'subj_role' [ 432.017928][T10272] bridge_slave_1: left promiscuous mode [ 432.047209][T10272] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.120168][T10272] bridge_slave_0: left allmulticast mode [ 432.139202][T10272] bridge_slave_0: left promiscuous mode [ 432.152938][T10272] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.214984][T10276] loop0: detected capacity change from 0 to 8192 [ 432.230365][T10276] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 432.429439][T10284] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1285'. [ 433.354071][T10296] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1291'. [ 433.784619][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1294'. [ 434.520429][T10315] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 434.897898][T10328] Cannot find add_set index 0 as target [ 435.046317][T10331] loop0: detected capacity change from 0 to 512 [ 435.066253][T10290] loop2: detected capacity change from 0 to 32768 [ 435.073794][T10290] XFS (loop2): sunit and swidth options incompatible with the noalign option [ 435.101200][T10331] ext4: Unknown parameter 'subj_role' [ 435.337035][T10331] loop0: detected capacity change from 0 to 8192 [ 435.348019][T10331] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 436.446753][T10337] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1303'. [ 436.882198][T10349] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 437.042649][T10354] loop0: detected capacity change from 0 to 1024 [ 437.313702][ T52] hfsplus: b-tree write err: -5, ino 4 [ 437.584985][T10366] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1316'. [ 437.592258][T10367] loop3: detected capacity change from 0 to 512 [ 437.675456][T10367] ext4: Unknown parameter 'subj_role' [ 437.888250][T10367] loop3: detected capacity change from 0 to 8192 [ 437.900205][T10367] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 438.152900][T10375] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1318'. [ 439.514568][T10389] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 439.584378][T10391] loop0: detected capacity change from 0 to 1024 [ 439.765864][ T2821] hfsplus: b-tree write err: -5, ino 4 [ 440.193615][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1327'. [ 440.489692][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.043349][T10404] loop0: detected capacity change from 0 to 512 [ 441.057425][T10404] ext4: Unknown parameter 'subj_role' [ 441.209417][T10404] loop0: detected capacity change from 0 to 8192 [ 441.230862][T10404] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 442.267392][T10418] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 442.473150][ T29] audit: type=1326 audit(1720335681.162:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10421 comm="syz.2.1337" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2dc775bd9 code=0x0 [ 442.499672][T10420] loop0: detected capacity change from 0 to 1024 [ 442.986833][ T2821] hfsplus: b-tree write err: -5, ino 4 [ 444.142250][T10461] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 444.215865][T10463] loop3: detected capacity change from 0 to 512 [ 444.337441][T10463] ext4: Unknown parameter 'subj_role' [ 444.698161][T10474] syz.4.1355: attempt to access beyond end of device [ 444.698161][T10474] loop4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 444.784834][T10463] loop3: detected capacity change from 0 to 8192 [ 444.803885][T10475] loop2: detected capacity change from 0 to 1024 [ 444.815072][T10463] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 444.831628][T10474] SQUASHFS error: Failed to read block 0x0: -5 [ 444.838645][T10474] unable to read squashfs_super_block [ 446.843251][ T2821] hfsplus: b-tree write err: -5, ino 4 [ 447.474815][ T29] audit: type=1326 audit(1720335686.172:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10490 comm="syz.3.1359" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4893f75bd9 code=0x0 [ 447.547066][T10494] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 447.547095][T10494] CPU: 0 UID: 0 PID: 10494 Comm: syz.2.1360 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 447.547114][T10494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 447.547124][T10494] RIP: 0010:cpu_map_redirect+0x5c/0x470 [ 447.547149][T10494] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 62 6b 3d 00 4c 8b 2b 49 8d 5d 38 48 89 dd 48 c1 ed 03 <42> 0f b6 44 35 00 84 c0 0f 85 fd 02 00 00 44 8b 33 44 89 f6 83 e6 [ 447.547163][T10494] RSP: 0018:ffffc900030c7960 EFLAGS: 00010202 [ 447.547178][T10494] RAX: 1ffff1100596ae40 RBX: 0000000000000038 RCX: 0000000000040000 [ 447.547189][T10494] RDX: ffffc90010996000 RSI: 00000000000001be RDI: 00000000000001bf [ 447.547200][T10494] RBP: 0000000000000007 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 447.547214][T10494] R10: 0000000000000004 R11: ffff88802cb55a00 R12: 00000000030c79b0 [ 447.547224][T10494] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888067aa7400 [ 447.547236][T10494] FS: 00007fd2dd5436c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 447.547250][T10494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 447.547261][T10494] CR2: 000000110c34ec0b CR3: 000000006721a000 CR4: 00000000003506f0 [ 447.547275][T10494] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 447.547284][T10494] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 447.547294][T10494] Call Trace: [ 447.547300][T10494] [ 447.547307][T10494] ? __die_body+0x88/0xe0 [ 447.547332][T10494] ? die+0xcf/0x110 [ 447.547355][T10494] ? do_trap+0x15a/0x3a0 [ 447.547378][T10494] ? do_error_trap+0x1dc/0x2c0 [ 447.547402][T10494] ? __pfx_do_error_trap+0x10/0x10 [ 447.547425][T10494] ? rcu_is_watching+0x15/0xb0 [ 447.547450][T10494] ? exc_stack_segment+0x38/0x50 [ 447.547467][T10494] ? asm_exc_stack_segment+0x26/0x30 [ 447.547488][T10494] ? bpf_ringbuf_query+0x4f/0x150 [ 447.547510][T10494] ? cpu_map_redirect+0x5c/0x470 [ 447.547532][T10494] bpf_prog_ec9efaa32d58ce69+0x56/0x5a [ 447.547546][T10494] tun_get_user+0x3321/0x4560 [ 447.547565][T10494] ? tun_get_user+0x84c/0x4560 [ 447.547587][T10494] ? __pfx_tun_get_user+0x10/0x10 [ 447.547607][T10494] ? tun_get+0x1e/0x2f0 [ 447.547630][T10494] ? tun_get+0x1e/0x2f0 [ 447.547643][T10494] ? tun_get+0x27d/0x2f0 [ 447.547665][T10494] tun_chr_write_iter+0x113/0x1f0 [ 447.547682][T10494] vfs_write+0xa72/0xc90 [ 447.547699][T10494] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 447.547715][T10494] ? __pfx_vfs_write+0x10/0x10 [ 447.547729][T10494] ? do_futex+0x33b/0x560 [ 447.547760][T10494] ksys_write+0x1a0/0x2c0 [ 447.547777][T10494] ? __pfx_ksys_write+0x10/0x10 [ 447.547792][T10494] ? do_syscall_64+0x100/0x230 [ 447.547809][T10494] ? do_syscall_64+0xb6/0x230 [ 447.547828][T10494] do_syscall_64+0xf3/0x230 [ 447.547842][T10494] ? clear_bhb_loop+0x35/0x90 [ 447.547863][T10494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.547881][T10494] RIP: 0033:0x7fd2dc77475f [ 447.547893][T10494] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 447.547906][T10494] RSP: 002b:00007fd2dd543010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 447.547924][T10494] RAX: ffffffffffffffda RBX: 00007fd2dc903f60 RCX: 00007fd2dc77475f [ 447.547936][T10494] RDX: 0000000000000022 RSI: 0000000020000a40 RDI: 00000000000000c8 [ 447.547946][T10494] RBP: 00007fd2dc7e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 447.547956][T10494] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000000 [ 447.547965][T10494] R13: 000000000000000b R14: 00007fd2dc903f60 R15: 00007ffcdab45908 [ 447.547984][T10494] [ 447.547989][T10494] Modules linked in: [ 447.548026][T10494] ---[ end trace 0000000000000000 ]--- [ 447.915368][T10494] RIP: 0010:cpu_map_redirect+0x5c/0x470 [ 447.920948][T10494] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 62 6b 3d 00 4c 8b 2b 49 8d 5d 38 48 89 dd 48 c1 ed 03 <42> 0f b6 44 35 00 84 c0 0f 85 fd 02 00 00 44 8b 33 44 89 f6 83 e6 [ 447.940588][T10494] RSP: 0018:ffffc900030c7960 EFLAGS: 00010202 [ 447.946683][T10494] RAX: 1ffff1100596ae40 RBX: 0000000000000038 RCX: 0000000000040000 [ 447.954671][T10494] RDX: ffffc90010996000 RSI: 00000000000001be RDI: 00000000000001bf [ 447.962711][T10494] RBP: 0000000000000007 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 447.970708][T10494] R10: 0000000000000004 R11: ffff88802cb55a00 R12: 00000000030c79b0 [ 447.978703][T10494] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888067aa7400 [ 447.986696][T10494] FS: 00007fd2dd5436c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 447.995626][T10494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 448.002240][T10494] CR2: 000000110c34ec0b CR3: 000000006721a000 CR4: 00000000003506f0 [ 448.010236][T10494] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 448.018226][T10494] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 448.026240][T10494] Kernel panic - not syncing: Fatal exception in interrupt [ 448.033797][T10494] Kernel Offset: disabled [ 448.038144][T10494] Rebooting in 86400 seconds..