last executing test programs: 6m4.172178051s ago: executing program 1 (id=189): socket$netlink(0x10, 0x3, 0xc) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x1, 0xc8d1) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r2, &(0x7f0000000300)='cgroup.clone_children\x00', 0x2, 0x0) epoll_create1(0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 6m3.765001659s ago: executing program 1 (id=192): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@hci={0x1f, 0x6, 0x3}, 0x0, 0x0, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000080)={{0xd4, 0x8}, 'port1\x00', 0x81, 0x60000, 0x400, 0x7, 0x1, 0x0, 0x5, 0x0, 0x4, 0x3}) io_uring_enter(r2, 0x47bc, 0xf5, 0x0, 0x0, 0x0) 6m1.198570257s ago: executing program 1 (id=201): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x1) mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0) 6m0.111462482s ago: executing program 1 (id=203): getpid() r0 = socket$nl_netfilter(0x10, 0x3, 0xc) dup(r0) socket(0x2, 0x80805, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB="696f636861727365743d170ddbbba28854f76e642c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703934392c6572726f72733d72656d6f756e742d726f2c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000003,gid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,discard,errors=continue,\x00'], 0x5, 0x1510, &(0x7f00000037c0)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f0000006b40)={0x2020}, 0x206e) 5m57.801356582s ago: executing program 1 (id=209): sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x801) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) mremap(&(0x7f0000bc9000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0) 5m57.250064374s ago: executing program 1 (id=215): r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r1, 0xa, 0x12) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, 0x0, 0x0) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x13) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}}, 0x20}}, 0x40080) 5m55.560751791s ago: executing program 32 (id=215): r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r1, 0xa, 0x12) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, 0x0, 0x0) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x13) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}}, 0x20}}, 0x40080) 4m51.725912514s ago: executing program 4 (id=375): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4m50.276680999s ago: executing program 4 (id=381): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000001c0)={0xcc2}, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) 4m47.706263138s ago: executing program 4 (id=389): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x4040, 0x0, 0x2}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_restrict_self(r3, 0x1) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r4) truncate(&(0x7f0000000140)='./file0\x00', 0x9) 4m46.162939197s ago: executing program 4 (id=392): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x3810082, &(0x7f0000000280)=ANY=[@ANYBLOB='undelete,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,rootdir=00000000000000001055,iocharset=cp864,unhide,gid=ignore,mode=00000000000000000000001,anchor=00000000000000000000,\x00'], 0x1, 0xc3c, &(0x7f0000002680)="$eJzs3U9sHNd9B/DfGy7Fld1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpVlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNIXRI9O6QHLxocipJ6KFjaDogS0C5BSwmNm34pKibEUkJUr6fGzquzvz3ux789YzsqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN979dzxE+lBtwIAuJ8ujH/1+En3fwB4rFzy//8AAAAAAAAAAAAAALDfpSjiqUgxd2EtTVbvu+rnO4M3bk6Mjm1f7WCqag5U5cuf+omTp05/6cWRM70835n5iPq77bPx+vilc41XZq/PzbcXFtpTjYmZzpXZqfZdH2Gn9bc6Wp2AxvU3bkxdvbrQOPnCqU27bw5/OPTk4eGzI88de7ZXdmJ0bGx8o0i9v3ztnhvSdacZHgeiiGOR4vnv/SS1IqKInZ+L+v0d+60OVp04WnViYnSs6sh0pzWzWO682DsRRUSjr1Kzd462H4uoDd7XPtxZM2KpbH7Z4KNl98bnWvOty9PtxsXW/GJnsTM7czF1W1v2pxFFnEkRyxGxOnT74QajiFqk+M6htXQ5IgZ65+GL1cTgO7ej2MM+3oWynY3BiOXiIRizfWwoingtUvz0vSNxJV9nqmvNFyJeK/PdiLfLfDkilV+M0xEfbPM94uFUiyL+ohz/s2tpqroe9K4r57/W+MrM1dm+sr3ryi94f7jtSvGA7g8Ht+T9sc+vTfUoolVd8dfSvf9mBwAAAAAAAAAAAAAAAIDddjCK+EykePXf/7iaVxzVvPRDZ0d+f/iX++eMP/MxxynLvhARS8Xdzck9kCcGXkwXU3rAc4kfZ/Uo4k/i3Wr+37cedGMAAAAAAAAAAAAAAAAAAAAea0X8OFK89P6RtBz9a4p3Zq41LrUuT3dXhe2t/dtbM319fX29kbrZzDmZcynncs6VnKs5o8j1czZzTuZcyrmccyXnas4YyPVzNnNO5lzKuZxzJedqzqjl+jmbOSdzLuVczrmSczVn7JO1ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiVFFPHzSPHtb6ylSBHRjJiMbq4MPejWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACloVTE9yNF4w+at7bVIiJV/3YdKX85Hc0DZX4ymiNlvhzNczlbVdaa33oA7WdnBlMRP4oUQ/V3bg14Hv/B7rtbX4N4+5sb7z5b6+ZAb+fwh0NPHj50dmTs15650+u0XQOOnu/M3LjZmBgdGxvv21zLn/7Jvm3D+XOL3ek6EbHw5ltvtKan2/P3/qL8Cuyg+kP0ItX2pqdD+6WDXmx+EbV90YwH03ceA+X9/4NI8dvv/0fvht+9/9fjl7rvbt3h42d/unH/f2nrge7y/l/bWi/f/8t7+nb3/6f6tr2UfzcyWIuoL16fGzwcUV94861jneuta+1r7ZnTx49/eWTky6eODx6IqF/tTLf7Xu3K6QIAAAAAAAAAAAAAAAC4f1IRvxspWj9aS42IuFnN1xo+O/LcsWcHYqCab7Vp3vbr45fONV6ZvT43315YaE81JmY6V2an2nf7cfVqutfE6NiedOZjHdzj9h+svzI79+Z859ofLW67/4n6ucsLi/OtK9vvjoNRRDT7txytGjwxOlY1errTmqmqXtx2Mv0vbjAV8Z+R4srpRvp83pbn/2+d4b9p/v/S1gPt0fz/T/RtKz8zpSJ+Fil+6y+fic9X7XwibjtnudzfRoqjZz6Xy8WBslyvDd3nCnRnBpZl/zdS/OPPN5ftzYd8aqPsibs+sQ+JcvwPRYrv//l349fzts3Pf9h+/J/YeqA9Gv+n+7Y9sel5BTvuOnn8j0WKl596J34jb/uo53/0nr1xJBe+9XyOPRr/T/VtG86f+5u703UAAAAAAAAAAICH2mAq4u8ixQ/GaunFvO1u/v7f1NYD7dHf//p037ap3Vmv6GNf7PikAgAAAMA+MZiK+HGkuLb4zq051Jvnf/fN//ydjfmfo2nL3urP+X6lem7Abv75X7/h/LmTO+82AAAAAAAAAAAAAAAAAAAA7CspFfFiXk99sprPn7ZZ3L1bbiVSvPrfz/fKHY5io+hw9Wv9wuzMsXPT07NXWouty9Ptxvhc60q7rPt0pFj7m8/lukW1vnpvvfnuGu8ba7HPR4qxv++V7a7F3lub/Ole2aX2ibLsJyLFf/3D5rK9daw/tXHck2XZv44UX//n7cse3ih7qiz73Ujxw683emWfKMv2no/66Y2yL1yZLXZ7SAAAAAAAAAAAAAAAAAAAAHgMDaYi/ixS/M/15Vtz+fP6/4N9bytvf7Nvvf8tblbr/A9X6//f6fW9rP9fPVdg6U6fCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj6YURbwVKeYurKWVofJ9V/18Z+bGzYnRse2rHUxVzYGqfPlTP3Hy1OkvvThyppcfXX+3fSZeH790rvHK7PW5+fbCQnuqMTHTuTI71b7rI+y0/lZHqxPQuP7GjamrVxcaJ184tWn3zeEPh548PHx25Lljz/bKToyOjY33lakN3vOn3ybdYfuBKOKvIsXz3/tJ+sFQRBE7Pxcf893ZawerThytOjExOlZ1ZLrTmlksd17snYgiotFXqdk7R/dhLHakGbFUNr9s8NGye+NzrfnW5el242JrfrGz2JmduZi6rS3704gizqSI5YhYHbr9cINRxBuR4juH1tK/DEUM9M7DFy+krx4/eed2FHvYx7tQtrMxGLFcfNSYbdNhNhmKIv4pUvz0vSPxr0MRtej+xBciXivz3Yi3ozveqfxinI74wGl9ZNSiiP8rx//sWnpvqLwe9K4r57/W+MrM1dm+sr3ryub7w0A8dPeH+2mf30/qUcQPqyv+Wvo3/10DAAAAAAAAAAAAAAAA7CNF/GqkeOn9I6maH3xrTnFn5lrjUuvydHdaX2/uX2/O9Pr6+nojdbOZczLnUs7lnCs5V3NGkevnbJZZX1+fzO+Xci7nXMm5mjMGcv2czT/Mjcrvl3Iu51zJuZozarl+zmbOyZxLOZdzruRczRn7ZO4eAAAAAAAAAAAAAAAAAADwaCmqf1J8+xtraX2oWl96oLdvxXqgj7z/DwAA//9cO/Ma") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c6600577df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204, 0xf4c]}) lstat(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) 4m44.728611825s ago: executing program 4 (id=400): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) 4m42.083477089s ago: executing program 4 (id=412): socket(0x25, 0x1, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000333}, &(0x7f0000000240), &(0x7f0000000280)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x54, r2, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xa}, {0x8}, {0x5, 0x14, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x80) 4m40.887923479s ago: executing program 33 (id=412): socket(0x25, 0x1, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000333}, &(0x7f0000000240), &(0x7f0000000280)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x54, r2, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xa}, {0x8}, {0x5, 0x14, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x80) 18.983455151s ago: executing program 5 (id=1131): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) 12.908612854s ago: executing program 5 (id=1148): set_mempolicy(0x3, &(0x7f0000006240)=0x8, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c250000000000206ea37b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, 0x0, 0x0, 0x4}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f00000006c0)=""/143, &(0x7f0000000780)=0x8f) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}, {&(0x7f0000000300)=""/78, 0x4e}, {&(0x7f0000000400)=""/133}], 0x9}, 0x40020000) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0xfffe}], 0x1}, 0x0) 12.040209845s ago: executing program 5 (id=1151): sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001701000003000000010000000000000000000000000000001701000002000000000000007005baa38d33e2e1650de8f13f421b2d4b60252e76171216e42961c3b08d4d3dacb0a7089ff7cbfd613d46fa95d6e2f6e76ac3266c9b1a531c4bcf0e7071f117cca4e883b4a6eb5dee7a9ab4d05d7ee311ab1c55b817285e0c3714ee6137e3b8553de667701a7c93437583b5f0b285a188098c1ac4ebac40b315ff8db6f736992497879a42b95248fed4d4888970573d0e88ceead26d97e172588a3ad30fbd01b7bbeeaa668e835f7ae3113fe2d949bb47bc0b2c62541714cc0538601ae4bab19d69a5addee134dd447034da6dd89704603d31a3d25b9d5f46cfd43d9e29aac7422920d98e1463256bd4cc929373ad9000000000faf6a95a04ad3b9db9b230f8224a3d6db187a94e5dadfe181d20d3a4bd08e8b0e6eeb79fdee230dd852a36dfc9046d03b8f316b2d460ca5d08c515d914db8ce430ea0237911c440ee750fe787aaffa83b809651c529e4cf68c8219a827ea003c59e3e51b00cd7f9464f37be2eb3e1475819ad37edcc238b85ab205a2b394916815d9cf7bf3f8e3d19a4697756299e21f2afd3ae31e0f09b8153965635216de47156f4e5fc97cb04f9c5e13256be1d9e0a94f9c6387940de1bcd7b532d16ebba216601cf23be6a7c259550bd059a5a7aee85eb558de8201c1d9c7b29e27313f61cf0b07dd790071bdbceabdd32ce2bcc279b1575a1431b03e5dc37307d15a2782175c87dad1a3aadf48b382bea4ae0b423edee0e12ada4c1dacc40bf387630792ab5c7ed6e2ef7e8a77268b0ff8978ccddfa8da4521d24b3fddc70d181c20caa9a584df9b2e"], 0x18}], 0x4924924924924fd, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x1f, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 10.660691278s ago: executing program 6 (id=1156): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$nfs(&(0x7f0000000040)='@\a', &(0x7f0000000340)='./file1\x00', 0x0, 0x20887b, 0x0) mount$nfs(&(0x7f0000000080)='@\a', &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0) 9.403141026s ago: executing program 6 (id=1158): accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x1000004, &(0x7f0000000cc0)=ANY=[], 0x4, 0x5d9, &(0x7f00000010c0)="$eJzs3U9rHOcdB/DvrNZrrQuOktiJ2wYqUvqHitqS1m2TgqlaTNEhlIBfgajlWHitBGlTlByKXfxCUoLeQC+55OCDz+1LEPRYKPRURC8uMzu72tiyLCWWdhV/Pvaz8zx6Zn7zm9/OjHZXAgV4aS3PpfkwRZbn3tsqxzvbne7OdufuoJ/kbJJG9T/NsvvPZOpBMpt+y3eTFHW44ln7ufbF5818ef9Gf9SoW7X+1EHbHc69umWpTnLpBcZ79I3jFcMjLINeHwSfBI+f7z/HuPupY4zNYbT6i+IZz8VMci7JdH0fGJy4jRPM8FhMzAUIAAAAx+iV3exmK+fHnQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJvXf/y/q1hj0Z1MM/v5/q/5a6v6p9nDcCQAAAAAAAADAC/CD3exmK+cH48dF9TP/t6vBherxO/k4m1nNRi5nKyvppZeNLCSZGQnU2lrp9TYWDrHl4r5bLp7M8QIAAAAAAADAt9Rfsrz3838AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgERTLVX1TtwqA/k0YzyXSSVrneveQfg/5p9nDcCQAAAMAJeGU3u9nK+cH4cVG953+jet8/nY+znl7W0ks3q7lZfRbQf9ff2NnudHe2O3fL9nTc3/77SGlUEdP/7GH/PV+q1mjn1p1mvc0f82G6uZlGtWXp0iCf/fO6X+ZU/KZ2yMxu1ssiKb5ffxoyGWaqipzJraxVNZqvcyur8erBlTjis/PknhbSGH7yc+EYan6uXpY1n57omi+OnH1vHFyJ5EfX/rt+u7t+5/atzbnJOaSv6clKdEYq8eZLVYn5qhIXh+Pl/D43MpfZvJ+NrOVPWUkvq5nN9aq3Up/P5ePMwZVa+sro/edl0qqfl/5d9Gg5vV1tez5r+UM+zM2s5pdZzNW8k4X8qvp3deQZvniIq75xtKv+hz+tO68lRbu/nBBlXV8dqevoPXemmhv9yl6VXnvx98bm9+rOVFI0hzlNgicrsTBSidcPrsRfH5ePm931Oxu3Vz465P5+Ui/L7xJnn/td4iTr1KrP3v4rla+eHeXc6/vOLVRzF4ZzjafmLg7nnnelturXcE9HWqzm3tx3rlPNXRqZaw/nLg9fbwEw8c797Fyr/a/239uftR+0b7ffm/7d2XfOvtXKmUdnft2cn/px463ib/ksf957/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx9m598emel213d0NHR0Rl2xn1n4iRc6d396MrmJ5/+fO3uygerH6yud+Z/sfhuZ2Hx3atXbq11V+f7j+NOk2Oyd9GPOxMAAAAAAAAAAACO4iR+nXTcxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDpsTyX5sMUWZi/PF+Od7Y73bIN+ntrNpI0y+X/kqkHyWz6LTMj4Ypn7efaF5838+X9G3uxGoP1pw7a7nDu1S1LdZJLLzDeo28crxgeYRn0+iA4jNv/AwAA///YHBzc") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x4100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f00000003c0)='./file0/../file0/../file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 9.330323579s ago: executing program 2 (id=1159): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000380)='./file1\x00', r0, &(0x7f00000003c0)='./bus\x00', 0x400) rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00') 9.272223441s ago: executing program 3 (id=1160): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) semtimedop(0x0, &(0x7f0000001b00)=[{0x1, 0x6, 0x1000}], 0x1, &(0x7f0000001b40)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigtimedwait(&(0x7f0000000000)={[0x1000]}, 0x0, 0x0, 0x8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x4, 0x4, 0x3b0, 0xffffffff, 0x1a0, 0x1a0, 0x1a0, 0xffffffff, 0xffffffff, 0x2e0, 0x2e0, 0x2e0, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @remote, [], [], 'bridge_slave_1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x410) 7.83035499s ago: executing program 3 (id=1161): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0700000004000000085d5f3a94900726f8c308674c000021ee4e0000000000d5409832c2030805828392fcf97352bff7c9af4ebdad0376cfadb78881f5cec4e741d3237189057a1d34c47d29efdd216665fbe8fb9be1da5af09840e0ac52fb0a4e0a40ec609af9c1476317f3fc972ed189bfbd13cc31ab1ee7b669f5a0124e9125f6981105a94e9adbe077ca7b9e15d7424f578ead3ec415b5ca7810cf20f85af9d6b2", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000093c0), r0) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000000)={[{@quota}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@dioread_nolock}]}, 0x21, 0x784, &(0x7f0000001900)="$eJzs3c1rHOUfAPDvbN7aNL9fIghaTwFBA6UbU2Or6KHiQQQLBT3bLpttqNlkS3dTmhDQIoIXQcWDoJeefak3r75c9V/w5EEsVdNixYNEZrPTbJvdNEmTbHU/H5js88zM5pnvPDPzPLvzMBtA1xpN/+QiDkbEe0nEcGN+EhF99VRvxPHV9W4uLxXTKYmVlVd+S+rr3FheKkbTe1IHGpmHI+LbtyMO5daXW11YnCmUy6Xzjfx4bfbceHWhPyIK06Xp0tzRicnJI8eeOnZ052L944fFoavvv/j4F8f/euuhK+9+l8TxGGosa45jp4zGaGOf9KW78DYv7HRhHZZ0egPYlvTU7Fk9y+NgDEdPPQUA/Je9ERErAECXSbT/ANBlsu8BbiwvFbOps99I7K1rz0fEvtX4s/ubq0t6G/fs9tXvgw7eSG67M5JExMgOlD8aEZ989dpn6ZTmf3y2u/Y/0DlvXoqI0yOj66//yboxC1v1xAbL+huvo3fM77b2Bzrp67T/83Sr/l/uVv8nWvR/Blqcu9tx1/N//w4UsoG0//dc09i2m03xN4z0NHL/q/f5+pIzZ8ul9Nr2/4gYi76BND+xQRlj1/++3m5Zc//v9w9e/zQtP31dWyP3S+/A7e+ZKtQK9xJzs2uXIh7pbRV/cqv+kzb935ObLOOlZ975uN2yNP403mxaH380RiftjpXLEY+1rP+1EW3J2vjExcNnZ+8YnzhePxzGs4OihS9/+miwXfnN9Z9OafnZZ4G9kNb/4MbxjyTN4zWrWy/j+8vD37Rbdvf4Wx///cmr9XTWj7hYqNXOT0T0Jy+vn39k7b1ZPls/jX/s0dbn/0bHf/qZ8HSrgFrUdO/VXz/ffvy7K41/akv1v/XElZszPe3K31z9T9ZTY405m7n+bXYD72XfAQAAAAAAAAAAAAAAAAAAAAAAAMBm5SJiKJJc/lY6l8vnV3/D+8EYzJUr1dqhM5X5uamo/1b2SPTlskddDjc9D3Wi8Tz8LH/kjvyTEfFARHw4sD/JnqM41eHYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBzoM3v/6d+Huj01gEAu2ZfpzcAANhz2n8A6D7afwDoPtp/AOg+2n8A6D7afwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbZyRMn0mnlz+WlYpqfurAwP1O5cHiqVJ3Jz84X88WhOJefrlSmy6V8sTJ7t/9XrlTOTcbc/MXxWqlaG68uLJ6arczP1U6dnS1Ml06V+vYkKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYmurC4kyhXC6dl9hGYuX+2IzOJ3oah9MuFJFEROcD3HAL74/N2OFEhy9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8S/wQAAP//iZYeGw==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104) fallocate(r3, 0x0, 0x3, 0x800000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000009500)={0x0, 0x0, &(0x7f00000094c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010029bd7000fbdbdf252b00000008000200", @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000d00)=ANY=[@ANYBLOB="9fa9c149ca1fcb15a701efeb010018000000000000000c0000000c000000060000000400000000000004"], 0x0, 0x2a}, 0x28) 7.787334446s ago: executing program 0 (id=1162): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000200000000000000000000008500000011000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000340)={@broadcast, @random="c10463df3f5e", @val={@val={0x88a8, 0x2, 0x1}, {0x8100, 0x0, 0x0, 0x3}}, {@canfd={0xd, {{0x1, 0x1, 0x1, 0x1}, 0x2d, 0x0, 0x0, 0x0, "1dbc05d7fb23a2bcf5b687f7a1bc52d1c6f311bcd16066a180e6afb8074b2ea60d61f961b94744b9e2002bdfdbbcd8ea912e5817d7ee18b24a5858a359284d84"}}}}, &(0x7f00000001c0)={0x1, 0x1, [0xfcf, 0xa6d, 0x1cb, 0xa98]}) r1 = socket(0x26, 0x1, 0x9) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}}, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r4, 0x1, 0x6, @remote}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x30}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$ENABLE_STATS(0x20, &(0x7f0000000440), 0x4) 7.200928991s ago: executing program 6 (id=1163): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sequencer(0xffffff9c, &(0x7f00000000c0), 0x1, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) openat$vimc0(0xffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7.190960015s ago: executing program 2 (id=1164): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r7, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 6.07150919s ago: executing program 0 (id=1165): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000020a090100000000000000000000000014000000110001000000"], 0x3c}}, 0x0) 5.545851656s ago: executing program 2 (id=1166): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x202, &(0x7f0000000140)={&(0x7f0000000100)=""/32, 0x20}) 5.531019649s ago: executing program 3 (id=1167): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, 0x0, &(0x7f0000000200)={0x0, 0xa, 0x1}, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 5.528822961s ago: executing program 6 (id=1168): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) r3 = socket(0x1e, 0x1, 0x0) sendfile(r3, r2, 0x0, 0x101) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000000)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) 4.941932207s ago: executing program 0 (id=1169): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}}, 0x4044004) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x20008804) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c00000023000100800000000000000000000000050021"], 0x1c}}, 0x0) shutdown(r0, 0x1) connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @none, 0x15}, 0xa) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x8, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20000010) close(r4) bind$alg(r3, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x7, &(0x7f0000000100), 0x0) 4.77105231s ago: executing program 0 (id=1170): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x15, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x0) 3.129437747s ago: executing program 2 (id=1171): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 2.973367177s ago: executing program 3 (id=1172): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) recvmsg$unix(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) 2.97282132s ago: executing program 6 (id=1173): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x81901) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000040)={@local, 0xd}) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x121) fcntl$setlease(r5, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 2.234328981s ago: executing program 2 (id=1174): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x0) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x400, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000080)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/224, 0xe0}], 0x1}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x14, 0x2, 0x6, 0x503, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8044) 2.101565039s ago: executing program 5 (id=1175): ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = syz_io_uring_setup(0x24fa, &(0x7f00000002c0)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r0}, &(0x7f0000000240)=0x0, &(0x7f0000000680)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ_FIXED) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x10, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e23, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x4, 0x0, @val=0x80}}}}}}}, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) 2.032780533s ago: executing program 3 (id=1176): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000700)=ANY=[], 0x8) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.496828019s ago: executing program 0 (id=1177): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 999.805655ms ago: executing program 5 (id=1178): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$getregs(0xc, r3, 0xffffffffffffdcaf, &(0x7f0000000040)=""/45) 998.61675ms ago: executing program 3 (id=1179): io_uring_setup(0x3411, &(0x7f0000000140)={0x0, 0x21f5, 0x400, 0x3, 0x105}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec0000002100010026bd700000000000ac1414aa0000000000000000000000007f0000010000000000000000000000000004000000000000020000a0", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fcffffff000000009c00110000000000000000000000000000000000ac1414bb000000000000000000000000ac1efe01000000000000000000000000e00000020000000000000000000000006c000000feffffff0200020000000000000000000000000000000000ac1414bb"], 0xec}, 0x1, 0x0, 0x0, 0x8814}, 0x20000140) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0xa0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4}, @CTA_MARK={0x8, 0x4}]}, 0xa0}, 0x1, 0xfffff000}, 0x0) getpid() ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}) write$sndseq(r0, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="000000e8ff07000014000300200000000000000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r4], 0x4c}}, 0x0) syz_usb_connect(0x2, 0x46, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x5e, 0x5a, 0xc1, 0x10, 0x12d1, 0x9a6e, 0xe2d9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0x3, 0xf3, 0x0, 0x1e, [{{0x9, 0x4, 0xae, 0x5, 0x3, 0xff, 0x2, 0x3e, 0xdf, [], [{{0x9, 0x5, 0xd, 0x10, 0x400, 0x9, 0x7f, 0xa9}}, {{0x9, 0x5, 0xf, 0x2, 0x10, 0x3, 0x7, 0xc}}, {{0x9, 0x5, 0xd, 0x3, 0x20, 0xa5, 0x0, 0xa9, [@generic={0x7, 0x5, "86e2d85a88"}]}}]}}]}}]}}, &(0x7f0000000100)={0x0, 0x0, 0x5, &(0x7f0000000340)={0x5, 0xf, 0x5}, 0x2, [{0x52, &(0x7f0000000240)=@string={0x52, 0x3, "617759695e259ff9cb526fb3bacdf661e748ce4ccbd1a8a30a45f4a80f3f70beb7962c91600a840557c266856af8a9579bbd3d12f096701884347fe27b30914149659a8a351c67d523a1df8282650f1e"}}, {0xff, &(0x7f00000005c0)=@string={0xff, 0x3, "447d1436a9515bddd0a9cb960b38e01826ec213ada20c9aa89767fec76965b4a5fc78ab75ab7578a3e06875cf2eb0bcc30ec6c8c6ccdcf2bf324d5b9c237abb20e45e5bbb7422221386f9f22ba78699969af8d6e2ebc36533c561582fe977db01a42f393657fa001dc21c4d6c76216d5ad64ba10a73ceae9b1e5cfd787202fcafc71ff431876171df2cc62fb03c1c4a319b59dab3fcc3c554b3d9ae76c816439e422936686aef35e5616f5d2985f511c8469386683b8bcb13f60f562c47decef7ae6ccfb892bbd78e247bf863323ab73d3bd434bbf56e3f38f82eabe5562003fd45a4b616eec07e9a0a428576065597b1970435ea1494cca945ebf8e21"}}]}) 196.467885ms ago: executing program 0 (id=1180): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) recvmmsg$unix(r3, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0) 173.113749ms ago: executing program 6 (id=1181): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xf}, {0xa, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x8, 0x4, 0x0, 0x7}, 0xf0, 0x0, 0x31a, 0x3, 0x88a, 0x0, 0x8e, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}}}}]}, 0x4c}}, 0x0) 46.883791ms ago: executing program 5 (id=1182): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000002c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @private0, 0x2, 0x6, 0x0, 0x0, 0x100000000000006, 0x150046, r4}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000080)={{0x9, 0xf81, 0xfff, 0x80}, 'syz0\x00', 0x32}) ioctl$UI_DEV_CREATE(r5, 0x5501) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004006, &(0x7f00000010c0)={[{@jqfmt_vfsold}, {@nouid32}, {@nobh}, {@noblock_validity}, {@block_validity}, {@grpjquota, 0x22}], [], 0x2}, 0xc4, 0x495, &(0x7f0000019080)="$eJzs3EtvG0UcAPD/bh59kQelPPqAGgoiopA06VOICwikXpCQ4ADHkIYq1G1REyRaVTQgVI4VnwA4IvEJOMEFAScQV7gjpAr1QuBktN7d1o3j4Dp10ta/n7TxzD4889/dScYz6wTQsyrZjySiFhG/RcRInr15h0r+snTt4sw/1y7OJFGrvf5XUt/v72sXZ8pdy+O2FZmxNCL9JIndK5Q7f/7CqelqdfZckZ9YOP3exPz5C8/NnZ4+OXty9szUsWOHIo4emTp8W+Icyuq668Oze3Yef+uzV2dq8faPX2f1va/Y3hhHbnTNZVaicvO5rBus/3xqze9+ZxlqSCf9G1gRbklfRGSXa6De/keiL25cvJF45eMNrRzQVbVarbapaW1fmVisNRosDgDuEUnepAcbfiEst3W96wSsh/IPffb5t1zWqetxR7j6Yv4BKIt7qVjyLf2RZi+b80/sQ10qvxIRby7++3m2RPM4RF+r4zZ3qT4AwL3v26z/8+xK/b/h5KGG/YaLuaHRiNgfEdsj4oGI2BERD0ZEtu/DEfHILZZfWZZv7n/+sqWjwNqU9f9eKOa2yuVKfUta7jLaV+SG6vEPJO/MVWcPFOdkLAY2ZfnJVcr47uVfr7Ta1tj/y5as/LIvmEv/7F82QHdiemF6TUE3eH4uf11q6v8m14cCkojYGRG7Onj/7JzNPfPVniw9vK15+//Hv4rbMM9U+zLi6Tz+xVgWfynJS2qenzw4efTI1OGJzVGdPTBR3hXNfvr58muN+YGGdLvxL6491BVd/Shia4vrX1c2g3K+dv7Wy7j8+6ctP1N2ev8PJm/U0+Ww1QfTCwvnJiMGixU3rZ+6cWyZL/fP4h/bt1L8w8n26I8viuN2R0R2Ez8aEY9FxN6i7o9HxBMRsW+V+H946cl3Vz9DHd7/t0EW/4nVrn/EaNI4X99Bou/U99+0Kr+963+onhor1rTz+6/dCq7l3AEAAMDdIq0/A5+k49fTaTo+nj/DvyO2ptWz8wv7K/H+mRP5s/KjMZCWI10jDeOhk8XYcJmfytLlyO1cdfZgRNxfH1HcUt8+PnO22q05daA921q0/8wfLZ8+Ae4ZrebRBlZa2fyNNuAu5vua0Lu0f+hd2j/0Lu0fetdK7f9SxNIGVAVYZ/7+Q+/S/qF3af/Qu7R/6EnNX4kvH9rv5Jv+NxLbj6/p8B5K9HXpnaPxn3Z0IRHphp+6zhPpnVCNvUViU0S0e9Slrl7T5fcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3e+/AAAA//8ObNqZ") 0s ago: executing program 2 (id=1183): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x48) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000005100)=[{0x0}, {&(0x7f0000004f40)=""/101, 0x65}], 0x2}}], 0x3, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)='%-010d \x00'}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10) kernel console output (not intermixed with test programs): collect_data cause=failed(directio) comm="syz.1.49" name="/" dev="9p" ino=2 res=0 errno=0 [ 95.737256][ T5957] usb 1-1: USB disconnect, device number 2 [ 95.821498][ T6126] loop3: detected capacity change from 0 to 2048 [ 95.872710][ T6126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.159929][ T6132] loop1: detected capacity change from 0 to 4096 [ 96.214566][ T6132] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 96.550540][ T6138] loop3: detected capacity change from 0 to 2048 [ 96.573519][ T6138] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.602866][ T6138] EXT4-fs: Ignoring removed i_version option [ 96.691587][ T6143] loop0: detected capacity change from 0 to 1024 [ 96.699709][ T6143] EXT4-fs: inline encryption not supported [ 96.706196][ T6143] EXT4-fs: Ignoring removed i_version option [ 96.716113][ T6143] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 96.717499][ T6138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.778177][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.58: lblock 2 mapped to illegal pblock 2 (length 1) [ 96.865067][ T6143] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 96.900632][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.58: lblock 0 mapped to illegal pblock 48 (length 1) [ 96.969594][ T6143] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 97.000155][ T6143] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.58: Failed to acquire dquot type 0 [ 97.049345][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.063082][ T6143] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6254: Corrupt filesystem [ 97.091559][ T6143] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.58: mark_inode_dirty error [ 97.132277][ T6143] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 97.182597][ T6143] EXT4-fs (loop0): 1 orphan inode deleted [ 97.198723][ T1318] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 97.240681][ T6143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.276537][ T1318] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 97.285304][ T1318] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0 [ 97.351538][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.397791][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.584774][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.759322][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.869136][ T6163] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.909711][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 97.938796][ T6143] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 98.122846][ T6163] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 16: comm syz.0.58: lblock 0 mapped to illegal pblock 16 (length 1) [ 98.148496][ T6167] EXT4-fs error (device loop0): __ext4_get_inode_loc:4791: comm syz.0.58: Invalid inode table block 1 in block_group 0 [ 98.221041][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.246573][ T36] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 98.855823][ T6176] overlayfs: failed to get inode (-116) [ 98.954468][ T6176] overlayfs: failed to get inode (-116) [ 105.720681][ T6230] loop2: detected capacity change from 0 to 32768 [ 105.727817][ T6230] XFS: ikeep mount option is deprecated. [ 105.828067][ T6230] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 105.874177][ T5931] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 105.909497][ T6230] XFS (loop2): Ending clean mount [ 105.918741][ T6230] XFS (loop2): Quotacheck needed: Please wait. [ 106.029585][ T5931] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 106.060459][ T6230] XFS (loop2): Quotacheck: Done. [ 106.079846][ T5931] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 107.054900][ T5931] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 107.519078][ T6242] Zero length message leads to an empty skb [ 108.666959][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.881628][ T5931] usb 4-1: can't set config #16, error -71 [ 108.953137][ T5931] usb 4-1: USB disconnect, device number 2 [ 109.090130][ T6247] netlink: 'syz.1.85': attribute type 4 has an invalid length. [ 109.147943][ T6249] netlink: 'syz.1.85': attribute type 4 has an invalid length. [ 109.421477][ T6255] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.472388][ T6255] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 109.479866][ T6255] IPv6: NLM_F_CREATE should be set when creating new route [ 109.586775][ T6255] lo: entered allmulticast mode [ 109.753602][ T6255] tunl0: entered allmulticast mode [ 109.789131][ T6255] gre0: entered allmulticast mode [ 109.812030][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 110.706937][ T6255] gretap0: entered allmulticast mode [ 110.826254][ T6273] loop0: detected capacity change from 0 to 512 [ 111.093313][ T6273] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.93: iget: bad extended attribute block 1 [ 111.115331][ T6255] erspan0: entered allmulticast mode [ 111.579233][ T6282] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 111.588216][ T6282] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 111.596510][ T6282] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 111.608121][ T6282] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 112.068830][ T6255] ip_vti0: entered allmulticast mode [ 112.101531][ T6273] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.93: couldn't read orphan inode 15 (err -117) [ 112.119016][ T6255] ip6_vti0: entered allmulticast mode [ 112.807668][ T6255] sit0: entered allmulticast mode [ 112.826014][ T6273] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.979064][ T6255] ip6tnl0: entered allmulticast mode [ 113.039113][ T6255] ip6gre0: entered allmulticast mode [ 113.112049][ T6255] syz_tun: entered allmulticast mode [ 113.161102][ T6255] ip6gretap0: entered allmulticast mode [ 113.263660][ T6255] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.272293][ T6255] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.321032][ T6255] bridge0: entered allmulticast mode [ 113.354626][ T6255] vcan0: entered allmulticast mode [ 113.380005][ T6255] bond0: entered allmulticast mode [ 113.391008][ T6255] bond_slave_0: entered allmulticast mode [ 113.396828][ T6255] bond_slave_1: entered allmulticast mode [ 113.418913][ T6255] team0: entered allmulticast mode [ 113.425206][ T6255] team_slave_0: entered allmulticast mode [ 113.430949][ T6255] team_slave_1: entered allmulticast mode [ 113.432326][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.582005][ T6255] dummy0: entered allmulticast mode [ 114.090300][ T6255] nlmon0: entered allmulticast mode [ 114.175682][ T6255] caif0: entered allmulticast mode [ 114.214890][ T6255] batadv0: entered allmulticast mode [ 114.257194][ T6255] vxcan0: entered allmulticast mode [ 114.263535][ T6255] vxcan1: entered allmulticast mode [ 114.329564][ T6255] veth0: entered allmulticast mode [ 114.363080][ T6255] veth1: entered allmulticast mode [ 114.670938][ T6255] wg0: entered allmulticast mode [ 115.088418][ T6255] wg1: entered allmulticast mode [ 115.503427][ T6255] wg2: entered allmulticast mode [ 115.517906][ T6255] veth0_to_bridge: entered allmulticast mode [ 115.607963][ T6255] veth1_to_bridge: entered allmulticast mode [ 115.784847][ T6255] veth0_to_bond: entered allmulticast mode [ 115.832560][ T6255] veth1_to_bond: entered allmulticast mode [ 115.842910][ T6255] veth0_to_team: entered allmulticast mode [ 115.863921][ T6255] veth1_to_team: entered allmulticast mode [ 115.957749][ T6255] veth0_to_batadv: entered allmulticast mode [ 116.000336][ T6255] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.025162][ T6255] batadv_slave_0: entered allmulticast mode [ 116.141476][ T6255] veth1_to_batadv: entered allmulticast mode [ 116.165943][ T6255] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.225210][ T6255] batadv_slave_1: entered allmulticast mode [ 116.246062][ T6255] xfrm0: entered allmulticast mode [ 116.299185][ T6255] veth0_to_hsr: entered allmulticast mode [ 116.326359][ T6255] hsr_slave_0: entered allmulticast mode [ 116.336745][ T6255] veth1_to_hsr: entered allmulticast mode [ 116.357995][ T6255] hsr_slave_1: entered allmulticast mode [ 116.383351][ T6255] hsr0: entered allmulticast mode [ 116.789661][ T6255] veth1_virt_wifi: entered allmulticast mode [ 116.900772][ T6255] veth0_virt_wifi: entered allmulticast mode [ 116.921153][ T6255] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 116.962815][ T6255] veth1_vlan: entered allmulticast mode [ 116.980396][ T6255] veth0_vlan: entered allmulticast mode [ 117.017403][ T6255] vlan0: entered allmulticast mode [ 117.041120][ T6255] vlan1: entered allmulticast mode [ 117.067735][ T6255] macvlan0: entered allmulticast mode [ 117.154972][ T6255] macvlan1: entered allmulticast mode [ 117.295418][ T6255] ipvlan0: entered allmulticast mode [ 117.314414][ T6255] ipvlan1: entered allmulticast mode [ 117.320263][ T6255] veth1_macvtap: entered allmulticast mode [ 117.387541][ T6255] veth0_macvtap: entered allmulticast mode [ 117.474314][ T6255] macvtap0: entered allmulticast mode [ 117.512469][ T6255] macsec0: entered allmulticast mode [ 117.572271][ T6255] geneve0: entered allmulticast mode [ 117.607709][ T6255] geneve1: entered allmulticast mode [ 117.665323][ T6255] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 117.676922][ T6255] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 117.709067][ T6255] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 117.739785][ T6255] netdevsim netdevsim3 netdevsim3: entered allmulticast mode [ 118.160709][ T6255] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 118.190886][ T6255] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 118.268080][ T13] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.277624][ T13] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.289262][ T3492] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.722899][ T3492] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.965181][ T6347] binder: BINDER_SET_CONTEXT_MGR already set [ 118.971248][ T6347] binder: 6346:6347 ioctl 4018620d 200000000040 returned -16 [ 119.142409][ T6347] binder: 6346:6347 ioctl c0306201 200000000240 returned -11 [ 121.413019][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.112'. [ 122.507576][ T6368] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.515297][ T6368] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.238088][ T6368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.261505][ T6368] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.723378][ T13] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.748027][ T13] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.784197][ T13] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.809705][ T6406] loop0: detected capacity change from 0 to 2048 [ 125.839251][ T13] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.859071][ T6406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.121'. [ 126.447831][ T30] audit: type=1800 audit(1752120359.021:4): pid=6424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.127" name="/" dev="9p" ino=2 res=0 errno=0 [ 128.564903][ T6447] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[6447] [ 132.768829][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.775306][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.071305][ T6452] syz.4.131 (6452): drop_caches: 2 [ 135.424314][ T30] audit: type=1800 audit(1752120367.911:5): pid=6495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.139" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 135.476472][ T51] Bluetooth: hci2: connection err: -111 [ 135.610908][ T6500] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security [ 135.626410][ T6501] futex_wake_op: syz.3.143 tries to shift op by -1; fix this program [ 135.654803][ T51] Bluetooth: hci2: unexpected event 0x03 length: 17 > 11 [ 136.906416][ T6519] bridge_slave_0: left allmulticast mode [ 137.107554][ T6519] bridge_slave_0: left promiscuous mode [ 137.326475][ T6519] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.479634][ T6519] bridge_slave_1: left allmulticast mode [ 137.485617][ T6519] bridge_slave_1: left promiscuous mode [ 137.502584][ T6519] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.046529][ T6519] bond0: (slave bond_slave_0): Releasing backup interface [ 138.135439][ T6519] bond0: (slave bond_slave_1): Releasing backup interface [ 138.153255][ T6535] netlink: 200 bytes leftover after parsing attributes in process `syz.0.150'. [ 138.193469][ T6535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.150'. [ 138.217086][ T6519] team0: Port device team_slave_0 removed [ 138.252511][ T6519] team0: Port device team_slave_1 removed [ 138.280088][ T6519] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.297982][ T6519] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.507707][ T6519] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.539506][ T6519] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.441842][ T6572] loop0: detected capacity change from 0 to 32768 [ 141.449752][ T6572] XFS: ikeep mount option is deprecated. [ 141.819623][ T6572] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.058899][ T6572] XFS (loop0): Ending clean mount [ 142.072484][ T6572] XFS (loop0): Quotacheck needed: Please wait. [ 142.183828][ T6572] XFS (loop0): Quotacheck: Done. [ 144.079512][ T6603] loop4: detected capacity change from 0 to 4096 [ 145.232111][ T6603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.791034][ T6631] netlink: 'syz.2.168': attribute type 1 has an invalid length. [ 145.828546][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 145.867492][ T5863] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.962924][ T6636] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.976642][ T6636] bond1: (slave bond2): making interface the new active one [ 145.985184][ T6636] bond1: (slave bond2): Enslaving as an active interface with an up link [ 146.005458][ T6636] netlink: 28 bytes leftover after parsing attributes in process `syz.2.168'. [ 146.023832][ T6631] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 146.075324][ T6636] 8021q: adding VLAN 0 to HW filter on device bond1 [ 146.235549][ T6644] loop4: detected capacity change from 0 to 128 [ 146.251538][ T6644] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 146.319477][ T6646] loop2: detected capacity change from 0 to 2048 [ 146.410082][ T6646] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.860326][ T6658] loop3: detected capacity change from 0 to 512 [ 146.886550][ T6645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.124493][ T6658] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 147.889214][ T5931] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 148.317695][ T6658] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.331363][ T6658] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.475858][ T5931] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 148.502600][ T5931] usb 2-1: config 0 has no interface number 0 [ 148.538539][ T5931] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 148.567649][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.584655][ T5931] usb 2-1: Product: syz [ 148.589960][ T5931] usb 2-1: Manufacturer: syz [ 148.609345][ T5931] usb 2-1: SerialNumber: syz [ 148.659534][ T5931] usb 2-1: config 0 descriptor?? [ 148.683049][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.938304][ T6675] netlink: 28 bytes leftover after parsing attributes in process `syz.2.178'. [ 148.995978][ T30] audit: type=1800 audit(1752120381.571:6): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.176" name="/" dev="fuse" ino=1 res=0 errno=0 [ 149.523684][ T5931] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 149.534514][ T5931] asix 2-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 149.585414][ T5931] asix 2-1:0.251: probe with driver asix failed with error -71 [ 150.180444][ T5931] usb 2-1: USB disconnect, device number 3 [ 150.430416][ T6691] netlink: 'syz.2.183': attribute type 1 has an invalid length. [ 150.629069][ T6689] loop1: detected capacity change from 0 to 4096 [ 152.154838][ T6689] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.929543][ T6697] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 363: padding at end of block bitmap is not set [ 154.153702][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.364674][ T5931] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 154.403767][ T6717] loop4: detected capacity change from 0 to 128 [ 154.534692][ T5931] usb 4-1: Using ep0 maxpacket: 32 [ 154.661059][ T6717] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 155.335019][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.428120][ T5931] usb 4-1: New USB device found, idVendor=056a, idProduct=4004, bcdDevice= 0.00 [ 155.429265][ T6717] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.437630][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.545674][ T5931] usb 4-1: config 0 descriptor?? [ 155.772290][ T5863] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 156.416877][ T43] usb 4-1: USB disconnect, device number 3 [ 156.534716][ T5931] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 156.694718][ T5931] usb 5-1: Using ep0 maxpacket: 32 [ 156.928879][ T5931] usb 5-1: config 0 has no interfaces? [ 156.987369][ T5931] usb 5-1: New USB device found, idVendor=0856, idProduct=bc00, bcdDevice=b2.7f [ 157.024837][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.090531][ T5931] usb 5-1: Product: syz [ 157.112282][ T5931] usb 5-1: Manufacturer: syz [ 157.122439][ T5931] usb 5-1: SerialNumber: syz [ 157.163514][ T5931] usb 5-1: config 0 descriptor?? [ 157.469136][ T6758] Invalid source name [ 157.473201][ T6758] UBIFS error (pid: 6758): cannot open "./file0", error -22 [ 158.190282][ T30] audit: type=1800 audit(1752120390.781:7): pid=6760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.202" name="/" dev="9p" ino=2 res=0 errno=0 [ 158.348815][ T6765] loop1: detected capacity change from 0 to 256 [ 158.430246][ T6765] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 158.486113][ T6767] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 160.566852][ T6781] netlink: 24 bytes leftover after parsing attributes in process `syz.2.210'. [ 160.764208][ T6781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'. [ 160.828341][ T6263] usb 5-1: USB disconnect, device number 2 [ 162.402198][ T3492] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.625904][ T3492] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.722659][ T6809] loop3: detected capacity change from 0 to 128 [ 162.753292][ T5931] Process accounting resumed [ 162.765099][ T6809] EXT4-fs: Ignoring removed nobh option [ 162.779656][ T3492] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.819038][ T6809] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 162.831973][ T6807] Process accounting resumed [ 162.850126][ T6809] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 163.867583][ T3492] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.921130][ T5848] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.988056][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 164.005513][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 164.024210][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 164.044039][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 164.053261][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 164.199323][ T3492] bridge_slave_1: left allmulticast mode [ 164.230651][ T3492] bridge_slave_1: left promiscuous mode [ 164.315929][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.344407][ T3492] bridge_slave_0: left allmulticast mode [ 164.350199][ T3492] bridge_slave_0: left promiscuous mode [ 164.364401][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.408692][ T6833] netlink: zone id is out of range [ 164.421268][ T6833] netlink: zone id is out of range [ 164.485157][ T6833] netlink: set zone limit has 4 unknown bytes [ 166.108284][ T51] Bluetooth: hci2: command tx timeout [ 166.670869][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.711865][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.724960][ T3492] bond0 (unregistering): Released all slaves [ 168.185499][ T51] Bluetooth: hci2: command tx timeout [ 169.146467][ T6873] netlink: 277 bytes leftover after parsing attributes in process `syz.0.233'. [ 170.023809][ T5861] IPVS: starting estimator thread 0... [ 170.032167][ T6880] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 170.138729][ T6883] IPVS: using max 29 ests per chain, 69600 per kthread [ 170.307137][ T51] Bluetooth: hci2: command tx timeout [ 171.286017][ T3492] hsr_slave_0: left promiscuous mode [ 171.322121][ T3492] hsr_slave_1: left promiscuous mode [ 171.356084][ T3492] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.363947][ T6901] netlink: 'syz.2.241': attribute type 8 has an invalid length. [ 171.426737][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 172.035691][ T3492] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 172.043141][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 172.280078][ T3492] veth1_vlan: left promiscuous mode [ 172.314813][ T3492] veth0_vlan: left promiscuous mode [ 172.344864][ T51] Bluetooth: hci2: command tx timeout [ 173.474223][ T6266] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 173.581301][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 173.624396][ T6266] usb 1-1: Using ep0 maxpacket: 16 [ 173.632353][ T6266] usb 1-1: config 2 has an invalid interface number: 4 but max is 0 [ 173.685050][ T6266] usb 1-1: config 2 has no interface number 0 [ 173.705040][ T6266] usb 1-1: config 2 interface 4 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 173.734378][ T6266] usb 1-1: config 2 interface 4 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 173.798107][ T6266] usb 1-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=b2.da [ 173.810128][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 173.821908][ T6266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.854173][ T6266] usb 1-1: Product: syz [ 173.864888][ T6266] usb 1-1: Manufacturer: syz [ 173.874414][ T6266] usb 1-1: SerialNumber: syz [ 173.925955][ T6266] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 173.969123][ T6266] usb 1-1: invalid MIDI in EP 0 [ 174.341353][ T6932] netlink: 24 bytes leftover after parsing attributes in process `syz.3.249'. [ 174.680879][ T6266] snd-usb-audio 1-1:2.4: probe with driver snd-usb-audio failed with error -22 [ 174.713133][ T6266] usb 1-1: USB disconnect, device number 3 [ 174.813104][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.4/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 174.922039][ T6938] loop4: detected capacity change from 0 to 8 [ 175.063841][ T30] audit: type=1800 audit(1752120407.641:8): pid=6938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.250" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 175.094998][ T6938] SQUASHFS error: Failed to read block 0x2fc: -5 [ 175.101514][ T6938] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 175.108867][ T6938] SQUASHFS error: read_indexes: reading block [2fa:0] [ 175.115722][ T6938] SQUASHFS error: Failed to read block 0xfc: -5 [ 175.122380][ T6938] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 175.129729][ T6938] SQUASHFS error: read_indexes: reading block [2fa:0] [ 175.137231][ T6938] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 175.145201][ T6938] SQUASHFS error: read_indexes: reading block [2fa:0] [ 175.152412][ T6938] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 175.165444][ T6938] SQUASHFS error: read_indexes: reading block [2fa:0] [ 175.172438][ T6938] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 175.180132][ T6938] SQUASHFS error: read_indexes: reading block [2fa:0] [ 176.104973][ T6948] loop4: detected capacity change from 0 to 1024 [ 176.301531][ T6950] netlink: 28 bytes leftover after parsing attributes in process `syz.0.255'. [ 176.360370][ T6950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'. [ 176.536577][ T6948] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.549268][ T6948] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.633373][ T30] audit: type=1800 audit(1752120409.201:9): pid=6948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.253" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 177.064671][ T6948] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 1: comm syz.4.253: lblock 1 mapped to illegal pblock 1 (length 15) [ 177.085921][ T6948] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 177.101364][ T6948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 177.101364][ T6948] [ 177.158648][ T5863] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.263617][ T6896] bridge0: port 3(syz_tun) entered blocking state [ 177.272245][ T6896] bridge0: port 3(syz_tun) entered disabled state [ 177.279759][ T6896] syz_tun: entered allmulticast mode [ 177.290566][ T6896] syz_tun: entered promiscuous mode [ 177.836445][ T6974] xt_HMARK: spi-set and port-set can't be combined [ 178.397316][ T6970] @: renamed from vlan0 [ 178.709127][ T6821] chnl_net:caif_netlink_parms(): no params data found [ 180.941115][ T7003] loop0: detected capacity change from 0 to 2048 [ 181.058931][ T7003] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 181.112184][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.253950][ T7003] UDF-fs: Scanning with blocksize 512 failed [ 181.282766][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.909110][ T7003] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.909218][ T6821] bridge_slave_0: entered allmulticast mode [ 182.066041][ T6821] bridge_slave_0: entered promiscuous mode [ 182.185440][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.202202][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.214927][ T6821] bridge_slave_1: entered allmulticast mode [ 182.222575][ T6821] bridge_slave_1: entered promiscuous mode [ 182.912461][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.928075][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.294390][ T30] audit: type=1800 audit(1752120415.891:10): pid=7036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.273" name="/" dev="9p" ino=65538 res=0 errno=0 [ 183.361297][ T7031] xt_CT: No such helper "syz1" [ 183.669322][ T6821] team0: Port device team_slave_0 added [ 183.706085][ T6821] team0: Port device team_slave_1 added [ 183.740944][ T7043] netlink: 'syz.2.274': attribute type 13 has an invalid length. [ 185.516777][ T7043] bridge0: port 3(syz_tun) entered blocking state [ 185.523459][ T7043] bridge0: port 3(syz_tun) entered forwarding state [ 185.585079][ T7043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.619454][ T7043] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.689832][ T7043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 185.793906][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.864637][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.899357][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.931369][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.981578][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.058677][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.266509][ T30] audit: type=1804 audit(1752120418.861:11): pid=7070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.283" name="/newroot/58/bus/file0" dev="overlay" ino=338 res=1 errno=0 [ 186.288188][ T7070] evm: overlay not supported [ 186.388094][ T6821] hsr_slave_0: entered promiscuous mode [ 186.410468][ T6821] hsr_slave_1: entered promiscuous mode [ 186.465092][ T6821] debugfs: 'hsr0' already exists in 'hsr' [ 186.488206][ T6821] Cannot create hsr debugfs directory [ 189.929507][ T7106] loop0: detected capacity change from 0 to 164 [ 190.214349][ T7106] rock: directory entry would overflow storage [ 190.220724][ T7106] rock: sig=0x66, size=4, remaining=3 [ 190.241147][ T7106] rock: directory entry would overflow storage [ 190.247578][ T7106] rock: sig=0x66, size=4, remaining=3 [ 190.261798][ T7106] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 191.668666][ T6821] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 191.727696][ T6821] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 191.873650][ T6821] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 191.907712][ T6821] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 192.019862][ T7121] loop4: detected capacity change from 0 to 512 [ 192.040472][ T7121] EXT4-fs: Ignoring removed mblk_io_submit option [ 192.070091][ T7121] EXT4-fs: Ignoring removed bh option [ 192.127491][ T7121] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 192.234653][ T7121] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 192.281880][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.367720][ T7121] EXT4-fs (loop4): 1 truncate cleaned up [ 192.381945][ T6821] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.514036][ T7121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.713262][ T6181] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.720401][ T6181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.512896][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.521031][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.764888][ T5863] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.205586][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.230022][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.690121][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.727109][ T7179] syz.0.303 uses obsolete (PF_INET,SOCK_PACKET) [ 195.760826][ T7179] netlink: 28 bytes leftover after parsing attributes in process `syz.0.303'. [ 195.844831][ T7179] netlink: 28 bytes leftover after parsing attributes in process `syz.0.303'. [ 195.882065][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 196.667398][ T5859] Bluetooth: hci1: command 0x0406 tx timeout [ 196.673443][ T5859] Bluetooth: hci0: command 0x0406 tx timeout [ 196.679749][ T5859] Bluetooth: hci4: command 0x0406 tx timeout [ 196.686036][ T5859] Bluetooth: hci3: command 0x0406 tx timeout [ 197.116702][ T6821] veth0_vlan: entered promiscuous mode [ 197.566476][ T6821] veth1_vlan: entered promiscuous mode [ 197.655788][ T6821] veth0_macvtap: entered promiscuous mode [ 197.721373][ T6821] veth1_macvtap: entered promiscuous mode [ 197.878555][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.890465][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.958586][ T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.098225][ T5858] Bluetooth: hci3: connection err: -111 [ 198.544994][ T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.553758][ T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.983438][ T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.423705][ T1318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.443770][ T1318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.313934][ T7250] loop3: detected capacity change from 0 to 2048 [ 202.359256][ T1318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.417888][ T1318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.458308][ T7250] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.484477][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.224993][ T7271] loop3: detected capacity change from 0 to 8 [ 205.232032][ T7271] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 205.784493][ T5857] udevd[5857]: incorrect cramfs checksum on /dev/loop3 [ 205.844386][ T7282] cramfs: Error -5 while decompressing! [ 205.851348][ T7282] cramfs: ffffffff99c32ac8(26)->ffff888070dc5000(4096) [ 205.860357][ T7282] cramfs: Error -3 while decompressing! [ 205.866247][ T7282] cramfs: ffffffff99c32ae2(26)->ffff88806d303000(4096) [ 205.873178][ T7282] cramfs: Error -3 while decompressing! [ 205.881986][ T7282] cramfs: ffffffff99c32afc(16)->ffff888052731000(4096) [ 205.889636][ T7282] cramfs: Error -5 while decompressing! [ 205.895397][ T7282] cramfs: ffffffff99c32ac8(26)->ffff888070dc5000(4096) [ 205.967634][ T5858] Bluetooth: hci3: command 0x0406 tx timeout [ 205.994182][ T30] audit: type=1800 audit(1752120438.491:12): pid=7282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.319" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 206.216048][ T5857] udevd[5857]: incorrect cramfs checksum on /dev/loop3 [ 208.156652][ T7305] netlink: 32 bytes leftover after parsing attributes in process `syz.3.326'. [ 208.165564][ T7305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'. [ 208.174656][ T7305] netlink: 20 bytes leftover after parsing attributes in process `syz.3.326'. [ 208.521182][ T7311] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 208.548181][ T7311] overlayfs: failed to set xattr on upper [ 208.564545][ T7311] overlayfs: ...falling back to redirect_dir=nofollow. [ 208.580779][ T7311] overlayfs: ...falling back to index=off. [ 208.606877][ T7311] overlayfs: ...falling back to uuid=null. [ 208.664734][ T5861] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 208.895848][ T5861] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 208.969509][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.010376][ T5861] usb 4-1: Product: syz [ 209.036377][ T5861] usb 4-1: Manufacturer: syz [ 209.144597][ T5861] usb 4-1: SerialNumber: syz [ 210.046417][ T5861] usb 4-1: config 0 descriptor?? [ 210.273022][ T5861] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 211.296677][ T7351] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 211.916999][ T5861] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 212.020317][ T5861] usb 4-1: USB disconnect, device number 4 [ 212.078310][ T7361] loop5: detected capacity change from 0 to 1024 [ 212.574686][ T5861] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 212.734809][ T5861] usb 6-1: Using ep0 maxpacket: 32 [ 212.750203][ T5861] usb 6-1: config 0 has an invalid interface number: 166 but max is 0 [ 212.760436][ T5861] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 212.773591][ T5861] usb 6-1: config 0 has no interface number 0 [ 212.793212][ T5861] usb 6-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice= 3.5a [ 212.803203][ T5861] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 212.816017][ T5861] usb 6-1: Product: syz [ 212.820205][ T5861] usb 6-1: SerialNumber: syz [ 212.837148][ T5861] usb 6-1: config 0 descriptor?? [ 212.852151][ T5861] net1080 6-1:0.166: probe with driver net1080 failed with error -22 [ 213.073425][ T5861] usb 6-1: USB disconnect, device number 2 [ 214.061316][ T5858] Bluetooth: hci1: Malformed Event: 0x2f [ 217.905256][ T7444] binder_alloc: 7443: pid 7443 spamming oneway? 1 buffers allocated for a total size of 4096 [ 219.023638][ T7454] netlink: 20 bytes leftover after parsing attributes in process `syz.3.354'. [ 219.034253][ T7454] netlink: 20 bytes leftover after parsing attributes in process `syz.3.354'. [ 219.044193][ T7454] netlink: 204 bytes leftover after parsing attributes in process `syz.3.354'. [ 219.721414][ T30] audit: type=1804 audit(1752120452.311:13): pid=7465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.357" name="/newroot/83/bus/bus" dev="overlay" ino=473 res=1 errno=0 [ 219.731597][ T7465] Invalid ELF header magic: != ELF [ 222.652551][ T7493] loop0: detected capacity change from 0 to 8 [ 222.790478][ T7493] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 223.219276][ T6010] udevd[6010]: incorrect cramfs checksum on /dev/loop0 [ 223.262788][ T6010] udevd[6010]: incorrect cramfs checksum on /dev/loop0 [ 223.514430][ T7501] cramfs: Error -5 while decompressing! [ 223.523447][ T7501] cramfs: ffffffff99c36ac8(26)->ffff8880504e2000(4096) [ 223.553573][ T7501] cramfs: Error -3 while decompressing! [ 223.560938][ T7501] cramfs: ffffffff99c36ae2(26)->ffff8880504e3000(4096) [ 223.572961][ T7501] cramfs: Error -3 while decompressing! [ 223.580243][ T7501] cramfs: ffffffff99c36afc(16)->ffff88806fe04000(4096) [ 223.593711][ T7501] cramfs: Error -5 while decompressing! [ 223.602368][ T7501] cramfs: ffffffff99c36ac8(26)->ffff8880504e2000(4096) [ 223.686059][ T30] audit: type=1800 audit(1752120456.211:14): pid=7501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.364" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 223.942786][ T7503] overlayfs: failed to clone upperpath [ 226.428574][ T7530] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 226.435312][ T7530] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 226.543993][ T7530] vhci_hcd vhci_hcd.0: Device attached [ 226.728673][ T7550] netlink: 'syz.2.376': attribute type 1 has an invalid length. [ 226.749879][ T7550] netlink: 'syz.2.376': attribute type 4 has an invalid length. [ 226.764612][ T5931] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 226.784555][ T5910] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 226.803058][ T7550] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.376'. [ 227.016195][ T5910] usb 4-1: Using ep0 maxpacket: 16 [ 227.091671][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.179871][ T5910] usb 4-1: config 0 has no interfaces? [ 227.229174][ T5910] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 227.316722][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.476265][ T5910] usb 4-1: config 0 descriptor?? [ 227.790916][ T7537] vhci_hcd: connection closed [ 227.793213][ T5861] usb 4-1: USB disconnect, device number 5 [ 227.806578][ T36] vhci_hcd: stop threads [ 227.826520][ T36] vhci_hcd: release socket [ 227.867161][ T36] vhci_hcd: disconnect device [ 228.001192][ T5931] vhci_hcd: vhci_device speed not set [ 228.157430][ T7573] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 229.074954][ T7590] overlayfs: failed to clone upperpath [ 232.292776][ T7626] loop4: detected capacity change from 0 to 2048 [ 232.403539][ T7626] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d [ 232.472872][ T7626] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 232.627746][ T7626] loop4: detected capacity change from 2048 to 64 [ 232.669981][ T7636] UDF-fs: error (device loop4): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1376) [ 233.470183][ T5863] UDF-fs: error (device loop4): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1376) [ 233.981762][ T5863] UDF-fs: error (device loop4): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1376) [ 234.384954][ T6851] syz.4.229: attempt to access beyond end of device [ 234.384954][ T6851] loop4: rw=2049, sector=128, nr_sectors = 1 limit=64 [ 234.466883][ T6851] Buffer I/O error on dev loop4, logical block 128, lost sync page write [ 236.156395][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.409'. [ 236.271669][ T7690] loop5: detected capacity change from 0 to 1024 [ 236.304729][ T7690] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.332115][ T30] audit: type=1800 audit(1752120468.921:15): pid=7690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.411" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 236.355357][ T7690] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 236.375304][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.413726][ T6821] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.442611][ T7694] loop0: detected capacity change from 0 to 2048 [ 236.503159][ T7694] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 236.551712][ T7693] warning: `syz.3.409' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 237.260452][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.546898][ T7712] fuse: Bad value for 'fd' [ 238.308496][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.575994][ T7721] capability: warning: `syz.5.420' uses 32-bit capabilities (legacy support in use) [ 238.855842][ T5903] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 239.033792][ T5903] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 239.100038][ T5903] usb 6-1: config 0 has no interface number 0 [ 239.202510][ T5903] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.342822][ T5903] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.574007][ T5903] usb 6-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 239.587732][ T5903] usb 6-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 239.609294][ T5903] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.623313][ T5903] usb 6-1: config 0 descriptor?? [ 239.691125][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.811179][ T7738] loop0: detected capacity change from 0 to 2048 [ 239.901843][ T7738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.928617][ T7738] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 239.945419][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 239.955164][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 239.963470][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 239.974628][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 239.983185][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 240.135313][ T5861] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 240.239705][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.312971][ T5903] input: HID 28bd:0042 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/0003:28BD:0042.0002/input/input5 [ 240.476200][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.505688][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.556688][ T5861] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 240.575650][ T5861] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 240.773558][ T7758] loop0: detected capacity change from 0 to 32768 [ 240.785120][ T7758] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.426 (7758) [ 240.816342][ T7758] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 240.827032][ T7758] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 240.835823][ T7758] BTRFS info (device loop0): using free-space-tree [ 240.851625][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.875588][ T5903] uclogic 0003:28BD:0042.0002: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.5-1/input1 [ 241.027111][ T5861] usb 4-1: config 0 descriptor?? [ 241.053596][ T5903] usb 6-1: USB disconnect, device number 3 [ 241.329891][ T7758] BTRFS info (device loop0 state M): turning off barriers [ 241.341652][ T7758] BTRFS info (device loop0 state M): doing ref verification [ 241.349262][ T7758] BTRFS info (device loop0 state M): not using ssd optimizations [ 241.357292][ T7758] BTRFS info (device loop0 state M): use zlib compression, level 3 [ 241.418402][ T7773] fido_id[7773]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 241.493104][ T7776] BTRFS error (device loop0): trying to do action 2 to bytenr 5255168 num_bytes 4096 but there is no existing entry! [ 241.506318][ T7776] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 1, offset 0, num_refs 18446744073709551615 [ 241.520464][ T7776] btrfs_force_cow_block+0xfeb/0x2460 [ 241.527357][ T7776] btrfs_cow_block+0x40a/0x9a0 [ 241.532366][ T7776] btrfs_search_slot+0xd11/0x2b90 [ 241.538329][ T7776] btrfs_insert_empty_items+0x9c/0x190 [ 241.543989][ T7776] btrfs_create_new_inode+0xb33/0x1f60 [ 241.550210][ T7776] btrfs_create_common+0x167/0x230 [ 241.556053][ T7776] btrfs_mkdir+0xc7/0xf0 [ 241.560491][ T7776] vfs_mkdir+0x306/0x510 [ 241.565436][ T7776] do_mkdirat+0x247/0x590 [ 241.569960][ T7776] __x64_sys_mkdir+0x6c/0x80 [ 241.575258][ T7776] do_syscall_64+0xfa/0x3b0 [ 241.579953][ T7776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.647515][ T5861] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 241.838524][ T7743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.900761][ T7743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.054768][ T5854] Bluetooth: hci4: command tx timeout [ 242.413372][ T6263] usb 4-1: USB disconnect, device number 6 [ 242.621113][ T5851] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.235668][ T7796] capability: warning: `syz.3.431' uses deprecated v2 capabilities in a way that may be insecure [ 243.513923][ T59] bond0 (unregistering): Released all slaves [ 244.144299][ T5854] Bluetooth: hci4: command tx timeout [ 245.497775][ T7828] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 245.565853][ T7829] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 245.804307][ T7835] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 246.400538][ T5854] Bluetooth: hci4: command tx timeout [ 246.958682][ T7881] loop3: detected capacity change from 0 to 32768 [ 247.195541][ T7881] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 247.195555][ T7881] allowing incompatible features above 0.0: (unknown version) [ 247.195560][ T7881] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 247.234705][ T7881] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 247.242914][ T7881] bcachefs (loop3): initializing new filesystem [ 247.256347][ T7881] bcachefs (loop3): going read-write [ 247.320048][ T7881] bcachefs (loop3): marking superblocks [ 247.343113][ T7881] bcachefs (loop3): initializing freespace [ 247.355097][ T7881] bcachefs (loop3): done initializing freespace [ 247.364714][ T7881] bcachefs (loop3): reading snapshots table [ 247.370710][ T7881] bcachefs (loop3): reading snapshots done [ 247.394840][ T59] hsr_slave_0: left promiscuous mode [ 247.435223][ T7881] bcachefs (loop3): done starting filesystem [ 247.456076][ T59] hsr_slave_1: left promiscuous mode [ 247.543610][ T59] veth1_macvtap: left promiscuous mode [ 247.549718][ T7881] bcachefs (loop3): going read-only [ 247.556357][ T7881] bcachefs (loop3): finished waiting for writes to stop [ 247.592267][ T7881] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2 [ 247.635643][ T59] veth0_macvtap: left promiscuous mode [ 247.655610][ T59] veth1_vlan: left promiscuous mode [ 247.662474][ T59] veth0_vlan: left promiscuous mode [ 247.746930][ T7881] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 2 [ 247.761541][ T7881] bcachefs (loop3): clean shutdown complete, journal seq 3 [ 247.770454][ T7881] bcachefs (loop3): marking filesystem clean [ 248.504357][ T5858] Bluetooth: hci4: command tx timeout [ 249.754172][ T6263] Process accounting resumed [ 249.803491][ T7746] chnl_net:caif_netlink_parms(): no params data found [ 249.832228][ T7917] overlayfs: failed to clone upperpath [ 249.846024][ T7917] Invalid ELF header magic: != ELF [ 249.895077][ T7881] netlink: 'syz.3.441': attribute type 11 has an invalid length. [ 249.921900][ T7881] syz.3.441 (7881) used greatest stack depth: 16152 bytes left [ 249.949123][ T5848] bcachefs (loop3): shutting down [ 250.051747][ T5848] bcachefs (loop3): shutdown complete [ 251.130310][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.187606][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.218718][ T7746] bridge_slave_0: entered allmulticast mode [ 251.253490][ T7746] bridge_slave_0: entered promiscuous mode [ 251.306194][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.342842][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.374864][ T7746] bridge_slave_1: entered allmulticast mode [ 251.423168][ T7746] bridge_slave_1: entered promiscuous mode [ 252.194728][ T7746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.262748][ T7746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.466433][ T7746] team0: Port device team_slave_0 added [ 252.491934][ T7746] team0: Port device team_slave_1 added [ 252.849795][ T7951] netlink: 'syz.2.455': attribute type 1 has an invalid length. [ 252.862399][ T7746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 252.917407][ T7746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.971447][ T7957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.455'. [ 252.991208][ T7746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.290703][ T7953] bond3: (slave geneve2): making interface the new active one [ 254.306391][ T7953] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 254.319937][ T7957] 8021q: adding VLAN 0 to HW filter on device bond3 [ 254.329495][ T7746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.340005][ T7746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.414605][ T7746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.466739][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 254.523718][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 254.586708][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 254.619590][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 254.644716][ T7746] hsr_slave_0: entered promiscuous mode [ 254.660865][ T7746] hsr_slave_1: entered promiscuous mode [ 254.705626][ T7746] debugfs: 'hsr0' already exists in 'hsr' [ 254.730765][ T7746] Cannot create hsr debugfs directory [ 255.206020][ T5903] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 255.374819][ T5903] usb 6-1: Using ep0 maxpacket: 16 [ 255.392200][ T5903] usb 6-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 255.403539][ T5903] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 255.432303][ T5903] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 255.445174][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.461707][ T5903] usb 6-1: Product: syz [ 255.467916][ T5903] usb 6-1: Manufacturer: syz [ 255.473608][ T5903] usb 6-1: SerialNumber: syz [ 255.639508][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.647268][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.668349][ T7746] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 255.709337][ T7746] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 255.745592][ T7746] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 255.772190][ T5903] usb 6-1: 0:2 : does not exist [ 255.801355][ T7746] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 255.803386][ T5903] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 255.862649][ T5903] usb 6-1: USB disconnect, device number 4 [ 256.107148][ T8012] overlayfs: failed to clone upperpath [ 256.312554][ T7746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.476266][ T7746] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.529902][ T7874] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.537054][ T7874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.122164][ T7874] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.129376][ T7874] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.895046][ T8039] loop6: detected capacity change from 0 to 63 [ 258.913902][ T5857] Buffer I/O error on dev loop6, logical block 0, async page read [ 258.957139][ T5857] Buffer I/O error on dev loop6, logical block 0, async page read [ 258.985005][ T8039] Buffer I/O error on dev loop6, logical block 0, async page read [ 259.009337][ T5857] Buffer I/O error on dev loop6, logical block 0, async page read [ 259.057885][ T8039] Buffer I/O error on dev loop6, logical block 0, async page read [ 259.077059][ T5857] Buffer I/O error on dev loop6, logical block 0, async page read [ 259.098354][ T7746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.231160][ T5857] Buffer I/O error on dev loop6, logical block 0, async page read [ 262.202198][ T30] audit: type=1326 audit(1752120494.791:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8072 comm="syz.3.476" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd710d8e929 code=0x0 [ 262.415352][ T7746] veth0_vlan: entered promiscuous mode [ 262.516367][ T7746] veth1_vlan: entered promiscuous mode [ 263.222943][ T7746] veth0_macvtap: entered promiscuous mode [ 263.329352][ T7746] veth1_macvtap: entered promiscuous mode [ 263.376208][ T8094] netlink: 'syz.0.480': attribute type 1 has an invalid length. [ 263.472501][ T8094] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 263.491109][ T8098] netlink: 'syz.2.481': attribute type 1 has an invalid length. [ 263.517830][ T8094] veth3: entered promiscuous mode [ 263.530775][ T8094] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 263.552365][ T7746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.625995][ T8098] 8021q: adding VLAN 0 to HW filter on device bond4 [ 263.682005][ T8104] bond4: (slave veth3): Enslaving as an active interface with a down link [ 263.699380][ T7746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.754727][ T5903] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 263.924890][ T5903] usb 4-1: Using ep0 maxpacket: 8 [ 264.001941][ T5903] usb 4-1: config 0 has an invalid interface number: 99 but max is 0 [ 264.127584][ T8108] vlan2: entered allmulticast mode [ 264.140417][ T5903] usb 4-1: config 0 has no interface number 0 [ 264.216098][ T8108] veth1: entered allmulticast mode [ 264.242787][ T8108] bond4: (slave vlan2): Opening slave failed [ 264.259797][ T5903] usb 4-1: New USB device found, idVendor=12d1, idProduct=88d5, bcdDevice=1d.2a [ 264.272346][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.317851][ T5903] usb 4-1: Product: syz [ 264.322412][ T5903] usb 4-1: Manufacturer: syz [ 264.341187][ T7872] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.359779][ T5903] usb 4-1: SerialNumber: syz [ 264.371986][ T7872] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.396786][ T5903] usb 4-1: config 0 descriptor?? [ 264.443044][ T7872] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.489506][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.673499][ T5903] option 4-1:0.99: GSM modem (1-port) converter detected [ 264.766360][ T7862] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.766409][ T7862] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.213167][ T7872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.300994][ T7872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.465403][ T8139] loop6: detected capacity change from 0 to 16 [ 265.552623][ T8139] erofs (device loop6): mounted with root inode @ nid 36. [ 266.975093][ T8166] loop6: detected capacity change from 0 to 131072 [ 267.098245][ T8166] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 267.293587][ T8166] F2FS-fs (loop6): invalid namelen(0), ino:0, run fsck to fix. [ 267.335214][ T5910] usb 4-1: USB disconnect, device number 7 [ 267.384679][ T5910] option 4-1:0.99: device disconnected [ 267.531034][ T30] audit: type=1800 audit(1752120500.121:17): pid=8178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.495" name="/" dev="9p" ino=524290 res=0 errno=0 [ 267.691168][ T8182] netlink: 'syz.2.496': attribute type 1 has an invalid length. [ 269.241339][ T8199] loop3: detected capacity change from 0 to 512 [ 269.251933][ T8199] EXT4-fs: Ignoring removed nomblk_io_submit option [ 269.509565][ T8199] EXT4-fs (loop3): Test dummy encryption mode enabled [ 269.609039][ T8203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.499'. [ 270.042600][ T8199] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 270.544831][ T8199] EXT4-fs (loop3): 1 truncate cleaned up [ 270.555893][ T8199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 270.782377][ T30] audit: type=1800 audit(1752120503.361:18): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.503" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 271.764759][ T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 271.798053][ T8222] kvm: pic: single mode not supported [ 271.799643][ T8222] kvm: pic: single mode not supported [ 271.933081][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 271.970551][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.011205][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.040481][ T43] usb 1-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00 [ 272.073557][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.073876][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.108727][ T43] usb 1-1: config 0 descriptor?? [ 273.584321][ T43] usbhid 1-1:0.0: can't add hid device: -71 [ 273.590356][ T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 273.703013][ T43] usb 1-1: USB disconnect, device number 4 [ 273.728979][ T8246] netlink: 'syz.2.510': attribute type 10 has an invalid length. [ 273.746593][ T8246] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 274.073767][ T8251] loop5: detected capacity change from 0 to 4096 [ 274.505718][ T8261] loop0: detected capacity change from 0 to 256 [ 274.513161][ T8261] exfat: Deprecated parameter 'namecase' [ 274.533332][ T8261] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 274.557446][ T8251] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 275.233329][ T30] audit: type=1326 audit(1752120507.821:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.347588][ T8251] ntfs3(loop5): ino=19, mi_enum_attr [ 275.393332][ T30] audit: type=1326 audit(1752120507.851:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.466171][ T30] audit: type=1326 audit(1752120507.851:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.489209][ T8251] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 275.567322][ T30] audit: type=1326 audit(1752120507.851:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.609654][ T30] audit: type=1326 audit(1752120507.851:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.634259][ T30] audit: type=1326 audit(1752120507.851:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.658909][ T8251] ntfs3(loop5): failed to convert "c46c" to cp932 [ 275.668792][ T30] audit: type=1326 audit(1752120507.861:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 275.846920][ T8251] ntfs3(loop5): ino=20, mi_enum_attr [ 276.220397][ T30] audit: type=1326 audit(1752120507.861:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 276.298373][ T30] audit: type=1326 audit(1752120507.861:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 276.406938][ T30] audit: type=1326 audit(1752120507.861:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8270 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd710d8e929 code=0x7ffc0000 [ 276.610236][ T8293] loop3: detected capacity change from 0 to 1024 [ 276.617822][ T8293] EXT4-fs: inline encryption not supported [ 276.623712][ T8293] EXT4-fs: Ignoring removed bh option [ 276.756032][ T8293] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 278.063874][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.157876][ T5858] Bluetooth: Frame is too long (len 18, expected len 4) [ 279.116440][ T8318] trusted_key: syz.2.528 sent an empty control message without MSG_MORE. [ 279.358813][ T8330] loop6: detected capacity change from 0 to 1024 [ 279.482410][ T8334] xt_TPROXY: Can be used only with -p tcp or -p udp [ 279.808146][ T8330] EXT4-fs: Ignoring removed orlov option [ 279.874932][ T8330] EXT4-fs: Ignoring removed nomblk_io_submit option [ 280.123274][ T8330] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.460621][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.087962][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 285.087978][ T30] audit: type=1804 audit(1752120517.681:90): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.543" name="/newroot/116/file1" dev="fuse" ino=1 res=1 errno=0 [ 285.612589][ T30] audit: type=1800 audit(1752120517.681:91): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.543" name="/" dev="fuse" ino=1 res=0 errno=0 [ 285.639423][ T8394] netlink: 'syz.0.546': attribute type 83 has an invalid length. [ 286.879230][ T8406] loop0: detected capacity change from 0 to 1024 [ 286.964956][ T8406] EXT4-fs: Ignoring removed orlov option [ 287.009241][ T8406] EXT4-fs: Ignoring removed nomblk_io_submit option [ 287.114913][ T8406] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 287.388843][ T8415] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 288.411819][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.431826][ T5858] Bluetooth: hci2: command 0x0406 tx timeout [ 289.145911][ T8435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.556'. [ 289.268914][ T8435] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 289.824455][ T8451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.558'. [ 290.431775][ T8442] netlink: 20 bytes leftover after parsing attributes in process `syz.6.555'. [ 291.466028][ T8461] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 291.865093][ T8474] cifs: Unknown parameter 'mode' [ 293.160922][ T8480] loop6: detected capacity change from 0 to 4096 [ 293.260063][ T8480] EXT4-fs: Ignoring removed orlov option [ 293.275850][ T8480] EXT4-fs: Ignoring removed nobh option [ 293.552845][ T8480] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 293.675584][ T8480] EXT4-fs (loop6): Test dummy encryption mode enabled [ 293.860664][ T8480] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.631007][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.846070][ T8506] netlink: 'syz.3.572': attribute type 10 has an invalid length. [ 294.923956][ T8510] xt_CT: You must specify a L4 protocol and not use inversions on it [ 296.174462][ T8506] netlink: 40 bytes leftover after parsing attributes in process `syz.3.572'. [ 296.259785][ T8506] geneve0: left allmulticast mode [ 296.328570][ T8506] geneve0: entered allmulticast mode [ 296.365207][ T8506] team0: Port device geneve0 added [ 296.460186][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.490199][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.972855][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.987766][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.978474][ T8559] tipc: Started in network mode [ 300.983772][ T8559] tipc: Node identity 3603df238c5a, cluster identity 4711 [ 301.045656][ T8559] tipc: Enabled bearer , priority 0 [ 301.088961][ T8561] syzkaller0: entered promiscuous mode [ 301.104654][ T8561] syzkaller0: entered allmulticast mode [ 301.254927][ T8559] tipc: Resetting bearer [ 301.328052][ T8558] tipc: Resetting bearer [ 301.475133][ T8558] tipc: Disabling bearer [ 301.588890][ T8566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 305.651348][ T5854] Bluetooth: hci4: command 0x0405 tx timeout [ 306.868569][ T8627] block nbd5: NBD_DISCONNECT [ 306.880202][ T8627] block nbd5: Send disconnect failed -22 [ 307.271720][ T8620] block nbd5: Disconnected due to user request. [ 307.310653][ T8620] block nbd5: shutting down sockets [ 307.570007][ T8636] bridge1: entered allmulticast mode [ 308.792470][ T6266] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 308.839642][ T8655] loop6: detected capacity change from 0 to 256 [ 308.900255][ T8655] exfat: Deprecated parameter 'namecase' [ 308.939727][ T8655] exfat: Deprecated parameter 'namecase' [ 308.950324][ T8655] exfat: Deprecated parameter 'namecase' [ 308.970262][ T8655] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 309.094222][ T6266] usb 6-1: Using ep0 maxpacket: 8 [ 309.105134][ T6266] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 309.132844][ T6266] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.574799][ T6266] usb 6-1: Product: syz [ 309.834204][ T6266] usb 6-1: Manufacturer: syz [ 309.854367][ T6266] usb 6-1: SerialNumber: syz [ 309.881443][ T6266] usb 6-1: config 0 descriptor?? [ 310.144758][ T6266] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 311.859147][ T8694] netlink: 16 bytes leftover after parsing attributes in process `syz.6.612'. [ 312.269728][ T6266] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 313.732535][ T6266] usb 6-1: USB disconnect, device number 5 [ 315.031906][ T8719] netlink: 28 bytes leftover after parsing attributes in process `syz.6.618'. [ 315.382908][ T8735] loop0: detected capacity change from 0 to 64 [ 315.880613][ T8744] netlink: 20 bytes leftover after parsing attributes in process `syz.6.627'. [ 316.521890][ T8750] loop3: detected capacity change from 0 to 2048 [ 316.623059][ T8750] NILFS (loop3): invalid segment: Magic number mismatch [ 316.646850][ T30] audit: type=1326 audit(1752120555.215:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 316.705428][ T8750] NILFS (loop3): trying rollback from an earlier position [ 316.774807][ T30] audit: type=1326 audit(1752120555.215:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 316.835174][ T8750] NILFS (loop3): recovery complete [ 317.018354][ T30] audit: type=1326 audit(1752120555.225:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 317.080193][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.084166][ T8761] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 317.088129][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.127542][ T30] audit: type=1326 audit(1752120555.225:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 317.455550][ T30] audit: type=1326 audit(1752120555.225:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 317.715686][ T30] audit: type=1326 audit(1752120555.235:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7faf98e929 code=0x7ffc0000 [ 318.164894][ T30] audit: type=1326 audit(1752120555.235:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7faf98e963 code=0x7ffc0000 [ 318.319985][ T30] audit: type=1326 audit(1752120555.235:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7faf98d3df code=0x7ffc0000 [ 318.764168][ T30] audit: type=1326 audit(1752120555.275:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f7faf98e9b7 code=0x7ffc0000 [ 318.994600][ T30] audit: type=1326 audit(1752120555.275:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8748 comm="syz.2.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7faf98d290 code=0x7ffc0000 [ 319.459479][ T8799] loop3: detected capacity change from 0 to 512 [ 320.469096][ T8799] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 320.481865][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805601ac00: rx timeout, send abort [ 320.494202][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805601a800: rx timeout, send abort [ 320.525102][ T8799] System zones: 0-2, 18-18, 34-34 [ 320.832769][ T8799] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.640: bg 0: block 248: padding at end of block bitmap is not set [ 320.923550][ T8799] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.640: Failed to acquire dquot type 1 [ 320.980461][ T8799] EXT4-fs (loop3): 1 truncate cleaned up [ 320.991655][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805601ac00: abort rx timeout. Force session deactivation [ 321.004255][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805601a800: abort rx timeout. Force session deactivation [ 321.028014][ T8799] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.066737][ T8799] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 321.108219][ T8799] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.474723][ T5903] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 322.402605][ T5903] usb 7-1: Using ep0 maxpacket: 32 [ 322.423368][ T5903] usb 7-1: config 0 has no interfaces? [ 323.184701][ T5903] usb 7-1: New USB device found, idVendor=0856, idProduct=bc00, bcdDevice=b2.7f [ 323.193782][ T5903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.296609][ T8835] netlink: 24 bytes leftover after parsing attributes in process `syz.3.649'. [ 323.324641][ T5903] usb 7-1: Product: syz [ 323.328855][ T5903] usb 7-1: Manufacturer: syz [ 323.368935][ T5903] usb 7-1: SerialNumber: syz [ 323.405632][ T5903] usb 7-1: config 0 descriptor?? [ 323.479462][ T8811] loop5: detected capacity change from 0 to 32768 [ 323.512998][ T8811] bcachefs (/dev/loop5): error reading default superblock: checksum error, type none: got should be [ 323.611397][ T8811] bcachefs (/dev/loop5): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section [ 323.611397][ T8811] clean (size 2912): [ 323.611397][ T8811] flags: 0 [ 323.611397][ T8811] journal_seq: 10 [ 323.611397][ T8811] usage: type=inodes v=8 [ 323.611397][ T8811] usage: type=key_version v=0 [ 323.611397][ T8811] usage: type=reserved v=0 [ 323.611397][ T8811] usage: type=reserved v=0 [ 323.611397][ T8811] usage: type=reserved v=0 [ 323.611397][ T8811] usage: type=reserved v=0 [ 323.611397][ T8811] data_usage: btree: 1/1 [0]=2816 [ 323.611397][ T8811] data_usage: journal: 1/1 [0]=0 [ 323.611397][ T8811] data_usage: user: 1/1 [0]=16 [ 323.611397][ T8811] dev_usage: dev=0 [ 323.611397][ T8811] free: buckets=83 sectors=0 fragmented=0 [ 323.611397][ T8811] sb: buckets=25 sectors=6152 fragmented=248 [ 323.611397][ T8811] journal: buckets=8 sectors=2048 fragmented=0 [ 323.611397][ T8811] btree: buckets=11 sectors=2816 fragmented=0 [ 323.611397][ T8811] user: buckets=1 sectors=16 fragmented=240 [ 323.611397][ T8811] cached: buckets=0 sectors=0 fragmented=0 [ 323.611397][ T8811] parity: buckets=432345564227567616 sectors=0 fragmented=0 [ 323.611397][ T8811] stripe: buckets=0 sectors=0 fragmented=0 [ 323.611397][ T8811] need_gc_gens: buckets=0 sectors=0 fragmented=0 [ 323.611397][ T8811] need_discard: buckets=0 sectors=0 fragmented=0 [ 323.611397][ T8811] overwrite: [ 323.611397][ T8811] clock: write=1280 [ 323.611397][ T8811] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len [ 323.611626][ T8811] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean [ 326.249947][ T8868] affs: No valid root block on device nullb0 [ 328.599476][ T6263] usb 7-1: USB disconnect, device number 2 [ 331.083086][ T8914] tipc: Enabling of bearer rejected, failed to enable media [ 332.250697][ T8920] netlink: 28 bytes leftover after parsing attributes in process `syz.6.666'. [ 332.267960][ T8935] netlink: 'syz.2.670': attribute type 16 has an invalid length. [ 332.329945][ T8935] netlink: 'syz.2.670': attribute type 17 has an invalid length. [ 332.429330][ T8931] bridge0: port 3(syz_tun) entered disabled state [ 332.462939][ T8938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.671'. [ 332.596845][ T8938] syz_tun: entered promiscuous mode [ 332.597084][ T8938] macvtap1: entered promiscuous mode [ 332.597277][ T8938] macvtap1: entered allmulticast mode [ 332.597290][ T8938] syz_tun: entered allmulticast mode [ 332.776692][ T8940] syz_tun: left allmulticast mode [ 332.791266][ T8940] syz_tun: left promiscuous mode [ 333.654571][ T8926] netlink: 28 bytes leftover after parsing attributes in process `syz.6.666'. [ 334.661540][ T8960] loop5: detected capacity change from 0 to 512 [ 334.696758][ T8960] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.676: Invalid inode bitmap blk 4 in block_group 0 [ 334.715107][ T8960] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.286901][ T8962] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 335.552001][ T8960] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.676: Invalid inode bitmap blk 4 in block_group 0 [ 335.589037][ T8960] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem [ 335.611389][ T8977] loop6: detected capacity change from 0 to 2048 [ 335.737849][ T8977] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 335.869229][ T8987] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 336.567707][ T5857] udevd[5857]: incorrect nilfs2 checksum on /dev/loop6 [ 336.590002][ T8983] bridge1: entered allmulticast mode [ 336.598824][ T6821] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.964711][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 336.964729][ T30] audit: type=1326 audit(1752120575.525:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 337.436483][ T9002] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.685'. [ 337.471239][ T30] audit: type=1326 audit(1752120575.535:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 337.527602][ T9008] overlayfs: failed to clone upperpath [ 337.551297][ T9000] loop0: detected capacity change from 0 to 1024 [ 337.577900][ T30] audit: type=1326 audit(1752120575.545:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 337.659694][ T9000] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 337.718232][ T30] audit: type=1326 audit(1752120575.545:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd08258e963 code=0x7ffc0000 [ 337.834293][ T30] audit: type=1326 audit(1752120575.545:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd08258d3df code=0x7ffc0000 [ 337.857689][ T9000] EXT4-fs (loop0): shut down requested (1) [ 337.895609][ T9016] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 337.914360][ T30] audit: type=1800 audit(1752120576.095:138): pid=9006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.679" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 337.937805][ T30] audit: type=1326 audit(1752120576.115:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd08258e9b7 code=0x7ffc0000 [ 337.970340][ T30] audit: type=1326 audit(1752120576.135:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd08258d290 code=0x7ffc0000 [ 338.002897][ T9020] loop3: detected capacity change from 0 to 1024 [ 338.009677][ T9010] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 338.093299][ T9020] EXT4-fs: Ignoring removed orlov option [ 338.100421][ T30] audit: type=1326 audit(1752120576.135:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd08258e52b code=0x7ffc0000 [ 338.137476][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.169692][ T9020] EXT4-fs: Ignoring removed nomblk_io_submit option [ 338.197511][ T30] audit: type=1326 audit(1752120576.195:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.0.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd08258d58a code=0x7ffc0000 [ 338.266137][ T9010] Remounting filesystem read-only [ 338.285489][ T9020] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 338.294166][ T9016] Remounting filesystem read-only [ 338.395730][ T9016] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 338.573203][ T9016] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 338.862001][ T9016] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 339.329262][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.166118][ T9065] loop6: detected capacity change from 0 to 512 [ 342.237470][ T9063] loop5: detected capacity change from 0 to 512 [ 342.284894][ T9063] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 342.317343][ T9065] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 342.397735][ T9063] EXT4-fs (loop5): 1 truncate cleaned up [ 342.414786][ T9065] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 342.445616][ T9063] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 342.542924][ T9063] syz.5.697 (pid 9063) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 342.609254][ T9065] EXT4-fs error (device loop6): ext4_do_update_inode:5567: inode #2: comm syz.6.699: corrupted inode contents [ 342.716923][ T9063] netlink: 12 bytes leftover after parsing attributes in process `syz.5.697'. [ 342.736982][ T9065] EXT4-fs error (device loop6): ext4_dirty_inode:6458: inode #2: comm syz.6.699: mark_inode_dirty error [ 342.845377][ T9065] EXT4-fs error (device loop6): ext4_do_update_inode:5567: inode #2: comm syz.6.699: corrupted inode contents [ 343.547151][ T9078] EXT4-fs error (device loop6): ext4_do_update_inode:5567: inode #2: comm syz.6.699: corrupted inode contents [ 343.569354][ T9078] EXT4-fs error (device loop6): ext4_dirty_inode:6458: inode #2: comm syz.6.699: mark_inode_dirty error [ 343.591928][ T9078] EXT4-fs error (device loop6): ext4_do_update_inode:5567: inode #2: comm syz.6.699: corrupted inode contents [ 343.614695][ T9078] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.699: mark_inode_dirty error [ 343.626423][ T6821] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.686864][ T9078] EXT4-fs error (device loop6): ext4_do_update_inode:5567: inode #2: comm syz.6.699: corrupted inode contents [ 343.725811][ T9078] EXT4-fs error (device loop6): ext4_dirty_inode:6458: inode #2: comm syz.6.699: mark_inode_dirty error [ 344.077827][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.136750][ T9098] new mount options do not match the existing superblock, will be ignored [ 344.976297][ T9101] netlink: 24 bytes leftover after parsing attributes in process `syz.3.705'. [ 345.041466][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 345.041483][ T30] audit: type=1326 audit(1752120583.625:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9092 comm="syz.5.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ccb8e929 code=0x7fc00000 [ 345.111428][ T9106] binder: 9104:9106 ioctl c0306201 200000000240 returned -14 [ 346.164233][ T5910] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 346.915790][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.934367][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.951490][ T5910] usb 7-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 346.981109][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.031278][ T5910] usb 7-1: config 0 descriptor?? [ 348.152708][ T5910] hid-led 0003:27B8:01ED.0004: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.6-1/input0 [ 349.379942][ T5910] hid-led 0003:27B8:01ED.0004: ThingM blink(1) initialized [ 349.825131][ T5910] usb 7-1: USB disconnect, device number 3 [ 352.550587][ T9211] netlink: 'syz.6.729': attribute type 1 has an invalid length. [ 353.374693][ T9220] 8021q: adding VLAN 0 to HW filter on device bond1 [ 354.011203][ T9230] vivid-002: disconnect [ 354.248629][ T9226] vivid-002: reconnect [ 355.507117][ T9262] loop0: detected capacity change from 0 to 128 [ 355.823143][ T9262] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 355.836112][ T9262] ext4 filesystem being mounted at /151/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 356.048854][ T9269] loop6: detected capacity change from 0 to 8 [ 356.191063][ T9266] SQUASHFS error: Failed to read block 0x4e8: -5 [ 356.198781][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.206024][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.212402][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.224222][ T30] audit: type=1800 audit(1752120594.815:179): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.735" name="file1" dev="loop6" ino=5 res=0 errno=0 [ 356.224778][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.250625][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.257304][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.265453][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.271825][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.278514][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.285163][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.291546][ T9266] SQUASHFS error: Failed to read block 0x4de: -5 [ 356.740245][ T5851] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 359.969322][ T9303] loop6: detected capacity change from 0 to 512 [ 360.012978][ T9303] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 360.043517][ T9307] loop0: detected capacity change from 0 to 128 [ 360.161676][ T9303] EXT4-fs (loop6): 1 truncate cleaned up [ 360.864395][ T9307] FAT-fs (loop0): bogus number of reserved sectors [ 360.871281][ T9307] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 360.927454][ T9303] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.939556][ T9307] FAT-fs (loop0): Can't find a valid FAT filesystem [ 360.968062][ T9307] 9pnet_fd: Insufficient options for proto=fd [ 362.706476][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.890767][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 362.960345][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 363.008550][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 363.066167][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 363.163067][ T9339] /dev/sg0: Can't lookup blockdev [ 363.190748][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'. [ 365.554568][ T30] audit: type=1326 audit(1752120604.125:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 365.666845][ T30] audit: type=1326 audit(1752120604.125:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 365.788389][ T5858] Bluetooth: hci4: command 0x0405 tx timeout [ 365.822622][ T30] audit: type=1326 audit(1752120604.125:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 365.904398][ T30] audit: type=1326 audit(1752120604.125:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.018444][ T30] audit: type=1326 audit(1752120604.125:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.193410][ T30] audit: type=1326 audit(1752120604.125:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.216241][ T30] audit: type=1326 audit(1752120604.125:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.268707][ T30] audit: type=1326 audit(1752120604.125:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.853400][ T30] audit: type=1326 audit(1752120604.135:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.878912][ T30] audit: type=1326 audit(1752120604.135:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.0.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7ffc0000 [ 366.954227][ T5910] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 367.089056][ T9379] loop6: detected capacity change from 0 to 1024 [ 367.264551][ T5910] usb 1-1: config 0 has no interfaces? [ 367.283795][ T5910] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 367.804631][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.812810][ T5910] usb 1-1: Product: syz [ 367.817579][ T5910] usb 1-1: Manufacturer: syz [ 367.822265][ T5910] usb 1-1: SerialNumber: syz [ 367.830407][ T5910] usb 1-1: config 0 descriptor?? [ 367.870952][ T9379] veth3: entered promiscuous mode [ 369.928258][ T9418] syz.2.781 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 370.010731][ T5980] usb 1-1: USB disconnect, device number 5 [ 379.050224][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.070782][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.692194][ T9503] xt_TPROXY: Can be used only with -p tcp or -p udp [ 381.776417][ T9513] loop3: detected capacity change from 0 to 8 [ 381.810139][ T9513] SQUASHFS error: zlib decompression failed, data probably corrupt [ 381.827760][ T9513] SQUASHFS error: Failed to read block 0x9b: -5 [ 381.870888][ T9513] SQUASHFS error: Unable to read metadata cache entry [99] [ 381.915887][ T9513] SQUASHFS error: Unable to read inode 0x127 [ 385.917350][ T9558] loop6: detected capacity change from 0 to 64 [ 385.952263][ T9558] BFS-fs: bfs_fill_super(): loop6 is unclean, continuing [ 386.029584][ T9558] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop6 [ 386.620857][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 386.620895][ T30] audit: type=1326 audit(1752120625.105:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9561 comm="syz.2.823" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7faf98e929 code=0x0 [ 387.128596][ T9558] netlink: 'syz.6.821': attribute type 2 has an invalid length. [ 387.167708][ T9570] netfs: Couldn't get user pages (rc=-14) [ 387.466076][ T9581] netlink: 4 bytes leftover after parsing attributes in process `syz.5.829'. [ 387.477228][ T9577] loop6: detected capacity change from 0 to 1024 [ 389.123681][ T30] audit: type=1326 audit(1752383027.708:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9588 comm="syz.0.831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7fc00000 [ 389.157150][ T30] audit: type=1326 audit(1752383027.748:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9588 comm="syz.0.831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd08258e929 code=0x7fc00000 [ 389.343305][ T30] audit: type=1326 audit(1752383027.918:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9588 comm="syz.0.831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08258e929 code=0x7fc00000 [ 389.373070][ T5910] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 389.584269][ T5910] usb 7-1: Using ep0 maxpacket: 16 [ 389.788843][ T5910] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 390.038350][ T5910] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 390.072635][ T5910] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 390.097515][ T5910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.106629][ T5910] usb 7-1: Product: syz [ 390.111609][ T5910] usb 7-1: Manufacturer: syz [ 390.116444][ T5910] usb 7-1: SerialNumber: syz [ 391.005695][ T6263] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 391.114562][ T5910] usb 7-1: 0:2 : does not exist [ 391.133990][ T5910] usb 7-1: 5:0: failed to get current value for ch 1 (-22) [ 391.200465][ T9634] syz.3.841: attempt to access beyond end of device [ 391.200465][ T9634] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 391.214272][ T9634] hfsplus: unable to find HFS+ superblock [ 391.790862][ T5910] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 391.800911][ T6263] usb 1-1: config index 0 descriptor too short (expected 4771, got 675) [ 391.810227][ T6263] usb 1-1: config 0 has an invalid interface number: 221 but max is 0 [ 391.830709][ T5910] usb 7-1: 5:0: cannot get min/max values for control 2 (id 5) [ 391.840095][ T6263] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 391.861551][ T6263] usb 1-1: config 0 has no interface number 0 [ 391.868442][ T5910] usb 7-1: 5:0: cannot get min/max values for control 3 (id 5) [ 391.879097][ T6263] usb 1-1: config 0 interface 221 altsetting 190 has an invalid descriptor for endpoint zero, skipping [ 391.891035][ T6263] usb 1-1: config 0 interface 221 altsetting 190 endpoint 0x5 has invalid maxpacket 1536, setting to 64 [ 391.902816][ T6263] usb 1-1: config 0 interface 221 altsetting 190 bulk endpoint 0xA has invalid maxpacket 64 [ 391.917555][ T6263] usb 1-1: config 0 interface 221 altsetting 190 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 391.930036][ T5910] usb 7-1: 5:0: cannot get min/max values for control 8 (id 5) [ 391.982757][ T6263] usb 1-1: config 0 interface 221 altsetting 190 has an invalid descriptor for endpoint zero, skipping [ 392.012242][ T6263] usb 1-1: config 0 interface 221 altsetting 190 has an endpoint descriptor with address 0x98, changing to 0x88 [ 392.049338][ T6263] usb 1-1: config 0 interface 221 altsetting 190 has a duplicate endpoint with address 0x88, skipping [ 392.062430][ T5910] usb 7-1: 5:0: cannot get min/max values for control 3 (id 5) [ 392.102156][ T5910] usb 7-1: USB disconnect, device number 4 [ 392.111962][ T6263] usb 1-1: config 0 interface 221 altsetting 190 has 7 endpoint descriptors, different from the interface descriptor's value: 12 [ 392.179778][ T6263] usb 1-1: config 0 interface 221 has no altsetting 0 [ 392.203309][ T6263] usb 1-1: New USB device found, idVendor=07ca, idProduct=0337, bcdDevice=f3.00 [ 392.231333][ T6263] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.265209][ T6263] usb 1-1: config 0 descriptor?? [ 392.271196][ T9619] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 392.489388][ T6263] usb 1-1: string descriptor 0 read error: -71 [ 392.549821][ T5931] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 392.561684][ T6263] usb 1-1: USB disconnect, device number 6 [ 392.726534][ T5931] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 392.784794][ T5931] usb 4-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 392.808167][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.558864][ T5931] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 394.241593][ T9656] loop6: detected capacity change from 0 to 512 [ 394.259892][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 394.339772][ T9656] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 394.363422][ T9656] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 394.400969][ T9656] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 394.418577][ T9656] Quota error (device loop6): write_blk: dquota write failed [ 394.433603][ T9656] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 394.445961][ T9656] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.851: Failed to acquire dquot type 1 [ 394.573892][ T9668] Quota error (device loop6): write_blk: dquota write failed [ 394.624794][ T9668] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 394.662509][ T5903] usb 4-1: USB disconnect, device number 8 [ 394.686889][ T9668] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.851: Failed to acquire dquot type 0 [ 394.713775][ T9673] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.977423][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.996126][ T9726] binder_alloc: 9722: binder_alloc_buf, no vma [ 399.235350][ T9733] loop6: detected capacity change from 0 to 512 [ 399.429921][ T9733] EXT4-fs: Ignoring removed i_version option [ 399.464047][ T9733] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 400.112779][ T9733] EXT4-fs (loop6): blocks per group (71) and clusters per group (20800) inconsistent [ 401.044324][ T6266] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 401.187003][ T9754] netlink: 28 bytes leftover after parsing attributes in process `syz.6.878'. [ 401.224705][ T6266] usb 4-1: Using ep0 maxpacket: 8 [ 401.235116][ T6266] usb 4-1: config 0 has an invalid interface number: 239 but max is 0 [ 401.243425][ T6266] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 401.284898][ T6266] usb 4-1: config 0 has no interface number 0 [ 401.325236][ T6266] usb 4-1: config 0 interface 239 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 401.373665][ T6266] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a [ 401.383036][ T6266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.400907][ T6266] usb 4-1: Product: syz [ 401.408348][ T6266] usb 4-1: Manufacturer: syz [ 401.416402][ T6266] usb 4-1: SerialNumber: syz [ 401.436491][ T6266] usb 4-1: config 0 descriptor?? [ 401.466013][ T9758] netlink: 'syz.5.879': attribute type 4 has an invalid length. [ 401.503109][ T9758] netlink: 'syz.5.879': attribute type 4 has an invalid length. [ 402.602429][ T6266] ath6kl: Failed to submit usb control message: -110 [ 402.610371][ T6266] ath6kl: unable to send the bmi data to the device: -110 [ 402.618024][ T6266] ath6kl: Unable to send get target info: -110 [ 402.685276][ T9770] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 403.034783][ T6266] ath6kl: Failed to init ath6kl core: -110 [ 403.048276][ T6266] ath6kl_usb 4-1:0.239: probe with driver ath6kl_usb failed with error -110 [ 403.203144][ T9776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.883'. [ 403.889041][ T43] usb 4-1: USB disconnect, device number 9 [ 404.489003][ T9787] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.498158][ T9787] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.866127][ T9787] bridge0: entered allmulticast mode [ 404.897893][ T9787] bridge_slave_1: left allmulticast mode [ 404.904802][ T9787] bridge_slave_1: left promiscuous mode [ 404.922469][ T9787] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.938245][ T9787] bridge_slave_0: left allmulticast mode [ 404.944321][ T9787] bridge_slave_0: left promiscuous mode [ 404.950090][ T9787] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.365741][ T9810] vlan0: entered allmulticast mode [ 405.784611][ T5910] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 406.060245][ T5910] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 406.095085][ T5910] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 406.120043][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.677155][ T5910] usb 7-1: config 0 descriptor?? [ 406.747794][ T5910] pwc: Askey VC010 type 2 USB webcam detected. [ 407.564722][ T5910] pwc: recv_control_msg error -32 req 02 val 2b00 [ 407.575017][ T5910] pwc: recv_control_msg error -32 req 02 val 2700 [ 407.583203][ T5910] pwc: recv_control_msg error -32 req 02 val 2c00 [ 409.068493][ T5910] pwc: recv_control_msg error -71 req 04 val 1000 [ 409.147576][ T5910] pwc: recv_control_msg error -71 req 04 val 1300 [ 409.803087][ T5910] pwc: recv_control_msg error -71 req 04 val 1400 [ 409.814030][ T5910] pwc: recv_control_msg error -71 req 02 val 2000 [ 409.821953][ T5910] pwc: recv_control_msg error -71 req 02 val 2100 [ 409.830522][ T5910] pwc: recv_control_msg error -71 req 04 val 1500 [ 409.838149][ T5910] pwc: recv_control_msg error -71 req 02 val 2500 [ 409.874471][ T5910] pwc: recv_control_msg error -71 req 02 val 2400 [ 409.892526][ T5910] pwc: recv_control_msg error -71 req 02 val 2600 [ 409.920902][ T5910] pwc: recv_control_msg error -71 req 02 val 2900 [ 410.001866][ T5910] pwc: recv_control_msg error -71 req 02 val 2800 [ 410.053173][ T5910] pwc: recv_control_msg error -71 req 04 val 1100 [ 410.083267][ T5910] pwc: recv_control_msg error -71 req 04 val 1200 [ 411.214902][ T5910] pwc: Registered as video103. [ 411.221134][ T5910] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input7 [ 411.478073][ T5910] usb 7-1: USB disconnect, device number 5 [ 411.966590][ T9863] loop6: detected capacity change from 0 to 512 [ 413.030464][ T9863] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 413.197374][ T9863] EXT4-fs (loop6): 1 truncate cleaned up [ 413.241997][ T9863] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 413.299766][ T9877] netlink: 4 bytes leftover after parsing attributes in process `syz.2.915'. [ 413.359632][ T9877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.915'. [ 413.430765][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.268394][ T9906] loop3: detected capacity change from 0 to 256 [ 415.345578][ T9906] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 415.578267][ T36] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 415.696534][ T9910] loop6: detected capacity change from 0 to 32768 [ 415.703872][ T9910] XFS: ikeep mount option is deprecated. [ 415.743649][ T9910] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 416.708895][ T9910] XFS (loop6): Ending clean mount [ 416.723055][ T9910] XFS (loop6): Quotacheck needed: Please wait. [ 416.784373][ T9910] XFS (loop6): Quotacheck: Done. [ 417.351467][ T7746] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 418.205293][ T6263] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 418.431819][ T6263] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 418.458086][ T6263] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.469907][ T6263] usb 4-1: Product: syz [ 418.534693][ T6263] usb 4-1: Manufacturer: syz [ 418.567098][ T6263] usb 4-1: SerialNumber: syz [ 418.582854][ T6263] usb 4-1: config 0 descriptor?? [ 418.917179][ T6263] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 421.315385][ T9973] loop6: detected capacity change from 0 to 4096 [ 421.364446][ T6263] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 421.384469][ T6263] usb 4-1: USB disconnect, device number 10 [ 421.539369][ T9977] loop0: detected capacity change from 0 to 2048 [ 421.745718][ T9977] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 422.603867][ T9977] NILFS (loop0): mounting unchecked fs [ 422.748578][ T9977] NILFS (loop0): recovery required for readonly filesystem [ 422.958670][ T6010] udevd[6010]: incorrect nilfs2 checksum on /dev/loop0 [ 422.972207][ T9977] NILFS (loop0): write access will be enabled during recovery [ 423.003816][ T9977] NILFS (loop0): norecovery option specified, skipping roll-forward recovery [ 423.075066][ T9988] loop3: detected capacity change from 0 to 512 [ 423.091229][ T9988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 423.105110][ T9977] NILFS (loop0): couldn't remount because the filesystem is in an incomplete recovery state [ 423.113413][ T9989] netlink: 28 bytes leftover after parsing attributes in process `syz.2.944'. [ 423.146772][ T9988] EXT4-fs (loop3): 1 orphan inode deleted [ 423.152635][ T9989] netlink: 28 bytes leftover after parsing attributes in process `syz.2.944'. [ 423.177930][ T9988] EXT4-fs (loop3): 1 truncate cleaned up [ 423.185653][ T9988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.209238][ T43] IPVS: starting estimator thread 0... [ 423.374871][ T9994] IPVS: using max 32 ests per chain, 76800 per kthread [ 423.674316][ T9993] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 424.334698][ T9993] EXT4-fs (loop3): Remounting filesystem read-only [ 425.126313][ T30] audit: type=1326 audit(1752383063.388:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10003 comm="syz.0.949" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd08258e929 code=0x0 [ 425.704970][ T5858] Bluetooth: hci4: unexpected event for opcode 0x0c1a [ 426.290186][T10025] tipc: Enabling of bearer rejected, failed to enable media [ 430.199297][T10066] tipc: Started in network mode [ 430.209599][T10066] tipc: Node identity 6, cluster identity 4711 [ 430.217790][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.227750][T10066] tipc: Node number set to 6 [ 432.402321][T10092] loop3: detected capacity change from 0 to 512 [ 433.231407][T10092] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.975: iget: bad extended attribute block 1 [ 433.585336][T10092] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.975: couldn't read orphan inode 15 (err -117) [ 433.647307][T10092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.275908][T10107] EXT4-fs warning (device loop3): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 436.015073][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.958591][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.966239][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.373296][T10166] netlink: 8 bytes leftover after parsing attributes in process `syz.5.996'. [ 446.609599][T10189] loop0: detected capacity change from 0 to 1024 [ 448.048178][ T7855] hfsplus: b-tree write err: -5, ino 4 [ 448.104893][T10194] tipc: Failed to remove unknown binding: 66,1,1/0:2374311726/2374311728 [ 448.146409][T10194] tipc: Failed to remove unknown binding: 66,1,1/0:2374311726/2374311728 [ 451.337765][ T30] audit: type=1800 audit(1752383089.908:217): pid=10212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1007" name="bus" dev="ramfs" ino=23032 res=0 errno=0 [ 452.130294][T10234] batman_adv: batadv0: Adding interface: dummy0 [ 452.136593][T10234] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.162407][T10234] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 453.071403][T10249] loop6: detected capacity change from 0 to 256 [ 453.284019][T10249] exfat: Deprecated parameter 'utf8' [ 453.353094][T10254] netlink: ct family unspecified [ 453.358298][T10254] openvswitch: netlink: Actions may not be safe on all matching packets [ 453.900217][T10249] exfat: Deprecated parameter 'utf8' [ 454.223444][T10249] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xa943978a, utbl_chksum : 0xe619d30d) [ 464.542717][T10346] tipc: Failed to remove unknown binding: 66,3,3/0:3200194277/3200194278 [ 465.614338][T10357] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 466.873347][T10362] loop0: detected capacity change from 0 to 40427 [ 466.889374][T10362] F2FS-fs (loop0): invalid crc value [ 466.968958][T10362] F2FS-fs (loop0): Start checkpoint disabled! [ 467.015583][T10362] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 467.015667][T10368] binder: 10364:10368 ioctl 4018620d 0 returned -22 [ 467.193564][T10372] usb usb8: usbfs: process 10372 (syz.6.1047) did not claim interface 0 before use [ 468.629281][ T7872] kworker/u8:16: attempt to access beyond end of device [ 468.629281][ T7872] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 468.727989][ T7872] kworker/u8:16: attempt to access beyond end of device [ 468.727989][ T7872] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 468.853005][ T7872] CPU: 0 UID: 0 PID: 7872 Comm: kworker/u8:16 Not tainted 6.16.0-rc5-next-20250709-syzkaller #0 PREEMPT(full) [ 468.853031][ T7872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.853043][ T7872] Workqueue: writeback wb_workfn (flush-7:0) [ 468.853081][ T7872] Call Trace: [ 468.853090][ T7872] [ 468.853098][ T7872] dump_stack_lvl+0x189/0x250 [ 468.853152][ T7872] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.853170][ T7872] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 468.853194][ T7872] ? __pfx_queue_work_on+0x10/0x10 [ 468.853214][ T7872] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 468.853237][ T7872] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 468.853261][ T7872] ? f2fs_hw_is_readonly+0x39b/0x470 [ 468.853293][ T7872] f2fs_handle_critical_error+0x37c/0x540 [ 468.853320][ T7872] f2fs_write_end_io+0x495/0x810 [ 468.853337][ T7872] ? blkg_put+0x22/0x240 [ 468.853372][ T7872] __submit_merged_bio+0x27a/0x6a0 [ 468.853407][ T7872] __submit_merged_write_cond+0x255/0x530 [ 468.853442][ T7872] f2fs_write_data_pages+0x261d/0x3000 [ 468.853503][ T7872] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 468.853539][ T7872] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 468.853604][ T7872] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 468.853638][ T7872] ? trace_f2fs_writepages+0x7f/0x200 [ 468.853657][ T7872] ? f2fs_write_node_pages+0x478/0x6e0 [ 468.853690][ T7872] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 468.853723][ T7872] ? __lock_acquire+0xab9/0xd20 [ 468.853754][ T7872] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 468.853775][ T7872] do_writepages+0x32e/0x550 [ 468.853803][ T7872] ? reacquire_held_locks+0x127/0x1d0 [ 468.853820][ T7872] ? writeback_sb_inodes+0x384/0x1010 [ 468.853852][ T7872] __writeback_single_inode+0x145/0xff0 [ 468.853872][ T7872] ? do_raw_spin_unlock+0x122/0x240 [ 468.853898][ T7872] writeback_sb_inodes+0x6c7/0x1010 [ 468.853951][ T7872] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 468.854024][ T7872] ? rcu_is_watching+0x15/0xb0 [ 468.854054][ T7872] wb_writeback+0x43b/0xaf0 [ 468.854086][ T7872] ? queue_io+0x341/0x590 [ 468.854115][ T7872] ? __pfx_wb_writeback+0x10/0x10 [ 468.854146][ T7872] ? _raw_spin_unlock_irq+0x23/0x50 [ 468.854176][ T7872] wb_workfn+0x409/0xef0 [ 468.854222][ T7872] ? __pfx_wb_workfn+0x10/0x10 [ 468.854254][ T7872] ? __lock_acquire+0xab9/0xd20 [ 468.854294][ T7872] ? process_scheduled_works+0x9ef/0x17b0 [ 468.854320][ T7872] ? _raw_spin_unlock_irq+0x23/0x50 [ 468.854341][ T7872] ? process_scheduled_works+0x9ef/0x17b0 [ 468.854357][ T7872] ? process_scheduled_works+0x9ef/0x17b0 [ 468.854378][ T7872] process_scheduled_works+0xae1/0x17b0 [ 468.854435][ T7872] ? __pfx_process_scheduled_works+0x10/0x10 [ 468.854477][ T7872] worker_thread+0x8a0/0xda0 [ 468.854531][ T7872] kthread+0x70e/0x8a0 [ 468.854557][ T7872] ? __pfx_worker_thread+0x10/0x10 [ 468.854574][ T7872] ? __pfx_kthread+0x10/0x10 [ 468.854597][ T7872] ? _raw_spin_unlock_irq+0x23/0x50 [ 468.854618][ T7872] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.854640][ T7872] ? __pfx_kthread+0x10/0x10 [ 468.854662][ T7872] ret_from_fork+0x3fc/0x770 [ 468.854683][ T7872] ? __pfx_ret_from_fork+0x10/0x10 [ 468.854709][ T7872] ? __switch_to_asm+0x39/0x70 [ 468.854728][ T7872] ? __switch_to_asm+0x33/0x70 [ 468.854746][ T7872] ? __pfx_kthread+0x10/0x10 [ 468.854769][ T7872] ret_from_fork_asm+0x1a/0x30 [ 468.854810][ T7872] [ 469.206224][ T7872] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 472.400742][T10418] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1062'. [ 474.921589][T10459] netlink: 'syz.0.1072': attribute type 4 has an invalid length. [ 477.260030][T10480] ieee802154 phy0 wpan0: encryption failed: -22 [ 479.309195][T10496] loop0: detected capacity change from 0 to 128 [ 479.547347][T10497] xt_TCPMSS: Only works on TCP SYN packets [ 480.305126][T10496] vfat: Unknown parameter '18446744073709551615' [ 480.674409][T10496] loop0: detected capacity change from 0 to 128 [ 480.681505][T10496] ext4: Unknown parameter 'uid<18446744073709551615' [ 480.715363][T10506] loop6: detected capacity change from 0 to 512 [ 480.857910][T10506] EXT4-fs (loop6): Test dummy encryption mode enabled [ 480.903742][T10506] EXT4-fs error (device loop6): ext4_iget_extra_inode:5034: inode #12: comm syz.6.1087: corrupted in-inode xattr: invalid ea_ino [ 481.211391][T10506] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.1087: couldn't read orphan inode 12 (err -117) [ 481.665831][T10506] EXT4-fs (loop6): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 483.121262][T10506] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 483.181320][T10506] EXT4-fs error (device loop6): ext4_add_entry:2417: inode #2: comm syz.6.1087: Directory hole found for htree leaf block 0 [ 483.585645][T10515] loop3: detected capacity change from 0 to 512 [ 483.593574][T10515] EXT4-fs: Ignoring removed mblk_io_submit option [ 483.600640][T10515] ext4: Unknown parameter 'seclabel' [ 484.532343][ T7746] EXT4-fs (loop6): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 485.112594][T10548] loop6: detected capacity change from 0 to 512 [ 485.231564][T10548] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 485.334414][T10548] ext4 filesystem being mounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 486.740467][T10574] loop3: detected capacity change from 0 to 736 [ 488.373208][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.436945][T10574] rock: directory entry would overflow storage [ 488.461892][T10574] rock: sig=0x3b10, size=4, remaining=3 [ 489.513342][T10590] x_tables: duplicate underflow at hook 1 [ 489.664391][T10595] loop6: detected capacity change from 0 to 1024 [ 489.735581][T10595] EXT4-fs: Ignoring removed nobh option [ 490.068806][T10595] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 492.583391][ T7746] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 496.596769][T10650] dvmrp1: entered allmulticast mode [ 496.653610][T10650] dvmrp1: left allmulticast mode [ 497.412900][T10654] lo: left allmulticast mode [ 499.159771][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1128'. [ 499.229484][T10678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1128'. [ 499.827271][T10690] loop3: detected capacity change from 0 to 512 [ 500.039279][T10690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 500.233072][T10690] ext4 filesystem being mounted at /236/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 500.620341][T10698] loop6: detected capacity change from 0 to 1024 [ 501.455211][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.465057][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.395673][T10707] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.116795][ T30] audit: type=1804 audit(1752907432.706:218): pid=10748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1149" name="file0" dev="tmpfs" ino=1291 res=1 errno=0 [ 508.968083][T10780] loop6: detected capacity change from 0 to 1024 [ 509.160228][T10781] overlayfs: failed to clone upperpath [ 510.111215][T10786] xt_CONNSECMARK: invalid mode: 0 [ 511.096714][T10795] bridge0: port 3(batadv1) entered blocking state [ 511.110060][T10795] bridge0: port 3(batadv1) entered disabled state [ 511.139337][T10795] batadv1: entered allmulticast mode [ 511.156825][T10795] batadv1: entered promiscuous mode [ 511.716632][ T7862] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 511.726263][ T7862] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 511.929990][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'. [ 512.197061][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'. [ 515.317483][T10831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 516.805684][T10843] mmap: syz.5.1175 (10843) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 517.234636][T10840] cgroup: fork rejected by pids controller in /syz2 [ 518.019695][T10884] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1179'. [ 518.029686][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1179'. [ 518.241303][T10893] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000035: 0000 [#1] SMP KASAN PTI [ 518.253230][T10893] KASAN: null-ptr-deref in range [0x00000000000001a8-0x00000000000001af] [ 518.261650][T10893] CPU: 0 UID: 0 PID: 10893 Comm: syz.6.1181 Not tainted 6.16.0-rc5-next-20250709-syzkaller #0 PREEMPT(full) [ 518.273185][T10893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.283246][T10893] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 518.288618][T10893] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 0d e0 35 f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 2a e4 35 f8 85 [ 518.308214][T10893] RSP: 0018:ffffc90003dbf148 EFLAGS: 00010206 [ 518.314267][T10893] RAX: ffffffff8989d553 RBX: 00000000000001a8 RCX: 0000000000080000 [ 518.322227][T10893] RDX: ffffc9000c97b000 RSI: 0000000000000361 RDI: 0000000000000362 [ 518.330182][T10893] RBP: dffffc0000000000 R08: ffff888056631e00 R09: 0000000000000002 [ 518.338135][T10893] R10: 00000000ffffffff R11: ffffffff8989d530 R12: dffffc0000000000 [ 518.346087][T10893] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88805c2ca000 [ 518.354038][T10893] FS: 00007f6a17a7d6c0(0000) GS:ffff888125bd4000(0000) knlGS:0000000000000000 [ 518.362948][T10893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 518.369512][T10893] CR2: 0000001b2db1bff8 CR3: 000000001beb2000 CR4: 00000000003526f0 [ 518.377472][T10893] Call Trace: [ 518.380738][T10893] [ 518.383652][T10893] qdisc_tree_reduce_backlog+0x29c/0x480 [ 518.389269][T10893] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 518.394974][T10893] sfq_init+0x1a0f/0x2530 [ 518.399294][T10893] ? __pfx_sfq_init+0x10/0x10 [ 518.403953][T10893] qdisc_create+0x7ac/0xea0 [ 518.408447][T10893] tc_modify_qdisc+0x1426/0x2010 [ 518.413381][T10893] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 518.418661][T10893] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 518.423928][T10893] rtnetlink_rcv_msg+0x779/0xb70 [ 518.428852][T10893] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 518.433947][T10893] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 518.439389][T10893] ? ref_tracker_free+0x63a/0x7d0 [ 518.444398][T10893] ? __copy_skb_header+0xa7/0x550 [ 518.449402][T10893] ? __pfx_ref_tracker_free+0x10/0x10 [ 518.454756][T10893] ? __skb_clone+0x63/0x7a0 [ 518.459243][T10893] netlink_rcv_skb+0x208/0x470 [ 518.463994][T10893] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 518.469439][T10893] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 518.474716][T10893] ? netlink_deliver_tap+0x2e/0x1b0 [ 518.479900][T10893] ? netlink_deliver_tap+0x2e/0x1b0 [ 518.485082][T10893] netlink_unicast+0x75c/0x8e0 [ 518.489835][T10893] netlink_sendmsg+0x805/0xb30 [ 518.494582][T10893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.499845][T10893] ? aa_sock_msg_perm+0xf1/0x1d0 [ 518.504763][T10893] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 518.510030][T10893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.515294][T10893] __sock_sendmsg+0x219/0x270 [ 518.519959][T10893] ____sys_sendmsg+0x505/0x830 [ 518.524705][T10893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 518.529973][T10893] ? import_iovec+0x74/0xa0 [ 518.534460][T10893] ___sys_sendmsg+0x21f/0x2a0 [ 518.539128][T10893] ? __pfx____sys_sendmsg+0x10/0x10 [ 518.544326][T10893] ? __fget_files+0x2a/0x420 [ 518.548913][T10893] ? __fget_files+0x3a0/0x420 [ 518.553580][T10893] __x64_sys_sendmsg+0x19b/0x260 [ 518.558502][T10893] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 518.563942][T10893] ? rcu_is_watching+0x15/0xb0 [ 518.568687][T10893] ? do_syscall_64+0xbe/0x3b0 [ 518.573344][T10893] do_syscall_64+0xfa/0x3b0 [ 518.577828][T10893] ? lockdep_hardirqs_on+0x9c/0x150 [ 518.583009][T10893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.589058][T10893] ? clear_bhb_loop+0x60/0xb0 [ 518.593713][T10893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.599583][T10893] RIP: 0033:0x7f6a16b8e929 [ 518.603985][T10893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.623569][T10893] RSP: 002b:00007f6a17a7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 518.631966][T10893] RAX: ffffffffffffffda RBX: 00007f6a16db5fa0 RCX: 00007f6a16b8e929 [ 518.639921][T10893] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000007 [ 518.647878][T10893] RBP: 00007f6a16c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 518.655839][T10893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.663795][T10893] R13: 0000000000000000 R14: 00007f6a16db5fa0 R15: 00007ffe43f78718 [ 518.671755][T10893] [ 518.674769][T10893] Modules linked in: [ 518.678817][T10893] ---[ end trace 0000000000000000 ]--- [ 518.684294][T10893] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 518.689682][T10893] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 0d e0 35 f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 2a e4 35 f8 85 [ 518.709394][T10893] RSP: 0018:ffffc90003dbf148 EFLAGS: 00010206 [ 518.715492][T10893] RAX: ffffffff8989d553 RBX: 00000000000001a8 RCX: 0000000000080000 [ 518.723464][T10893] RDX: ffffc9000c97b000 RSI: 0000000000000361 RDI: 0000000000000362 [ 518.731467][T10893] RBP: dffffc0000000000 R08: ffff888056631e00 R09: 0000000000000002 [ 518.739458][T10893] R10: 00000000ffffffff R11: ffffffff8989d530 R12: dffffc0000000000 [ 518.747451][T10893] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88805c2ca000 [ 518.755433][T10893] FS: 00007f6a17a7d6c0(0000) GS:ffff888125bd4000(0000) knlGS:0000000000000000 [ 518.764382][T10893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 518.770956][T10893] CR2: 0000001b2db1bff8 CR3: 000000001beb2000 CR4: 00000000003526f0 [ 518.778952][T10893] Kernel panic - not syncing: Fatal exception in interrupt [ 518.786371][T10893] Kernel Offset: disabled [ 518.790674][T10893] Rebooting in 86400 seconds..