last executing test programs: 1m48.165178034s ago: executing program 2 (id=554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x17}, @NFTA_CT_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 1m47.997261964s ago: executing program 2 (id=555): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001d0000090000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) r3 = dup2(r1, r2) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001480)={r3, 0x20, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000002200)=""/4088, 0xff8}}, 0x10) 1m47.568157383s ago: executing program 2 (id=556): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000018c0)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000d0000000100000004000000fc"]) 1m46.350864289s ago: executing program 2 (id=558): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x54, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x7, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @mptcp=@synack={0x1e, 0x10}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}]}}}}}}}}, 0x0) 8.079782273s ago: executing program 3 (id=552): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x7, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbf}]}, &(0x7f0000000300)='syzkaller\x00'}, 0x90) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff00", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240), 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {}, {0xc}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80000000}]}}]}, 0x38}}, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000880)={'syztnl0\x00', &(0x7f0000000700)={'ip6_vti0\x00', 0x0, 0x29, 0x20, 0x1, 0x3, 0x30, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7800, 0x8, 0x401, 0x80}}) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x4, 0x0, 0x5, 0x4000006, 0x200, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x3, 0xffffffff}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wg1\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001340)={'ip6tnl0\x00'}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @loopback={0xfec0ffff03000000}}) r3 = socket$inet6(0xa, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r3, 0x890b, &(0x7f0000000580)={@private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x184180046, r4}) r5 = socket$inet6(0xa, 0x3, 0x6) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r5, 0x890b, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @loopback={0xfec0ffff03000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80046, r7}) 8.05023682s ago: executing program 0 (id=676): timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_create(0x8, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000140)=0x0) timer_settime(r0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x3938700}}, &(0x7f00000000c0)) 7.795122046s ago: executing program 4 (id=678): r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) 7.612328877s ago: executing program 4 (id=679): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) 7.606386848s ago: executing program 0 (id=680): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000cc0)='./file0\x00', 0x800714, &(0x7f0000000c40)={[{@quota}]}, 0x1, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r0 = open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c668100000000000000e6bbc2ebce21aa45a7fea6180766bb"}) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:lost_found_t:s0\x00', 0x22) 7.349962497s ago: executing program 4 (id=682): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x2101) r1 = fcntl$dupfd(r0, 0x0, r0) write$tun(r1, 0x0, 0x126a) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f00000000c0)={0x80}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x0, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a5780200", 0x16, 0x0, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) ftruncate(r3, 0x20cf01) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x24, 0x0, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x24}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NBD_ATTR_SOCKETS={0x2c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8, 0x1, r1}, {0x8, 0x1, r6}, {0x8, 0x1, r3}, {0x8}]}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_BACKEND_IDENTIFIER={0xa, 0xa, 'wlan0\x00'}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x84}, 0x80) syz_emit_ethernet(0x7e, &(0x7f0000000400)=ANY=[@ANYBLOB="0180c200000000000000000086dd6002000b00482f00fe8800000000000000000000000001fe8000000000000000000000000000aa242065580004000097de000000000800000086dd080088be0000fcff0f0000000100000000000000080022eb0000704c318007b7f5e476fbaaa2aed40000200000000200000000000000000000000800655800000000"], 0x0) 7.277450329s ago: executing program 1 (id=683): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x3e, 0x0, "bd1c790806ed6dcd18899f9ea77ca9fb5184ff0ba54b7dfe784d2f6b7dcd9474d9b295588ac0b991d5c66461eca3f1ff5543acc6c970d0ad22d692e84d692972368e64c272da633a217b45fcc8b1ff3b"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340)=0x2, 0xa2) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) sendfile(r0, r1, &(0x7f0000000100), 0x100000000010001) 6.82045684s ago: executing program 3 (id=684): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303020009006000000002000020d3"]) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000280)={0x0, 0xc9, 0x7, &(0x7f0000000080)={0x0, "cde5a2021a900c5a00000000000000001f93bb8b818d46fe993c9f8bef00cdd40d"}}) r4 = socket$alg(0x26, 0x5, 0x0) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000140)={0x2, {0x2, 0x8, 0x6, 0x8, 0x1, 0x3}}) bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292", 0xc) ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000000)={0x3c40, 0x9}) r5 = accept4(r4, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000006119a0000000000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) recvmmsg(r5, &(0x7f00000051c0)=[{{0x0, 0x5, &(0x7f0000001c00)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$nl_netfilter(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000003700)=ANY=[@ANYBLOB="0003000000000000000000000000000000000000080000", @ANYBLOB="e1020080698116aedb8b20ea7c6c1ea25cebb36cb7516a143ffcbf515d9b35990799d65ed4fa083777eacc95fa2f3717c611e3c6fe1d4b847f38d0dacc9f008b92723a386b2dd3347844e021bcf5efa0a62caef6e04b6b1b9d643540e3a8fae523375efd02993336c03a1a1bf64ef9ed0ad98cc24e76e2b2f4cb4bf0fb02b4ad1c66f8c32e54a0cb9093b9d599e05e779bd684cc7706d2260a8a8c54287555094b6ad08ade2ab84cf88d0ef9342515965597c9eca65e292856ea502b09a749a8f3ea66e51b0d33dec35a77773ef419d59b4c3ca6e89835cffebd2a3886a4e26ba7f4e360d05d6eaad1f680cbdb784160890a3ea391a12000c155b0b50bd74b86937a09d67069c2343877999893989ea493f51f925ac132aab7eec297a3862434e93e1811424687bde6a777c97a8503cff06c411b865f973c2495874293fa612c3260e57c6fc930b693c94681bff0ba128341de4210b22373fba80a6dda5133339b8f435c4b1369d68ab17e15e5f4f0e397e38939f706aacfc602b84e7b6800c0407bf31cde3bad212985b4e73516dcba1abcef724ff9c3f8ebaac7bc51521a2b8b"], 0x300}}, 0x0) 6.780107275s ago: executing program 1 (id=685): epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) epoll_create1(0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) getpid() syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioperm(0x0, 0xc5de, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000001c0)=""/148) 6.603556176s ago: executing program 0 (id=686): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000000)={0xa, 0x2}) 6.015573368s ago: executing program 0 (id=687): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000410000009500000000000000e6923b33b19a35d427f5e674963c315f4be2b7f2c14e7f99b7ecff01000000000000319d4156f71df355de1e27164b045baa56262b38e43704f93ac83326571c8cb6769d69b2dab69a7a628f93ee62718c1331b374a2452f29c71f8e3e27cb5734add259f2c4045905f8a45ac0bcf500000004df5211835b93aa87b5b652adc617b8d2831beec0b5aebe7544dd0350b6121829a7e3576e9a0a486e0a97a0613343c8de3bec27990cdeb3bc92c681f68983ad2c81ef5a875b67598e7066cfd5b9a146c7204013ceb14c8297cd19aac1624b15e7526f1cf70961f9f3b48ca6de7b2fbc7a7f3e8f0d0924cb2f957bf60d51406d3a258af3d58e0380ae328a63434a74d406020076040044240835f3668a6896dbc8fcea250f4b0c297986b8acea238698327db348a9e1b45b9afec8844e0675d242a7d3acfd0ac46d85c8b23ad8279643d5e3e00a2d319873945b3d0aa8e9a54cbd1aeb90c55b295b9d6021217c70fc7cedba84dd598b53c8521f149b33cb95cae5df2ebf8b7103803aaaa8e7d68dcdfaa835bdb5a23bdbff8362d41a112604999304c1dff6f4f4f8b219b418e09cf2c060cb2f9ad957fd859564df6f6f54c4ea794102494e1d56e88c1439ea086b1acc9fbc26c315246741cb722188846b1175198f6fa467be03e9f7cff922a1c78bbb28bdf7816bb27db7e86d988213dffd7f012721f2ec81ace497eeca313214f1d8c89ec824b5907e3ab7ec1d387cffbdb4d79ccb3c2e29275da223f5fa52525145684e10798d3de43fa17513be7440bfccf3a4d0a237bf80bfd9acf1becb56eecbbce4bc4708db946b1a2f989dc6b146853fea8deab55df9eaf759ffd08ff483105220ebfbc53be6a882c1b610ba8e3ecb8a7351b43e3f77a28a689c0d0fba3b493eccb6058f647dc2ba7240"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0xf0, 0xffffffffffffffbb, 0x0, &(0x7f0000000080)="85d77444c5a569f1e21b08c0f264", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x50) 5.234708056s ago: executing program 1 (id=688): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x2000000000000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00') chdir(&(0x7f0000000140)='./bus\x00') r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)="fba59e92bf709fcb6fcf29a3a09997f163af4538391d09967c80b6e561dddf38f209b8fc10aa20aaa405a60cc2b5e91d881a8ce00a6b0b51fd112a5f0b07efe841965e4ae6cb9c2514059c1451d79e480e59a0265b3a", 0x56}, 0x1, 0x0, 0x0, 0x200440c0}, 0x4008000) syz_open_dev$tty20(0xc, 0x4, 0x1) r5 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0x0, 0xb8e]}}, 0x5c) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000000)={0x6000001c}) setsockopt$MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}}, 0x5c) 5.186875072s ago: executing program 3 (id=689): timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_create(0x8, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000140)=0x0) timer_settime(r0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x3938700}}, &(0x7f00000000c0)) 5.126125505s ago: executing program 4 (id=690): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890c, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0xa, 0x0, @remote}, {0xa, 0x0, @private}}) 4.770786649s ago: executing program 0 (id=691): fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) syz_mount_image$ext4(&(0x7f0000000f40)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0xa0400, &(0x7f0000001500)={[{@bh}, {@minixdf}, {@discard}, {@nomblk_io_submit}, {@dax}, {@orlov}]}, 0x0, 0x50e, &(0x7f0000000f80)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv82w7s/PMTGcCOLFuZNPzNE0vRsRIVp7LpnP1zEbE2Yh49vTBTH1KIk1v/T2JJCtrrStteCuGmos0VvDVL0V8I9kZt7q2vjhdLpdWsnyxtnSnWF1bv7SwND1fmi8tT05OXJ26NnVlavxVujc3lCXORMT1L/z5e9/+yRev/+Iz9/5w+68Xvpk02/wwtvXjA+rfrbLZ9Xyc2lJW/y5XDhjsKGp9AY2+Du5vmUfZPxEAAA5X/Zj/QxHxyUZ6JPp2P5wFAAAA3kDp54bjv0nr2t0OAx3KAQAAgDdILiKGI8kVsvt9hyOXKxSicQ/vR+J0rlyp1j49V1ldnq3XRYxGPje3UC6NZ/cKj0Y+qecnGukX+cvb8pMR8U5EfHdksJEvzFTKs70++QEAAAAnxNC28f+/RprjfwAAAOCYGe11AwAAAIDXzvgfAAAAjj/jfwAAADjWvnzzZn1KW++/nr27trpYuXtptlRdLCytzhRmKit3CvOVynzjmX1Lu65s89WBy6v3i7VStVasrq3fXqqsLtduL7z0CmwAAADgEL3z/uPfJRGx8dnBxlQ3sKX+P9l7AnrWQOC12TxlF0k2H9j5od+/3Zz/6ZAaBRyKvl43AOiZ/l43AOiZfK8bAPRcskd9x5t3fp3NP9Hd9gAAAN039rHO1/9zuy65sXs1cOTZiOHkcv0fTq7G9f82t/y15WABjpW8IwA48V75+v+e/B8iAADoteHGlOQK2em94cjlCoWIM43XAuSTuYVyaTwi3o6I347k36rnJxpLJnuOGQAAAAAAAAAAAAAAAAAAAAAAAACApjRNIgUAAACOtYjcX5JfNp/lPzZyfnj7+YGB5N8jkb0i9N4Pb33//nSttjJRL//HZnntB1n55V6cwQAAAAC2a43TW+N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOimZ08fzLSmw4z7t89HxGi7+P1xqjE/FfmIOP3PJPq3LJdERF8X4m88ioiPtouf1Ju1GbJd/MHXHz9Gs2+hXfyhLsSHk+xxff9zo932l4uzjXn77a8/4qX8QXXe/8Xm/q+vw/Z/Zp8x3n3ys2LH+I8i3u1vv/9pxU86xD+3z/hf/9r6eqe69EcRY21/f5KXYhVrS3eK1bX1SwtL0/Ol+dLy5OTE1alrU1emxotzC+VS9mfbGN/5+M+f79b/0x3ij+7R//P77P//ntx/+uFmMt8u/oVzbeL/6sfZJ3bGz2W/fZ/K0vX6sVZ6o5ne6r2f/ua93fo/26H/e/39X9hn/y9+5Vt/3OdHAYBDUF1bX5wul0srxzZRH6UfgWZIHMHEw51V78eBV5imaVrfpl6hYcnBo3cnkWyW9HrPBAAAdNuLo/9etwQAAAAAAAAAAAAAAAAAAABOrsN4rtj2mBubqaQbj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiK/wcAAP//uhLpdQ==") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB='user_xattr,nouser_xattr,noacl,\x00\x00\x00\x00\x00\x00\x00'], 0x3, 0x1b1, &(0x7f0000000380)="$eJzsmM1LG0EYxp+Z3WxIT+21FFpooOmhm91NWwql0Jxy6KXQD/EiBrOG6MZIsgcTEOLRk3+Df4J4Fw9evQleVRC8ePS8MrOjOxrzISRB8P0d3jwz82Y+3t08AwFBEM+Ws9Ork/XN81cc6GaQRVr1XxhJDtfymzu/cm8OS+7e3MH3493S0f353gGIotHXF3PvFw2Eqh1Fd7+dVZ9/wZFFRup/4Pio+mfAYCs9D47/SvtgmFV6SdMNkW/bi7XAtxcaQUUIRwRXBE+Egr6+CeByg6Gi7Y9p4612Z7kcBH6zV1j9hx4nBtVP7q/I8QOI1COL9Od1UxtH1i/GBYerdAEMf5T+hrSqDe85/2szOb8x2vnHKVLi1RuUszW51U1M4YAkhgh0Y5FGMsSn9fpNRojfzxPYxoRE4h/RNsMHzT9NzT/yYX31Z6vd+VSrl6t+1V/xvMJX57PjfPHy0pvjOMD/MtKfXmjzp/rkWszCWjkMm24cb9teHB9yXEv6H0fufdxmqk9H3gcvmbj6kDNUmyAIgiAIgiAIgiAIgiAIYuy8BZP/gg7B+y2zrwMAAP//Ub9tHw==") bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="0a000000010001", 0x7) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000540), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000f40)=ANY=[@ANYBLOB="696f636861727365743d617363696900f1652c696f1e716b917365743d757466382c6e6f7672732c74000020acdc6ccf12fc2289215e4cf0690f9e7a280306dca93a9e0c471dcca261ecbfef7d2c689c923248fa9b4088a7ae1c236c0610e0d94663276aaad729233c1b8662d91bda299ad42d27bce2aaf403b00e01f9b18db781ff3c0e179108254e55b32dbedc4116bf5bf3179d05c6725190d783d5d996242d8e14ddb0d65017e6819f0264081c08d474216c5976e81757a9521f170a4fda7988bef80456155b5c7874a0806025ff017cc12aa9f4022ffb459047d400b694f592011b0a434741ebe55eb13ee21c2b4d6012211be0be85440646438465f71ba617c3cdf70e2436ac56ee186c66dff01181bf5bbecb2b386676fa6691ca7ad5276878e264f82cbcb33e48949bb7a132bbbe11cb4a7f2f0eb6fe1744f39baab9cd2eefc26500d0fc199810cd3dfdde4a37ef0bdc0d0f72baa7093d5e8e02f9f68e6d0d6ec9f15247880affc233ffcd9fb5168e62a3eeae33a1058afc2fff1216bcb998bc736307324ab146be1c2e5df28280b4e33e69c89f28e0ed16a470d41354698bf8bcfb0facce28c75ef863bf59210be9d4b1d2c2b623ec67e408fc872f5bef51c9d8d41f45b0cd1ff0787c29a4e0eb2ca772757e5f40a8c1988b514214217b5aa93f3f92d0db4a8b05364e5c5fe1692519d7e25ea9f3e40724b5de8e1649946162d3e77c09530e4277d5a392f5e2ac0493dc8fc120618c1166b24d865240c27551a349cc001ae3a56e522b1b3e4a2045075dff6f9514b24a000000000000000000", @ANYRESOCT, @ANYBLOB="0700000000000000bfd2696e6963622c7569643da02afa50cfaf7ef0b1136bb846c3dca93e00005965802071679add0000000000000000d1c3122f42ea96037a96b9522cba05114b1d06b523f39b61b9cf307b30998e0bf0d34de32a48605911737fe408577290a186e912c59fd4492df747f495da7617c456798a622dae5e5631a46fe76111dc37855e0295a34c646f4c3e54f149b16b056083c35865aa5d932539f0b4c9d952c2306bd4d41812d8d8f95b8eefb320bdfe0b82196d0208cd4a08f03410cf89160f62f28c8b77a10455ab7f06978896198c9c078dc983a02f769dc808dbe3c9443d0eb3ef9330d01d5d26e6672da4fcf4493833090c0dd12f35385f05c649716b76aada5a024358fe914c7fc1220b0bfb1a7ee91dab5cadd65fac8166ff005a56364fa5f4dcc9de1e0d78c5a30c57ba77ab113069b628ff5855abb3d1859bfcf71df7b1f734216f68479dee950c61b5177edafdb456f31e7365a6e26635d25fc2b7f38bf798d0ba69b1c871ea1a2c1c59a9ff24095410e61080ebd36bed60cb9438b9602aa1d46de30be0924278c8ca4acb4351f5221dfe3c2daceb15ebed45f3b477a42a53dbd58d1c2a4236a3f3a0ca0553a66645e00322bdbb29746c2bcd58f9e6fce46d46559d3865971a2cdec16fee7632907ac72cef45f95b74dcea95dfda5c83eb34385bc0b707639752eb7b0ede35acb809a2883236681ed543ab7fbff198511bcbf4df8ae460a958e4204f0500bf23676dfb0d8b7075219e8b79ede316e583cf69475f0d583ca73f62d019d49166605880d233eb3940327e265ecaf15fe74ab31a5f8f253de901881791e7589a9252b9", @ANYRES64, @ANYRESHEX], 0x9, 0xc56, &(0x7f0000001bc0)="$eJzs3U9sHNd9B/DfGy3FldzWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spC3TSw89BC2KHnIpgdYokKKB0RRBj0zrAsnFhyKnntgWNoKiB7YIEKBAwGJm34pLirRlkZQo+fOxqe/szHsz782sZ2RBb14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG/9fKFk6fSNhsOPYDGAAD3xaWxL588vd3zHwB4ZF3e6f//AQAAAAAAAAAAAACAgyJFEU9EirlLa2mi+txRv9juu3lrfHhk+2pHUlXzUFW+/KmfOn3m7BeeHzrXzYvtmfepv9c+Fa+OXb7QeGn2xtz81MLC1GRjfKZ9dXZy6q73sNv6Ww1WJ6Bx47Wbk9euLTROP3dm0+ZbA+/1P3Zs4PzQMyee7pYdHx4ZGdsoUu8tX7vnhnTsNMLjcBRxIlI8+50fp1ZEFLH7c1G/v9d+qyNVJwarTowPj1QdmW63ZhbLjaPdE1FENHoqNbvnaPtrEbW++9qHnTUjlsrmlw0eLLs3Nteab12ZnmqMtuYX24vt2ZnR1Glt2Z9GFHEuRSxHxGr/nbvriyJqkeJbj6+lK/mtH9V5+Hw1MHjndhT72Me7ULaz0RexXDwE1+wA648iXokUP3n7eFzN95nqXvO5iFfK/F7Em2W+GJHKL8bZiHe3+R7xcKpFEX9SXv/za2myuh907ysXv9L40sy12Z6y3fvKh3w+3HGneEDPhyNb8v444PemehTRqu74a+nef7MDAAAAAAAAAAAAAAAAwF47EkV8MlK8/K+/V40rjmpc+uPnh3574Od7x4w/9QH7Kcs+FxFLxd2NyT2cBwaOptGUdhxL/Kf/vunjARkz9yipRxG/n8f/feNBNwYAAAAAAAAAAAAAAAAAAOAjrYgfRYoX3jmelqN3TvH2zPXG5daV6c6ssN25f7tzpq+vr683UiebOSdyLuVczrmSczVnFLl+zmbOiZxLOZdzruRczRmHcv2czZwTOZdyLudcybmaM2q5fs5mzomcSzmXc67kXM3pPQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHuviCJ+Fim++bW1FCkimhET0cmV/gfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg1J+K+G6kaPxO8/a6WkSk6t+O4+UvZ6N5uMyPR3OozBejeSFnq8pa8xsPoP3sTl8q4oeRor/+1u0Lnq9/X+fT7a9BvPn1jU+fqnXyUHfjwHv9jx17/PzQyGee2mk5bdeAwYvtmZu3GuPDIyNjPatr+egf71k3kI9b7E3XiYiF1994rTU9PTV/7wvlV2AX1R+ihVT7qPTUQrUQtQPRjAfT903qD+oGxb4qn//vRopff+ffug/8zvO/Hj/X+XT7CR8//YOItNJZfmHrju7y+V/bWi8//8tn+nbP/yd61r2QfzfSV4uoL96Y6zsWUV94/Y0T7Rut61PXp2bOnjz5xaGhL5452Xc4on6tPT3Vs7Q35wsAAAAAAAAAAAAAAADgvklF/GakaP1wLTUi4lY1Xmvg/NAzJ54+FIeq8Vabxm2/Onb5QuOl2Rtz81MLC1OTjfGZ9tXZyam7PVy9Gu41PjyyL535QEf2uf1H6i/Nzr0+377+u4vbbj9av3BlYXG+dXX7zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/vL5UxH9EiqtnG+mzeV0e/791hP+m8f9LW3e0h+P/P3N0Y/zfx3qKlsdMqYifRopf+7On4rNVO4/GHecsl/vrSDF47tO5XBwuy3Xb0HmvQGdkYFn2fyLF3/9sc9nueMgnNsqe+lAn9yFQXv/HI8V3//jb8ct53eb3P2x//Y9u3dE+vf/hyZ51Rze9r2DXXSdf/xOR4sUn3opfqdb83/u+/6P77o3jncIb7+fYp+v/iz3rBvJxf3WvOg8AAAAAAAAAAPAQ60tF/E2k+P5ILT2f193N3/+b3Lqjffr7X5/oWTe5N/MVfeDCrk8qAAAAABwQfamIH0WK64tv3R5DvXn8d8/4z9/YGP85nLZsrf6c7xeq9wbs5Z//9RrIx53YfbcBAAAAAAAAAAAAAAAAAADgQEmpiOfzfOoT3bd97jCf+kqkePm/nq3KpUjHynLdeeAHql/rl2ZnTlyYnp6tx2LryvRUY2yudXWqrPtkpFj7q0/nukU1v3p3vvnOHO8bc7HPR4qRv+2W7czF3p2b/MmNsqfKsh+LFP/5d5vL5qmp89zRVdnTZdm/iBRf/cftyx7bKHumLPvtSPGDrza6ZY+WZbvvR/3ERtnnrq6vr//h3l8WAAAAAAAAAAAAAAAAAAAAPmL6UhF/FCn++8ZyHsu/3t/dlLPWLfvm13vm+9/iVjXP/0A1//+tv4yI7nLP+nuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHU4oi3ogUc5fW0kp/+bmjfrE9c/PW+PDI9tWOpKrmoap8+VM/dfrM2S88P3Sum+9ff699Ml4du3yh8dLsjbn5qYWFqcnG+Ez76uzk1F3vYbf1txqsTkDjxms3J69dW2icfu7Mps23Bt7rf+zYwPmhZ0483S07PjwyMtZTptZ3z0e/Q9ph/eEo4s8jxbPf+XH6fn9EEbs/Fx/w3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RfbgWu9KMWCqbXzZ4sOze2FxrvnVleqox2ppfbC+2Z2dGU6e1ZX8aUcS5FLEcEav9d+6uL4p4LVJ86/G19E/9EYe65+Hzl8a+fPL0zu0o9rGPd6FsZ6MvYrl4CK7ZAdYfRfxDpPjJ28fjn/sjatH5ic9FvFLm9yLejM71TuUX42zEu9t8j3g41aKI/y2v//m19HZ/eT/o3lcufqXxpZlrsz1lu/eVh/75cD8d8HtTPYr4QXXHX0v/4r9rAAAAAAAAAAAAAAAAgAOkiF+KFC+8czxV44Nvjyluz1xvXG5dme4M6+uO/euOmV5fX19vpE42c07kXMq5nHMl52rOKHL9nM0y6+vrE/nzUs7lnCs5V3PGoVw/ZzPnRM6lnMs5V3Ku5oxarp+zmXMi51LO5ZwrOVdzxgEZuwcAAAAAAAAAAAAAAAAAADxaiuqfFN/82lpa7+/MLz0RnVwxH+gj7/8DAAD//6hz/pQ=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) 4.691530131s ago: executing program 3 (id=692): syz_mount_image$bfs(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000400)=ANY=[], 0x4, 0xb1, &(0x7f0000000400)="$eJzs1zFqwmAYBuC3oW3aJT1Ah94gd+hRSsd261Rx8ELunsIjCB7AwU1cIjExZHYwIM8DCby8/wff+P/r4/I9VdK85awZ+fuf/Xz9tv9VBs/hjhRJyiQvbai6vPvsuoe+3+zn35dvNPo40coAAMCVitRJXvubfhZF6rprtsOZj/YtcOjD02i4vOmqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJM4BQAA//8fTCFM") mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) unlink(&(0x7f0000000300)='./file0\x00') 3.630370387s ago: executing program 4 (id=693): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x188, 0x0, 0x321, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x15d, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @random="90e488f9971a", {}, @value}, 0x0, @random, 0x0, @void, @void, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x0, 0x0, 0xb06}}, [{0xdd, 0x3b, "2d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777e6282b58e524"}, {0xdd, 0x5d, "eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76"}, {0xdd, 0x6, "4f2a899e94bc"}, {0xdd, 0x65, "5dad8ac12f96664d51c30bd3379c2d305630cd93fec0b4249d429b451f52399f26b866650e0e9464949a974045190fa9251c8b6aacda7ecc351ee9cb5512364284512cf7643040ee1f52573ed7bb7527b9a86fc2f33bffce71947a0f29cfb9ac7bd9e7642c"}, {0xdd, 0x6, "83534cd40fda"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x188}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000080)={0x0, 0xea60}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000003100)={@ifindex, 0xffffffffffffffff, 0x11, 0x10, 0xffffffffffffffff, @prog_fd}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x6e, 0x1, 0x2fb, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x80, 0x800, 0xe5b}}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081780000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afc0513466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea01d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a07f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a126a1bdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0d5d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f10bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d00b07862c4fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52c094016406cdd32abf77fea373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515dca8811922929e08538fab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f57cbc05cd897f40693ec427ea71578130cde48de3b4dda0c7b615b57ccd4f8ac729a80f891d91a89d967948b9d95b1f22480ab48969e86b854a8c17f3e264ce11f9f63552364e759eec94572f2f7b0e2f293573d0b80709815f4344f908c00"/2644], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x1, 0xffffffff}}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}]}}, &(0x7f0000000740)=""/105, 0x42, 0x69, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r8, 0x0, 0x14, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000240)="482eadffffffffffff", 0x0}, 0x50) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @multicast}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff0180c2000b0086dd6012000800383a00fc010000000000000000000000000000ff0200000000000000000000000000010100007800000000600ad91500002c00ff010000000000000000000000000001fe8000000000000000000000000000040000009000000000"], 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00e7ff0000000000140003007465616d5f736c6176655f300000000008000a"], 0x3c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x9, 0x1002, &(0x7f00000004c0)=""/4098}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) 3.576270197s ago: executing program 1 (id=694): fsopen(&(0x7f0000000080)='sysfs\x00', 0x0) r0 = gettid() syz_pidfd_open(r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x3, 0xfff, 0x6}, 0x48) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000c40)={0x0, ""/256, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f00000005c0)=r3) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x7, 0x4, 0x4c8, 0x0, 0x0, 0x0, 0x3e0, 0x3e0, 0x3e0, 0x4, 0x0, {[{{@arp={@broadcast, @loopback, 0x0, 0x0, 0x0, 0x0, {@mac=@remote}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'vlan1\x00', 'xfrm0\x00'}, 0xc0, 0x111}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @multicast1}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6_vti0\x00', 'veth0_to_hsr\x00'}, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:userio_device_t:s0\x00'}}}, {{@arp={@rand_addr, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'ip6erspan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x518) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="0600000000000000000000000000000018119a00", @ANYRES32=r2, @ANYBLOB="000000007b8af8ff00000000bfa2000000000000070200005e08000000b704000000000000850000000100000095088bddf1126254cd492c68b628c440b8a61b2a7012929685c70239000000000000004127b0d7cbadafaa5f7cae221c68970b528678acbe111a57541d6d0f551f5f7c3ca937f029bc0451a8ab1a2d64e96a69ee6a1cda90be0023ccb6f1b4dda5974cc352f6ea02f619586d74a762df5b444a02ff00008811e1ffb90fb00eb48ac6b4a54d100b5b10cbb86724bab5dc63d0f41cda640d907bd35f3c90b35c20a10fe10626d80000000000000000000000b57b000975ba0ed5b18a9ef5df976fe7c17f2f82fca445a9df00000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000580)='scsi_dispatch_cmd_start\x00', r5}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x0, 0x3}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r7, &(0x7f00000003c0)={&(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0x4}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0xb6}, {&(0x7f0000000300)='S', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0x17}], 0x4, 0x0, 0x0, 0x8010}, 0x0) sendmsg$tipc(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x881}, 0x0) sendmmsg(r8, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000181100003df6caff7ab91df10b3614bab7d9bc9946999ed851e641a99931c5600694f1ff50f7ccbcf943baf6d1c1ffc980ed70b8748db2fe6bad541c4c0781bfcec0483e3457d281fc45c23d092bf194035b6390814267bd61c0dfa9bfbb2a51255b68719606825a017aaea4de64aa1ed5fefe838eef9d8ab19c4baaea98", @ANYRES32=r9, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r10}, 0x10) dup2(r8, r7) setsockopt$sock_attach_bpf(r7, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmsg$tipc(r8, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r11 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r11, 0x10f, 0x88) 3.354784702s ago: executing program 2 (id=567): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x4008400, &(0x7f0000000240)=ANY=[@ANYRES8=0x0], 0x1, 0x280, &(0x7f0000000800)="$eJzs3U9LY1cYB+A3JjVRKMmiIC2FpnTTlail+0ixUBpoacmiXVVqpMVYQUGoC3Vn+x3ar9DuZrYDs5DZzhcYBgZnYDY6KxcDGeJNTOJkIpkx3sF5no0v556f59w/3Jss7skvH6+vrWxsrZ6cHEWhkIlcJSpxmolSTEQ2EvsBANwkp81mHDcTac8FALgenv8A8O4Z8Pyf6GzL7J+3fZ/O7ACAcXij7/8TY5kSADBmP/7087eL1erSD+VyIWL9YLu2XUv+JtsXV+P3aEQ95qIYzyOa55L662+qS3PllselKKzvtfN727Vsf34+ilEanJ8vJ6LWm38vptv5B9NRj4XDTHwwOL8wMD8Zn3/WM/5sFOP+r7ERjViJVvYsf/YJZne+XP7qu+qFfP6sX6/CtZ8dAAAAAAAAAAAAAAAAAAAAAABuqtlyR2d1m/71e2a7HUr96+MkvbvrA+WLU0PXB7q4Pk8uPsqlt98AAAAAAAAAAAAAAAAAAADwNtn6c2dtudGobw4r/rj3392jfBJYbnTe2r8sNbDItMOjpQ5ea6zhxfufPvrn4qZc7KzlRz8+V1vc+SSFQeubkRsldXj024dfbM18+ao+kett+bt1ufT1aV1IA/5zblwH/GkxYkyH7v9OUXn2Up/OxVTfnErjnPYWM/9Wlm/vPnzSbsnGJakhN41m9upvRAAAAAAAAAAAAAAAAAAAQM/r1mnPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS0/39/1GLfDRu/dVtKfT1mTwf4LiZ6v4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDLiwAAAP//VTSQKA==") io_setup(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000f40)={0x2, &(0x7f0000000f00)=[{0x54}, {0x6}]}) io_cancel(0x0, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000780)='./file1\x00') syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40106614, &(0x7f0000000000)=@v2={0x2, @aes256, 0xc9909dd62b63868f, '\x00', @c}) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x4) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="ed9c00000000000000003900000008000300", @ANYRES32=r5, @ANYBLOB="18005a80140000800500010002"], 0x34}}, 0x0) unshare(0x60400) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x9, 0x2, 0x9, 0x42}, 0x48) 3.296064623s ago: executing program 3 (id=695): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000000), 0x4) syz_open_procfs(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.120773597s ago: executing program 1 (id=696): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000000)={0xa, 0x2}) 621.532625ms ago: executing program 1 (id=697): epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) epoll_create1(0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) getpid() syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioperm(0x0, 0xc5de, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000001c0)=""/148) 492.400108ms ago: executing program 0 (id=698): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x0, 0x7, 0x201, 0x0, 0x0, {}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x28}}, 0x0) 397.215385ms ago: executing program 4 (id=699): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303020009006000000002000020d3"]) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000280)={0x0, 0xc9, 0x7, &(0x7f0000000080)={0x0, "cde5a2021a900c5a00000000000000001f93bb8b818d46fe993c9f8bef00cdd40d"}}) r4 = socket$alg(0x26, 0x5, 0x0) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000140)={0x2, {0x2, 0x8, 0x6, 0x8, 0x1, 0x3}}) bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292", 0xc) ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000000)={0x3c40, 0x9}) r5 = accept4(r4, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000006119a0000000000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) recvmmsg(r5, &(0x7f00000051c0)=[{{0x0, 0x5, &(0x7f0000001c00)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$nl_netfilter(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000003700)=ANY=[@ANYBLOB="0003000000000000000000000000000000000000080000", @ANYBLOB="e1020080698116aedb8b20ea7c6c1ea25cebb36cb7516a143ffcbf515d9b35990799d65ed4fa083777eacc95fa2f3717c611e3c6fe1d4b847f38d0dacc9f008b92723a386b2dd3347844e021bcf5efa0a62caef6e04b6b1b9d643540e3a8fae523375efd02993336c03a1a1bf64ef9ed0ad98cc24e76e2b2f4cb4bf0fb02b4ad1c66f8c32e54a0cb9093b9d599e05e779bd684cc7706d2260a8a8c54287555094b6ad08ade2ab84cf88d0ef9342515965597c9eca65e292856ea502b09a749a8f3ea66e51b0d33dec35a77773ef419d59b4c3ca6e89835cffebd2a3886a4e26ba7f4e360d05d6eaad1f680cbdb784160890a3ea391a12000c155b0b50bd74b86937a09d67069c2343877999893989ea493f51f925ac132aab7eec297a3862434e93e1811424687bde6a777c97a8503cff06c411b865f973c2495874293fa612c3260e57c6fc930b693c94681bff0ba128341de4210b22373fba80a6dda5133339b8f435c4b1369d68ab17e15e5f4f0e397e38939f706aacfc602b84e7b6800c0407bf31cde3bad212985b4e73516dcba1abcef724ff9c3f8ebaac7bc51521a2b8b"], 0x300}}, 0x0) 284.24578ms ago: executing program 3 (id=700): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000410000009500000000000000e6923b33b19a35d427f5e674963c315f4be2b7f2c14e7f99b7ecff01000000000000319d4156f71df355de1e27164b045baa56262b38e43704f93ac83326571c8cb6769d69b2dab69a7a628f93ee62718c1331b374a2452f29c71f8e3e27cb5734add259f2c4045905f8a45ac0bcf500000004df5211835b93aa87b5b652adc617b8d2831beec0b5aebe7544dd0350b6121829a7e3576e9a0a486e0a97a0613343c8de3bec27990cdeb3bc92c681f68983ad2c81ef5a875b67598e7066cfd5b9a146c7204013ceb14c8297cd19aac1624b15e7526f1cf70961f9f3b48ca6de7b2fbc7a7f3e8f0d0924cb2f957bf60d51406d3a258af3d58e0380ae328a63434a74d406020076040044240835f3668a6896dbc8fcea250f4b0c297986b8acea238698327db348a9e1b45b9afec8844e0675d242a7d3acfd0ac46d85c8b23ad8279643d5e3e00a2d319873945b3d0aa8e9a54cbd1aeb90c55b295b9d6021217c70fc7cedba84dd598b53c8521f149b33cb95cae5df2ebf8b7103803aaaa8e7d68dcdfaa835bdb5a23bdbff8362d41a112604999304c1dff6f4f4f8b219b418e09cf2c060cb2f9ad957fd859564df6f6f54c4ea794102494e1d56e88c1439ea086b1acc9fbc26c315246741cb722188846b1175198f6fa467be03e9f7cff922a1c78bbb28bdf7816bb27db7e86d988213dffd7f012721f2ec81ace497eeca313214f1d8c89ec824b5907e3ab7ec1d387cffbdb4d79ccb3c2e29275da223f5fa52525145684e10798d3de43fa17513be7440bfccf3a4d0a237bf80bfd9acf1becb56eecbbce4bc4708db946b1a2f989dc6b146853fea8deab55df9eaf759ffd08ff483105220ebfbc53be6a882c1b610ba8e3ecb8a7351b43e3f77a28a689c0d0fba3b493eccb6058f647dc2ba7240"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0xf0, 0xffffffffffffffbb, 0x0, &(0x7f0000000080)="85d77444c5a569f1e21b08c0f264", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x50) 0s ago: executing program 2 (id=701): timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_create(0x8, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000140)=0x0) timer_settime(r0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x3938700}}, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): 1778][ T5190] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.614117][ T5190] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.636153][ T5145] usb 1-1: string descriptor 0 read error: -71 [ 177.672815][ T5190] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.700440][ T5145] usb 1-1: USB disconnect, device number 3 [ 177.749077][ T5190] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 177.840836][ T5190] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.893780][ T5190] usb 5-1: Product: syz [ 177.927660][ T5190] usb 5-1: Manufacturer: syz [ 177.932335][ T5190] usb 5-1: SerialNumber: syz [ 177.990563][ T5190] usb 5-1: selecting invalid altsetting 1 [ 180.448927][ T5190] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 180.455200][ T5190] cdc_ncm 5-1:1.0: bind() failure [ 180.689127][ T5190] usb 5-1: USB disconnect, device number 4 [ 181.010143][ T6094] netlink: 'syz.0.335': attribute type 1 has an invalid length. [ 181.132814][ T6097] input: syz1 as /devices/virtual/input/input5 [ 181.222531][ T29] audit: type=1400 audit(1719387336.377:341): avc: denied { read } for pid=4519 comm="acpid" name="event4" dev="devtmpfs" ino=2379 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 181.344418][ T29] audit: type=1400 audit(1719387336.377:342): avc: denied { open } for pid=4519 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2379 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 181.735308][ T29] audit: type=1400 audit(1719387336.377:343): avc: denied { ioctl } for pid=4519 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2379 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 183.122224][ T29] audit: type=1804 audit(1719387336.477:344): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.339" name="/root/syzkaller.cEXrQ9/68/file0" dev="sda1" ino=1958 res=1 errno=0 [ 183.414793][ T29] audit: type=1400 audit(1719387336.787:345): avc: denied { read } for pid=6102 comm="syz.0.341" name="/" dev="configfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 183.559468][ T6104] bond1 (unregistering): Released all slaves [ 183.664068][ T29] audit: type=1400 audit(1719387336.787:346): avc: denied { open } for pid=6102 comm="syz.0.341" path="/root/syzkaller.RFyPE8/69/file0" dev="configfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 184.310107][ T6116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.344'. [ 184.366444][ T29] audit: type=1400 audit(1719387339.437:347): avc: denied { ioctl } for pid=6115 comm="syz.2.344" path="socket:[9802]" dev="sockfs" ino=9802 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 184.501330][ T29] audit: type=1400 audit(1719387339.617:348): avc: denied { create } for pid=6111 comm="syz.0.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 184.527265][ T6116] team0: entered promiscuous mode [ 184.557371][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.572509][ T6116] team_slave_0: entered promiscuous mode [ 184.575582][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.593934][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.601984][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.608039][ T6116] team_slave_1: entered promiscuous mode [ 184.619305][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.652212][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.676283][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.704530][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.724785][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.729319][ T6122] team_slave_0: entered allmulticast mode [ 184.745322][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.765616][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.786466][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.806516][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.815428][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.826523][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.842165][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.859376][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 184.882415][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.902316][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.917852][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.937022][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 184.939763][ T6122] team0: Port device team_slave_0 removed [ 184.979969][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.000183][ T6115] team0: left promiscuous mode [ 185.005007][ T6115] team_slave_1: left promiscuous mode [ 185.011227][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.027790][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.035852][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.058238][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.071627][ T8] usb 2-1: config 0 has an invalid descriptor of length 159, skipping remainder of the config [ 185.098399][ T8] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 184, using maximum allowed: 30 [ 185.112050][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.141742][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.152529][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 184 [ 185.177858][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.185313][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.213673][ T8] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 185.237270][ T6127] loop3: detected capacity change from 0 to 8192 [ 185.246397][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.271108][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.283003][ T6127] loop3: p2 p3 p4 [ 185.297844][ T6127] loop3: p2 start 452985600 is beyond EOD, truncated [ 185.304856][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.307727][ T6127] loop3: p3 start 4177527808 is beyond EOD, truncated [ 185.337981][ T8] usb 2-1: config 0 descriptor?? [ 185.350203][ T5190] hid-generic 0000:04AD:0000.0004: unknown main item tag 0x0 [ 185.351810][ T6127] loop3: p4 size 3599499392 extends beyond EOD, truncated [ 185.391201][ T5190] hid-generic 0000:04AD:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 185.453335][ T6131] loop0: detected capacity change from 0 to 128 [ 185.489266][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 185.563642][ T6131] UDF-fs: error (device loop0): udf_read_inode: (ino 93) failed !bh [ 185.581068][ T6131] UDF-fs: Scanning with blocksize 512 failed [ 185.603693][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 185.645184][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 185.675665][ T6131] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 185.716609][ T6131] UDF-fs: Scanning with blocksize 1024 failed [ 185.760222][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 185.780570][ T29] audit: type=1400 audit(1719387340.937:349): avc: denied { bind } for pid=6137 comm="syz.3.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 185.813945][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 185.837652][ T29] audit: type=1400 audit(1719387340.937:350): avc: denied { listen } for pid=6137 comm="syz.3.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 185.868357][ T6131] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 185.876049][ T6131] UDF-fs: Scanning with blocksize 2048 failed [ 185.902847][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 185.954284][ T6131] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 185.973499][ T6131] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 185.984582][ T6131] UDF-fs: Scanning with blocksize 4096 failed [ 185.996600][ T6131] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 186.001622][ T8] usb 2-1: string descriptor 0 read error: -71 [ 186.041644][ T5696] udevd[5696]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 186.091587][ T8] usb 2-1: USB disconnect, device number 2 [ 186.281489][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 186.281511][ T29] audit: type=1400 audit(1719387341.437:358): avc: denied { create } for pid=6147 comm="syz.3.356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 186.778376][ T5101] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 186.785282][ T53] Bluetooth: hci5: command 0x1003 tx timeout [ 187.321659][ T6151] loop0: detected capacity change from 0 to 1024 [ 189.125584][ T6168] loop2: detected capacity change from 0 to 256 [ 189.350141][ T6168] FAT-fs (loop2): invalid media value (0x29) [ 189.357475][ T6168] FAT-fs (loop2): Can't find a valid FAT filesystem [ 189.771717][ T29] audit: type=1400 audit(1719387344.927:359): avc: denied { mounton } for pid=6174 comm="syz.3.366" path="/root/syzkaller.LR5CPM/76/file0" dev="sda1" ino=1953 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 189.835986][ T6177] loop4: detected capacity change from 0 to 512 [ 189.920292][ T6177] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.933749][ T6177] ext4 filesystem being mounted at /root/syzkaller.hEARAL/74/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 190.317784][ T6186] netlink: 'syz.0.370': attribute type 5 has an invalid length. [ 190.345026][ T6187] bridge0: port 3(syz_tun) entered blocking state [ 190.353898][ T6187] bridge0: port 3(syz_tun) entered disabled state [ 190.361486][ T6187] syz_tun: entered allmulticast mode [ 190.370740][ T6187] syz_tun: entered promiscuous mode [ 190.379127][ T6187] bridge0: port 3(syz_tun) entered blocking state [ 190.386314][ T6187] bridge0: port 3(syz_tun) entered forwarding state [ 190.407652][ T29] audit: type=1400 audit(1719387345.547:360): avc: denied { write } for pid=6176 comm="syz.4.368" name="001" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 190.537931][ T29] audit: type=1400 audit(1719387345.627:361): avc: denied { write } for pid=6176 comm="syz.4.368" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 190.591192][ T29] audit: type=1400 audit(1719387345.627:362): avc: denied { add_name } for pid=6176 comm="syz.4.368" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 190.611436][ C0] vkms_vblank_simulate: vblank timer overrun [ 190.824671][ T5093] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.840609][ T6192] veth0_vlan: entered allmulticast mode [ 190.919384][ T29] audit: type=1400 audit(1719387346.077:363): avc: denied { execute } for pid=6193 comm="syz.3.373" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1057 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 190.943849][ C0] vkms_vblank_simulate: vblank timer overrun [ 192.170959][ T6192] netlink: 36 bytes leftover after parsing attributes in process `syz.0.372'. [ 192.269966][ T6208] loop3: detected capacity change from 0 to 16 [ 192.325572][ T6208] erofs: (device loop3): mounted with root inode @ nid 36. [ 192.902019][ T29] audit: type=1400 audit(1719387348.057:364): avc: denied { read } for pid=6200 comm="syz.4.374" name="/" dev="configfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 193.089975][ T29] audit: type=1400 audit(1719387348.057:365): avc: denied { open } for pid=6200 comm="syz.4.374" path="/root/syzkaller.hEARAL/75/file0" dev="configfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 193.245000][ T6213] loop3: detected capacity change from 0 to 1024 [ 193.367397][ T6217] loop2: detected capacity change from 0 to 512 [ 193.456732][ T6217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.479921][ T6217] ext4 filesystem being mounted at /root/syzkaller.mYRnf7/73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.497160][ T6221] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-þ~vÉÎóô0>÷[鹫Â^½G…n$‹µ¢x’þÿÝi’¼z [ 193.624681][ T29] audit: type=1400 audit(1719387348.737:366): avc: denied { create } for pid=6216 comm="syz.2.380" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 193.645131][ C1] vkms_vblank_simulate: vblank timer overrun [ 193.664583][ T6217] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.380: corrupted inode contents [ 193.784183][ T6217] EXT4-fs error (device loop2): ext4_dirty_inode:5935: inode #2: comm syz.2.380: mark_inode_dirty error [ 193.966131][ T29] audit: type=1400 audit(1719387349.107:367): avc: denied { create } for pid=6212 comm="syz.3.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 193.993435][ T6217] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.380: corrupted inode contents [ 194.486769][ T6217] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.380: mark_inode_dirty error [ 194.591984][ T6222] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.380: corrupted inode contents [ 194.770530][ T6222] EXT4-fs error (device loop2): ext4_dirty_inode:5935: inode #2: comm syz.2.380: mark_inode_dirty error [ 194.776771][ T6230] syz.4.383 (6230) used greatest stack depth: 21136 bytes left [ 194.818080][ T6222] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.380: corrupted inode contents [ 194.840340][ T29] audit: type=1400 audit(1719387349.997:368): avc: denied { create } for pid=6216 comm="syz.2.380" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 194.844931][ T6225] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.380: corrupted inode contents [ 194.891819][ T6225] EXT4-fs error (device loop2): add_dirent_to_buf:2212: inode #2: comm syz.2.380: mark_inode_dirty error [ 194.990399][ T6225] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2972: inode #18: comm syz.2.380: corrupted xattr block 22: invalid header [ 194.993451][ T6235] loop0: detected capacity change from 0 to 128 [ 195.091925][ T6225] EXT4-fs warning (device loop2): ext4_evict_inode:271: xattr delete (err -117) [ 195.355901][ T29] audit: type=1400 audit(1719387350.507:369): avc: denied { unlink } for pid=6240 comm="syz.4.386" name="#1" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 195.377935][ C1] vkms_vblank_simulate: vblank timer overrun [ 195.404119][ T6232] loop0: detected capacity change from 0 to 8 [ 195.443434][ T6245] netlink: 'syz.1.387': attribute type 1 has an invalid length. [ 196.485108][ T29] audit: type=1400 audit(1719387351.617:370): avc: denied { ioctl } for pid=6262 comm="syz.3.396" path="/dev/sg0" dev="devtmpfs" ino=695 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 196.510407][ C1] vkms_vblank_simulate: vblank timer overrun [ 196.768533][ T6261] loop1: detected capacity change from 0 to 32768 [ 196.816454][ T6261] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 196.825509][ T6261] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 196.858662][ T6261] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 196.872430][ T785] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 196.880600][ T785] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 196.969503][ T6271] loop3: detected capacity change from 0 to 2048 [ 197.185533][ T785] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 304ms [ 197.244406][ T785] gfs2: fsid=syz:syz.0: jid=0: Done [ 197.295986][ T6261] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 197.535464][ T6276] qrtr: Invalid version 17 [ 198.214092][ T6261] gfs2: fsid=syz:syz.0: fatal: invalid metadata block - bh = 2049 (type: exp=14, found=8), function = gfs2_quota_init, file = fs/gfs2/quota.c, line = 1443 [ 198.230756][ T6261] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 198.239574][ T6261] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 198.248553][ T6261] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 198.258331][ T6261] gfs2: fsid=syz:syz.0: File system withdrawn [ 198.264455][ T6261] CPU: 0 PID: 6261 Comm: syz.1.394 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 198.274473][ T6261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 198.284646][ T6261] Call Trace: [ 198.287960][ T6261] [ 198.290924][ T6261] dump_stack_lvl+0x16c/0x1f0 [ 198.295688][ T6261] gfs2_withdraw+0xaa3/0x1280 [ 198.300426][ T6261] ? gfs2_lm+0x1ab/0x210 [ 198.304726][ T6261] ? __pfx_gfs2_withdraw+0x10/0x10 [ 198.309895][ T6261] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 198.315929][ T6261] ? __pfx_wake_bit_function+0x10/0x10 [ 198.321468][ T6261] ? __pfx___might_resched+0x10/0x10 [ 198.326909][ T6261] gfs2_metatype_check_ii+0x6e/0xc0 [ 198.332207][ T6261] gfs2_quota_init+0xcc0/0x1050 [ 198.337127][ T6261] ? __pfx_gfs2_quota_init+0x10/0x10 [ 198.342482][ T6261] ? __pfx_gfs2_find_jhead+0x10/0x10 [ 198.347857][ T6261] gfs2_make_fs_rw+0x39e/0x5c0 [ 198.352696][ T6261] ? __pfx_gfs2_make_fs_rw+0x10/0x10 [ 198.358054][ T6261] ? __pfx_lock_release+0x10/0x10 [ 198.363153][ T6261] ? list_lru_count_node+0x14/0x80 [ 198.368332][ T6261] gfs2_reconfigure+0x94d/0xee0 [ 198.373261][ T6261] reconfigure_super+0x44f/0xb60 [ 198.378290][ T6261] ? __pfx_gfs2_reconfigure+0x10/0x10 [ 198.383828][ T6261] __do_sys_fsconfig+0x991/0xb90 [ 198.388839][ T6261] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 198.394377][ T6261] do_syscall_64+0xcd/0x250 [ 198.399048][ T6261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.405033][ T6261] RIP: 0033:0x7fa6adf75ae9 [ 198.409597][ T6261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.429269][ T6261] RSP: 002b:00007fa6aedf0048 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 198.437752][ T6261] RAX: ffffffffffffffda RBX: 00007fa6ae103fa0 RCX: 00007fa6adf75ae9 [ 198.445774][ T6261] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004 [ 198.453808][ T6261] RBP: 00007fa6adff6746 R08: 0000000000000000 R09: 0000000000000000 [ 198.461837][ T6261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.469856][ T6261] R13: 000000000000000b R14: 00007fa6ae103fa0 R15: 00007ffc6a29a448 [ 198.477888][ T6261] [ 198.696821][ T29] audit: type=1326 audit(1719387353.847:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.743885][ T29] audit: type=1326 audit(1719387353.847:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.769721][ T29] audit: type=1326 audit(1719387353.897:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.822803][ T29] audit: type=1326 audit(1719387353.967:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.880229][ T29] audit: type=1326 audit(1719387353.967:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.880333][ T29] audit: type=1326 audit(1719387354.017:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.880457][ T29] audit: type=1326 audit(1719387354.027:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe04b575ae9 code=0x7ffc0000 [ 198.880545][ T29] audit: type=1326 audit(1719387354.027:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe04b56cb67 code=0x7ffc0000 [ 198.880629][ T29] audit: type=1326 audit(1719387354.027:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe04b511539 code=0x7ffc0000 [ 198.898759][ T29] audit: type=1326 audit(1719387354.027:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6281 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe04b56cb67 code=0x7ffc0000 [ 199.174862][ T6286] loop0: detected capacity change from 0 to 256 [ 199.443294][ T6286] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 199.748484][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.754871][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.850674][ T6299] loop4: detected capacity change from 0 to 1024 [ 199.884394][ T6301] loop3: detected capacity change from 0 to 256 [ 200.048634][ T6301] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 200.235559][ T6309] sp0: Synchronizing with TNC [ 202.561377][ T5190] kernel read not supported for file /input/mice (pid: 5190 comm: kworker/0:7) [ 203.036927][ T6328] veth0_vlan: entered allmulticast mode [ 203.448651][ T6328] netlink: 36 bytes leftover after parsing attributes in process `syz.3.419'. [ 203.847338][ T6335] netlink: 116 bytes leftover after parsing attributes in process `syz.4.423'. [ 203.895599][ T6335] Zero length message leads to an empty skb [ 203.991761][ T6337] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-þ~vÉÎóô0>÷[鹫Â^½G…n$‹µ¢x’þÿÝi’¼z [ 204.235207][ T6329] loop1: detected capacity change from 0 to 32768 [ 204.312277][ T6341] loop3: detected capacity change from 0 to 256 [ 204.329380][ T6329] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.421 (6329) [ 204.375805][ T6341] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 204.506273][ T6329] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 204.554034][ T6329] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 204.588047][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 204.588070][ T29] audit: type=1400 audit(1719387359.747:501): avc: denied { map } for pid=6340 comm="syz.3.426" path="/root/syzkaller.LR5CPM/91/file0/blkio.bfq.io_service_bytes_recursive" dev="loop3" ino=1048600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 204.624528][ T6329] BTRFS info (device loop1): disk space caching is enabled [ 204.653352][ T6326] loop0: detected capacity change from 0 to 32768 [ 204.705895][ T6343] loop4: detected capacity change from 0 to 256 [ 204.723267][ T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 204.736029][ T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 204.745703][ T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 204.755960][ T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 204.782114][ T53] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 204.796296][ T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 204.823982][ T6326] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 204.847802][ T29] audit: type=1400 audit(1719387359.997:502): avc: denied { mounton } for pid=6346 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 205.043092][ T6343] loop4: detected capacity change from 0 to 1024 [ 205.052195][ T6329] BTRFS info (device loop1): rebuilding free space tree [ 205.096012][ T6343] hfsplus: invalid catalog max_key_len 0 [ 205.127424][ T6343] hfsplus: failed to load catalog file [ 205.128354][ T29] audit: type=1400 audit(1719387360.277:503): avc: denied { write } for pid=6369 comm="syz.3.428" name="net" dev="proc" ino=12316 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 205.164892][ T29] audit: type=1400 audit(1719387360.317:504): avc: denied { add_name } for pid=6369 comm="syz.3.428" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 205.208576][ T6326] XFS (loop0): Ending clean mount [ 205.262165][ T29] audit: type=1400 audit(1719387360.337:505): avc: denied { create } for pid=6369 comm="syz.3.428" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 205.330663][ T29] audit: type=1400 audit(1719387360.347:506): avc: denied { associate } for pid=6369 comm="syz.3.428" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 205.331170][ T6343] debugfs: Directory 'netdev:nicvf0' with parent 'phy7' already present! [ 205.373884][ T6326] XFS (loop0): Quotacheck needed: Please wait. [ 205.440084][ T29] audit: type=1400 audit(1719387360.457:507): avc: denied { lock } for pid=6342 comm="syz.4.427" path="socket:[11379]" dev="sockfs" ino=11379 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 205.441543][ T6329] BTRFS info (device loop1): disabling free space tree [ 205.543203][ T6329] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 205.554408][ T6329] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 205.632839][ T6326] XFS (loop0): Quotacheck: Done. [ 205.659918][ T29] audit: type=1400 audit(1719387360.817:508): avc: denied { read } for pid=6327 comm="syz.1.421" name="file1" dev="loop1" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 205.722169][ T6329] BTRFS error (device loop1): balance: mixed groups data and metadata options must be the same [ 205.760385][ T29] audit: type=1400 audit(1719387360.817:509): avc: denied { open } for pid=6327 comm="syz.1.421" path="/root/syzkaller.cEXrQ9/81/file0/file1" dev="loop1" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 205.838813][ T29] audit: type=1400 audit(1719387360.877:510): avc: denied { ioctl } for pid=6327 comm="syz.1.421" path="/root/syzkaller.cEXrQ9/81/file0/file1" dev="loop1" ino=260 ioctlcmd=0x9420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 206.084378][ T6346] chnl_net:caif_netlink_parms(): no params data found [ 206.095398][ T5089] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 206.651064][ T5090] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 206.805498][ T6346] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.816513][ T6346] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.827098][ T6346] bridge_slave_0: entered allmulticast mode [ 206.851558][ T6346] bridge_slave_0: entered promiscuous mode [ 206.858950][ T53] Bluetooth: hci5: command tx timeout [ 206.905164][ T6346] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.919470][ T6346] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.926914][ T6346] bridge_slave_1: entered allmulticast mode [ 206.936816][ T6346] bridge_slave_1: entered promiscuous mode [ 207.232447][ T6346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.302103][ T6346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.706517][ T6346] team0: Port device team_slave_0 added [ 207.730625][ T6346] team0: Port device team_slave_1 added [ 208.013567][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.038811][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.085592][ T6346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.180797][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.216403][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.255335][ T6411] syz.3.440[6411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 208.255565][ T6411] syz.3.440[6411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 208.305600][ T6346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.399099][ T6418] loop1: detected capacity change from 0 to 256 [ 208.492894][ T6418] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 208.505473][ T6411] hub 6-0:1.0: USB hub found [ 208.532968][ T6411] hub 6-0:1.0: 1 port detected [ 208.673816][ T6346] hsr_slave_0: entered promiscuous mode [ 208.681241][ T6418] exFAT-fs (loop1): abnormal access to deleted dentry [ 208.710403][ T6346] hsr_slave_1: entered promiscuous mode [ 208.729722][ T6346] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.747735][ T6346] Cannot create hsr debugfs directory [ 208.756167][ T6420] netlink: 24 bytes leftover after parsing attributes in process `syz.3.440'. [ 208.938127][ T53] Bluetooth: hci5: command tx timeout [ 209.154971][ T6430] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 211.017684][ T53] Bluetooth: hci5: command tx timeout [ 211.269343][ T5161] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 212.412428][ T6447] EXT4-fs warning (device sda1): verify_group_input:158: Reserved blocks too high (65533) [ 212.462968][ T6346] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.659097][ T6346] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.772599][ T6451] loop1: detected capacity change from 0 to 2048 [ 212.866765][ T6346] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.930285][ T6455] loop4: detected capacity change from 0 to 256 [ 212.930690][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 212.930710][ T29] audit: type=1400 audit(1719387368.087:519): avc: denied { bind } for pid=6454 comm="syz.3.455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 212.938240][ T29] audit: type=1400 audit(1719387368.097:520): avc: denied { name_bind } for pid=6454 comm="syz.3.455" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 212.983396][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.045485][ T29] audit: type=1400 audit(1719387368.097:521): avc: denied { node_bind } for pid=6454 comm="syz.3.455" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 213.109211][ T53] Bluetooth: hci5: command tx timeout [ 213.160238][ T6346] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.270968][ T29] audit: type=1400 audit(1719387368.427:522): avc: denied { create } for pid=6458 comm="syz.1.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 213.351679][ T29] audit: type=1400 audit(1719387368.467:523): avc: denied { getopt } for pid=6458 comm="syz.1.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 213.392098][ T6461] loop3: detected capacity change from 0 to 256 [ 213.458776][ T29] audit: type=1400 audit(1719387368.617:524): avc: denied { mounton } for pid=6460 comm="syz.3.457" path="/root/syzkaller.LR5CPM/101/file1/file0" dev="autofs" ino=12493 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 213.483851][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.496603][ T6461] FAT-fs (loop3): Unrecognized mount option "sTkrtname=winnt" or missing value [ 213.815943][ T6346] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 214.063822][ T6346] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 214.169405][ T6346] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 215.413485][ T6346] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 216.684346][ T6486] Bluetooth: MGMT ver 1.22 [ 216.703857][ T6489] loop1: detected capacity change from 0 to 256 [ 216.934896][ T29] audit: type=1804 audit(1719387372.077:525): pid=6486 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.466" name="/root/syzkaller.LR5CPM/103/bus" dev="sda1" ino=1956 res=1 errno=0 [ 217.023662][ T29] audit: type=1400 audit(1719387372.087:526): avc: denied { module_load } for pid=6484 comm="syz.3.466" path="/root/syzkaller.LR5CPM/103/bus" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=system permissive=1 [ 217.070380][ T6346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.198939][ T6346] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.222952][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.231553][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.265133][ T4478] Bluetooth: hci2: command 0x0406 tx timeout [ 217.271912][ T5106] Bluetooth: hci3: command 0x0406 tx timeout [ 217.271937][ T5105] Bluetooth: hci1: command 0x0406 tx timeout [ 217.278004][ T5106] Bluetooth: hci4: command 0x0406 tx timeout [ 217.306906][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.314211][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.165674][ T6346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.357451][ T6346] veth0_vlan: entered promiscuous mode [ 218.419236][ T6346] veth1_vlan: entered promiscuous mode [ 218.505218][ T6346] veth0_macvtap: entered promiscuous mode [ 218.562364][ T6346] veth1_macvtap: entered promiscuous mode [ 218.630824][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.645330][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.663822][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.676385][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.693114][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.704322][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.715374][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.726120][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.744621][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.759298][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.780890][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.823383][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.842488][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.855992][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.867758][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.881921][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.900376][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.914439][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.930457][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.940896][ T6346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.952171][ T6346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.964973][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.005277][ T6346] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.014640][ T6346] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.034467][ T6346] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.045917][ T6346] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.232530][ T5345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.257054][ T5345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.373017][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.383252][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.974257][ T6505] loop0: detected capacity change from 0 to 2048 [ 220.119901][ T6515] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.431117][ T6522] loop1: detected capacity change from 0 to 64 [ 220.821664][ T6527] loop0: detected capacity change from 0 to 256 [ 221.947666][ T5131] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 222.189183][ T5131] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 222.254778][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 222.307158][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 222.344062][ T6543] loop4: detected capacity change from 0 to 2048 [ 222.377631][ T5131] usb 2-1: config 0 has no interface number 0 [ 222.399207][ T6543] udf: Unknown parameter 'ÿ' [ 222.408301][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 222.464719][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 222.510358][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 222.554052][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 222.586935][ T5131] usb 2-1: config 0 has no interface number 0 [ 222.610578][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 222.662466][ T6543] loop4: detected capacity change from 0 to 736 [ 222.669605][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 222.700849][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 222.702312][ T6543] iso9660: Bad value for 'mode' [ 222.740028][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 222.805863][ T5131] usb 2-1: config 0 has no interface number 0 [ 222.832067][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 222.886964][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 222.945746][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 223.099738][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 223.137077][ T5131] usb 2-1: config 0 has no interface number 0 [ 223.152919][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 223.174190][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 223.193127][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 223.222052][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 223.297618][ T5131] usb 2-1: config 0 has no interface number 0 [ 223.419939][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 223.466626][ T29] audit: type=1400 audit(1719387378.607:527): avc: denied { nlmsg_read } for pid=6550 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 223.491714][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 223.521111][ T5131] usb 2-1: unable to read config index 5 descriptor/start: -71 [ 223.544249][ T5131] usb 2-1: can't read configurations, error -71 [ 224.123325][ T6563] loop4: detected capacity change from 0 to 1024 [ 224.412017][ T11] hfsplus: b-tree write err: -5, ino 4 [ 224.732408][ T6571] loop4: detected capacity change from 0 to 256 [ 225.684514][ T29] audit: type=1804 audit(1719387380.837:528): pid=6589 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.497" name="/root/syzkaller.XD5v9G/6/bus" dev="sda1" ino=1963 res=1 errno=0 [ 225.769404][ T29] audit: type=1400 audit(1719387380.897:529): avc: denied { mounton } for pid=6572 comm="syz.2.497" path="mnt:[4026533989]" dev="nsfs" ino=4026533989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 225.826379][ T29] audit: type=1804 audit(1719387380.917:530): pid=6589 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.497" name="/root/syzkaller.XD5v9G/6/bus" dev="sda1" ino=1963 res=1 errno=0 [ 225.957239][ T29] audit: type=1400 audit(1719387381.107:531): avc: denied { create } for pid=6591 comm="syz.1.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 226.028671][ T29] audit: type=1400 audit(1719387381.157:532): avc: denied { setopt } for pid=6591 comm="syz.1.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 226.345674][ T29] audit: type=1400 audit(1719387381.497:533): avc: denied { mounton } for pid=6605 comm="syz.3.507" path="/root/syzkaller.LR5CPM/112/file1/bus" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 226.494491][ T29] audit: type=1400 audit(1719387381.557:534): avc: denied { unlink } for pid=6605 comm="syz.3.507" name="#a" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 226.813817][ T6612] loop4: detected capacity change from 0 to 256 [ 226.958199][ T6618] netlink: 'syz.0.512': attribute type 32 has an invalid length. [ 227.407135][ T6632] sp0: Synchronizing with TNC [ 227.566903][ T6627] fuse: Unknown parameter 'fd0x0000000000000005' [ 229.744003][ T6646] loop4: detected capacity change from 0 to 1024 [ 229.830442][ T29] audit: type=1400 audit(1719387384.987:535): avc: denied { mounton } for pid=6645 comm="syz.4.522" path=2F726F6F742F73797A6B616C6C65722E68454152414C2F3131362F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6530 dev="loop4" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 230.033727][ T29] audit: type=1400 audit(1719387385.177:536): avc: denied { create } for pid=6620 comm="syz.2.513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 230.059854][ T5093] hfsplus: bad catalog entry type [ 230.367775][ T29] audit: type=1400 audit(1719387385.517:537): avc: denied { bind } for pid=6620 comm="syz.2.513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 230.573042][ T5093] bridge0: port 3(syz_tun) entered disabled state [ 230.764654][ T5093] syz_tun (unregistering): left allmulticast mode [ 230.791099][ T5093] syz_tun (unregistering): left promiscuous mode [ 230.823616][ T5093] bridge0: port 3(syz_tun) entered disabled state [ 231.007692][ T12] hfsplus: b-tree write err: -5, ino 4 [ 231.341395][ T5345] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.594809][ T5345] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.746598][ T5345] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.955272][ T5345] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.111167][ T6663] loop1: detected capacity change from 0 to 4096 [ 232.140275][ T6663] ntfs3: loop1: Primary boot: invalid sectors per cluster 3. [ 232.157766][ T6663] ntfs3: loop1: try to read out of volume at offset 0x1ffe00 [ 233.558364][ T29] audit: type=1400 audit(1719387387.867:538): avc: denied { mount } for pid=6664 comm="syz.0.530" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 233.784242][ T29] audit: type=1400 audit(1719387388.937:539): avc: denied { unmount } for pid=5089 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 233.938373][ T5345] bridge_slave_1: left allmulticast mode [ 233.944457][ T5345] bridge_slave_1: left promiscuous mode [ 233.995391][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.032210][ T6674] loop0: detected capacity change from 0 to 1024 [ 234.083251][ T5345] bridge_slave_0: left allmulticast mode [ 234.112725][ T5345] bridge_slave_0: left promiscuous mode [ 234.133189][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.295761][ T6679] loop1: detected capacity change from 0 to 64 [ 234.331774][ T6677] loop3: detected capacity change from 0 to 256 [ 234.551294][ T5089] hfsplus: bad catalog entry type [ 234.578365][ T5101] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 234.601289][ T5101] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 234.610409][ T5101] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 234.628726][ T5101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 234.659052][ T5101] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 234.668496][ T5101] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 234.685598][ T6677] minix: Unknown parameter 'dâv_Ü¢appra[' [ 234.934002][ T6677] syz.3.536(6677): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 235.392564][ T785] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 235.400458][ T785] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 235.440144][ T785] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz1 [ 235.819140][ T6685] loop1: detected capacity change from 0 to 4096 [ 236.116974][ T29] audit: type=1800 audit(1719387391.267:540): pid=6685 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.538" name="bus" dev="loop1" ino=33 res=0 errno=0 [ 236.291603][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.344569][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.392936][ T5345] bond0 (unregistering): Released all slaves [ 236.777961][ T5101] Bluetooth: hci4: command tx timeout [ 236.895432][ T63] hfsplus: b-tree write err: -5, ino 4 [ 237.412572][ T6694] fuse: Unknown parameter 'fd0x0000000000000005' [ 239.042665][ T5101] Bluetooth: hci4: command tx timeout [ 239.422720][ T5345] hsr_slave_0: left promiscuous mode [ 239.487953][ T5345] hsr_slave_1: left promiscuous mode [ 239.509496][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.517134][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.559757][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.567179][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.708080][ T5190] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 239.732879][ T5345] veth1_macvtap: left promiscuous mode [ 239.769483][ T5345] veth0_macvtap: left promiscuous mode [ 239.800397][ T5345] veth1_vlan: left promiscuous mode [ 239.827854][ T5345] veth0_vlan: left promiscuous mode [ 239.891374][ T6708] loop3: detected capacity change from 0 to 128 [ 240.151617][ T5096] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 240.163715][ T5096] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 240.173123][ T5096] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 240.182734][ T5096] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 240.190001][ T5190] usb 3-1: Using ep0 maxpacket: 32 [ 240.193943][ T5096] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 240.203922][ T5096] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 240.223118][ T5190] usb 3-1: config 0 has no interfaces? [ 240.344087][ T5190] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 240.439766][ T5190] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 240.467669][ T5190] usb 3-1: Product: syz [ 240.498846][ T5190] usb 3-1: Manufacturer: syz [ 240.528041][ T5190] usb 3-1: config 0 descriptor?? [ 240.671747][ T6712] loop3: detected capacity change from 0 to 8 [ 240.913375][ T785] usb 3-1: USB disconnect, device number 2 [ 241.079043][ T6714] loop1: detected capacity change from 0 to 4096 [ 241.100800][ T5096] Bluetooth: hci4: command tx timeout [ 241.106672][ T6714] ntfs3: Unknown parameter '0xffffffffffffffff0000000000000000000018446744073709551615ÿÿÿÿÿÿÿÿl0ÐÔ&«oŤ4äFŠ‡|O{l‹4ÅZc]Ÿ3‚¼Œ´‘ÆüŸpŸõèZþïyrvˆÒ\Õ«‹²\åyýÁ*àðP'RŸˆ]Déë+Þ.]Dѵñ lZ*‚1 ë»›¡c %e1¡`ƒ²Nê„yÄ’†É¡^iÑZƒü0bI¨}†OÑ{½LþÈA»juqÿÿÖ`°U¬' [ 241.464321][ T6714] loop1: detected capacity change from 0 to 1024 [ 244.671797][ T5096] Bluetooth: hci1: command tx timeout [ 244.678879][ T5096] Bluetooth: hci4: command tx timeout [ 245.803583][ T1061] hfsplus: b-tree write err: -5, ino 4 [ 246.214716][ T6723] loop1: detected capacity change from 0 to 64 [ 246.658242][ T5131] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 246.698201][ T5101] Bluetooth: hci1: command tx timeout [ 246.901518][ T5131] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 246.921527][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 246.935141][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 246.948967][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 246.988169][ T5131] usb 2-1: config 0 has no interface number 0 [ 246.997750][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.035795][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.059663][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.077797][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.093822][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.107605][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.127630][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.139987][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.163232][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.176510][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.184775][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 247.207876][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.255057][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.287043][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.324570][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.358680][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.378954][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.406958][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.416523][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.433444][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.464283][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.486226][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.507324][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.536465][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.558200][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.602084][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.610438][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.634811][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.664600][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.673835][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.685972][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.723707][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.735131][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.780580][ T5131] usb 2-1: config 0 has an invalid interface number: 49 but max is 8 [ 247.808970][ T5131] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 247.833697][ T5131] usb 2-1: config 0 has no interface number 0 [ 247.854898][ T5131] usb 2-1: config 0 interface 49 altsetting 87 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 247.867867][ T5131] usb 2-1: config 0 interface 49 has no altsetting 0 [ 247.925083][ T5131] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 247.948839][ T5131] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 247.985735][ T5131] usb 2-1: Product: syz [ 247.990764][ T5131] usb 2-1: Manufacturer: syz [ 248.019119][ T5131] usb 2-1: SerialNumber: syz [ 248.074662][ T5131] usb 2-1: config 0 descriptor?? [ 248.158844][ T5131] yurex 2-1:0.49: USB YUREX device now attached to Yurex #0 [ 248.786452][ T5101] Bluetooth: hci1: command tx timeout [ 249.313283][ T5096] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 249.345532][ T5096] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 249.359600][ T5096] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 249.378042][ T5096] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 249.397005][ T5096] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 249.407370][ T5096] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 249.945379][ T5131] usb 2-1: USB disconnect, device number 5 [ 249.964415][ T5131] yurex 2-1:0.49: USB YUREX #0 now disconnected [ 250.530161][ T6680] chnl_net:caif_netlink_parms(): no params data found [ 250.858617][ T5096] Bluetooth: hci1: command tx timeout [ 251.173048][ T5345] IPVS: stop unused estimator thread 0... [ 251.249302][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.256536][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.341624][ T6680] bridge_slave_0: entered allmulticast mode [ 251.400614][ T6680] bridge_slave_0: entered promiscuous mode [ 251.507647][ T5096] Bluetooth: hci6: command tx timeout [ 251.527448][ T6680] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.536078][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.545336][ T6680] bridge_slave_1: entered allmulticast mode [ 251.620162][ T6680] bridge_slave_1: entered promiscuous mode [ 252.354857][ T6680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.449739][ T6680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.629299][ T6766] loop1: detected capacity change from 0 to 1024 [ 253.847672][ T5096] Bluetooth: hci6: command tx timeout [ 253.875777][ T29] audit: type=1400 audit(1719387408.367:541): avc: denied { map } for pid=6765 comm="syz.1.561" path="/dev/usbmon0" dev="devtmpfs" ino=706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 254.021624][ T6680] team0: Port device team_slave_0 added [ 254.061075][ T6710] chnl_net:caif_netlink_parms(): no params data found [ 254.306134][ T5345] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.423165][ T5345] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.499744][ T6680] team0: Port device team_slave_1 added [ 254.992698][ T6775] loop1: detected capacity change from 0 to 40427 [ 255.038915][ T6775] F2FS-fs (loop1): invalid crc value [ 255.078407][ T6775] F2FS-fs (loop1): Found nat_bits in checkpoint [ 255.161545][ T6775] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 255.439027][ T5345] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.599545][ T6782] syz.1.564: attempt to access beyond end of device [ 255.599545][ T6782] loop1: rw=2049, sector=77824, nr_sectors = 8 limit=40427 [ 255.632993][ T29] audit: type=1400 audit(1719387410.727:542): avc: denied { read write open } for pid=6774 comm="syz.1.564" path="/root/syzkaller.cEXrQ9/113/file0/bus" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 255.903184][ T5096] Bluetooth: hci6: command tx timeout [ 255.912740][ T29] audit: type=1800 audit(1719387410.727:543): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.564" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 255.982198][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 256.008505][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.077640][ T6680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 256.351520][ T5090] syz-executor: attempt to access beyond end of device [ 256.351520][ T5090] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 256.416582][ T6710] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.443492][ T5090] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 256.466379][ T6710] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.489042][ T6710] bridge_slave_0: entered allmulticast mode [ 256.496822][ T6710] bridge_slave_0: entered promiscuous mode [ 256.697951][ T5345] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.734417][ T5090] syz-executor: attempt to access beyond end of device [ 256.734417][ T5090] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 256.753337][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 256.774222][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.801158][ T5090] syz-executor: attempt to access beyond end of device [ 256.801158][ T5090] loop1: rw=2051, sector=77832, nr_sectors = 53240 limit=40427 [ 256.821478][ T5090] syz-executor: attempt to access beyond end of device [ 256.821478][ T5090] loop1: rw=2051, sector=45104, nr_sectors = 32720 limit=40427 [ 256.836031][ T6680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.852621][ T5090] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 256.869527][ T5090] F2FS-fs (loop1): Issue discard(9729, 9729, 6655) failed, ret: -5 [ 256.880887][ T6733] chnl_net:caif_netlink_parms(): no params data found [ 256.899138][ T6710] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.906329][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.914854][ T5090] F2FS-fs (loop1): Issue discard(5638, 5638, 4090) failed, ret: -5 [ 256.924200][ T6710] bridge_slave_1: entered allmulticast mode [ 256.932309][ T6710] bridge_slave_1: entered promiscuous mode [ 257.148434][ T6710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.333309][ T6710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.413312][ T6680] hsr_slave_0: entered promiscuous mode [ 257.458377][ T6680] hsr_slave_1: entered promiscuous mode [ 257.465082][ T6680] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.500782][ T6680] Cannot create hsr debugfs directory [ 257.810071][ T6710] team0: Port device team_slave_0 added [ 257.977766][ T5096] Bluetooth: hci6: command tx timeout [ 258.279802][ T6788] loop1: detected capacity change from 0 to 40427 [ 258.297179][ T6788] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 258.305099][ T6788] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 258.354982][ T6788] F2FS-fs (loop1): Found nat_bits in checkpoint [ 258.433164][ T6788] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 258.440403][ T6788] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 258.538982][ T6794] netlink: 56 bytes leftover after parsing attributes in process `syz.1.565'. [ 260.956251][ T6710] team0: Port device team_slave_1 added [ 261.193120][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.200395][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.561716][ T5345] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.612131][ T6733] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.629045][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.636590][ T6733] bridge_slave_0: entered allmulticast mode [ 261.683185][ T6733] bridge_slave_0: entered promiscuous mode [ 261.697034][ T6733] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.719982][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.731766][ T6733] bridge_slave_1: entered allmulticast mode [ 261.752712][ T6733] bridge_slave_1: entered promiscuous mode [ 261.774493][ T6710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.791991][ T6710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.840606][ T6710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.865966][ T6710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.877883][ T6710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.932457][ T6710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.082667][ T5345] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.321402][ T5345] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.363745][ T6733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.399016][ T6733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 262.630692][ T5345] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.819356][ T6710] hsr_slave_0: entered promiscuous mode [ 262.855708][ T6710] hsr_slave_1: entered promiscuous mode [ 262.975202][ T6710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 263.011458][ T6710] Cannot create hsr debugfs directory [ 263.234444][ T6733] team0: Port device team_slave_0 added [ 263.437841][ T6811] netlink: 172 bytes leftover after parsing attributes in process `syz.1.570'. [ 263.480600][ T5101] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 263.504037][ T5101] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 263.529299][ T6733] team0: Port device team_slave_1 added [ 263.553633][ T5101] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 263.569247][ T5101] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 263.615197][ T5101] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 263.627111][ T5101] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 263.836018][ T6733] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.857334][ T6733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.925961][ T6733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.955662][ T6733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.986727][ T6733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.027134][ T6733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.485698][ T6815] loop1: detected capacity change from 0 to 4096 [ 264.496080][ T6815] ntfs3: Unknown parameter '0xffffffffffffffff0000000000000000000018446744073709551615ÿÿÿÿÿÿÿÿl0ÐÔ&«oŤ4äFŠ‡|O{l‹4ÅZc]Ÿ3‚¼Œ´‘ÆüŸpŸõèZþïyrvˆÒ\Õ«‹²\åyýÁ*àðP'RŸˆ]Déë+Þ.]Dѵñ lZ*‚1 ë»›¡c %e1¡`ƒ²Nê„yÄ’†É¡^iÑZƒü0bI¨}†OÑ{½LþÈA»juqÿÿÖ`°U¬' [ 264.671649][ T6815] loop1: detected capacity change from 0 to 1024 [ 267.902973][ T5096] Bluetooth: hci0: command tx timeout [ 268.319960][ T6733] hsr_slave_0: entered promiscuous mode [ 268.380366][ T6733] hsr_slave_1: entered promiscuous mode [ 268.400028][ T6733] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 268.437901][ T6733] Cannot create hsr debugfs directory [ 268.528474][ T61] hfsplus: b-tree write err: -5, ino 4 [ 268.785876][ T5345] bridge_slave_1: left allmulticast mode [ 268.807541][ T5345] bridge_slave_1: left promiscuous mode [ 268.813650][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.848334][ T5345] bridge_slave_0: left allmulticast mode [ 268.854070][ T5345] bridge_slave_0: left promiscuous mode [ 268.863104][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.899224][ T5345] bridge_slave_1: left allmulticast mode [ 268.908396][ T5345] bridge_slave_1: left promiscuous mode [ 268.922049][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.954469][ T5345] bridge_slave_0: left allmulticast mode [ 268.967973][ T5345] bridge_slave_0: left promiscuous mode [ 268.978146][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.978432][ T5101] Bluetooth: hci0: command tx timeout [ 270.896972][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 270.910850][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.924650][ T5345] bond0 (unregistering): Released all slaves [ 271.211848][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 271.236086][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 271.254201][ T5345] bond0 (unregistering): Released all slaves [ 271.741230][ T6834] netlink: 172 bytes leftover after parsing attributes in process `syz.1.577'. [ 271.893974][ T6680] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 272.059389][ T5101] Bluetooth: hci0: command tx timeout [ 272.069159][ T6680] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 272.277163][ T6680] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 272.309563][ T6680] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 272.557374][ T6837] loop1: detected capacity change from 0 to 128 [ 273.168710][ T5345] hsr_slave_0: left promiscuous mode [ 273.196134][ T5345] hsr_slave_1: left promiscuous mode [ 273.237642][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.245387][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 273.283746][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 273.298952][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 273.341782][ T5345] hsr_slave_0: left promiscuous mode [ 273.362511][ T5345] hsr_slave_1: left promiscuous mode [ 273.381493][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.389654][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 273.409815][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 273.428912][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 273.449831][ T5145] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 273.542807][ T5345] veth1_macvtap: left promiscuous mode [ 273.557901][ T5345] veth0_macvtap: left promiscuous mode [ 273.566698][ T5345] veth1_vlan: left promiscuous mode [ 273.588443][ T5345] veth1_macvtap: left promiscuous mode [ 273.601991][ T5345] veth0_macvtap: left promiscuous mode [ 273.616672][ T5345] veth1_vlan: left promiscuous mode [ 273.658048][ T5145] usb 2-1: Using ep0 maxpacket: 32 [ 273.666550][ T5145] usb 2-1: config 0 has no interfaces? [ 273.676295][ T5145] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 273.697586][ T5145] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 273.717588][ T5145] usb 2-1: Product: syz [ 273.721842][ T5145] usb 2-1: Manufacturer: syz [ 273.739702][ T5145] usb 2-1: config 0 descriptor?? [ 274.080368][ T8] usb 2-1: USB disconnect, device number 6 [ 274.142159][ T5101] Bluetooth: hci0: command tx timeout [ 274.998628][ T29] audit: type=1400 audit(1719387430.147:544): avc: denied { watch watch_reads } for pid=6846 comm="syz.1.582" path="pipe:[4170]" dev="pipefs" ino=4170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 275.730253][ T29] audit: type=1400 audit(1719387430.737:545): avc: denied { connect } for pid=6848 comm="syz.1.583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 276.631057][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 276.809976][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 277.043185][ T6857] loop1: detected capacity change from 0 to 512 [ 277.107173][ T6857] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 277.157621][ T6857] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 277.325696][ T6857] EXT4-fs (loop1): 1 orphan inode deleted [ 277.347609][ T6857] EXT4-fs (loop1): 1 truncate cleaned up [ 277.357214][ T6857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.597012][ T6857] kvm: emulating exchange as write [ 278.056271][ T5090] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.288965][ T29] audit: type=1400 audit(1719387434.437:546): avc: denied { search } for pid=6862 comm="syz.1.586" name="/" dev="configfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 280.259565][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 280.282471][ T6870] loop1: detected capacity change from 0 to 256 [ 280.509279][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 281.006037][ T29] audit: type=1400 audit(1719387436.147:547): avc: denied { ioctl } for pid=6868 comm="syz.1.587" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=14113 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 282.347213][ T6812] chnl_net:caif_netlink_parms(): no params data found [ 283.139234][ T6812] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.146570][ T6812] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.154798][ T6812] bridge_slave_0: entered allmulticast mode [ 283.180418][ T6812] bridge_slave_0: entered promiscuous mode [ 283.229497][ T6710] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 283.295480][ T6812] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.312876][ T6812] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.325056][ T6812] bridge_slave_1: entered allmulticast mode [ 283.357384][ T6812] bridge_slave_1: entered promiscuous mode [ 283.387106][ T6710] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 283.439895][ T6710] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 283.478693][ T6710] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 283.659360][ T6680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.740691][ T6812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.793377][ T6812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.036066][ T6680] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.900448][ T6812] team0: Port device team_slave_0 added [ 284.944271][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.951622][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.010271][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.017599][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.132680][ T6812] team0: Port device team_slave_1 added [ 285.370498][ T6812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.396575][ T6812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.423414][ T6812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.493507][ T6812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.520786][ T6812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.548815][ T6812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.915309][ T6894] loop1: detected capacity change from 0 to 64 [ 286.156782][ T5345] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.289930][ T6812] hsr_slave_0: entered promiscuous mode [ 286.369010][ T6812] hsr_slave_1: entered promiscuous mode [ 286.619754][ T5345] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.808146][ T6733] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 286.859260][ T6733] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 287.127356][ T5345] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.246947][ T6733] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 287.374968][ T6903] loop1: detected capacity change from 0 to 256 [ 287.457080][ T6903] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 287.502860][ T5345] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.553920][ T6733] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 287.823143][ T6710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.870799][ T6680] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.103922][ T6908] loop1: detected capacity change from 0 to 2048 [ 288.137239][ T6908] EXT4-fs: Ignoring removed nomblk_io_submit option [ 288.200200][ T6908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.311530][ T6908] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm syz.1.596: bg 0: block 234: padding at end of block bitmap is not set [ 288.350333][ T6908] EXT4-fs (loop1): Remounting filesystem read-only [ 288.454378][ T5345] bridge_slave_1: left allmulticast mode [ 288.471209][ T5345] bridge_slave_1: left promiscuous mode [ 288.477242][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.529679][ T5345] bridge_slave_0: left allmulticast mode [ 288.535399][ T5345] bridge_slave_0: left promiscuous mode [ 288.562012][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.579482][ T5090] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.793544][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.852728][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.886989][ T5345] bond0 (unregistering): Released all slaves [ 289.954842][ T6710] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.396954][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.404212][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.581573][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.588935][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.052497][ T5345] hsr_slave_0: left promiscuous mode [ 291.064108][ T5345] hsr_slave_1: left promiscuous mode [ 291.076433][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.084313][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.093842][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.102194][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.174921][ T5345] veth1_macvtap: left promiscuous mode [ 291.194216][ T5345] veth0_macvtap: left promiscuous mode [ 291.207122][ T5345] veth1_vlan: left promiscuous mode [ 291.219517][ T5345] veth0_vlan: left promiscuous mode [ 292.408980][ T6941] netlink: 'syz.1.604': attribute type 3 has an invalid length. [ 293.725662][ T5096] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 293.755497][ T5096] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 293.767708][ T5096] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 293.780578][ T5096] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 293.790406][ T5096] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 293.799624][ T5096] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 293.919553][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 294.062959][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 294.972176][ T6959] loop1: detected capacity change from 0 to 32768 [ 294.980809][ T6959] XFS: attr2 mount option is deprecated. [ 294.986538][ T6959] XFS: noikeep mount option is deprecated. [ 295.118345][ T6959] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 295.250479][ T6959] XFS (loop1): Ending clean mount [ 295.268196][ T6959] XFS (loop1): Quotacheck needed: Please wait. [ 295.422978][ T6959] XFS (loop1): Quotacheck: Done. [ 296.108604][ T5096] Bluetooth: hci5: command tx timeout [ 296.128095][ T29] audit: type=1400 audit(1719387451.197:548): avc: denied { setattr } for pid=6958 comm="syz.1.609" name="file0" dev="loop1" ino=1068 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 296.740927][ T5090] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 297.042097][ T6710] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 297.300464][ T6733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.569446][ T6812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 297.681575][ T6733] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.838650][ T6812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 297.879365][ T6812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 297.962449][ T5190] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.969819][ T5190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 298.037850][ T6812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 298.106764][ T5190] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.114228][ T5190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 298.137676][ T5096] Bluetooth: hci5: command tx timeout [ 298.818305][ T6983] tmpfs: Unknown parameter 'smackfsdef' [ 299.450620][ T5101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 299.465397][ T5101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 299.478135][ T5101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 299.496290][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 299.517881][ T5101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 299.528613][ T5101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 299.682408][ T6946] chnl_net:caif_netlink_parms(): no params data found [ 300.219564][ T5096] Bluetooth: hci5: command tx timeout [ 300.970450][ T6946] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.010289][ T6946] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.039592][ T6946] bridge_slave_0: entered allmulticast mode [ 301.053842][ T6946] bridge_slave_0: entered promiscuous mode [ 301.132459][ T6733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.171353][ T6946] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.189224][ T6946] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.196639][ T6946] bridge_slave_1: entered allmulticast mode [ 301.219997][ T6946] bridge_slave_1: entered promiscuous mode [ 301.268990][ T6812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.523992][ T6946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.584529][ T29] audit: type=1400 audit(1719387456.737:549): avc: denied { wake_alarm } for pid=7009 comm="syz.1.618" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 301.624985][ T7011] loop1: detected capacity change from 0 to 256 [ 301.664366][ T5096] Bluetooth: hci1: command tx timeout [ 301.749632][ T6946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 302.194125][ T5345] bridge_slave_1: left allmulticast mode [ 302.207727][ T5345] bridge_slave_1: left promiscuous mode [ 302.234508][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.264672][ T5345] bridge_slave_0: left allmulticast mode [ 302.286559][ T5345] bridge_slave_0: left promiscuous mode [ 302.297993][ T5096] Bluetooth: hci5: command tx timeout [ 302.298396][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.598510][ T7023] syz.1.620 (pid 7023) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 303.808888][ T5096] Bluetooth: hci1: command tx timeout [ 304.535606][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.594009][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.610292][ T5345] bond0 (unregistering): Released all slaves [ 304.696031][ T6946] team0: Port device team_slave_0 added [ 304.753108][ T6946] team0: Port device team_slave_1 added [ 304.886115][ T6812] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.022871][ T7028] loop1: detected capacity change from 0 to 512 [ 305.031289][ T5345] hsr_slave_0: left promiscuous mode [ 305.043600][ T5345] hsr_slave_1: left promiscuous mode [ 305.056119][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.072557][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.106346][ T7028] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 305.221482][ T7028] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.622: corrupted in-inode xattr: e_name out of bounds [ 305.288899][ T7028] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.622: couldn't read orphan inode 15 (err -117) [ 305.345905][ T7028] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.817810][ T5096] Bluetooth: hci1: command tx timeout [ 305.879579][ T5090] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.504926][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 306.670040][ T7038] loop1: detected capacity change from 0 to 256 [ 306.988723][ T7038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.624'. [ 307.394898][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 307.903349][ T5096] Bluetooth: hci1: command tx timeout [ 308.681363][ T6946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 308.712256][ T6946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.777816][ T6946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 308.826753][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.834131][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.866542][ T7038] bridge0: port 3(team0) entered blocking state [ 308.873262][ T7038] bridge0: port 3(team0) entered disabled state [ 308.879872][ T7038] team0: entered allmulticast mode [ 308.885031][ T7038] team_slave_0: entered allmulticast mode [ 308.891667][ T7038] team_slave_1: entered allmulticast mode [ 308.903417][ T7038] team0: entered promiscuous mode [ 308.908597][ T7038] team_slave_0: entered promiscuous mode [ 308.916324][ T7038] team_slave_1: entered promiscuous mode [ 308.926456][ T7038] bridge0: port 3(team0) entered blocking state [ 308.933061][ T7038] bridge0: port 3(team0) entered forwarding state [ 309.142087][ T5101] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 309.174175][ T6946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.184246][ T5101] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 309.194753][ T5101] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 309.223544][ T6946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.228125][ T5101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 309.260276][ T6946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 309.377948][ T5101] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 309.418342][ T5101] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 309.591668][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.599643][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.677869][ T29] audit: type=1804 audit(1719387464.817:550): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.625" name="/root/syzkaller.cEXrQ9/173/bus" dev="sda1" ino=1979 res=1 errno=0 [ 309.756448][ T29] audit: type=1804 audit(1719387464.827:551): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.625" name="/root/syzkaller.cEXrQ9/173/bus" dev="sda1" ino=1979 res=1 errno=0 [ 309.826224][ T29] audit: type=1804 audit(1719387464.837:552): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.625" name="/root/syzkaller.cEXrQ9/173/bus" dev="sda1" ino=1979 res=1 errno=0 [ 309.937735][ T29] audit: type=1804 audit(1719387464.837:553): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.625" name="/root/syzkaller.cEXrQ9/173/bus" dev="sda1" ino=1979 res=1 errno=0 [ 310.005392][ T29] audit: type=1400 audit(1719387464.907:554): avc: denied { bind } for pid=7043 comm="syz.1.625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 310.074321][ T29] audit: type=1400 audit(1719387464.907:555): avc: denied { name_bind } for pid=7043 comm="syz.1.625" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 310.136888][ T6946] hsr_slave_0: entered promiscuous mode [ 310.165269][ T29] audit: type=1400 audit(1719387464.907:556): avc: denied { node_bind } for pid=7043 comm="syz.1.625" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 310.203898][ T6946] hsr_slave_1: entered promiscuous mode [ 310.219314][ T6946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 310.226941][ T6946] Cannot create hsr debugfs directory [ 310.228772][ T29] audit: type=1400 audit(1719387464.957:557): avc: denied { listen } for pid=7043 comm="syz.1.625" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 310.285551][ T29] audit: type=1400 audit(1719387464.967:558): avc: denied { connect } for pid=7043 comm="syz.1.625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 310.305943][ T29] audit: type=1400 audit(1719387464.967:559): avc: denied { name_connect } for pid=7043 comm="syz.1.625" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 310.355847][ T6991] chnl_net:caif_netlink_parms(): no params data found [ 311.592786][ T5096] Bluetooth: hci4: command tx timeout [ 312.536450][ T6991] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.602048][ T6991] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.623866][ T6991] bridge_slave_0: entered allmulticast mode [ 312.631904][ T6991] bridge_slave_0: entered promiscuous mode [ 312.916162][ T6991] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.938069][ T6991] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.970113][ T7065] loop1: detected capacity change from 0 to 512 [ 312.978082][ T6991] bridge_slave_1: entered allmulticast mode [ 312.986417][ T7065] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 312.996043][ T6991] bridge_slave_1: entered promiscuous mode [ 313.042453][ T7065] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.630: corrupted in-inode xattr: e_name out of bounds [ 313.065793][ T7065] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.630: couldn't read orphan inode 15 (err -117) [ 313.099969][ T7065] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 313.471958][ T6991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.531773][ T6991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.658299][ T5096] Bluetooth: hci4: command tx timeout [ 313.722992][ T5090] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.995910][ T6991] team0: Port device team_slave_0 added [ 314.009741][ T6991] team0: Port device team_slave_1 added [ 314.328422][ T7041] chnl_net:caif_netlink_parms(): no params data found [ 314.357121][ T7080] loop1: detected capacity change from 0 to 2048 [ 314.389461][ T7080] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 314.610334][ T7081] UDF-fs: error (device loop1): udf_read_inode: (ino 1347) failed !bh [ 314.627797][ T6991] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.650010][ T6991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.687611][ T6991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.738414][ T6991] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.745434][ T6991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.782982][ T6991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.340769][ T6812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.182385][ T5096] Bluetooth: hci4: command tx timeout [ 316.601414][ T6991] hsr_slave_0: entered promiscuous mode [ 316.628346][ T6991] hsr_slave_1: entered promiscuous mode [ 316.645470][ T6991] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.675897][ T6991] Cannot create hsr debugfs directory [ 316.805214][ T7041] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.825562][ T7041] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.836002][ T7041] bridge_slave_0: entered allmulticast mode [ 316.854011][ T7041] bridge_slave_0: entered promiscuous mode [ 316.879996][ T7041] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.887380][ T7041] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.906526][ T7041] bridge_slave_1: entered allmulticast mode [ 316.926556][ T7041] bridge_slave_1: entered promiscuous mode [ 317.274483][ T7041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 317.323127][ T7041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 317.413020][ T6946] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 317.703735][ T6946] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 317.741326][ T6946] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 317.759725][ T7097] loop1: detected capacity change from 0 to 32768 [ 317.768456][ T7097] XFS: attr2 mount option is deprecated. [ 317.774180][ T7097] XFS: noikeep mount option is deprecated. [ 317.873891][ T7097] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 317.882753][ T7041] team0: Port device team_slave_0 added [ 317.910789][ T6946] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 317.965164][ T7097] XFS (loop1): Ending clean mount [ 317.977287][ T7097] XFS (loop1): Quotacheck needed: Please wait. [ 318.094470][ T7097] XFS (loop1): Quotacheck: Done. [ 318.124605][ T7041] team0: Port device team_slave_1 added [ 318.217656][ T5096] Bluetooth: hci4: command tx timeout [ 318.539583][ T7041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 318.546767][ T7041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.080964][ T7041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 319.202642][ T6812] veth0_vlan: entered promiscuous mode [ 319.328817][ T7041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 319.356293][ T7041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.456031][ T7041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 319.473494][ T5090] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 319.599530][ T5345] bridge_slave_1: left allmulticast mode [ 319.605248][ T5345] bridge_slave_1: left promiscuous mode [ 319.614119][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.656641][ T5345] bridge_slave_0: left allmulticast mode [ 319.678222][ T5345] bridge_slave_0: left promiscuous mode [ 319.684970][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.751665][ T5345] bridge_slave_1: left allmulticast mode [ 319.757382][ T5345] bridge_slave_1: left promiscuous mode [ 319.777934][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.820936][ T5345] bridge_slave_0: left allmulticast mode [ 319.826650][ T5345] bridge_slave_0: left promiscuous mode [ 319.838232][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.101167][ T7109] loop1: detected capacity change from 0 to 256 [ 322.634917][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.642133][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.003636][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.049541][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.081971][ T5345] bond0 (unregistering): Released all slaves [ 323.223475][ T7122] loop1: detected capacity change from 0 to 2048 [ 323.272411][ T7122] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 323.313117][ T7122] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 323.511808][ T5101] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 323.536448][ T5101] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 323.551418][ T5101] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 323.590162][ T5101] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 323.607980][ T5101] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 323.615644][ T5101] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 323.758163][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.784871][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.830711][ T5345] bond0 (unregistering): Released all slaves [ 324.452127][ T7041] hsr_slave_0: entered promiscuous mode [ 324.480794][ T7041] hsr_slave_1: entered promiscuous mode [ 324.497677][ T7041] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.507530][ T7041] Cannot create hsr debugfs directory [ 324.561089][ T5345] hsr_slave_0: left promiscuous mode [ 324.581124][ T5345] hsr_slave_1: left promiscuous mode [ 324.592064][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.917833][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 325.118850][ T5345] hsr_slave_0: left promiscuous mode [ 325.174052][ T5345] hsr_slave_1: left promiscuous mode [ 325.248172][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 325.329694][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 325.758177][ T5096] Bluetooth: hci6: command tx timeout [ 327.249948][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 327.401859][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 327.817914][ T5096] Bluetooth: hci6: command tx timeout [ 329.310207][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 329.434461][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 329.921701][ T5096] Bluetooth: hci6: command tx timeout [ 330.715732][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 330.715764][ T29] audit: type=1800 audit(1719387485.867:561): pid=7150 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.650" name="file0" dev="sda1" ino=1980 res=0 errno=0 [ 330.819835][ T29] audit: type=1804 audit(1719387485.977:562): pid=7150 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.650" name="/root/syzkaller.cEXrQ9/198/file0" dev="sda1" ino=1980 res=1 errno=0 [ 331.050893][ T29] audit: type=1326 audit(1719387486.207:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7149 comm="syz.1.650" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6adf75ae9 code=0x0 [ 331.208357][ T7150] netlink: 20 bytes leftover after parsing attributes in process `syz.1.650'. [ 331.681854][ T6946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.777845][ T6991] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 331.799409][ T6991] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 331.842724][ T6991] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 331.976972][ T6991] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 331.984293][ T5096] Bluetooth: hci6: command tx timeout [ 332.073479][ T6946] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.247151][ T5190] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.254520][ T5190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.334214][ T5190] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.341607][ T5190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.374118][ T7123] chnl_net:caif_netlink_parms(): no params data found [ 333.092850][ T7123] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.113495][ T7123] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.122021][ T7123] bridge_slave_0: entered allmulticast mode [ 333.141114][ T7123] bridge_slave_0: entered promiscuous mode [ 333.164090][ T7123] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.177959][ T7123] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.194773][ T7123] bridge_slave_1: entered allmulticast mode [ 333.206203][ T7123] bridge_slave_1: entered promiscuous mode [ 333.381837][ T7123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.402914][ T7041] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 333.419946][ T7041] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 333.506248][ T7123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.557370][ T7041] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 333.711579][ T7041] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 333.785688][ T7123] team0: Port device team_slave_0 added [ 333.802775][ T7123] team0: Port device team_slave_1 added [ 334.039470][ T6991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.129652][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.136657][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.237408][ T7123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.282091][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.310238][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.395371][ T7123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 334.601644][ T7168] netlink: 'syz.1.652': attribute type 1 has an invalid length. [ 334.610047][ T7168] netlink: 512 bytes leftover after parsing attributes in process `syz.1.652'. [ 335.522970][ T7123] hsr_slave_0: entered promiscuous mode [ 335.553645][ T7123] hsr_slave_1: entered promiscuous mode [ 335.570529][ T7123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 335.588019][ T7123] Cannot create hsr debugfs directory [ 335.615432][ T6991] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.752069][ T5345] bridge_slave_1: left allmulticast mode [ 335.770053][ T5345] bridge_slave_1: left promiscuous mode [ 335.776001][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.801876][ T5345] bridge_slave_0: left allmulticast mode [ 335.813937][ T5345] bridge_slave_0: left promiscuous mode [ 335.825410][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.949523][ T5345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 336.976453][ T5345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.003724][ T5345] bond0 (unregistering): Released all slaves [ 337.264573][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.271929][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 337.346353][ T6946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 337.595449][ T5345] hsr_slave_0: left promiscuous mode [ 337.609361][ T5345] hsr_slave_1: left promiscuous mode [ 337.634466][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.646301][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.713404][ T5345] veth0_vlan: left promiscuous mode [ 339.596426][ T5345] team0 (unregistering): Port device team_slave_1 removed [ 339.738845][ T5345] team0 (unregistering): Port device team_slave_0 removed [ 340.889150][ T7184] tipc: Started in network mode [ 340.894355][ T7184] tipc: Node identity ac14142a, cluster identity 4711 [ 340.905335][ T7184] tipc: Enabled bearer , priority 10 [ 341.119820][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.127139][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.026346][ T7205] netlink: 'syz.1.659': attribute type 1 has an invalid length. [ 342.034217][ T7205] netlink: 512 bytes leftover after parsing attributes in process `syz.1.659'. [ 342.070814][ T5161] tipc: Node number set to 2886997034 [ 342.662786][ T6946] veth0_vlan: entered promiscuous mode [ 342.833901][ T7207] loop1: detected capacity change from 0 to 64 [ 342.860342][ T6946] veth1_vlan: entered promiscuous mode [ 342.961783][ T29] audit: type=1400 audit(1719387498.117:564): avc: denied { rename } for pid=7206 comm="syz.1.660" name="file0" dev="loop1" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 343.287891][ T6946] veth0_macvtap: entered promiscuous mode [ 343.325188][ T7041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.375724][ T6946] veth1_macvtap: entered promiscuous mode [ 343.489689][ T6946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.502952][ T6946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.515205][ T6946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.529961][ T6946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.543399][ T6946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.660434][ T6946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.675890][ T6946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.686051][ T6946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.696888][ T6946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.709888][ T6946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.779765][ T7041] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.797161][ T6946] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.808655][ T6946] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.818756][ T6946] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.827733][ T6946] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.921074][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.928422][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.958838][ T7123] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 343.998960][ T7123] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 344.022622][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.029999][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.056723][ T6991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.073175][ T7123] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 344.126965][ T7123] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 344.603735][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.625552][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.717685][ T6991] veth0_vlan: entered promiscuous mode [ 344.884491][ T5345] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.926026][ T5345] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.949285][ T6991] veth1_vlan: entered promiscuous mode [ 345.192622][ T6991] veth0_macvtap: entered promiscuous mode [ 345.246359][ T6991] veth1_macvtap: entered promiscuous mode [ 345.403578][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.423995][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.445147][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.456011][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.466422][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.487366][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.510739][ T6991] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.540760][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.564824][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.584820][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.606039][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.626372][ T6991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.637747][ T1795] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 345.656733][ T6991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.680172][ T6991] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 345.767294][ T7041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 345.815759][ T6991] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.845807][ T6991] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.854273][ T1795] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 345.865086][ T6991] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.867709][ T1795] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.884213][ T6991] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.917271][ T1795] usb 5-1: Product: syz [ 345.937565][ T1795] usb 5-1: Manufacturer: syz [ 345.942248][ T1795] usb 5-1: SerialNumber: syz [ 345.968967][ T1795] usb 5-1: config 0 descriptor?? [ 346.025036][ T7123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.256453][ T7123] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.323779][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.331151][ T5131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.356007][ T7222] loop1: detected capacity change from 0 to 32768 [ 346.515811][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.523185][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.579521][ T29] audit: type=1400 audit(1719387501.737:565): avc: denied { append } for pid=7221 comm="syz.1.663" path="/root/syzkaller.cEXrQ9/211/file0/cgroup.controllers" dev="loop1" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 346.738629][ T5142] usb 5-1: USB disconnect, device number 6 [ 346.813188][ T7041] veth0_vlan: entered promiscuous mode [ 346.905639][ T5345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.948423][ T5345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.078189][ T7041] veth1_vlan: entered promiscuous mode [ 347.162080][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.204027][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.364110][ T7041] veth0_macvtap: entered promiscuous mode [ 347.440468][ T7041] veth1_macvtap: entered promiscuous mode [ 347.588030][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.626658][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.662759][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.692709][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.725332][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.761143][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.791960][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.805904][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.840050][ T7041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 347.862904][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 347.884870][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.906929][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 347.934691][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.955029][ T7234] loop4: detected capacity change from 0 to 256 [ 347.962940][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 347.973644][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.005421][ T7041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.024362][ T29] audit: type=1400 audit(1719387503.177:566): avc: denied { ioctl } for pid=7235 comm="syz.1.666" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 348.026329][ T7041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.095269][ T7041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.260082][ T7041] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.266294][ T7239] loop1: detected capacity change from 0 to 64 [ 348.306818][ T7041] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.329558][ T7041] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.346254][ T7041] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.757388][ T29] audit: type=1400 audit(1719387503.897:567): avc: denied { mount } for pid=7245 comm="syz.0.670" name="/" dev="hugetlbfs" ino=18178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 348.857325][ T7123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.948413][ T29] audit: type=1400 audit(1719387504.107:568): avc: denied { unmount } for pid=6991 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 349.042284][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.060899][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.474272][ T1061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.487121][ T1061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.447044][ T7123] veth0_vlan: entered promiscuous mode [ 350.593805][ T7123] veth1_vlan: entered promiscuous mode [ 350.656719][ T7266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.552'. [ 350.865871][ T7123] veth0_macvtap: entered promiscuous mode [ 350.904688][ T7123] veth1_macvtap: entered promiscuous mode [ 351.020643][ T7278] loop0: detected capacity change from 0 to 512 [ 351.124188][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.148617][ T7278] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz.0.680: casefold flag without casefold feature [ 351.175497][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.202854][ T7278] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.680: couldn't read orphan inode 15 (err -117) [ 351.218958][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.256831][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.264907][ T7278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.269663][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.294340][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.305819][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.320249][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.332868][ T7284] mmap: syz.4.682 (7284) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 351.345178][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.367554][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.408982][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.465559][ T29] audit: type=1804 audit(1719387506.617:569): pid=7286 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.680" name="/root/syzkaller.IQlg79/5/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 351.546687][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.596731][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.635883][ T29] audit: type=1400 audit(1719387506.727:570): avc: denied { ioctl } for pid=7275 comm="syz.0.680" path="/root/syzkaller.IQlg79/5/file0/bus" dev="loop0" ino=18 ioctlcmd=0x4c04 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 351.677547][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.713109][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.746788][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.788684][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.829268][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.845773][ T7291] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 351.859082][ T7291] vhci_hcd: invalid port number 9 [ 351.866602][ T7291] vhci_hcd: invalid port number 9 [ 351.874511][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.874589][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.874615][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.886419][ T6991] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 351.891221][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.958419][ T7123] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.958464][ T7123] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.958500][ T7123] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.958536][ T7123] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.531803][ T7297] nfs4: Unknown parameter 'dev/cpu/#/msr' [ 353.396618][ T5558] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.431254][ T5558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.721765][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.742978][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.802894][ T7313] syz.1.688[7313] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.803795][ T7313] syz.1.688[7313] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.927734][ T7313] ieee802154 phy0 wpan0: encryption failed: -22 [ 354.630797][ T7316] loop0: detected capacity change from 0 to 512 [ 354.677890][ T29] audit: type=1400 audit(1719387509.077:571): avc: denied { write } for pid=7305 comm="syz.1.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 354.869957][ T7318] loop3: detected capacity change from 0 to 64 [ 354.870471][ T7316] loop0: detected capacity change from 0 to 16 [ 354.951256][ T7316] erofs: (device loop0): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 354.976903][ T7316] erofs: (device loop0): mounted with root inode @ nid 36. [ 355.034436][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.693'. [ 355.129274][ T29] audit: type=1400 audit(1719387510.277:572): avc: denied { bind } for pid=7321 comm="syz.1.694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 355.142560][ T7320] team0: entered promiscuous mode [ 355.167701][ T7320] team_slave_0: entered promiscuous mode [ 355.173784][ T7320] team_slave_1: entered promiscuous mode [ 355.222185][ T7316] syz.0.691: attempt to access beyond end of device [ 355.222185][ T7316] loop0: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 355.281466][ T7325] syz.0.691: attempt to access beyond end of device [ 355.281466][ T7325] loop0: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 355.311601][ T7320] team_slave_0: entered allmulticast mode [ 355.679935][ T7329] syz.0.691: attempt to access beyond end of device [ 355.679935][ T7329] loop0: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 355.696241][ T7320] team0: Port device team_slave_0 removed [ 357.436083][ T29] audit: type=1326 audit(1719387511.787:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7323 comm="syz.2.567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0780f75ae9 code=0x0 [ 357.673268][ T7316] syz.0.691: attempt to access beyond end of device [ 357.673268][ T7316] loop0: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 357.708041][ T7319] team0: left promiscuous mode [ 357.712984][ T7319] team_slave_1: left promiscuous mode [ 358.114051][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.567'. [ 358.508650][ T7346] nfs4: Unknown parameter 'dev/cpu/#/msr' [ 358.528245][ T30] INFO: task syz.2.380:6222 blocked for more than 143 seconds. [ 358.668766][ T30] Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 358.786196][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 359.054590][ T30] task:syz.2.380 state:D stack:24656 pid:6222 tgid:6216 ppid:5091 flags:0x00000004 [ 359.139909][ T30] Call Trace: [ 359.150690][ T30] [ 359.161118][ T30] __schedule+0xf15/0x5d00 [ 359.176401][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 359.189453][ T30] ? hlock_class+0x4e/0x130 [ 359.194307][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 359.242349][ T30] ? __pfx___schedule+0x10/0x10 [ 359.256880][ T30] ? schedule+0x298/0x350 [ 359.267227][ T30] ? __pfx_lock_release+0x10/0x10 [ 359.267287][ T30] ? rwsem_down_read_slowpath+0x2c4/0xb20 [ 359.267343][ T30] schedule+0xe7/0x350 [ 359.267371][ T30] schedule_preempt_disabled+0x13/0x30 [ 359.267404][ T30] rwsem_down_read_slowpath+0x61e/0xb20 [ 359.271617][ T30] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 359.271671][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 359.271711][ T30] ? rwsem_read_trylock+0x6d/0x250 [ 359.271740][ T30] ? __pfx___might_resched+0x10/0x10 [ 359.271769][ T30] ? _raw_spin_unlock+0x28/0x50 [ 359.271796][ T30] down_read+0x124/0x330 [ 359.271829][ T30] ? __pfx_down_read+0x10/0x10 [ 359.271864][ T30] ? lookup_fast+0x155/0x540 [ 359.271896][ T30] path_openat+0x190d/0x29f0 [ 359.271936][ T30] ? __pfx_path_openat+0x10/0x10 [ 359.271972][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 359.272012][ T30] ? find_held_lock+0x2d/0x110 [ 359.272042][ T30] do_filp_open+0x1dc/0x430 [ 359.272079][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 359.272121][ T30] ? _raw_spin_unlock+0x28/0x50 [ 359.272145][ T30] ? alloc_fd+0x2d7/0x6c0 [ 359.272181][ T30] do_sys_openat2+0x17a/0x1e0 [ 359.272210][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 359.272237][ T30] ? __fget_files+0x256/0x400 [ 359.272271][ T30] __x64_sys_open+0x154/0x1e0 [ 359.272300][ T30] ? __pfx___x64_sys_open+0x10/0x10 [ 359.272331][ T30] do_syscall_64+0xcd/0x250 [ 359.272387][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.272431][ T30] RIP: 0033:0x7f760d775ae9 [ 359.272451][ T30] RSP: 002b:00007f760e593048 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 359.272476][ T30] RAX: ffffffffffffffda RBX: 00007f760d904070 RCX: 00007f760d775ae9 [ 359.272495][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 359.272513][ T30] RBP: 00007f760d7f6746 R08: 0000000000000000 R09: 0000000000000000 [ 359.272530][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.272547][ T30] R13: 000000000000006e R14: 00007f760d904070 R15: 00007fff8ca70b28 [ 359.575132][ T30] [ 359.582074][ T30] INFO: task syz.2.380:6237 blocked for more than 144 seconds. [ 359.604298][ T30] Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 359.627326][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 359.693113][ T30] task:syz.2.380 state:D stack:28544 pid:6237 tgid:6216 ppid:5091 flags:0x00004004 [ 359.747549][ T30] Call Trace: [ 359.751013][ T30] [ 359.762106][ T30] __schedule+0xf15/0x5d00 [ 359.768846][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 359.788259][ T30] ? hlock_class+0x4e/0x130 [ 359.803869][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 359.829800][ T30] ? __pfx___schedule+0x10/0x10 [ 359.843794][ T30] ? schedule+0x298/0x350 [ 359.854074][ T30] ? __pfx_lock_release+0x10/0x10 [ 359.867663][ T30] ? __down_write_common+0x8a1/0x13f0 [ 359.888796][ T30] schedule+0xe7/0x350 [ 359.904713][ T30] schedule_preempt_disabled+0x13/0x30 [ 359.934447][ T30] __down_write_common+0x950/0x13f0 [ 359.947780][ T30] ? lock_acquire+0x1b1/0x560 [ 359.952596][ T30] ? __pfx___down_write_common+0x10/0x10 [ 359.958566][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 359.963680][ T30] ? __pfx___might_resched+0x10/0x10 [ 359.976375][ T30] ? mnt_get_write_access+0x20c/0x300 [ 359.989668][ T30] path_openat+0x8c7/0x29f0 [ 359.994267][ T30] ? __pfx_path_openat+0x10/0x10 [ 360.004614][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 360.012664][ T30] ? find_held_lock+0x2d/0x110 [ 360.019592][ T30] do_filp_open+0x1dc/0x430 [ 360.024182][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 360.033260][ T30] ? find_held_lock+0x2d/0x110 [ 360.038528][ T30] ? _raw_spin_unlock+0x28/0x50 [ 360.043709][ T30] ? alloc_fd+0x2d7/0x6c0 [ 360.048201][ T30] do_sys_openat2+0x17a/0x1e0 [ 360.052938][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 360.064644][ T30] ? do_user_addr_fault+0x6d7/0xe50 [ 360.069999][ T30] __x64_sys_openat+0x175/0x210 [ 360.075002][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 360.088408][ T30] do_syscall_64+0xcd/0x250 [ 360.092997][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.099300][ T30] RIP: 0033:0x7f760d775ae9 [ 360.103791][ T30] RSP: 002b:00007f760e551048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 360.120144][ T30] RAX: ffffffffffffffda RBX: 00007f760d904210 RCX: 00007f760d775ae9 [ 360.135175][ T30] RDX: 0000000000105042 RSI: 00000000200003c0 RDI: ffffffffffffff9c [ 360.145839][ T30] RBP: 00007f760d7f6746 R08: 0000000000000000 R09: 0000000000000000 [ 360.154292][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.162835][ T30] R13: 000000000000006e R14: 00007f760d904210 R15: 00007fff8ca70b28 [ 360.171052][ T30] [ 360.174134][ T30] [ 360.174134][ T30] Showing all locks held in the system: [ 360.183319][ T30] 2 locks held by kworker/u8:1/12: [ 360.188610][ T30] 1 lock held by khungtaskd/30: [ 360.193499][ T30] #0: ffffffff8dbb1920 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 360.211000][ T30] 3 locks held by kworker/0:2/785: [ 360.216206][ T30] 2 locks held by getty/4839: [ 360.227628][ T30] #0: ffff88802b4470a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 360.257604][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 360.275975][ T30] 6 locks held by syz.2.380/6217: [ 360.281165][ T30] 1 lock held by syz.2.380/6222: [ 360.286143][ T30] #0: ffff888061a23600 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: path_openat+0x190d/0x29f0 [ 360.298461][ T30] 2 locks held by syz.2.380/6237: [ 360.303576][ T30] #0: ffff88806ee72420 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x19e6/0x29f0 [ 360.320655][ T30] #1: ffff888061a23600 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: path_openat+0x8c7/0x29f0 [ 360.343774][ T30] [ 360.346171][ T30] ============================================= [ 360.346171][ T30] [ 360.367831][ T30] NMI backtrace for cpu 1 [ 360.372356][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 360.382314][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 360.392419][ T30] Call Trace: [ 360.395738][ T30] [ 360.398707][ T30] dump_stack_lvl+0x116/0x1f0 [ 360.403443][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 360.408462][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 360.414506][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 360.420563][ T30] watchdog+0xf86/0x1240 [ 360.424858][ T30] ? __pfx_watchdog+0x10/0x10 [ 360.429585][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.434838][ T30] ? __kthread_parkme+0x148/0x220 [ 360.440009][ T30] ? __pfx_watchdog+0x10/0x10 [ 360.444758][ T30] kthread+0x2c1/0x3a0 [ 360.448897][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.454148][ T30] ? __pfx_kthread+0x10/0x10 [ 360.458797][ T30] ret_from_fork+0x45/0x80 [ 360.463274][ T30] ? __pfx_kthread+0x10/0x10 [ 360.467937][ T30] ret_from_fork_asm+0x1a/0x30 [ 360.472770][ T30] [ 360.481799][ T30] Sending NMI from CPU 1 to CPUs 0: [ 360.487070][ C0] NMI backtrace for cpu 0 [ 360.487093][ C0] CPU: 0 PID: 1061 Comm: kworker/u8:7 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 360.487123][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 360.487140][ C0] Workqueue: bat_events batadv_tt_purge [ 360.487170][ C0] RIP: 0010:kasan_check_range+0xf2/0x1a0 [ 360.487203][ C0] Code: 89 c2 b8 01 00 00 00 48 85 d2 74 1e 41 83 e2 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 e1 ea ff ff 83 f0 01 <5b> 5d 41 5c c3 cc cc cc cc 48 85 d2 74 4f 48 01 ea eb 09 48 83 c0 [ 360.487228][ C0] RSP: 0018:ffffc900044a7a28 EFLAGS: 00000297 [ 360.487249][ C0] RAX: 0000000000000001 RBX: fffff52000894f4f RCX: ffffffff816c44ad [ 360.487267][ C0] RDX: fffff52000894f4e RSI: 0000000000000004 RDI: ffffc900044a7a70 [ 360.487284][ C0] RBP: fffff52000894f4e R08: 0000000000000001 R09: fffff52000894f4e [ 360.487302][ C0] R10: 0000000000000003 R11: 0000000000000002 R12: ffff8880605a6fc8 [ 360.487319][ C0] R13: ffff8880605a6fd0 R14: ffff88802e70a280 R15: dffffc0000000000 [ 360.487338][ C0] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 360.487364][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 360.487382][ C0] CR2: 00007f2bf92ea440 CR3: 000000000d97a000 CR4: 00000000003506f0 [ 360.487400][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 360.487421][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 360.487439][ C0] Call Trace: [ 360.487448][ C0] [ 360.487459][ C0] ? show_regs+0x8c/0xa0 [ 360.487500][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 360.487541][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 360.487585][ C0] ? nmi_handle+0x1a9/0x5c0 [ 360.487632][ C0] ? kasan_check_range+0xf2/0x1a0 [ 360.487666][ C0] ? default_do_nmi+0x6a/0x160 [ 360.487694][ C0] ? exc_nmi+0x170/0x1e0 [ 360.487722][ C0] ? end_repeat_nmi+0xf/0x53 [ 360.487753][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 360.487797][ C0] ? kasan_check_range+0xf2/0x1a0 [ 360.487830][ C0] ? kasan_check_range+0xf2/0x1a0 [ 360.487863][ C0] ? kasan_check_range+0xf2/0x1a0 [ 360.487895][ C0] [ 360.487904][ C0] [ 360.487915][ C0] do_raw_spin_lock+0x12d/0x2c0 [ 360.487947][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 360.487979][ C0] ? mark_held_locks+0x9f/0xe0 [ 360.488025][ C0] batadv_tt_local_purge+0x145/0x3c0 [ 360.488059][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 360.488104][ C0] ? __pfx_batadv_tt_local_purge+0x10/0x10 [ 360.488137][ C0] batadv_tt_purge+0x8b/0xbb0 [ 360.488169][ C0] ? __pfx_batadv_tt_purge+0x10/0x10 [ 360.488198][ C0] ? __pfx_lock_release+0x10/0x10 [ 360.488243][ C0] process_one_work+0x9fb/0x1b60 [ 360.488277][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 360.488306][ C0] ? __pfx_process_one_work+0x10/0x10 [ 360.488338][ C0] ? assign_work+0x1a0/0x250 [ 360.488379][ C0] worker_thread+0x6c8/0xf70 [ 360.488413][ C0] ? __kthread_parkme+0x148/0x220 [ 360.488450][ C0] ? __pfx_worker_thread+0x10/0x10 [ 360.488477][ C0] kthread+0x2c1/0x3a0 [ 360.488512][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.488542][ C0] ? __pfx_kthread+0x10/0x10 [ 360.488584][ C0] ret_from_fork+0x45/0x80 [ 360.488628][ C0] ? __pfx_kthread+0x10/0x10 [ 360.488664][ C0] ret_from_fork_asm+0x1a/0x30 [ 360.488712][ C0] [ 360.837534][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 360.844447][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0 [ 360.854389][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 360.864483][ T30] Call Trace: [ 360.867880][ T30] [ 360.870842][ T30] dump_stack_lvl+0x3d/0x1f0 [ 360.875485][ T30] panic+0x6f5/0x7a0 [ 360.879462][ T30] ? __pfx_panic+0x10/0x10 [ 360.883936][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 360.889356][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 360.895388][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 360.900800][ T30] ? watchdog+0xd3d/0x1240 [ 360.905263][ T30] ? watchdog+0xd30/0x1240 [ 360.909730][ T30] watchdog+0xd4e/0x1240 [ 360.914017][ T30] ? __pfx_watchdog+0x10/0x10 [ 360.918739][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.923986][ T30] ? __kthread_parkme+0x148/0x220 [ 360.929058][ T30] ? __pfx_watchdog+0x10/0x10 [ 360.933793][ T30] kthread+0x2c1/0x3a0 [ 360.937911][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.943150][ T30] ? __pfx_kthread+0x10/0x10 [ 360.947800][ T30] ret_from_fork+0x45/0x80 [ 360.952278][ T30] ? __pfx_kthread+0x10/0x10 [ 360.956931][ T30] ret_from_fork_asm+0x1a/0x30 [ 360.961760][ T30] [ 360.965091][ T30] Kernel Offset: disabled [ 360.969448][ T30] Rebooting in 86400 seconds..