last executing test programs: 18.003451687s ago: executing program 1 (id=800): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f00000019c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200}}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$setregset(0x4205, r0, 0x4, &(0x7f0000000040)={&(0x7f0000000880)="19f3774a2ad2b922be53d4c0ae01883c533640efc430260ee98d9e43dbac78cd33c1a66fce6e7b825a7d0ec111bd4507803478af997b8aa1fb016faf7f9f19a53ed3f5562d392a13bbfe6f73833e821245d614eef718b4ce3287a15eacaaeeb4a721b49c2ea946368799bf0174ad301d810f8719ee122254fe128f332b54b6a7e589e04b764c", 0x86}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$peekuser(0x3, r0, 0x1ff) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400ce001000010000000000000000001c6a000a28000000000a0101000000005e1affd5000000080002400000053a81bc5a3c149400032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100010000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x20048080}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000002000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x8, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000200)='./file0\x00', 0x6c842, 0x0) r5 = epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') lseek(r7, 0x7fffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 16.387376633s ago: executing program 1 (id=803): openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0xd3, 0x1) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r3, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x200000000005, 0x8000000000200003}, 0x0) setpriority(0x2, 0x0, 0xffffffffffffffcd) r5 = syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000ac0)=""/100, 0x64}], 0x1, 0x0, 0x0) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r6}, 0x0, &(0x7f0000000580)=r7}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r6, &(0x7f0000000780)}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) 15.262166038s ago: executing program 1 (id=805): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x4, 0x6}, 0x48) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x401000, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x90) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000080)=""/157) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000440)=ANY=[@ANYRES16]) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x818, &(0x7f0000000140)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") creat(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) utimes(&(0x7f0000000280)='./file0\x00', 0x0) write$binfmt_script(r3, &(0x7f0000000080), 0x208e24b) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000002100)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="4c003300800000000802110000010802110000005050505050500000000000020000000000000000010300006c03013c04060000000000000602000825000000002a0100dd06fd59cb84faea"], 0x68}}, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0007cb33b9f7776bd978d97000007b24f0427c5d48e5c76208036fd7cc0ba0f4af32f9d1c861e75ddd4af3a4e2471f9281e8947a15c1202b23550aba69a6ad3f31c9aa82b237830485f7479b02488c977de613443a7304d5a51ee9b4e966781135ed20eb75c5fc6542a81ae71c9355f989cadcee76730addff470260b3f124967509ab4d81fdbb5f877db90cbe333d6be20bbe8efa6fd154eadc321efc73dd275b5764a2e0e1a30c09f70a9263bcb63ab25cf863b70927bb3c440131091da6782e9442f6203e7832f2382a64f4a28e1c5c71d878d27a74914fb25e4dd773fc03e48d6cd78dd9a6c75500e05e397db9c93c9a8a5cf2a2", @ANYRES16=r6, @ANYBLOB="00022cbd7000fbdbdf25010000000800320000040000080032000100000008002c00ff7f0000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f00000018c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x802008}, 0xc, &(0x7f0000001880)={&(0x7f0000001900)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="200027bd7000fedbdf250d000000080006009a5eecdc66060c969e41443681d6f62df38265ca7e89c97284da11e462092d7bd18ff137d67d38070a5ffc9e2944cf53e2f7e52fa24201286d8d61262f996432cfad1856c8fdfd912b27e8c8ab1d76c1c691cfbbca591df1ce863e580b78ecbca46776163e3a4baab9ad8a89625386fdbaff677dbecc00a1ea03c55a847243b2ef18f51515f72c35b27449d5b92b524ef3eaecb3e306c198b71f6d51c417f1ba57e8abb4bbbdf202b61671f51473d9134b8fedfa90a537241d326288cfd4863e90b0c21255c02222b4871e07280080ca568c0c7098d6b55b22eb701a39", @ANYRES32=r7, @ANYBLOB="05003000000000000500330001000000050037009100000005003700000000000a000900aaaaaaaaaa0c000005003800000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x20040002) socket$inet(0x2, 0x9b7ff4b31160d65a, 0x1) fallocate(r4, 0x0, 0x0, 0x0) chdir(0x0) open(&(0x7f0000000180)='./bus\x00', 0x149f7e, 0x0) rmdir(&(0x7f0000000180)='./file0/../file0\x00') getrlimit(0x0, &(0x7f0000000000)) 14.923436236s ago: executing program 1 (id=807): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="a00000001800170600000000000000201c140000fe000001"], 0xa0}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f70000000300e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00123d0001400a100c00bdad446bdcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff0000000000000000", 0x89}], 0x1}, 0x8801) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000000140)=@dstopts={0x0, 0xa, '\x00', [@calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x20, {0x0, 0x6, 0x0, 0x0, [0x0, 0x0, 0x401]}}]}, 0x60) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xe}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$MRT(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000400), &(0x7f0000000440)=0x4) close(0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r8, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [{0x4}, {0x4}]}, @NL80211_ATTR_DFS_REGION={0x5}]}, 0x30}}, 0x0) sendmsg$key(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020101090800000000170006ffffff0003000600100000000200000060000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0) r9 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@ipv6_newnexthop={0x20, 0x68, 0x601, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_OIF={0x8, 0x5, r10}]}, 0x20}}, 0x0) r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) getsockopt$CAN_RAW_RECV_OWN_MSGS(r11, 0x65, 0x4, &(0x7f00000001c0), &(0x7f0000000200)=0x4) sendmsg$key(r4, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) r12 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r12, &(0x7f0000000240)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000500)="79408ec3004c410b00012319c6a502a073d78906f311dda17577a450cc0b21436a5018ae358cd13bbc7f9c93669d05e8aee824594225e4f7225393f725b0262520c277aacf6cfcd5280d169031001a69eea4057c", 0x54}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x2804c001) sendmmsg$inet6(r12, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="c1", 0x1}], 0x1}}], 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000e5000200000000007500feff000000000671050400"/48], &(0x7f0000000100)='GPL\x00'}, 0x90) 14.16016821s ago: executing program 1 (id=812): syz_usb_connect$hid(0x0, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc70, 0xf0bd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000080)={0x4}, 0x10, 0x0) read(r2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) socket$kcm(0xa, 0x0, 0x88) read$FUSE(0xffffffffffffffff, &(0x7f0000000500)={0x2020}, 0x2020) connect$tipc(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$dri(0x0, 0x1ff, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x7, 0x30}, 0xc) sendto$inet(r5, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r5, &(0x7f0000000280)='p', 0x1, 0x20008080, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240), 0xc) sendto$inet(r5, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) ioctl$DRM_IOCTL_GET_CAP(r4, 0xc010640c, 0x0) sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) 11.30985409s ago: executing program 4 (id=828): r0 = socket$netlink(0x10, 0x3, 0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}}, 0x18}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902980003010000000904000000010100000a24010000000201020624040300bb0904010000010200000904010101010200000c24020200000000001cff130a24020100010000b48a0b240201000000000614af09050109000000000007250100000000090402000001020000090402010101020000072401000002000b24020108000001861b36090582090800000008072501000000001224b1191f89449a3876af5ab87f975401d96826a59a5e8fd0dc6369bc9f9b75ff"], 0x0) syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f0000000b40)={0x2c0, 0x14, 0x8, 0x70bd29, 0x25dfdbfe, {0x10, 0x8f}, [@INET_DIAG_REQ_BYTECODE={0x2d, 0x1, "ef534ce9364e47723c1e62b2339cc6bbddfebe5afe24982a29217259f0699e078abbad5bdfc0618dd8"}, @INET_DIAG_REQ_BYTECODE={0x36, 0x1, "921c85cb68a99f39b3a28ca936f67b067e803c183c6fb15d8576a552c50b605729b59647be96a0123bfb98ab6e309c215d91"}, @INET_DIAG_REQ_BYTECODE={0x7f, 0x1, "aba5dd0983e64605e5e9b2ea84fe845538c4999ea8b779e9af606134f454b71592ec2a06ab4a0140e7ad4952e979802cd23bfece102d0c923aeca9d66c183fc54ef36e9096916bc6ffa4014e6a814de2237d112a8d82a81d66343fc93fab6565a21591c6b53ec9d26727a564cc678af5132e1f33e0e42bfa645627"}, @INET_DIAG_REQ_BYTECODE={0x3d, 0x1, "d7f733a99df6117f151fc8d8bccc9c0f6aa3d46da4019b3c0c567328022ffc2516005eecd7c7b205639f2006a78680d42370e465732b65cb30"}, @INET_DIAG_REQ_BYTECODE={0x183, 0x1, "0e5bd06fea99f1a8579a98416b4a6336fa7ccdb06176122746042d51cdbab856e01477674c89302df875fe3e6e2a2e896e624feb4005481c3963a0fd6cb83884e774c2a04f669a24e76a7cce3a80ac73165b4771b5e2ac0edb5183751558fdfd8b128c287086883260949449a488bc4d64dcbbb46ac69f0b7ac909b9d9b04487caa73e34dbb6f0ddaf202bbc6d24da2aef4ac0193dddb7b5475ba58cc5de3a8342679fbed44af8e79c2b1386b7071fb5c78dbf9f97a07a535c3c591b278428c29911922241eae9d0b7903b1c566dc1a9f6ccf2708226958954c5ca3463d4a49f9e68d75cc2655e33e9985eae516f1ae0e2f9fdc3c463f2230d0b07652ab5a87d6d58f5b5824a24aeee200da28f4e486e3954f54f6653e772e46b757e471c98b8b2bd9cb4daa6f16b1ba91d9436852d34aeff159686ab3a5f8e693d5d882dd34b4309b51f3e535a18905c7dfdae1e188314ec92476238094a232ba44438420ddc85bcba794ff65fb24dbfc879746d3adf8829a6b974ce8dfa099426fa67b2d0"}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x40051}, 0x20004087) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x6, &(0x7f0000000a40)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0x27, &(0x7f000000cf3d)=""/186, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0xb) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) 9.000051863s ago: executing program 3 (id=833): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000100)='::,:\x00\ai\x88\x04\xc4\xa4\xe3\xce\xcc\x1a\xc7\xc4\xa5\xa0M\x02Z)\bok\xd4\x14y\xfe^\a\xe0\xadK;y\xef\xa5A\x1a\x9dfM\xd2\xe3C\xd6\xf1F\x04\xea\'0\xbfN<\xf4\xf6\x93\xb1\xe2o\xef\xa8[\x1a\x01\x00\x01\x00\x00\x00\x00\x00a\x14\xf6\x1dX\x9el\xb1\xd0\xca\x04\x15R\x04K\x18\xc1\xdb\x8fim\x80#\xf4b~\xce\x92\xfa\x816Pb\xb3\xc8\xee\xe0\xea\xf6E\x80\xcdpdV\x8a\x8e\x84\xaf\x94pi\xbf\x9fh\x0f_kp\x12\xdd\r\xdf*\xbbz\x9e\xf0v\x15R\xf1\xc5\xa8p\xf2\xc1\xe4\xa9!\xb5\\\\(ZpX_\xc8C\x04\xa0\x02\xe3s\x81\x82\xf4/0J\x99\x9b\x1c:\xf6\x98Q\x92#\xccx\xa4\xd2\xdax\x04\x91]\x94', 0x0) r1 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x8001, 0x1, 0x6712, 0x2482, 0xffffffffffffffff, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x40000001, 0x2, 0xa}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff07, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffefb) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000180)='./bus\x00', 0x0) renameat2(r3, 0x0, r3, &(0x7f0000000200)='./bus/file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000440)='page_pool_state_hold\x00', r3}, 0x10) process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$inet6(0xa, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast1, 0xd}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000480)={'#! ', './bus/file1'}, 0xf) syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) r6 = syz_open_procfs(r4, &(0x7f0000000400)='net/sockstat6\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1, 0x168, &(0x7f0000000240)="$eJzs29tKOlEUx/HfqP9/ZudzdBUU1E2Op4Lu8lFEJ5PGkuxGCaJH6cl6Ab3oBZpolKnZBE2CDun3A7LXEhZr74vtLC9GAGbWhSRLltKSPM97vDq0tB/3pgBMhDdc3zwAsyfJ1QdmVL+c9J//LUkvrw/V3vCTjjg/9MsJf/34H9H7Uj8ftf7J8te9VLg+I2khyvzyPKg/Mvov/rJ/xqhfilw/OP/xQbh+WdKKpFVJa5LWJW1I2pS09U3/mtF/N2J/AAAAAACisJQ189AXCV02XCcX5P/8PB/k//28YOTFIJ/z82z11q2N6wgARpT44f4njfufMu4/gL+r3eleV1zXuSMgICAIgrh/mQCMm33fbNntTvek0azUnbpzUyidnpWK+fNcwfYnfzs8/wOYHp8P/bh3AgAAAAAAAAAAAAAARrUtaSfuTQAAAACYiEm8ThT3GQEAAAAAAAAAAAAAmHbvAQAA///oFUsF") write$apparmor_current(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e3a04941541a157437ae9f7eee49b90ea088b2599b2bb28f0e5d259d474b33b4b81ef8c965bb08721f827b238543544519a6cc3b0497624953194f445b1b8f462e80e29eae89e1de7b4249fa8c367e22251301f2b413e43e71f717bcd4e000000000000000000000000000000002d5c00"], 0x8b) socket$xdp(0x2c, 0x3, 0x0) 7.817632323s ago: executing program 4 (id=837): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xe, 0x4, 0x4, 0x7ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3f00}, 0x48) syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x0, 0x0, 0x1, 0x3}, 0x20) syz_open_procfs(0x0, &(0x7f0000000480)='net/psched\x00') socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff7, 0x4) bind$inet6(r2, &(0x7f0000000680)={0xa, 0x4e20, 0x0, @private0}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f00000009c0)=0x8, 0x4) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) preadv(r1, &(0x7f0000000280)=[{&(0x7f0000000380)=""/218, 0xda}, {&(0x7f0000000a00)=""/4096, 0x1000}], 0x2, 0x14a, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) creat(&(0x7f0000001040)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000600)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000180)={r8}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000080)={r9, 0x3, r7, 0x5}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB="08001fed1279901177c14b05000300000021ebd4d86cd9d274afaf29bebd6091eec77163505aa557448aba0a384ce994275c6363967b69a3ec2b7af8a10550516ab2a4cfd6e879e7566b5f15a50c04b158f3846a05b616d0b85d0e95b3cd7f02d63d988bbe7431432987a6758f981d2dbf548f152a3c5ae8b129e5a9557307e0a67314d639e78db52af6e34587c0a2835907c583843ae441c3cfb20f84df97644d54a41509298efdd1bb39aae8335738a5274b9b0df49f40bc3bcb0f05e1b897998156205354462a774e3b791a9ac5933db7bef7e83ab5a7ff270a693f99a5d3feac055661b2d6fddf0605fbea6f05e8de61d55e2980b38125522ba990f443d545fb4673f8c90ada5e2152fcf414741130ed26d4ef186ebce3191cdd2cd7eb711ec892451912b84073467cfea7dae63311238cf23554c4b024f76ab47756234025807b46c8689dd7b9cca62197572041f1e17dfe5573c04521c42f53880dd1df8bb6dd494418f84ee4c1e580611ec63169cfd9116476e48b2772f2185fa952b15a5ac0"], 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r6, @ANYBLOB="6c57d4ad82c0080836cd3764001e0008"], 0x2c}}, 0x0) keyctl$restrict_keyring(0x5, 0xfffffffffffffffd, 0x0, 0x0) sendmsg$IPSET_CMD_HEADER(r5, &(0x7f00000005c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0x60, 0xc, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x40005) socket$nl_generic(0x10, 0x3, 0x10) 6.78052733s ago: executing program 4 (id=840): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f00000019c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200}}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$setregset(0x4205, r0, 0x4, &(0x7f0000000040)={&(0x7f0000000880)="19f3774a2ad2b922be53d4c0ae01883c533640efc430260ee98d9e43dbac78cd33c1a66fce6e7b825a7d0ec111bd4507803478af997b8aa1fb016faf7f9f19a53ed3f5562d392a13bbfe6f73833e821245d614eef718b4ce3287a15eacaaeeb4a721b49c2ea946368799bf0174ad301d810f8719ee122254fe128f332b54b6a7e589e04b764c", 0x86}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$peekuser(0x3, r0, 0x1ff) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400ce001000010000000000000000001c6a000a28000000000a0101000000005e1affd5000000080002400000053a81bc5a3c149400032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100010000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x20048080}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000002000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x8, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000200)='./file0\x00', 0x6c842, 0x0) r5 = epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') lseek(r7, 0x7fffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 6.729469515s ago: executing program 3 (id=842): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000300)={[{@jqfmt_vfsold}, {@usrjquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@noload}, {@nombcache}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@noacl}, {@data_err_abort}]}, 0xfe, 0x451, &(0x7f00000016c0)="$eJzs3M9PHFUcAPDv7rK0tEWw/iy2ilYj8QcU+sMevNRo4kETEz3UeEKgDXZbTMHENkTRAx5NE+/Go4l/gRfrxagnE696NybEcLF6WjO7M3SBXVhgYWv380kG3tv3Nu99Z+btvn2zswF0rMHkTy7iUET8FhF91ezqCoPVf7eW5yf+WZ6fyEW5/OZfuUq9v5fnJ7Kq2fMOVjPl8gbtLr4TMV4qTV1N8yNzl98fmb12/fnpy+MXpy5OXRk7e/bUyWPdZ8ZOtyTO3qSvAx/NHD3y6ts3Xp84f+Pdn75J+nsoLa+No1UGq3u3rqda3Vib9dakc11t7AhbUoiI5HAVK+O/LwrRs1LWF6982tbOAbuqXM6X9zUuXigDd7Fkog50ouyNPvn8m217NPW4Iyydi5V1jFvpVi3pinxap5h+RtoNgxFxfuHfL5MtdmkdAgCg1s1zEfFcvflfPh6sqXdPem2oPyLujYjDEXFfRNwfEQ9EVOo+FBEPb7H9tVdI1s9/yn3bCqxJyfzvxfTa1ur5Xzb7i/5CmuutxF/MXZguTZ1I98lQFPcl+dEN2vj+5V8/b1RWO/9LtqT9bC6Y9uPPrjULdJPjc+M7ibnW0icRA1314s+tzHmT+fGRiBjYZhvTz3x9tFFZ/6bxb6AFk/LyVxFPV4//QqyJP5NreH1y9IUzY6dH9kdp6sRIdlas9/Mvi280an/z47+7lm6W40Dd838l/v7c/ojZa9cvVa7Xzm69jcXfP2v4mWa753937q1Kujt97MPxubmroxHdudfWPz52+7lZPqufnP9Dx+uP/8Nxe088EhHJSXwsIh6NiMfSvj8eEU9ExPEN4v/xpSff23r8G6zKt1AS/+Rmxz9qj//WE4VLP3xbt/Fis8f/VCU1lD7SzOtfsx3c4e4DAACA/4V85TvwufzwSjqfHx6OWKis7R7Il2Zm5569MPPBlcnqd+X7o5jPVrr6atZDR9O1vCw/tiZ/Ml03/qLQU8kPT8yUJtsdPHS4g9n4L6we/4k/Cu3uHbDr3K8Fncv4h85l/EPnMv6hcxn/0Lnqjf+P29APYO9t8v7fs1f9APae+T90LuMfOpfxDx2p4b3x+R3d8i/RpsR33Tv7rYbmE5G/Q0K+axLFqFvU1fSPWWwzsa9uUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrjvwAAAP//gk3jgQ==") memfd_create(&(0x7f00000004c0)='\xf3e\t\x05\x00\vty\x01sen\x01C\x1f\xc6\xcf\x12\xd3A\xbbZ%\xb2\xc8<\xf8\xff\xff\xff\xe2\x8e\x9a:\x1c\xec\x87\x87\xcf\x83\xcf\x14\xb0\xfcK\xb9\x1a\xa9\xec{\xb7bn`\xbb\x0e_\bm\x1f\xb1x\x05;,\xf1h\x8cwR-\x81^T\xa8\x90\x17\x03B\x99\x85\x93scH\xe4\xfb\xda\xe7\xaa\x93ZY\xe4\xa0\x040\x8cw#\xfd\x12\xddi \xf62\xee\xe5\x92u\xd8\x06H\xbb*xN\x8c\xe1a\xe8\xcf\x99\x8f\xbe\xbe\aaC\xb0\x9d\x19*3_\xc4\xf9\xecEunE\xfa\xe82\x9f\x8d\xd4\x1d\xfeD\xba*\xef\xdb\xa4U\xfd4v\x8ei\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa7L\xbf\x9c\xe6\x89\xe1Vij\xd1yy\xefg\x8cn\xb2N\xc8Sc\x9cbF[\xecM\x15Z\xbe\xdf\x00+\x89\xcc/.\x95\x11\x97\xade\x9eZvM\x1c\xd0\xc2\x89j\x1e\xe1\xee\xf7J\x17.\xfdl\x99\x82\xf1\x05\xd9C\x1b\xceK\r\xcc', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xb}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x0) syz_open_dev$usbmon(&(0x7f0000000140), 0x4, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) 6.472046686s ago: executing program 2 (id=844): socket$nl_xfrm(0x10, 0x3, 0x6) mkdir(0x0, 0x1d5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/diskstats\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000000)=[{&(0x7f0000002100)=""/4112, 0x1010}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x5437, 0x0) capset(0x0, &(0x7f0000000280)) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) close(r4) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xb, 0x8}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r5}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r6}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r7, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x1, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2200c3a, &(0x7f0000000140)=ANY=[@ANYBLOB=',mode=0']) syz_open_dev$loop(0x0, 0x0, 0x84000) 5.463859031s ago: executing program 2 (id=845): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900010073797a30000000000900020073797a32000000002c00048028000180080001006e6174001c0002800800024000000002080003400000000a08000140000001"], 0x80}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384\x00'}, 0x63) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$can_raw(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000001800)=@can={{}, 0x0, 0x0, 0x0, 0x0, "c55fe40d1ec52c1a"}, 0xfffffffffffffc52}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20}, {0x6}]}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0x1, 0x3, 0xbec, 0x7, 0x11, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2000000}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r5}, 0x38) bpf$BPF_PROG_QUERY(0x8, &(0x7f0000000500)={@cgroup, 0x34, 0x22, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000040), 0xfea0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@map=r7, 0x32, 0x0, 0x883, &(0x7f00000006c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0]}, 0x40) write$cgroup_int(r7, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000080)={0x0, r6, 0x39, 0x4}) writev(r3, &(0x7f00000002c0), 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, 0x0, 0x3f, 0x0, 0x8}, 0x20) sendfile(r4, r4, &(0x7f0000000100)=0x81, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000100003052bbd7000249d020000000000", @ANYRES32=0x0, @ANYBLOB="1544010001800000240012800b0001006d616373656300001400028005000c0001000000080005000400000008000500", @ANYRES64=r8], 0x54}}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000540)=ANY=[@ANYBLOB="380100001a000100000000000000000020010000000000000000000000000002ac1e000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x138}}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket$netlink(0x10, 0x3, 0x6) 4.441359477s ago: executing program 3 (id=846): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f00000019c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200}}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$setregset(0x4205, r0, 0x4, &(0x7f0000000040)={&(0x7f0000000880)="19f3774a2ad2b922be53d4c0ae01883c533640efc430260ee98d9e43dbac78cd33c1a66fce6e7b825a7d0ec111bd4507803478af997b8aa1fb016faf7f9f19a53ed3f5562d392a13bbfe6f73833e821245d614eef718b4ce3287a15eacaaeeb4a721b49c2ea946368799bf0174ad301d810f8719ee122254fe128f332b54b6a7e589e04b764c", 0x86}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$peekuser(0x3, r0, 0x1ff) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400ce001000010000000000000000001c6a000a28000000000a0101000000005e1affd5000000080002400000053a81bc5a3c149400032c"], 0x7c}, 0x1, 0x0, 0x0, 0x20048080}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000002000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x8, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000200)='./file0\x00', 0x6c842, 0x0) r5 = epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') lseek(r7, 0x7fffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 4.270062371s ago: executing program 4 (id=847): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000008000/0x3000)=nil) timer_create(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x210014, &(0x7f0000000440)={[{@grpquota}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x516988e7}}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3}}, {@nobarrier}], [{@flag='nomand'}]}, 0x2, 0x24f, &(0x7f0000001040)="$eJzs3T1o9HQcB/Bvcnc+9nkOedRFEF9ARLRQ6ia41EWhIKWICCpUXBUVisWt5+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46nNylldpeUXvtxaf5fCBN0rz8/uHy/SfD5RKgsa4nmUvSSjKdpJOkOLrCvdVw/WB2bWprKen3n/qlGK5XzVcOt7uWpJfkkSSbZZGX2snKxnO7v20/8cDbr3fu/3Dj2amJHuSBvd2dJ/c/WHjrk/mHV7765qeFInPp/u24zl8x4n/tIrntIor9TxTtulvAv7H4xsffDnJ/e5L7hvnvpEz14b2zfNNmJw+9f9q27/789Z2TbCtw/vr9zuAa2OsDjVMm6aYoZ5JU02U5M1Pdw3/Xulq+/OryXN19FHC+usnO459d+fTasfz/2KryD1xeg/w/vbj+/WB6v1V3a4CJuKsaDfI//cLqg5F/aBz5h+Y6Q/63L7pNwGS4/kNznZb/YtQX1oBLZezrv3sGuGG5/4dLrHM40Ru5WP6hueQfmkv+obmO5h8AaJb+lbqfQAbqUnf/AwAAAAAAAAAAAAAAAAAAnLQ2tbV0OEyq5hfvJXuPJWmPqt8avo84uXn49+qvxWC1vxTVZmN5/p4xdzCmj2p++vqWH+qt/+Xd9dZffSXpvZlktt0+ef4VB+ff2d36D8s7L45Z4D86/mqPR5+ZbP3j/livt/78dvL5oP+ZHdX/lLljOB7d/3SP/sTyGb32+5g7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGL+DAAA//9RfGww") mkdir(&(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x15) syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x10000, 0x0, 0x3, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000340)='./file0\x00', 0x2000040, &(0x7f0000000380)=ANY=[], 0xfe, 0xc3a, &(0x7f0000000f00)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcZy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z15b/a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cvHU6fSwWwEAPEiXR7966oz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYvbyaxqv3HfVL7b7bd8aGR7audiRVNQ9V5cuf+ukzZ8996YWh89281J7+gPp77bPx2ujVi42XZ27Nzk3Oz09ONMam29dnJiZ3fITd1t9ssDoBjVuv3564cWO+ceb5sxt23xl4v/+J4wMXhp49+Uy37NjwyMjoepF6b/nafTekY7sZHoejiJOR4rnv/TS1IqKI3Z+L+oMd+82OVJ0YrDoxNjxSdWSq3ZpeKHde6Z6IIqLRU6nZPUdbj0XU+h5oH7bXjFgsm182eLDs3uhsa651bWqycaU1t9BeaM9MX0md1pb9aUQR51PEUkSs9N97uL4oohYpvnNsNV2LiEPd8/DFamLw9u0o9rGPO1C2s9EXsVQ8AmN2gPVHEa9Gip+9cyKu5+tMda35QsSrZf4g4q0yX4pI5RfjXMR7W3yPeDTVooi/LMf/wmqaqK4H3evKpa81vjJ9Y6anbPe68hHvD/dcKR7S/eHIpnwwDvi1qR5FtKor/mq6/9/sAAAAAAAAAAAAAAAAALDXjkQRn4kUr/zHn1TziqOal37swtAfDvxq75zxpz/kOGXZ5yNisdjZnNzDeWLglXQlpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZaid03x9vTNxtXWtanOqrDdtX+7a6avra2tNVInmznHcy7mXKry8N0aK3l7FLl+zmbO8ZyLOZdyLudcyRmHcv2czZzjORdzLuVczrmSM2q5fpmH19aa+f14zsWcSzmXc67kjAOydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMdJEUX8IlJ8+xurKVJENCPGo5PL/Q+7dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8f1I0fij5t1ttYhI1b8dJ8pfzkXzcJmfjOZQmS9F82LOVpW15rceQvvZnb5UxI8jRX/97bsDnse/r/Pu7tcg3vrm+rvP1jp5qLtz4P3+J44fuzA08htPb/c6bdWAwUvt6dt3GmPDIyOjPZtr+dM/2bNtIH9usTddJyLm33jz9dbU1OTc/b8ovwK7qP4IvUi1x6WnXlQvonYgmvFw+s5joLz/vxcpfvfd/+ze8Dv3/3r8Sufd3Tt8/PzP1u//L24+0A7v/7XN9fL9v7ynb3X/f7Jn24v5dyN9tYj6wq3ZvuMR9fk33jzZvtW6OXlzcvrcqVNfHhr68tlTfYcj6jfaU5M9r/bkdAEAAAAAAAAAAAAAAAA8OKmI348UrR+vpkZE3Knmaw1cGHr25DOH4lA132rDvO3XRq9ebLw8c2t2bnJ+fnKiMTbdvj4zMbnTj6tX073Ghkf2pTMf6sg+t/9I/eWZ2Tfm2jf/eGHL/UfrF6/NL8y1rm+9O45EEdHs3TJYNXhseKRq9FS7NV1VvbLlZPqPri8V8V+R4vq5Rvp83pbn/2+e4b9h/v/i5gPt0/z/T/RsKz8zpSJ+Hil+56+ejs9X7Twa95yzXO7vIsXg+c/lcnG4LNdtQ+e5Ap2ZgWXZ/4sU//SLjWW78yGfXC97escn9hFRjv+xSPH9v/hu/GbetvH5D1uP/9HNB9qn8X+qZ9vRDc8r2HXXyeN/MlK89OTb8Vt52wc9/6P77I0TufDd53Ps0/h/qmfbQP7c396brgMAAAAAAAAAADzS+lIRfx8pfjhSSy/kbTv5+38Tmw808H53357+/a9P92yb2Jv1ij70xe7OKAAAAAAcHH2piJ9EipsLb9+dQ71x/nfP/M/fW5//OZw27a3+nO/XqucG7OWf//UayJ87vvtuAwAAAAAAAAAAAAAAAAAAwIGSUhEv5PXUx6v5/BPbrqe+HCle+Z/ncrl0vCzXXQd+oPq1fnlm+uTFqamZ662F1rWpycbobOv6ZFn3qUix+refy3WLan317nrznTXe19din4sUI//QLdtZi727NvlT62VPl2U/ESn++x83lu2uY/2p9bJnyrJ/Eym+/i9blz2+XvZsWfa7keJHX290yx4ty3afj/rp9bLPX58p9mFUAAAAAAAAAAAAAAAAAAAAeNz0pSL+PFL8762lu3P58/r/fT1vK299s2e9/03uVOv8D1Tr/2/3+n7W/6+eK7C43acCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDHU4oi3owUs5dX03J/+b6jfqk9ffvO2PDI1tWOpKrmoap8+VM/febsuS+9MHS+mx9cf699Jl4bvXqx8fLMrdm5yfn5yYnG2HT7+szE5I6PsNv6mw1WJ6Bx6/XbEzduzDfOPH92w+47A+/3P3F84MLQsyef6ZYdGx4ZGe0pU+u770+/R9pm++Eo4q8jxXPf+2n6YX9EEbs/Fx/y3dlvR6pODFadGBseqToy1W5NL5Q7r3RPRBHR6KnU7J6jBzAWu9KMWCybXzZ4sOze6GxrrnVtarJxpTW30F5oz0xfSZ3Wlv1pRBHnU8RSRKz033u4viji9UjxnWOr6V/7Iw51z8MXL49+9dSZ7dtR7GMfd6BsZ6MvYql4BMbsAOuPIv45UvzsnRPxb/0Rtej8xBciXi3zBxFvRWe8U/nFOBfx3hbfIx5NtSji/8vxv7Ca3ukvrwfd68qlrzW+Mn1jpqds97ryyN8fHqTBS+kgX5vqUcSPqiv+avp3/10DAAAAAAAAAAAAAAAAHCBF/HqkePHdE6maH3x3TnF7+mbjauvaVGdaX3fuX3fO9Nra2lojdbKZczznYs6lnMs5V3JGkevnbJZZX1sbz+8Xcy7lXM65kjMO5fo5mznHcy7mXMq5nHMlZ9Ry/ZzNnOM5F3Mu5VzOuZIzDsjcPQAAAAAAAAAAAAAAAAAA4OOlqP5J8e1vrKa1/s760uPRyWXrgX7s/TIAAP//62rxhw==") mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) pwritev2(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='y', 0x1}], 0x1, 0x1000, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) read(r2, &(0x7f0000000000), 0x2000) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) rename(&(0x7f0000000600)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') socket$alg(0x26, 0x5, 0x0) 3.770361153s ago: executing program 2 (id=848): open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000003a80)={0x1098, 0x27, 0x1, 0x0, 0x0, "", [@nested={0x1088, 0x0, 0x0, 0x1, [@typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private2}, @generic="a6675add9a8210156d6dee142e4f4763c7af29045f6e23e1b2792f5e3f53c4514eab47dff855b95e0554549560064b04bdeca3f91d066d0cc2ffce814a743c6408c19f900175baa66d9f7f5ca65fae59d7bf9922579e1f9a614bd2f7a7d6ef94db3aab4c03a370bf32db4832e5c155e7fcc94fbf223b8bfd6fc1fdddd67d01ada0cff73323c7483f11ee36d9098fe2074b03ea4704b539d201f1bdbb64c84fe0e79f176217436f23a36794a6e54ac67b2ab5389df486853d1261334d7b3beca4951358d5216c4fdd4d188eebbcfc1e16fa2002364b8cb1120ec6becf95ea881b12366b7bf62aff756a04f922314693de499e592477a89d4e0f8ec7b44b98bca19dff176742cd332db6d259362726a66bbfdc82861cd169fad4ab1a3a5b1d1e0265a162daf645f94290c0e73768946e1771c981ea0fa2309d97cd9d1695492dfeea13e9a515ee55afc2112515251e41f8376f0656d1428ca3617853e3bbae3109e78b40aa9b0d6288d8478f963319a54e56234e7332f8ac522395a8b6f520bb903ad963f3dfa210fc73e7d351151edde5704b158713852914b8ad554fcd936b4a2d9fb735626c22070e79271e328941d80c47cd195c6310b127692d41af480e6cabbd596d2290f0716bdadb876374c7b1ec79af6752a8b3b23ea3ad368139989f1847969695b870af7f3091640ae245aba6501ad0090017d10113d2339aa1eee7d58191fda347c2340df255f8059dfa2feced20f431a256e5840cfad850d07c0b8cdfdb9ee45f7fe68fee96b945262775a998701a53f93015d68646b6a7a8fc754f776f1a2f004aa4ddc690fa0a7177885042349fef12b7a5954b97834a6aace860914da0d8e257fa114f8c81320211f9b8108fa018beee150207a6cfeaf76bf4fa9e0246c8ec57b1a7772b09bd4025797dded380f94daed3fb41691ec55283e5a60fdb17fdcd2c97b43709fcaf7bec430ac7c10ed482078352e070cff5221d1d13b893d0bdcd22428c709b1303052f0a36fb7c7ba8ad8d5f3368b7b10465216880e3add22f9be8c5a1757cb7c56441e3a3028e9a4ccf8b72a03debf62d5ac32d4abeb331137924bb3995bab77e601c189c0e1e86832884d4954140d033f2428f4344c341618180a3fe13f8b7d56ee7772c8e15272b95718dac4ebd2ba4cd4139ac15136644526f9b1acfa977fc3b874614a99be6c2cc4e5a32a57bdb93c712148768a9766c22406d78ef82bfa9f0d66bc5e217697141dd2ca52b89e89f5104779b1beb85e612017fd6e93f0e63580edcbe7b8811e9f889ef7f448dc052ea3f0f8c6684e86f4efd71e520568e3c074bba55ad65ad5989718d0f071bc4aae084d3ce4a715c1b370be0cae177a4e89b707440622bc6c9692046d835269134be966ae499ee5c1eb9aa004707b9cdd0e24a91b4966ac05858afa072f7c54a4a31af6f825a38f1076fd699ebc75b1e806f33cf7417d81095232a4c2467d769ff8ccdc8d6f67c4016749aefaf71c8a444fba32e09f2ac16e91533bf47ac4979f06d0dffbec225abdf9b45f1bd3eb2c80dea78e889c6e51d675c2471afec034319eb225dc7a6a63f2d85015c4d879d81798df6ff02a75dda19c307c47972c7d28f26fc624ba180fcc9f1276c1a3ce5cf0fc6c6ae0f0b353e7f1628d7061ca0e6b760cd5e532d96b711339d66b60f3e9832c9729051c00573fb26f492bd7ca3a0f8e8f0ab4ca34e3e8fb18483dd9b894ec7bbd93de45deb8a1b0a4d0ee771b0619c538f6a1242a9f3b2201bc7bd033ee3d259371348b719e7a9cd8ca541b1257f1f53c8f1a190ae688e85ef63d87cf374c53774b93644690c740ff2287a5c9750409e8c468708e896ddb866b6bcc07bda6e2f9703c3537224eea4d3cd586623cd0966642412b6c5dbb1d1dad534c3630ede3251b1014d5d727b6b0ee52ea935df23d117c3a63cf7f8968c175e0669a382a43604bf6ce62c2a67b25a969d8d58d173bb1c3a43c6e9be5b996606d7712a9c40779d28f061c8ac923b7ed4bad8678a9c51ff72c323727990efb242a7af949d213ea7e207ef145984608ed00b31ead25f45defaf9fb3772953b936c813f3b4d91cf54b58d640dc0806cdd2aaf6784289fcc337458cfe3d19c1c8a23f8277f14b9aa304de69b5492ec3c0f9a0c4ac490ce1169c379cca08836a63e71c5983f61866a0e1d9f073e08f20013ff6bf3419d554a0a4204a8a185447fefbd0af1017febb112cda9b3ceb100fdfe3eebe351af9805997b9cb2af90de98a51bd41233f3af53f718ba7d771e3360724ccdfa0eae408da1d40c3a3e65e15105faad89c8b54e56a18cdb7e4c8c1cc1d83cc5ddd3a30f71fedab5e827439e01a1090866319ccc16ea262defdcd2d38f58adb220eb1b0a4e765ceb160da848d72c3c136ca0757415398938a940d9d6b560612fabf3ad88449c6f88ad2f42de85bddc58a9b3645f5644e1a256d650359dff0ddf4811cb738e31a0560e60d6b1a8d9f766943693ee657a42808d0d63e7c4f4903f980d36758709847b7c5265c689a3c5a94be2f65a41a2bb847f3f9bae2b39fcee6939384a76155ac1ee45cdb97683f09bf44208592e87efa0f033bc8f918dd72eba539dd37a1b251052a781d21bc4bb422ac72308d018e133b69a595e6b3ee7ccfa915347784599a968e505a323c44ac8c06fd4e5b447d8187547b374d37a7f5644d90953db9d2995c3142945837894fc40b842d2a675c22d270d16e772cffa702b333a02313afddcf3cb8da4ad658d71152fc94d5bff78a94988881356bd5ae5484cc3468cd8e0c630a1d765ee1367cbd32d97e38c040955b4d796f4381c5a69b07a271f7c9087a78b1432ea9ca3d67f0ae5524211b722021fbaf211307d93cfcd1ed2e4eed73e66f2079e529a079b3fd3352f751c6910748fd5d7c6545aaef7941d423b393c9bb7bcf1d4d64298ba3b2ab7cb079f2ca2beceaec63a96a032571f1ce1d48da3dfbf84c1cfd91ab486feaecf0c4804c801c064e493bee1b5d00506bb9535729391aed33fd0009ddd037f0c5b18bd5696e4a0e771d705b6232f3e095ec41ef0f74c80bafa8b326491847158c4c4ba66a846dc6375152643c264774ef050476b221175ddb8ecaf8c8da40ca41ee38efa49f57a5311feee17f932877fc47057ee300cb3e8af69da18506ae4aefe9a1ae819b35f13bdbe983e2bd9459e763d09e266baf27df77698964124c09b4c473e0aa2be77835ee8c2424a55f76b25efa0b96da2380fc702ca3e6c90ff704393e71e7810e7a6ccde54b3fb36473281be74128bf2bea3d1b35c8330b258aaf87c997f1adef18d0d2771d65077034df52b59383f83b11fa4606e138e07c78eb30b464ed0246dcce7a994cdaaf41e0ce544945189437d13caaa1d61a75f1be8fc15d7d72d1810ed6feefc3999cb6db945a68fd3b057d3e6b52a4d88a7be248011b7f3a6df983cb3778a1dc03cbf3fc4f6983fd58cb99983e54730ebfe048e3f72f9205f4d55c80f361657ed745a9e9ef7665bd493f35e5f59b522b361c2f2f653a9249ec74981fa9b233c5498a7afbeb75276b711ae77743c024110d22819fde049e37ea494e20093dfe86791b150f4d64f7879087eb14211039628d0bb6b2734724ba03217ecc098da58879952d94b348a1fc0fe3e40897d32cc681ac60a75ca644a791be1a6963ac6ec79de9a62d2d218f82a07c16a06c0f7c315accf82e99f383c105a41a26b11b690eba75dd5e66098fa1e8d3616746b39439c69eac8543c5a61fe62fdd353ea91ff77109ff4392b384e1372e5d402c2453094f4d4f624844c45bb766f2582acefc1eebbffdd4061e54497869e1cfd8350a4d1463a6e0ed13e9c08d74d1e7d17a429e6bc040b49d4a86bb4f0fb2907e037b334f1f467fab6b5bcf1b934dacf375e6c45e29fcb50bb72991cea47037c85ce88ced909ff738271b91ffeee12ed89634503744a76094d27b5069019719bec426c750b9d566fd7654ac26e82d2c241ff1a905a573b2f978b617bace5ff9b2973f3a8f27e01d7e64e7238745d51fd471670f7415f6480b2d346b1330e5e9d0cd25c2e9e9e36af1910239ae87f44c8ef833a0d6aa43aa7d83ff2aab39351696ddbf5fd7ba6ce187948b6722e74dce352c0ed3ed3b01d4913b06decf020a1a4074714302a6849edb5c4b768f26473e129341c810cf822ec50dd85843f278ec9e21b034ff5828d914ca83414bbf36b03a6181e4fc6654753526690254c5460e8283505d046d8ed075fab8099cd01e998f5dc714c005eadaca045886d488c1b8ff985e713040620dc08ae1879b426fb7a06a28fc48d18cdf50bc24745d89771f735b94f43080389e9026e86035b5929a8b14430e0d0a93c4dd53239deb5cde22c7864b27b524d4e8fd9bc2a28c42edf9bbf66c88b4fa13cb82a5c0584e7ecd18e008926431f5b5c44ca9652eb45150ef27df43aede0ee920dff92892b1999c155cb85ab0ac9d5cb6f1924e025c19f53e944c6628e5055f202a39909b5b16ffe5a151f280705dd26e7ad5d2989cd97b7dc6af3c0f2cb8c3b1c05aeefbe2a5c6b33d9ed49c8518ee1c1248dede0c6e192a0807306aaadcb68ee2946c7c14ad268d73deab588398eba83aeb464f2231fa84b7928ad166f3a11183faebff37ea104acde26706521f68331f9e601fedd6d0ec77fbb73a213e14782c24d459e18d0247fcaab74d5fffb269f33a8cb1e93f614899b5ea00b48134d5e916e2377fe846009df657921d437a3f2029224f2128f9c198ae4a9951b1e9e090272d81570c8aa65694834a1944f15be2ae37b0472f9d95bf2458d9b8d9665aa6c7f9ce305b7b1fa34e96a468b365d6a724954f7adec5c0355e6150662050563fb7ba08d0ac13a7d5c376f540c512cd95015d27d13036d4670861769666a5ed8bbf40f5d972c35c3afc7215f91023b542c2949d83e6e255ab713fbb46d8c35b9011737a073174b007b757182517be3e136e0b9f53627b5bb972a29883956d7cd341ba05513c5c3af928e58d77eb927c7ddf717b157f1832ee0faa77c5d43e3d40f7f6b40256b37f0e2820a6925a073932af761009284d4cb98e9fa3a3b474e7905c4cd1773f3df3dbea12fe6e3351bac0a1107f079e81d56e550b2798081e444388bff6c7e2d1f969f72f8ad9c3cfba7b81aec8c3c6b42b108f80cc2b9624420817129549be4f10e144189959f177f6718f282f73c2e5f623e65c93bf0c783339dab2709c49018d46707616853b095de1f25a365bbea5dfae325c2bef6480a57365699b969e5916dcf97c937c5c3ae286e0ddf5573a51eb2b8e9b5014d240f3ae7b5546371ffc4f1df621dc58a38fb4fdee13cf940c7018fc7de04c1d7447d877b40966b643581cbdbc0322e655f3d852b5ea46eeccaa12ea253812463bad52d75ccb6410dc2255c1b2ac3f80a3e050761fd5f3122b80bb764e92db7358d8e9cdaf1b9acd2fa5b12b54d7233c8f6cafd2d6ab6f1361b3f59656cb79f21f44d5a5bc90486927d94fc7c55b6d47004b3dd2a3a89dcda8cf59e5112150b8fe4bebdf4fdb9055d60eb0c5d7dce0cbee00278c94c90bc4bb06d8c6db44dd1a8ec7611d63c6a817c9c373ec8b7869d7294ba86c5c19e3a9961aaa3b8119d7d86f2ba9751f73b132d6650c64218c6570d0b07343bb25a0cb2434084b25d3357cd2a6d1ba80af0e40c24a0539b22304138ab8e82843bac024fce0319d7f5687fcb8f9cf7ca7e6e47bb7b445ec736331013041ecd9c4dbda96ed17bf151f22a9998c437f9793bbb3c9b21", @generic="17de308440f8061f989ed3486db9872cd56c7f32196fc57d94e7efd388b6f33cdfd5ab8aa0c3ff18cebfc9b6facad1e7be43365948bc2b52727b5c7816ab75f724d2131753d8c25d957aaf48117dd8215b7c3aab0377e8b456fe4c89322c83f657b70a530d5a073c976303b02aed2c2e"]}]}, 0x1098}], 0x1}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) socket$packet(0x11, 0x0, 0x300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r3, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f00000005c0)={0x1c, r4, 0xa29, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x5c, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME={0x40, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}}}]}, 0x6d}, 0x1, 0x0, 0x0, 0x20040885}, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000500)={0x1f, 0x7f, @any, 0x5, 0x1}, 0xe) syz_emit_ethernet(0x66, &(0x7f0000000100)={@local, @local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x2c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @generic={0x0, 0x2}, @eol, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}]}}}}}}}}, 0x0) 3.423460562s ago: executing program 2 (id=849): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d6b7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd45e2f7ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e8ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000048e43dc605510a771eb74ea75e6051ecab9576c97eab243f9c2695c39c8cc4be294f97"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) syz_usb_connect(0x0, 0x3b, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000085826d20ffd56600b0d8000000010902290001000000000904000000e0010300052406000005240000000d240f"], 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000240)) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) socket$packet(0x11, 0xa, 0x300) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r4 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r4, 0x0, 0x400000000000000, 0x5) socket$packet(0x11, 0x3, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x208000, &(0x7f00000002c0), 0xfc, 0x467, &(0x7f0000000700)="$eJzs3MtrXFUYAPBv7mTSps/4qNqHGl9YfDRN+rALN4qCCwVBF9VdTNNSm1ppItgSTBWpSym4F5eCf4Er3Yi6EtzqXgpBsml8gCP3zr15TyaPSW51fj+YcM69Z+ae75x7JueeOzMBdKy+9E8lYldE/JKmkyw7q54XSsvNTE8M/zE9MVyJev213yvZvlvTE8NF2eJ5u/LM4SQi+bgSB5c57tiVqxeGRkdHLuf5/vGL7/aPXbn69PmLQ+dGzo28M3jq1PFjA8+cHDzRljh3p3U98MGlQ/tfeuPGK8Onb7z1w1ddRV0XxdEufdG3oC3ne6zdByvZ7nnpSleJFWFNqhGRdlctG/97oxpznbc3Xvyo1MoBm6per9f3NN99rQ78j1Wi7BoA5Sj+0d+a7omIieHNuA6+nU0917gASuOeyR+NPV2R5GVqi65v22l7vm5y+tqfn0fWD9s6qv0BgK33TTr/eaox/ykejT29cc+8cnuy9eB0a8QdEXFnRNwVEXdHxL6IrOy9EXHfGo/ftyi/dP6Z3FxXYKuUzv+eze9tLZz/5bO/f+q91Ty3O3qiN2qVs+dHR47mbXI4atvS/MAKx/j2hZ8/bbavL5/7FY/0+MVcMK/Hza5tC59zZmh8aGNRz5n6MFsDnFwa/9ydqzS1PyIOrOP103nz+Se+PNRsf+v4V9CG+0z1LyIeb/T/tVgh/sX3J3vyfScHT/Rvj9GRo/3FWbHUjz9df7XZ8TcUfxuk/b9j2fN/Nv7eyvz7tWNrP8b1Xz9pek2zhvP/zWJLev53V17P0t35tveHxscvD0R0V15eun1w7tWKfFF+ate+iEeWH//pe1x6jqXxH4yI9CS+PyIeiIgH87o/FBEPR/YSy5mciYjvn3/07fXEn7Rq2DZI+//Mgv6PFv2/9kT1wndfryf+hrT/j2epw/mW1bz/rbaCG2k7AAAA+K9Iss/AV5Ijs+kkOXIkYme2trsjGb00Nv7k2Uvv/XWm8Vn53qglxUpXYz24sR46kK8NF/nBRflj+brxZ9WeLL8jv/cNlGdnk/Gf+q1adu2ATef7WtC5jH/oXMY/dC7jHzrXasd/fZPrAWy95cb/ZAn1ALae+T90LuMfOpfxD53L+IeOtJHv9Uu0SEy2uXm7b5O4skQk5Vfj7/xnWMpujeLXMloXruXjrvSma5ko7z0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgnf4NAAD//8PI3N8=") r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r7, 0x12081ff) write$cgroup_type(r6, &(0x7f0000000200), 0xf642e7e) r8 = open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) sendfile(r8, r8, 0x0, 0x100000000) ioctl$sock_SIOCGIFINDEX(r5, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f00000000c0)={r10, 0x2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) socket$packet(0x11, 0x2, 0x300) 3.342178009s ago: executing program 0 (id=850): quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9d}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="650a00000000000061116400000000001800000000000000000000000000000095000000000000007c6fe1689aba46407fa1decfe8a922e1f9fff92ce3a0a65025c5d73990905970cbb3115eb3a096499b441cf121aa3f191372e8939e13057241d50309580e918ccf1f7d599140fc2dd85bf5c647035efb962029e660b20e056cf75f2d833fd8db70f688e5550e6fef694bcbc41a8535a4cf1e82bfd2340a0ec9c0399c1123309d0898233400e2a1a2d29ed700"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6b00}, 0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020080002000080f5008e24ce6e4ae000a5000003000500001e001e02"], 0x80}}, 0x0) socket$key(0xf, 0x3, 0x2) write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff2ab94ff4db"], 0x15) r5 = dup(r4) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB='(i']) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) 2.254118241s ago: executing program 0 (id=851): openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), 0xffffffffffffffff) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000140)="480000001500190d09004beafd0d8c560a84476080ffe00600802f000000590000a2bc56060000000f7f89000000200000000101ff00"/72, 0x48}], 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000000100)=""/96, &(0x7f0000000040)=0x60) r3 = socket$l2tp6(0xa, 0x2, 0x73) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x7f}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x3c, r7, 0x29800f6803d6a469, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0x20, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x1c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HT={0x4}]}]}]}, 0x3c}}, 0x0) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x13, &(0x7f0000000280)=ANY=[], 0x8) r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffffff28, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x5}, 0x48) r11 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@generic={&(0x7f0000000480)='./file1\x00', 0x0, 0xb490558f185847cf}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r10}, &(0x7f0000000240), &(0x7f0000000340)=r11}, 0x20) r12 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE(r12, 0x1, 0x19, &(0x7f0000000040)='veth0\x00', 0x10) sendmsg$inet(r12, &(0x7f0000000080)={&(0x7f0000000200)={0x2, 0x0, @private}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000240)="080027226da03f00", 0x8}], 0x1}, 0x24048000) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)='H', 0x34000, 0x0, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 2.158286759s ago: executing program 3 (id=852): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000100)='::,:\x00\ai\x88\x04\xc4\xa4\xe3\xce\xcc\x1a\xc7\xc4\xa5\xa0M\x02Z)\bok\xd4\x14y\xfe^\a\xe0\xadK;y\xef\xa5A\x1a\x9dfM\xd2\xe3C\xd6\xf1F\x04\xea\'0\xbfN<\xf4\xf6\x93\xb1\xe2o\xef\xa8[\x1a\x01\x00\x01\x00\x00\x00\x00\x00a\x14\xf6\x1dX\x9el\xb1\xd0\xca\x04\x15R\x04K\x18\xc1\xdb\x8fim\x80#\xf4b~\xce\x92\xfa\x816Pb\xb3\xc8\xee\xe0\xea\xf6E\x80\xcdpdV\x8a\x8e\x84\xaf\x94pi\xbf\x9fh\x0f_kp\x12\xdd\r\xdf*\xbbz\x9e\xf0v\x15R\xf1\xc5\xa8p\xf2\xc1\xe4\xa9!\xb5\\\\(ZpX_\xc8C\x04\xa0\x02\xe3s\x81\x82\xf4/0J\x99\x9b\x1c:\xf6\x98Q\x92#\xccx\xa4\xd2\xdax\x04\x91]\x94', 0x0) r1 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x8001, 0x1, 0x6712, 0x2482, 0xffffffffffffffff, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x40000001, 0x2, 0xa}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff07, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffefb) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000180)='./bus\x00', 0x0) renameat2(r3, 0x0, r3, &(0x7f0000000200)='./bus/file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000440)='page_pool_state_hold\x00', r3}, 0x10) process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$inet6(0xa, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast1, 0xd}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000480)={'#! ', './bus/file1'}, 0xf) syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) r6 = syz_open_procfs(r4, &(0x7f0000000400)='net/sockstat6\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1, 0x168, &(0x7f0000000240)="$eJzs29tKOlEUx/HfqP9/ZudzdBUU1E2Op4Lu8lFEJ5PGkuxGCaJH6cl6Ab3oBZpolKnZBE2CDun3A7LXEhZr74vtLC9GAGbWhSRLltKSPM97vDq0tB/3pgBMhDdc3zwAsyfJ1QdmVL+c9J//LUkvrw/V3vCTjjg/9MsJf/34H9H7Uj8ftf7J8te9VLg+I2khyvzyPKg/Mvov/rJ/xqhfilw/OP/xQbh+WdKKpFVJa5LWJW1I2pS09U3/mtF/N2J/AAAAAACisJQ189AXCV02XCcX5P/8PB/k//28YOTFIJ/z82z11q2N6wgARpT44f4njfufMu4/gL+r3eleV1zXuSMgICAIgrh/mQCMm33fbNntTvek0azUnbpzUyidnpWK+fNcwfYnfzs8/wOYHp8P/bh3AgAAAAAAAAAAAAAARrUtaSfuTQAAAACYiEm8ThT3GQEAAAAAAAAAAAAAmHbvAQAA///oFUsF") write$apparmor_current(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e3a04941541a157437ae9f7eee49b90ea088b2599b2bb28f0e5d259d474b33b4b81ef8c965bb08721f827b238543544519a6cc3b0497624953194f445b1b8f462e80e29eae89e1de7b4249fa8c367e22251301f2b413e43e71f717bcd4e000000000000000000000000000000002d5c00"], 0x8b) socket$xdp(0x2c, 0x3, 0x0) 1.928078038s ago: executing program 0 (id=853): r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r3, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000003a80)={0x1098, 0x27, 0x1, 0x0, 0x0, "", [@nested={0x1088, 0x0, 0x0, 0x1, [@typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private2}, @generic="a6675add9a8210156d6dee142e4f4763c7af29045f6e23e1b2792f5e3f53c4514eab47dff855b95e0554549560064b04bdeca3f91d066d0cc2ffce814a743c6408c19f900175baa66d9f7f5ca65fae59d7bf9922579e1f9a614bd2f7a7d6ef94db3aab4c03a370bf32db4832e5c155e7fcc94fbf223b8bfd6fc1fdddd67d01ada0cff73323c7483f11ee36d9098fe2074b03ea4704b539d201f1bdbb64c84fe0e79f176217436f23a36794a6e54ac67b2ab5389df486853d1261334d7b3beca4951358d5216c4fdd4d188eebbcfc1e16fa2002364b8cb1120ec6becf95ea881b12366b7bf62aff756a04f922314693de499e592477a89d4e0f8ec7b44b98bca19dff176742cd332db6d259362726a66bbfdc82861cd169fad4ab1a3a5b1d1e0265a162daf645f94290c0e73768946e1771c981ea0fa2309d97cd9d1695492dfeea13e9a515ee55afc2112515251e41f8376f0656d1428ca3617853e3bbae3109e78b40aa9b0d6288d8478f963319a54e56234e7332f8ac522395a8b6f520bb903ad963f3dfa210fc73e7d351151edde5704b158713852914b8ad554fcd936b4a2d9fb735626c22070e79271e328941d80c47cd195c6310b127692d41af480e6cabbd596d2290f0716bdadb876374c7b1ec79af6752a8b3b23ea3ad368139989f1847969695b870af7f3091640ae245aba6501ad0090017d10113d2339aa1eee7d58191fda347c2340df255f8059dfa2feced20f431a256e5840cfad850d07c0b8cdfdb9ee45f7fe68fee96b945262775a998701a53f93015d68646b6a7a8fc754f776f1a2f004aa4ddc690fa0a7177885042349fef12b7a5954b97834a6aace860914da0d8e257fa114f8c81320211f9b8108fa018beee150207a6cfeaf76bf4fa9e0246c8ec57b1a7772b09bd4025797dded380f94daed3fb41691ec55283e5a60fdb17fdcd2c97b43709fcaf7bec430ac7c10ed482078352e070cff5221d1d13b893d0bdcd22428c709b1303052f0a36fb7c7ba8ad8d5f3368b7b10465216880e3add22f9be8c5a1757cb7c56441e3a3028e9a4ccf8b72a03debf62d5ac32d4abeb331137924bb3995bab77e601c189c0e1e86832884d4954140d033f2428f4344c341618180a3fe13f8b7d56ee7772c8e15272b95718dac4ebd2ba4cd4139ac15136644526f9b1acfa977fc3b874614a99be6c2cc4e5a32a57bdb93c712148768a9766c22406d78ef82bfa9f0d66bc5e217697141dd2ca52b89e89f5104779b1beb85e612017fd6e93f0e63580edcbe7b8811e9f889ef7f448dc052ea3f0f8c6684e86f4efd71e520568e3c074bba55ad65ad5989718d0f071bc4aae084d3ce4a715c1b370be0cae177a4e89b707440622bc6c9692046d835269134be966ae499ee5c1eb9aa004707b9cdd0e24a91b4966ac05858afa072f7c54a4a31af6f825a38f1076fd699ebc75b1e806f33cf7417d81095232a4c2467d769ff8ccdc8d6f67c4016749aefaf71c8a444fba32e09f2ac16e91533bf47ac4979f06d0dffbec225abdf9b45f1bd3eb2c80dea78e889c6e51d675c2471afec034319eb225dc7a6a63f2d85015c4d879d81798df6ff02a75dda19c307c47972c7d28f26fc624ba180fcc9f1276c1a3ce5cf0fc6c6ae0f0b353e7f1628d7061ca0e6b760cd5e532d96b711339d66b60f3e9832c9729051c00573fb26f492bd7ca3a0f8e8f0ab4ca34e3e8fb18483dd9b894ec7bbd93de45deb8a1b0a4d0ee771b0619c538f6a1242a9f3b2201bc7bd033ee3d259371348b719e7a9cd8ca541b1257f1f53c8f1a190ae688e85ef63d87cf374c53774b93644690c740ff2287a5c9750409e8c468708e896ddb866b6bcc07bda6e2f9703c3537224eea4d3cd586623cd0966642412b6c5dbb1d1dad534c3630ede3251b1014d5d727b6b0ee52ea935df23d117c3a63cf7f8968c175e0669a382a43604bf6ce62c2a67b25a969d8d58d173bb1c3a43c6e9be5b996606d7712a9c40779d28f061c8ac923b7ed4bad8678a9c51ff72c323727990efb242a7af949d213ea7e207ef145984608ed00b31ead25f45defaf9fb3772953b936c813f3b4d91cf54b58d640dc0806cdd2aaf6784289fcc337458cfe3d19c1c8a23f8277f14b9aa304de69b5492ec3c0f9a0c4ac490ce1169c379cca08836a63e71c5983f61866a0e1d9f073e08f20013ff6bf3419d554a0a4204a8a185447fefbd0af1017febb112cda9b3ceb100fdfe3eebe351af9805997b9cb2af90de98a51bd41233f3af53f718ba7d771e3360724ccdfa0eae408da1d40c3a3e65e15105faad89c8b54e56a18cdb7e4c8c1cc1d83cc5ddd3a30f71fedab5e827439e01a1090866319ccc16ea262defdcd2d38f58adb220eb1b0a4e765ceb160da848d72c3c136ca0757415398938a940d9d6b560612fabf3ad88449c6f88ad2f42de85bddc58a9b3645f5644e1a256d650359dff0ddf4811cb738e31a0560e60d6b1a8d9f766943693ee657a42808d0d63e7c4f4903f980d36758709847b7c5265c689a3c5a94be2f65a41a2bb847f3f9bae2b39fcee6939384a76155ac1ee45cdb97683f09bf44208592e87efa0f033bc8f918dd72eba539dd37a1b251052a781d21bc4bb422ac72308d018e133b69a595e6b3ee7ccfa915347784599a968e505a323c44ac8c06fd4e5b447d8187547b374d37a7f5644d90953db9d2995c3142945837894fc40b842d2a675c22d270d16e772cffa702b333a02313afddcf3cb8da4ad658d71152fc94d5bff78a94988881356bd5ae5484cc3468cd8e0c630a1d765ee1367cbd32d97e38c040955b4d796f4381c5a69b07a271f7c9087a78b1432ea9ca3d67f0ae5524211b722021fbaf211307d93cfcd1ed2e4eed73e66f2079e529a079b3fd3352f751c6910748fd5d7c6545aaef7941d423b393c9bb7bcf1d4d64298ba3b2ab7cb079f2ca2beceaec63a96a032571f1ce1d48da3dfbf84c1cfd91ab486feaecf0c4804c801c064e493bee1b5d00506bb9535729391aed33fd0009ddd037f0c5b18bd5696e4a0e771d705b6232f3e095ec41ef0f74c80bafa8b326491847158c4c4ba66a846dc6375152643c264774ef050476b221175ddb8ecaf8c8da40ca41ee38efa49f57a5311feee17f932877fc47057ee300cb3e8af69da18506ae4aefe9a1ae819b35f13bdbe983e2bd9459e763d09e266baf27df77698964124c09b4c473e0aa2be77835ee8c2424a55f76b25efa0b96da2380fc702ca3e6c90ff704393e71e7810e7a6ccde54b3fb36473281be74128bf2bea3d1b35c8330b258aaf87c997f1adef18d0d2771d65077034df52b59383f83b11fa4606e138e07c78eb30b464ed0246dcce7a994cdaaf41e0ce544945189437d13caaa1d61a75f1be8fc15d7d72d1810ed6feefc3999cb6db945a68fd3b057d3e6b52a4d88a7be248011b7f3a6df983cb3778a1dc03cbf3fc4f6983fd58cb99983e54730ebfe048e3f72f9205f4d55c80f361657ed745a9e9ef7665bd493f35e5f59b522b361c2f2f653a9249ec74981fa9b233c5498a7afbeb75276b711ae77743c024110d22819fde049e37ea494e20093dfe86791b150f4d64f7879087eb14211039628d0bb6b2734724ba03217ecc098da58879952d94b348a1fc0fe3e40897d32cc681ac60a75ca644a791be1a6963ac6ec79de9a62d2d218f82a07c16a06c0f7c315accf82e99f383c105a41a26b11b690eba75dd5e66098fa1e8d3616746b39439c69eac8543c5a61fe62fdd353ea91ff77109ff4392b384e1372e5d402c2453094f4d4f624844c45bb766f2582acefc1eebbffdd4061e54497869e1cfd8350a4d1463a6e0ed13e9c08d74d1e7d17a429e6bc040b49d4a86bb4f0fb2907e037b334f1f467fab6b5bcf1b934dacf375e6c45e29fcb50bb72991cea47037c85ce88ced909ff738271b91ffeee12ed89634503744a76094d27b5069019719bec426c750b9d566fd7654ac26e82d2c241ff1a905a573b2f978b617bace5ff9b2973f3a8f27e01d7e64e7238745d51fd471670f7415f6480b2d346b1330e5e9d0cd25c2e9e9e36af1910239ae87f44c8ef833a0d6aa43aa7d83ff2aab39351696ddbf5fd7ba6ce187948b6722e74dce352c0ed3ed3b01d4913b06decf020a1a4074714302a6849edb5c4b768f26473e129341c810cf822ec50dd85843f278ec9e21b034ff5828d914ca83414bbf36b03a6181e4fc6654753526690254c5460e8283505d046d8ed075fab8099cd01e998f5dc714c005eadaca045886d488c1b8ff985e713040620dc08ae1879b426fb7a06a28fc48d18cdf50bc24745d89771f735b94f43080389e9026e86035b5929a8b14430e0d0a93c4dd53239deb5cde22c7864b27b524d4e8fd9bc2a28c42edf9bbf66c88b4fa13cb82a5c0584e7ecd18e008926431f5b5c44ca9652eb45150ef27df43aede0ee920dff92892b1999c155cb85ab0ac9d5cb6f1924e025c19f53e944c6628e5055f202a39909b5b16ffe5a151f280705dd26e7ad5d2989cd97b7dc6af3c0f2cb8c3b1c05aeefbe2a5c6b33d9ed49c8518ee1c1248dede0c6e192a0807306aaadcb68ee2946c7c14ad268d73deab588398eba83aeb464f2231fa84b7928ad166f3a11183faebff37ea104acde26706521f68331f9e601fedd6d0ec77fbb73a213e14782c24d459e18d0247fcaab74d5fffb269f33a8cb1e93f614899b5ea00b48134d5e916e2377fe846009df657921d437a3f2029224f2128f9c198ae4a9951b1e9e090272d81570c8aa65694834a1944f15be2ae37b0472f9d95bf2458d9b8d9665aa6c7f9ce305b7b1fa34e96a468b365d6a724954f7adec5c0355e6150662050563fb7ba08d0ac13a7d5c376f540c512cd95015d27d13036d4670861769666a5ed8bbf40f5d972c35c3afc7215f91023b542c2949d83e6e255ab713fbb46d8c35b9011737a073174b007b757182517be3e136e0b9f53627b5bb972a29883956d7cd341ba05513c5c3af928e58d77eb927c7ddf717b157f1832ee0faa77c5d43e3d40f7f6b40256b37f0e2820a6925a073932af761009284d4cb98e9fa3a3b474e7905c4cd1773f3df3dbea12fe6e3351bac0a1107f079e81d56e550b2798081e444388bff6c7e2d1f969f72f8ad9c3cfba7b81aec8c3c6b42b108f80cc2b9624420817129549be4f10e144189959f177f6718f282f73c2e5f623e65c93bf0c783339dab2709c49018d46707616853b095de1f25a365bbea5dfae325c2bef6480a57365699b969e5916dcf97c937c5c3ae286e0ddf5573a51eb2b8e9b5014d240f3ae7b5546371ffc4f1df621dc58a38fb4fdee13cf940c7018fc7de04c1d7447d877b40966b643581cbdbc0322e655f3d852b5ea46eeccaa12ea253812463bad52d75ccb6410dc2255c1b2ac3f80a3e050761fd5f3122b80bb764e92db7358d8e9cdaf1b9acd2fa5b12b54d7233c8f6cafd2d6ab6f1361b3f59656cb79f21f44d5a5bc90486927d94fc7c55b6d47004b3dd2a3a89dcda8cf59e5112150b8fe4bebdf4fdb9055d60eb0c5d7dce0cbee00278c94c90bc4bb06d8c6db44dd1a8ec7611d63c6a817c9c373ec8b7869d7294ba86c5c19e3a9961aaa3b8119d7d86f2ba9751f73b132d6650c64218c6570d0b07343bb25a0cb2434084b25d3357cd2a6d1ba80af0e40c24a0539b22304138ab8e82843bac024fce0319d7f5687fcb8f9cf7ca7e6e47bb7b445ec736331013041ecd9c4dbda96ed17bf151f22a9998c437f9793bbb3c9b21", @generic="17de308440f8061f989ed3486db9872cd56c7f32196fc57d94e7efd388b6f33cdfd5ab8aa0c3ff18cebfc9b6facad1e7be43365948bc2b52727b5c7816ab75f724d2131753d8c25d957aaf48117dd8215b7c3aab0377e8b456fe4c89322c83f657b70a530d5a073c976303b02aed2c2e"]}]}, 0x1098}], 0x1}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) socket$packet(0x11, 0x0, 0x300) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000002140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r5, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f00000005c0)={0x1c, r6, 0xa29, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x5c, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x40, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}}}]}, 0x6d}, 0x1, 0x0, 0x0, 0x20040885}, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) r12 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000400), &(0x7f00000004c0)=0xe, 0xc00) connect$bt_l2cap(r12, &(0x7f0000000500)={0x1f, 0x7f, @any, 0x5, 0x1}, 0xe) syz_emit_ethernet(0x66, &(0x7f0000000100)={@local, @local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x2c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @generic={0x0, 0x2}, @eol, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}]}}}}}}}}, 0x0) bind$bt_hci(r1, &(0x7f0000001ac0), 0x6) r13 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x101, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [], 0xa, "bf3dac4b47efcfbb02dab3b0f1e58b1faf0d6d0809541a53207ad5a32fa9dae338c849c1ffe826b3e555fc021bd14f42b64f2647a3d4cdbbd26745b6414016e9ba0ab4645e07d15b8db3811078b6c4693de644c33c71ce5ec24713c7e6f508e26362cd6dc23af93a53dd99a32080d57075781253374860e4c3ab4690df6262cc789b6618f389dc672553b34b1b686ccd3b783660772479892b5f2d02fa4bcc4104c5c6ac0962c3a63093a434849c6aec2ec77a5316f98cc447e49b0f7c874662615694a7957c9b81014c76945f6de4fd6c21cba53a4d5b238b3ee3648e0aedd28ba8cd3a7770a854f738"}, 0xf5) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000006110180000000000d4050000100000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48) writev(r13, &(0x7f0000001280)=[{&(0x7f0000000080)="fd", 0x4}], 0x1) 1.592777376s ago: executing program 0 (id=854): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000040)) setrlimit(0x2, &(0x7f00000000c0)={0x0, 0x2400000}) munlock(&(0x7f00005fb000/0x3000)=nil, 0x3000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1000403, 0x2000000000032, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr\x00') r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BTRFS_IOC_DEV_REPLACE(r3, 0xca289435, &(0x7f0000000100)={0x0, 0x4, @start={0x0, 0x1, "40cb3692ee9bf910035e7546a988e4aba43f1ade6f28269556822293c71c633290fc01631090b463c443832a45cb64c79b8d31ce06b1b678ea5d3e04de7732b9cf60505c96bd629cf5f29c14ea6765feefba69ee1c245d46a8bad09064f7f842ebf144ee313c8da4a259fe690eab7b93bf6cf36cf39575ff8e9e761ad9bbea4d3e6e115d1e6472f8fa40663692d1007cf4b12f1bef4bc1d785503dada6a8609c0c423ba464c523ded0b43eef530c80560c27a74aa824ea72435408c34bde5fed0c6b8135e0acb2323a390e19441a32c88596b3f3f3cf13f88977afcf91e3d140be51c18ed0c475a2aa548bd4a9ec588289210ed16380c208a81c686b0f90291d324b7192bccfdde69fd5cdfcfc32732e18e180ce61cd84226669361dc0cefc96a86dab1803f126cbe0d1fe911e6106ab17735873b30fc6b7d0e1fd94d3b28fd2bcc2aaf572df309ce572b86aa0565b56f7dcf6527eefa63eae729d5164eebf93cfa98781d9da610449dd01294a9def6a9d603d471f45b6910dc82034ca079b43cd6d0dc4f3e9ac073f42b049cf326e3d99d4133410552a42e7ccbebf50e27750df079c4ecde4e55cc6c6aa52e93916d27b766be860e0954b875a3f5163fdc605f0f81b90ef14ccfd11d6684ed0bf87e221110080e82d3c1b2dbf1d3fc5a179e559e1fbaa0f91457edaac8a568e45bd78ab2b2700dba9883adecd405bc4fb905cdc255f40d850a35ef5a9cc0fe0146b6aeb740c02970ff596da91174c121613c9c8bf55a71f4602f6c19a1f3bdd57bfb9758a92de9b12fed04f2f04598888ac39357b725ad6450f33edfb86284c50467a1a30dcbba74aa8c1e1e4d9278ac7db9c222d6ee4ee78ffa99c24b847da499964d3ea88f7a90070b7866c71c846add080679fc34ed7d3a97ad590f265ff2ece37d1fe3c1375a96297657d478fc001eb3d9de931a9f172f21f3583e1a926b6e1660a49f5b9732a2a8e1796570f49e17b01c4c0649d25ed8437a586c44dfdde918671e3640f2565145b9b88f1420abb0dc551336e1ee55b25365b93f6b011c61d6d9688fcebf6d069cacf175a31feeee2c9bbe6cf8bc5fe8759ee1dbc936744519c83836f0764c2c2e7b2fd6d18ed3f0277d56ca9ecaf4a412fcfe8ab5c6644de985f7bb34977333f8c6d716ab01fae977e0b361863a310b5a925db03ae46e00b355a434dd5da994eb74f556796b9766e78c68cc3998a84304896afe0d55afdf5f47da2fbd0b1729a6613d3427915d6e041d27e028ce9cfcb508984fe90294d58e7f3bf12775d9e8b795cd325c5188f008bf97cf4aff3a54547091de8e8e51c58e319933cb09897b0a191d2d54597e64ab01092cacf94d42f736b18c0a1ac384b1861010783e2db7f9100c5ba8f5598225ef47fa857f8d26d539e4bd1c07578f8a69a64687e740f9e0c031a5247928816fd74", "cfdb2d2f91796a436a14c05e4026cf2f6c5a4a0fb32e6e1f912e4941959e135f1c31bfd3be1a4c3dd775222489d5ed9219eb656eefed2871fddf29377a5b26c3dbbcb21a38f7c7f8f6dd2743a93237f40c2b4a94766536c7a9d73de75aba8425257ef743611b6448ab24e05aedd28f5ba8801a0adaaefbf3eb6dc6bdb3d34a1b17b4695c00320e1fd1d58f55cb645d9e9fe7a01b7f8ede8618d6878d63651ae9bd6cd17875e3fc71165f091bbcd6379bf99b67272ce24573afc1b87a1088782a2998414dc64a19af8f304b1d9b998974cf048cb5dfdde1074f7db8b2b8254fdf578b555522f22bbabe24cff35d31921d015b69d2d1e6db92c261b69690cb0d59f1662fd390e4c379fd73ef20466aec4af5f96944c6e988b324e516841ea4c3f41df192ef95787b6bfe23b5bb25f9ae39c5308d5b5caf5d56f8e43b7358f8f4d2ed3e22c101e69d3a371b4dc0c077461c94448781319328c6e6d8a6e22978befcf3948539b133f99e0cfa74c16bcac1e9e8e865a940ce345287ad9cb5c796be3ea5eaafeaf3850a6137ca062639671cc14e5640d6cd6ae32ece69539a8ce4c700ae5490c5f6833c2566240be1d1b13bf4820b2421cedc79b6e885d7cfa88070c22029e4fed70db79f70a4b5351d0c58299dc3fe542008c42f856f721d9c9e2572439b54163add6d0b54a764ac72ca9dac7de205b22848b8444abfb0c97052e086c347a372f0bacec1ae1a44d02acd7ca5f1a208c0a5652a5b604824ffb31139801f246dd55c868a35ec70fe78852628a6cf9d8293b55007d1042081aa3acd51a60c32842ba62d6fd2cff18bd5d8c07669e28b4b25db542d2fc24d18c2f3974116f7c17318fa9bd692dba736e609f9a82b573da3396720528bcd553b09607f2add1aa7bc23c48d0b0bc8aad1268bb429d7290b589fd71cf60841610280825f2bf77d007079ce9562d90bf5acfdcdc4d9d42cf9e9062b2d4be5fca40c659b55d66172794e853c322424dac8dfc4a137db19423b34beacd200a30d3762690867276fde0620fe862f27950415c53e81f93cc45ae3b6d4a4186486e1db35c8118cb45a194f5b7a9525bacfa354da6ca0a8eeda222a6fcf55362d7d8266945558a2f7a53d32efce0bbf14b98cab66bf983c850885acda4db23d8dd9b2a423b69ed5057f3225f2a585e00ac5f6d414dfdbcdea53027504561182bf313385871ba1e51968d0115fdc099fce2ba3b16e5f2ce0e2360f61053901834ffb78f12b558bcdedc61cea2d38b1e38b51ae831160030eb8ef0ea70318d321e403f0041e291e808717164bcc5a8674562e238f21c2f8c87cbf3c0582a20cf75b49b2b2d8d6768cc1cc68b1329b3925cc57df706578305d3ebe49d8238f537185acd1777ea65b60758103f2252743b734376e145e9cd1252876c61edded686a5df6ff58b0522349f9ea19"}, [0xfff, 0x1ff, 0x7fff8000, 0x1000, 0x2, 0x7, 0x2, 0x1, 0x1000, 0x8, 0x11, 0x7, 0x6, 0x100000001, 0x3, 0x1, 0x9, 0x6, 0x2, 0x64bc, 0x8001, 0x31c, 0x1, 0x0, 0x3, 0x80000000, 0x0, 0xe162, 0x8000000000000000, 0x800, 0x59, 0x6, 0x1a, 0x9, 0x3, 0x80, 0x14dfcdc1, 0x1, 0xffffffff, 0x100, 0x800, 0x7fff, 0x5, 0x8, 0x4, 0x2, 0x6, 0x4, 0x89, 0x8001, 0x5, 0x8001, 0x5, 0x5, 0x1, 0x2, 0xfffffc0000000000, 0x22, 0x1, 0x9, 0x8, 0x6, 0x0, 0x7]}) mkdirat(r2, &(0x7f00000000c0)='./file0\x00', 0x0) openat$cgroup(r2, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000180)="10030600e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) setsockopt$inet6_int(r6, 0x29, 0x43, &(0x7f0000000b40)=0x20, 0x4) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000b80)={0x6, 0x0, [{0xc0000001, 0x9, 0x1, 0x9, 0x100000, 0x12e2619}, {0xa, 0x1, 0x2, 0xb4a, 0x6, 0x7fffffff, 0xd4a8}, {0x0, 0x0, 0x6, 0x2, 0x101, 0x20, 0x80}, {0x1, 0x5, 0x0, 0x4, 0x38c6, 0x4, 0x3}, {0xa, 0x2, 0x2, 0xcb7, 0x3, 0x3ff, 0x2}, {0x80000019, 0x7, 0x6, 0x6, 0xffff, 0x8, 0x80000000}]}) write$cgroup_int(r10, &(0x7f0000000280), 0x12) 1.407758432s ago: executing program 4 (id=855): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x2) dup2(r0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close_range(r1, r1, 0x0) poll(&(0x7f00000001c0), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4) syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf") r3 = open(&(0x7f0000007f80)='./bus\x00', 0x145142, 0x0) ftruncate(r3, 0x96ef) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x64e00}], 0x1, 0x7800, 0x0, 0x3) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r5, &(0x7f0000001140)=""/102400, 0x19000) setsockopt$inet6_int(r1, 0x29, 0x33, &(0x7f0000000000)=0x6, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) setpgid(0x0, 0x0) getdents64(r6, &(0x7f00000003c0)=""/30, 0x1e) getdents64(r6, 0xfffffffffffffffe, 0x29) 1.322039739s ago: executing program 0 (id=857): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb0100002400000024000000020000000500290000020000130200000009000000010000001f00000007000000000000007a470000001e0abf7199e64c3057365b741e536e6a42def8a28e9c16ab1f27e11a0e0e10bf6dedef38b44d0f74ee416bbba9ff7cbd0d96dc114277fb5f3224bcb67126c2cbfadae447adf573384490e6ee77d954f8728aa320e81d0a4fda25dbfbdb970052f7d31448f5519de4e48a7b3ef92f853eb67055657eafec9e858475b07ec5f695156d1f7622f31694341832e73899c5df103bbf2c80d2efd460c36b384972e0361bee2d60c56d20d689976ab34490dbcea821bbb4e518be6aef5b"], &(0x7f00000001c0)=""/233, 0x3e, 0xe9, 0x1}, 0x20) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xbf, 0x4) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0x116d962d5f73552, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd, @generic, @initr0, @exit, @alu, @printk={@x={0x18, 0x2, 0x0, 0x0, 0x25782020, 0x30}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x23) recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/4111, 0xd80}], 0x1}}], 0x1, 0x122, 0x0) sendmsg$inet(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)='U', 0x1}], 0x1}, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r4}, 0x10) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmmsg(r5, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}}], 0x44b, 0x10101, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0x0, 0x3}, 0x6) r6 = socket$unix(0x1, 0x5, 0x0) unshare(0x2c060000) unshare(0x24020400) bind$unix(r6, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) write(r1, &(0x7f0000000000)="410004000100c0", 0x7) socket$igmp6(0xa, 0x3, 0x2) 1.19113974s ago: executing program 3 (id=858): sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00f3ffffffffffffff0003000000480001"], 0x5c}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460006000000e0ff0000ffffff02"], 0x78) sendmsg$netlink(r0, &(0x7f0000004000)={0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000000000)=ANY=[], 0x114}], 0x1}, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000040)={{{@in=@private, @in6=@empty}}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4d5}, 0x0, @in=@multicast1}}, 0xe8) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x18, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x4, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}]}, 0x1c}}, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x1051038, &(0x7f00000000c0)=ANY=[@ANYBLOB='nonumtail=0,nonumtail=0,shortname=lower,shortnumtail=0,shortname=mixed,\x00'], 0x1, 0x263, &(0x7f0000000340)="$eJzs3c9qE1EUB+DTNm1DNxPQlbgYcOMqNH2DQSqIASGSRV012BakCYUpBHRhu/NdfBwfwyfoQojYKflTo1C0Xtv5Pghz4OYH525yszg32X88Oj44OT3ae/A1ms08GhHncRHRitVYi8rK3HMlNmLeeQAAd02vNyhS98DtKstisB4Rmz+t9D8naQgAAAAAAAAAAIA/dpP5/1Xz/wBwL5j/v//KshhsXX1/W2T+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnYjLJJr95pe4PAPj7nP8AUD/OfwCoH+c/ANTP6703L4tud7eX582I0adxf9yvntV6cRTvYhiHsR1ZfIuYTFX18xfd3e38Uiv2R2dX+bNxf20x34ksWsvznSqfL+bXY2s+vxNZPFye31ma34inT+by7cjiy9s4iWEcxI/sLP+xk+fPXnWv5Tcv3wcAAAAAAAAAAAAAAAAAAAD/QjufWnp/v93+1XqVv8HvA1y7X9+IR420ewcAAAAAAAAAAAAAAAAAAID/xen7D8eD4fCwVCgUimmR+pMJAAAAAAAAAAAAAAAAAADqZ3bpN3UnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDO7P//b69IvUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgHr4HAAD//0Hm7qc=") r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYRESHEX], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='9p_protocol_dump\x00', r8}, 0x10) r9 = dup(r3) write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f00000000c0)={0x14c}, 0x137) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@private, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000080)=0xe8) quotactl_fd$Q_SETQUOTA(r9, 0xffffffff00001007, r10, &(0x7f0000000540)={0x10001, 0x2, 0xd04, 0x1ff, 0x1ff, 0x8, 0x7, 0xdb7f}) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000005c0)='net/hci\x00') connect$unix(r11, &(0x7f0000000600)=@file={0x0, './file0\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7472613577290d607730b61869b36e733d66640037ce8e2a44312c7266646e6f3d786268de5c394a877f438634fe9adc1c231f1eb9c635cfc8424aba5bd7ed0d656ab077f5c84bcea6d7f74a12c7128246441ccb23b92154bc9763c517b0e9c1da613b3463801b7db703a26ceaa80d267f7be74a905e8255d7a07808a25e510eebf058ef06967352581e300a08", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',k']) creat(&(0x7f0000000300)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 1.027937564s ago: executing program 2 (id=859): r0 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x11, 0x2, 0x208, [0x20000600, 0x0, 0x0, 0x0, 0x20000660], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000040000000000000000000000feffffff0000000000000000000000000000000000000000000000000008000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000005000000000000000000766574683098c76f5f7465616d00000064756d6d79300000000000000000000064756d0004300000000000000000000073797a6b616c6c8279a7e00000000000ffffffffffff000000000000ffffffff7fff00000000000000087000000070000000a000000072656469726563740000000000000000000000000000000000000000000000000800000000000000000000ff000000000b00000000000000000073797a6b616c6c65723100000000000067726574617030000000000000000000766c616e30000000000000000000000064756d6d7930000000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a8000000736e617400"/488]}, 0x260) 905.045614ms ago: executing program 0 (id=860): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f00000019c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200}}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$setregset(0x4205, r0, 0x4, &(0x7f0000000040)={&(0x7f0000000880)="19f3774a2ad2b922be53d4c0ae01883c533640efc430260ee98d9e43dbac78cd33c1a66fce6e7b825a7d0ec111bd4507803478af997b8aa1fb016faf7f9f19a53ed3f5562d392a13bbfe6f73833e821245d614eef718b4ce3287a15eacaaeeb4a721b49c2ea946368799bf0174ad301d810f8719ee122254fe128f332b54b6a7e589e04b764c", 0x86}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$peekuser(0x3, r0, 0x1ff) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400ce001000010000000000000000001c6a000a28000000000a0101000000005e1affd5000000080002400000053a81bc5a3c149400032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100010000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x20048080}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000002000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x8, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000200)='./file0\x00', 0x6c842, 0x0) r5 = epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') lseek(r7, 0x7fffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 855.946918ms ago: executing program 3 (id=861): syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000d00)=ANY=[], 0x1, 0x17c, &(0x7f0000000240)="$eJzsmD9PwkAYxp+7IkTjF9DFARLRxNIWNS4OxM04mPgvbhKpBCyi0ERhc3T0I/gF/AIuJiZ+A3d1UQdGF5ea3h30JAI6aGJ8f8PL7+jb4/qSPENBEMS/5fHh9f7p7e7WADCKFBLq+2cj6uFa//H0UWG5vHJ5dn619JK8GevejwEIgq//fgzAdc6Ar9ZB8PHulPpcB+/4BjimlG+BwVS+A45N5S4YtpWXNa+G/aa5V/Jcc7fqFUKxwmKHxQlLtvt8rVOGgnY+pl2vN5r7ec9zaz8og+bXynEsaufT/6/2bCxtfjY4bOVZMKwpX0CiPRs5Eu35x2PR/sYvPz8JCclfkyifgguGSS2fYlp+ZPzKYabeaM6UKvmiW3QPHCc7b81a1pyTEUEka5/8Gxb5NKLtP9SjN87iOMn7fs2WtbN2ZP0scbnIP450Uq7D7I/3PI28ztR9TFja6NNOEARBEARBEARBEARBEATxDSbAxFvQATirovs9AAD//+xGeBw=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) fanotify_init(0x0, 0x40000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x58, &(0x7f00000003c0)}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') preadv2(r4, &(0x7f0000000840), 0x0, 0x0, 0x0, 0x0) read$FUSE(r4, &(0x7f0000012400)={0x2020}, 0x2020) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="00000021007b560000000000400000ac8f6e5080024a0095"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r6, 0x11, 0x0, 0x0, @prog_id}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r6, 0x11, 0x0, 0x0, @prog_id}, 0x20) socket$igmp(0x2, 0x3, 0x2) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0) 130.476959ms ago: executing program 2 (id=862): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f00000019c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200}}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$setregset(0x4205, r0, 0x4, &(0x7f0000000040)={&(0x7f0000000880)="19f3774a2ad2b922be53d4c0ae01883c533640efc430260ee98d9e43dbac78cd33c1a66fce6e7b825a7d0ec111bd4507803478af997b8aa1fb016faf7f9f19a53ed3f5562d392a13bbfe6f73833e821245d614eef718b4ce3287a15eacaaeeb4a721b49c2ea946368799bf0174ad301d810f8719ee122254fe128f332b54b6a7e589e04b764c", 0x86}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$peekuser(0x3, r0, 0x1ff) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400ce001000010000000000000000001c6a000a28000000000a0101000000005e1affd5000000080002400000053a81bc5a3c149400032c"], 0x7c}, 0x1, 0x0, 0x0, 0x20048080}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000002000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x8, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000200)='./file0\x00', 0x6c842, 0x0) r5 = epoll_create1(0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') lseek(r7, 0x7fffffffffffffff, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 53.061036ms ago: executing program 1 (id=814): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000080b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1b, 0x0, 0x0, 0x8000, 0x2004}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000029c0)=@delchain={0x3f4, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xfff2}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x4c, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xf}}, @TCA_U32_LINK={0x8, 0x3, 0x4}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_fw={{0x7}, {0x14, 0x2, [@TCA_FW_CLASSID={0x8}, @TCA_FW_MASK={0x8}]}}, @filter_kind_options=@f_route={{0xa}, {0x344, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x4}, @TCA_ROUTE4_ACT={0x334, 0x6, [@m_ife={0xa0, 0x0, 0x0, 0x0, {{0x8}, {0x70, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @remote}, @TCA_IFE_SMAC={0xa, 0x4, @multicast}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_SMAC={0xa, 0x4, @local}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x3}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x7}]}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}, @TCA_IFE_TYPE={0x6}]}, {0x9, 0x6, "93a14c4c27"}, {0xc}, {0xc}}}, @m_csum={0x1c0, 0x0, 0x0, 0x0, {{0x9}, {0x100, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c}, @TCA_CSUM_PARMS={0x1c}, @TCA_CSUM_PARMS={0x1c, 0x1, {{}, 0x12}}, @TCA_CSUM_PARMS={0x1c}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x80}}}, @TCA_CSUM_PARMS={0x1c}, @TCA_CSUM_PARMS={0x1c}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}, @TCA_CSUM_PARMS={0x1c}]}, {0x95, 0x6, "e042e4b6bfbba65436f7c3b35d2f3e41b4c2bcb3c8724cb95d3c31606816c46a2813762f6fbd557ee4a3122f8378c85eb3e1bd0895e7fb6e634213c47172dda339086bfa54723a9458f5c98f1d982364298b4a84c0a4de29c1ffae33dc9a71464df21c91580b0a7cde6dc95197f065c8079bfa842f8172b1964159e1aefcb735c3b8284b22b5164e4b18b08a4e92261257"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_mirred={0xd0, 0x0, 0x0, 0x0, {{0xb}, {0xa4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x1}}}, @TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x40}}}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x3f4}}, 0x0) syz_mount_image$msdos(&(0x7f0000000240), &(0x7f0000000280)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="646f74732c6e6f646f74732c646f733178666c6f7070792c646973636172642c636865636b3d7374726963742c646f74732c756d61736b3d30303030303030303030303030303030303030303030302c005cfc62f4d02467f358b5994840ea56b0221d013e71e44b8219d56c01000100d5bfd1b1537d0559da1ee418effe196657db344d30f27f6c0609979d6c93505e2d63e489bba6c6ee52f58754c60dfcc1d4", @ANYRES8, @ANYRES8, @ANYRESDEC], 0x1, 0x247, &(0x7f0000000480)="$eJzs201rXFUYB/B/Y2rT1Lz4Vm02HnSjm0HjwnWQFMSAEhtRQeGWTHTIOBPmDpgRF1m78nMUl+4E8QvkW7gLgtRNV44kkzRJWxGFZFry+23Oc+fPDOfw3Bmexdy9T374enOjbmxUl3NoJ/eS+UwcXefS4TpxUD+dk3byxp/v3P3+o08/e39pZWV5tZSbS7feXiylzL7yyzff/fjqr/1rH/80+/OV7M5/sffH4m+713dv7P1166tWXVp16XT7pSq3u91+dbvdLOuterNRyoftZlU3S6tTN3v9cvU432h3t7YGpeqsz0xv9Zp1XarOoGw2B6XfLf3eoFRfVq1OaTQaZWY6/Ju1O6ur1dK4d8HZ6vWWquUkCw8la3fGsiEAYKyO5/9+Ji6V/Rn/cZv/K/P/WTH/XwT78//nh9/f08z/AAAAAAAAAAAAAADwJLg3HM4Nh8O5o/VycvCEz/Dw+mqS6STXkjyTZCbJbJK5JPNJnk3yXJLnk7yQ5MUk15O8lOTlJDdOfNa4z8rD9P9iO/Hg3lTy+8722vbaaB3lN99bWX6zHJg/ftfd7e21p+7nb43ycjq/cnDf7OeLj8yn8vpro3w/e/eDlQfyhayf/fEvvEa575H9bTT+KR9VJ+6PB/o3mYXJczsG/1M9+HazarebPYXiQhWTp1+ZGvd+Hrdi3L9MnIfjpo97JwAAAAAAAAAAAPwX5/F3wnGfEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACO/B0AAP//zbHS5A==") r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080)=0xfffffffd) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000100)=""/65, 0x41, 0x3, &(0x7f00000001c0)={0xa, 0x4e23, 0x7, @local, 0x8}, 0x1c) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000e80)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000066d7dd04c10fe9c0a07110e71aed360f9ac6b43231a94c67e6491c5c417fe62111779597d1b7092807cb1d4403df9c3afa015d9891f7f9891309b993fc03482770360656848196c0d13d6890159bfa301a2fa0cf5d12a5683019afa61da38c3fcb0db4d87a2a43a9d57ef3dd8221a0afe360223c7ee778db6e"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f00000008c0)=""/145}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001300)=@newqdisc={0x24, 0x24, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0x8}}}, 0x24}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000000c0)=@newtaction={0x44, 0x32, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_nat={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x3}}}]}]}, 0x44}}, 0x0) setsockopt$netlink_NETLINK_RX_RING(r3, 0x10e, 0x6, &(0x7f0000000a00)={0x5, 0x5, 0x4, 0x6}, 0x10) r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000009c0), 0x10) sendmsg$nl_route(r4, &(0x7f0000000ac0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000a80)={&(0x7f0000000b00)=ANY=[@ANYBLOB="78000000110000042abd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="181000000010000008000d001f00000034002b8008000100", @ANYRES32=r2, @ANYBLOB="080003000200000008000800", @ANYRES32=r2, @ANYBLOB='\b\x00\b\x00', @ANYRES32=r2, @ANYBLOB="8700ca831735a4cbc66ea00800", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="080029003f7e020014001280090001007663616e0000000004000280"], 0x78}, 0x1, 0x0, 0x0, 0x4000001}, 0x40041) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000a40), 0x20000, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000c00)='./file0\x00', 0x6000, 0x8, &(0x7f0000000c40)) r6 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r6, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000280)=ANY=[@ANYRES32=r8, @ANYRESOCT, @ANYRES32, @ANYRES16=r7, @ANYRESHEX=r6, @ANYRESOCT, @ANYRES8, @ANYRESDEC], 0x2, 0x1d4, &(0x7f0000000640)="$eJzsmb/L00AYx793yZv39UUEFwcXBwtWtGmSqnTpUMFREFpRx2JjqaattBHagkNxcXF0EFz9BxwcOjm4ubnqoILgYEc34SSXMznTH7S6BN7nA7187+65uydP6TfQgCCII8vXLz8/P7tabV4EcBwF7Kvx70Yaw7X4Ty8eXXheu/by9cdX7/onHs+z+zEAQmx/vgXgbd1AqPpC/L26oK5N8ETfBMd5pW+BwY7lLyHS1T4Y7qiY+5oeHFMi8O27g6B9rxv4TtS4UeNFTUU/3wSwmDG0ARyo/Jg2P5pMH7SCwB9mxZ74c87S1K5iU/1kfnWOmla/6Pu6/fTJLOqr2sDR6ueCw1W6AoaG0lXsw7bttCTa/Z820/2Nbe4/D+JkKRdpkMiXYNmR6AedjJxazN8vr/qWl+T/QUjjArA09eEwCK7/x86WMoGVMak/MRM4p/mTCTPxj3LYe1geTaalbq/V8Tt+3/MqV5xLjnPZK0sjitsN/ncg/elQ239vTazFLIxbYTh0x0A4dJO+F7ea4zbeDH7INVz6H0fxbLwHU8+s5EGZgakPl9dIFY21yRMEQRAEQRAEQRAEQRAEQezEGTDEb8IEU3+IrsK7IaN/BwAA///fvG96") r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000e40)={'vxcan0\x00'}) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={0x0, r2}, 0x10) 0s ago: executing program 4 (id=863): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5f0, &(0x7f0000000640)="$eJzs3c9vVNUeAPDvnWlLf/BeC3l57+FCmhgDidDSAoYYF7A1pMEfcePGSgsiBRpao0UTSoIbE+PGGBNXLsT/QolsWenKhRtXhoSoYWnimDu9t3TaO6WddjrI/XySoffeM7fne5l+e86cnnMngNIaTv+pROyLiNkkYjBZXC7riqxweOl5D/748Gz6SKJWe/W3JJLsWP78JPs6kJ3cGxE/fJ/E3uraeucWrl2cnJmZvprtj85fmh2dW7h2+MKlyfPT56cvjz8/fuL4seMnxo60dF3XC46dvvnOe4MfT7zx9Zd/JmPf/DyRxMl4KXviyuvYLsMxXP8/SdYWDZzY7so6pJr9nKx8iZOuDgbEpuSvX3dE/C8GoxoPX7zB+OjljgYHtFUtiagBJZXIfyipvB+Qv7df/T64UtBnONS/I10ToM3un1oaAFib/11LY4PRWx8b6H+QxMphnSQiWhuZa7Q7Iu7embh57s7EzWgchysYNQS20+KNiPh/Uf4n9fwfit4Yqud/pSH/037BmexrevyVFutfPVTcjnF4oNhS/veum//RJP/fXJH/b7VY//DDzbf7GvK/r9VLAgAAAAAAgNK6fSoiDhX9/b+yPP8nCub/DETEyW2of3jV/tq//1fubUM1QIH7pyJeLJz/W8ln/w5Vs61/1ecDdCfnLsxMH4mIf0fEwejele6PrVPH4U/2ftGsbDib/5c/0vrvZnMBszjude1qPGdqcn5yq9cNRNy/EfFU4fzfZLn9Twra//T3wewG69j77K0zzcoenf9Au9S+ijhQ2P4/vGtFsv79OUbr/YHRvFew1tMffPpts/pbzX+3mICtS9v//vXzfyhZeb+euc3XcXShq9asrNX+f0/yWn19UE927P3J+fmrYxE9yelqerTh+PjmY4YnUZ4Peb6k+X/wmfXH/4r6/30Rsbjqeye/N64pzv33r4FfmsWj/w+dk+b/1Kba/81vjN8a+q5Z/Rtr/4/V2/qD2RHjf7Dk8zxNexqPF6RjV1HRTscLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+CSkTsjqQysrxdqYyMRAxExH+ivzJzZW7+uXNX3r08lZbVP/+/kn/S7+DSfpJ//v/Qiv3xVftHI2JPRHxW7avvj5y9MjPV6YsHAAAAAAAAAAAAAAAAAACAx8RAk/X/qV+rnY4OaLuuTgcAdExB/v/YiTiAnaf9h/KS/1Be8h/KS/5Decl/KC/5D+W10fzvbXMcwM7T/gMAAAAAwBNlz/7bPyURsfhCX/2R6snKujsaGdBulU4HAHSMW/xAeZn6A+XlPT6QPKK8cOp/spEz1zN7dgsnAwAAAAAAAAAAAEDpHNhn/T+UlfX/UF7W/0N55ev/93c4DmDneY8PxCNW8jf/6L+trP8HAAAAAAAAAAAAADZjbuHaxcmZmemrNl5/PMLYyY1arXY9/Sl4XOL5h2/kU+G3+n2q0ZYI87V+Gzurc7+TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARn8HAAD//9zcJCQ=") quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9d}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="650a00000000000061116400000000001800000000000000000000000000000095000000000000007c6fe1689aba46407fa1decfe8a922e1f9fff92ce3a0a65025c5d73990905970cbb3115eb3a096499b441cf121aa3f191372e8939e13057241d50309580e918ccf1f7d599140fc2dd85bf5c647035efb962029e660b20e056cf75f2d833fd8db70f688e5550e6fef694bcbc41a8535a4cf1e82bfd2340a0ec9c0399c1123309d0898233400e2a1a2d29ed700"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6b00}, 0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020080002000080f5008e24ce6e4ae000a5000003000500001e001e02"], 0x80}}, 0x0) socket$key(0xf, 0x3, 0x2) write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff2ab94ff4db"], 0x15) r5 = dup(r4) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB='(i']) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) kernel console output (not intermixed with test programs): b 4-1: USB disconnect, device number 15 [ 238.637657][ T7] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 238.772856][ T6299] loop1: detected capacity change from 0 to 16 [ 238.845143][ T6299] erofs: (device loop1): mounted with root inode @ nid 36. [ 238.883860][ T3810] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 239.037559][ T3810] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28 [ 239.534159][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.542975][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 239.587183][ T6175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.594407][ T3810] EXT4-fs (loop2): This should not happen!! Data will be lost [ 239.594407][ T3810] [ 239.700433][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.725063][ T3810] EXT4-fs (loop2): Total free blocks count 0 [ 239.725335][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.754893][ T3810] EXT4-fs (loop2): Free/Dirty block details [ 239.804443][ T6175] device veth0_vlan entered promiscuous mode [ 239.810026][ T3810] EXT4-fs (loop2): free_blocks=2415919104 [ 239.835810][ T26] audit: type=1326 audit(1723665819.117:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6311 comm="syz.3.515" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b3e0ce9f9 code=0x0 [ 239.865485][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.877441][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.894757][ T3810] EXT4-fs (loop2): dirty_blocks=16 [ 239.922577][ T6175] device veth1_vlan entered promiscuous mode [ 239.942598][ T3810] EXT4-fs (loop2): Block reservation details [ 239.942931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 239.975895][ T3810] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 239.981021][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.005441][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.039173][ T6324] IPv4: Oversized IP packet from 127.202.26.0 [ 240.068862][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.085032][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.128504][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.160376][ T6175] device veth0_macvtap entered promiscuous mode [ 240.199424][ T6175] device veth1_macvtap entered promiscuous mode [ 240.241314][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.271079][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.299310][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.326343][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.353414][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.395034][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.409545][ T6175] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.432708][ T6334] netlink: 84 bytes leftover after parsing attributes in process `syz.4.518'. [ 240.463791][ T5794] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.482471][ T5794] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.494412][ T5794] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.505713][ T5794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.525837][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.543359][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.594309][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.652702][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.668666][ T6175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.690594][ T6175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.748773][ T6175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.798344][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.819770][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.860135][ T6349] loop4: detected capacity change from 0 to 512 [ 240.873953][ T6175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.903647][ T6175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.945112][ T6175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.947043][ T6330] loop2: detected capacity change from 0 to 40427 [ 240.990985][ T6175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.042231][ T6330] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 241.067091][ T6349] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 241.079222][ T6330] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 241.164444][ T6350] loop3: detected capacity change from 0 to 64 [ 241.194037][ T6330] F2FS-fs (loop2): Unrecognized mount option "ÿ" or missing value [ 241.247463][ T6349] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 241.340683][ T6349] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.520: Corrupt directory, running e2fsck is recommended [ 241.375768][ T3651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.398891][ T3651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.413289][ T6349] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 241.435745][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 241.448024][ T6349] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.520: corrupted in-inode xattr [ 241.465964][ T3651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.496108][ T3651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.508056][ T6349] EXT4-fs (loop4): Remounting filesystem read-only [ 241.536509][ T6356] loop1: detected capacity change from 0 to 512 [ 241.546105][ T6349] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.520: couldn't read orphan inode 15 (err -117) [ 241.565090][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 241.618631][ T6349] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 241.661053][ T6349] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 241.666049][ T6358] loop0: detected capacity change from 0 to 1024 [ 241.673428][ T6349] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 241.723873][ T6349] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.520: Corrupt directory, running e2fsck is recommended [ 241.755425][ T6356] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.521: inode #1: comm syz.1.521: iget: illegal inode # [ 241.761989][ T6358] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 241.787131][ T6356] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.521: error while reading EA inode 1 err=-117 [ 241.820435][ T6349] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 242.020821][ T6349] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 242.037026][ T6356] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.521: inode #1: comm syz.1.521: iget: illegal inode # [ 242.226410][ T6368] 9pnet: Insufficient options for proto=fd [ 242.732334][ T6366] loop3: detected capacity change from 0 to 256 [ 242.753088][ T6356] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.521: error while reading EA inode 1 err=-117 [ 242.790235][ T6349] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.520: Corrupt directory, running e2fsck is recommended [ 242.821333][ T6356] EXT4-fs (loop1): 1 orphan inode deleted [ 242.827078][ T6356] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 242.937282][ T6349] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 3: comm syz.4.520: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 242.962995][ T6374] loop2: detected capacity change from 0 to 512 [ 242.972740][ T6349] EXT4-fs (loop4): Remounting filesystem read-only [ 243.004913][ T6374] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 243.088263][ T6374] EXT4-fs (loop2): 1 truncate cleaned up [ 243.095784][ T6374] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none. [ 243.308461][ T26] audit: type=1326 audit(1723665822.584:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.4.526" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75071b29f9 code=0x0 [ 243.377126][ T26] audit: type=1800 audit(1723665822.614:348): pid=6380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.521" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 243.442977][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.526'. [ 243.805165][ T6391] IPv4: Oversized IP packet from 127.202.26.0 [ 244.149898][ T6393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 244.202131][ T6393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.530'. [ 244.316575][ T6396] IPVS: set_ctl: invalid protocol: 94 255.255.255.255:20001 [ 244.504141][ T6396] netlink: 'syz.2.531': attribute type 38 has an invalid length. [ 244.546347][ T6396] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 244.618745][ T6396] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 244.715446][ T6405] netlink: 16 bytes leftover after parsing attributes in process `syz.3.533'. [ 244.732203][ T6405] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 244.763673][ T6397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.499445][ T6409] loop3: detected capacity change from 0 to 1024 [ 245.581246][ T6409] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 246.238280][ T6418] 9pnet: Insufficient options for proto=fd [ 247.025062][ T6424] ieee802154 phy0 wpan0: encryption failed: -22 [ 247.052504][ T6424] syz.2.547[6424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 247.052987][ T6424] syz.2.547[6424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 247.792043][ T21] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 247.855561][ T6430] loop2: detected capacity change from 0 to 512 [ 247.928906][ T6431] syz.3.537 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 248.364579][ T6430] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.538: inode #1: comm syz.2.538: iget: illegal inode # [ 248.446211][ T6430] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.538: error while reading EA inode 1 err=-117 [ 248.463773][ T6430] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.538: inode #1: comm syz.2.538: iget: illegal inode # [ 248.479650][ T6430] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.538: error while reading EA inode 1 err=-117 [ 248.494200][ T6438] IPv4: Oversized IP packet from 127.202.26.0 [ 248.501249][ T6430] EXT4-fs (loop2): 1 orphan inode deleted [ 248.507173][ T6430] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 248.730590][ T21] usb 2-1: device not accepting address 8, error -71 [ 248.764873][ T26] audit: type=1800 audit(1723665828.053:349): pid=6445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.538" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 248.821359][ T3574] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 248.821461][ T3574] CPU: 0 PID: 3574 Comm: kworker/u5:2 Not tainted 5.15.164-syzkaller #0 [ 248.821480][ T3574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 248.821491][ T3574] Workqueue: hci0 hci_rx_work [ 248.821524][ T3574] Call Trace: [ 248.821530][ T3574] [ 248.821538][ T3574] dump_stack_lvl+0x1e3/0x2d0 [ 248.821561][ T3574] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 248.821579][ T3574] ? panic+0x860/0x860 [ 248.821604][ T3574] ? sysfs_create_dir_ns+0x282/0x390 [ 248.821630][ T3574] sysfs_create_dir_ns+0x2c6/0x390 [ 248.821651][ T3574] ? sysfs_warn_dup+0xa0/0xa0 [ 248.821670][ T3574] ? do_raw_spin_unlock+0x137/0x8b0 [ 248.821698][ T3574] kobject_add_internal+0x6e0/0xe00 [ 248.821726][ T3574] kobject_add+0x14e/0x210 [ 248.821745][ T3574] ? device_add+0x3c2/0xfd0 [ 248.821766][ T3574] ? kobject_init+0x1d0/0x1d0 [ 248.821786][ T3574] ? __raw_spin_lock_init+0x41/0x100 [ 248.821805][ T3574] ? get_device_parent+0x128/0x400 [ 248.821828][ T3574] device_add+0x476/0xfd0 [ 248.821857][ T3574] hci_conn_add_sysfs+0xe4/0x1f0 [ 248.821882][ T3574] le_conn_complete_evt+0xc15/0x1500 [ 248.821915][ T3574] ? cs_le_create_conn+0x5f0/0x5f0 [ 248.821952][ T3574] hci_le_meta_evt+0xd86/0x3f50 [ 248.821973][ T3574] ? __lock_acquire+0x1ff0/0x1ff0 [ 248.821995][ T3574] ? __mutex_lock_common+0x444/0x25a0 [ 248.822023][ T3574] ? hci_remote_host_features_evt+0x280/0x280 [ 248.822041][ T3574] ? __mutex_unlock_slowpath+0x218/0x750 [ 248.822056][ T3574] ? hci_event_packet+0x3b4/0x1550 [ 248.822080][ T3574] ? mutex_unlock+0x10/0x10 [ 248.822101][ T3574] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 248.822121][ T3574] ? print_irqtrace_events+0x210/0x210 [ 248.822141][ T3574] hci_event_packet+0xc41/0x1550 [ 248.822173][ T3574] ? rcu_lock_release+0x20/0x20 [ 248.822205][ T3574] ? hci_send_to_monitor+0x99/0x4d0 [ 248.822227][ T3574] hci_rx_work+0x232/0x990 [ 248.822255][ T3574] process_one_work+0x8a1/0x10c0 [ 248.822291][ T3574] ? worker_detach_from_pool+0x260/0x260 [ 248.822314][ T3574] ? _raw_spin_lock_irqsave+0x120/0x120 [ 248.822332][ T3574] ? kthread_data+0x4e/0xc0 [ 248.822352][ T3574] ? wq_worker_running+0x97/0x170 [ 248.822372][ T3574] worker_thread+0xaca/0x1280 [ 248.822416][ T3574] kthread+0x3f6/0x4f0 [ 248.822433][ T3574] ? rcu_lock_release+0x20/0x20 [ 248.822450][ T3574] ? kthread_blkcg+0xd0/0xd0 [ 248.822469][ T3574] ret_from_fork+0x1f/0x30 [ 248.822502][ T3574] [ 248.822521][ T3574] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 248.822543][ T3574] Bluetooth: hci0: failed to register connection device [ 249.079315][ T6425] loop4: detected capacity change from 0 to 40427 [ 249.103973][ T6450] device syzkaller0 entered promiscuous mode [ 249.109506][ T3678] syzkaller0: tun_net_xmit 48 [ 249.141618][ T6425] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 249.141647][ T6425] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 249.146746][ T6425] F2FS-fs (loop4): Unrecognized mount option "ÿ" or missing value [ 249.236006][ T6450] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 249.237188][ T6450] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 249.237207][ T6450] syzkaller0: Linktype set failed because interface is up [ 249.411752][ T6442] loop3: detected capacity change from 0 to 32768 [ 249.922333][ T6442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.541 (6442) [ 249.939731][ T6442] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 249.939823][ T6442] BTRFS info (device loop3): using free space tree [ 249.939838][ T6442] BTRFS info (device loop3): has skinny extents [ 249.965565][ T1074] Bluetooth: hci2: command 0x0405 tx timeout [ 249.993481][ T6459] loop4: detected capacity change from 0 to 1024 [ 250.073422][ T6442] BTRFS info (device loop3): enabling ssd optimizations [ 250.163004][ T6459] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 250.316235][ T6441] BTRFS error (device loop3): balance: invalid convert metadata profile single [ 250.865711][ T6487] 9pnet: Insufficient options for proto=fd [ 251.710762][ T6499] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 251.938812][ T6508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.554'. [ 252.051454][ T6502] Bluetooth: hci2: command 0x2016 tx timeout [ 252.110929][ T6516] loop3: detected capacity change from 0 to 256 [ 252.760922][ T6499] usb 3-1: config 1 has an invalid interface number: 3 but max is 2 [ 252.768945][ T6499] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 252.783176][ T6499] usb 3-1: config 1 has no interface number 1 [ 252.789756][ T6499] usb 3-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 252.839821][ T6516] FAT-fs (loop3): Directory bread(block 64) failed [ 252.846546][ T6516] FAT-fs (loop3): Directory bread(block 65) failed [ 252.853406][ T6516] FAT-fs (loop3): Directory bread(block 66) failed [ 252.859923][ T6516] FAT-fs (loop3): Directory bread(block 67) failed [ 252.866497][ T6516] FAT-fs (loop3): Directory bread(block 68) failed [ 252.873009][ T6516] FAT-fs (loop3): Directory bread(block 69) failed [ 252.879544][ T6516] FAT-fs (loop3): Directory bread(block 70) failed [ 252.886054][ T6516] FAT-fs (loop3): Directory bread(block 71) failed [ 252.892610][ T6516] FAT-fs (loop3): Directory bread(block 72) failed [ 252.899097][ T6516] FAT-fs (loop3): Directory bread(block 73) failed [ 252.952657][ T6499] usb 3-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 252.967034][ T6499] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 252.986840][ T6520] IPv4: Oversized IP packet from 127.202.26.0 [ 253.164331][ T6499] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 253.176838][ T6499] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.278277][ T6499] usb 3-1: Product: syz [ 253.284938][ T6499] usb 3-1: Manufacturer: syz [ 253.331160][ T6499] usb 3-1: SerialNumber: syz [ 253.394489][ T6535] loop1: detected capacity change from 0 to 64 [ 253.560898][ T3618] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 253.714838][ T6544] loop4: detected capacity change from 0 to 1024 [ 253.755732][ T6499] hub 3-1:1.3: bad descriptor, ignoring hub [ 253.788101][ T6499] hub: probe of 3-1:1.3 failed with error -5 [ 253.881759][ T6499] usb 3-1: USB disconnect, device number 8 [ 253.920950][ T3618] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.961255][ T6544] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 253.987320][ T6550] input: syz1 as /devices/virtual/input/input11 [ 254.014011][ T3618] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.036313][ T3618] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 254.191149][ T3618] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 254.210779][ T3618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.225311][ T3618] usb 1-1: config 0 descriptor?? [ 254.358083][ T6553] 9pnet: Insufficient options for proto=fd [ 254.358780][ T6554] loop2: detected capacity change from 0 to 512 [ 254.545986][ T6554] EXT4-fs (loop2): corrupt root inode, run e2fsck [ 254.556550][ T6557] netlink: 84 bytes leftover after parsing attributes in process `syz.1.562'. [ 254.575788][ T6554] EXT4-fs (loop2): mount failed [ 254.704776][ T3618] acrux 0003:1A34:0802.0005: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 254.728768][ T3618] acrux 0003:1A34:0802.0005: no inputs found [ 254.748178][ T3618] acrux 0003:1A34:0802.0005: Failed to enable force feedback support, error: -19 [ 254.761554][ T6499] Bluetooth: hci2: command 0x0401 tx timeout [ 254.841389][ T6554] loop2: detected capacity change from 0 to 256 [ 254.886630][ T6562] loop3: detected capacity change from 0 to 128 [ 254.927328][ T6554] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 254.974736][ T6562] FAT-fs (loop3): bogus number of reserved sectors [ 254.988190][ T6562] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 255.020970][ T6562] FAT-fs (loop3): Can't find a valid FAT filesystem [ 255.118188][ T6564] netlink: 'syz.1.564': attribute type 4 has an invalid length. [ 255.815222][ T6562] netlink: 'syz.3.563': attribute type 3 has an invalid length. [ 255.836009][ T6562] loop3: detected capacity change from 0 to 16 [ 255.876163][ T6562] erofs: (device loop3): mounted with root inode @ nid 36. [ 256.042039][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.048366][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.085812][ T3618] usb 1-1: reset high-speed USB device number 15 using dummy_hcd [ 256.881451][ T6577] IPv4: Oversized IP packet from 127.202.26.0 [ 257.112227][ T6589] tipc: Can't bind to reserved service type 0 [ 257.183127][ T6588] loop3: detected capacity change from 0 to 2048 [ 257.393397][ T6588] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 257.853458][ T6594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.572'. [ 258.064413][ T21] usb 1-1: USB disconnect, device number 15 [ 258.828284][ T6601] netlink: 703 bytes leftover after parsing attributes in process `syz.1.574'. [ 258.945039][ T3652] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 259.030510][ T3652] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28 [ 259.089134][ T3652] EXT4-fs (loop3): This should not happen!! Data will be lost [ 259.089134][ T3652] [ 259.142590][ T3652] EXT4-fs (loop3): Total free blocks count 0 [ 259.149575][ T6610] loop4: detected capacity change from 0 to 64 [ 259.184308][ T3652] EXT4-fs (loop3): Free/Dirty block details [ 259.215523][ T3652] EXT4-fs (loop3): free_blocks=2415919104 [ 259.251202][ T6492] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 259.269215][ T3652] EXT4-fs (loop3): dirty_blocks=16 [ 259.279783][ T3652] EXT4-fs (loop3): Block reservation details [ 259.290298][ T3652] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 259.362839][ T6612] loop0: detected capacity change from 0 to 4096 [ 259.490290][ T6612] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 259.576965][ T6620] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.603217][ T6620] syz.3.579[6620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.603694][ T6620] syz.3.579[6620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.660904][ T6492] usb 2-1: Using ep0 maxpacket: 8 [ 260.301039][ T6492] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.312978][ T6492] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.323505][ T6492] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00 [ 260.332946][ T6492] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.346371][ T6492] usb 2-1: config 0 descriptor?? [ 260.494755][ T6626] IPv4: Oversized IP packet from 127.202.26.0 [ 261.035434][ T6639] loop0: detected capacity change from 0 to 1024 [ 261.130530][ T6632] loop4: detected capacity change from 0 to 2048 [ 261.156161][ T6647] xt_HMARK: spi-set and port-set can't be combined [ 261.204983][ T6639] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 261.206207][ T6647] netlink: 1528 bytes leftover after parsing attributes in process `syz.2.585'. [ 261.250467][ T6645] loop3: detected capacity change from 0 to 64 [ 261.429829][ T6632] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 261.520463][ T6655] 9pnet: Insufficient options for proto=fd [ 261.527285][ T3651] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 261.686627][ T3651] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 261.729728][ T3651] EXT4-fs (loop4): This should not happen!! Data will be lost [ 261.729728][ T3651] [ 261.760205][ T6659] loop2: detected capacity change from 0 to 128 [ 263.147702][ T3651] EXT4-fs (loop4): Total free blocks count 0 [ 263.185618][ T3651] EXT4-fs (loop4): Free/Dirty block details [ 263.193275][ T3651] EXT4-fs (loop4): free_blocks=2415919104 [ 263.199023][ T3651] EXT4-fs (loop4): dirty_blocks=48 [ 263.204544][ T6492] usbhid 2-1:0.0: can't add hid device: -71 [ 263.210623][ T6492] usbhid: probe of 2-1:0.0 failed with error -71 [ 263.217292][ T3651] EXT4-fs (loop4): Block reservation details [ 263.224005][ T6661] loop1: detected capacity change from 0 to 2048 [ 263.235239][ T3651] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 263.246779][ T6492] usb 2-1: USB disconnect, device number 10 [ 263.327067][ T6632] EXT4-fs (loop4): re-mounted. Opts: . Quota mode: none. [ 263.345993][ T6632] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 263.413180][ T6661] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 264.099019][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.587'. [ 264.108024][ T6676] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 264.115847][ T6676] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 264.331621][ T6676] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 264.339071][ T6676] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 264.572880][ T6681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.592'. [ 264.583939][ T144] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 264.627764][ T6681] netlink: 44 bytes leftover after parsing attributes in process `syz.4.592'. [ 264.629175][ T144] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28 [ 264.689525][ T144] EXT4-fs (loop1): This should not happen!! Data will be lost [ 264.689525][ T144] [ 264.728613][ T144] EXT4-fs (loop1): Total free blocks count 0 [ 264.762003][ T144] EXT4-fs (loop1): Free/Dirty block details [ 264.779160][ T144] EXT4-fs (loop1): free_blocks=2415919104 [ 264.807917][ T6684] loop4: detected capacity change from 0 to 16 [ 264.817927][ T144] EXT4-fs (loop1): dirty_blocks=16 [ 264.866685][ T6684] erofs: (device loop4): mounted with root inode @ nid 36. [ 264.871849][ T144] EXT4-fs (loop1): Block reservation details [ 264.908172][ T144] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 265.153197][ T6690] IPv4: Oversized IP packet from 127.202.26.0 [ 265.275494][ T6692] loop1: detected capacity change from 0 to 512 [ 265.384982][ T6692] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.597: inode #1: comm syz.1.597: iget: illegal inode # [ 265.438301][ T6692] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.597: error while reading EA inode 1 err=-117 [ 265.493971][ T6695] IPVS: set_ctl: invalid protocol: 94 255.255.255.255:20001 [ 265.523829][ T6692] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.597: inode #1: comm syz.1.597: iget: illegal inode # [ 265.539017][ T6692] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.597: error while reading EA inode 1 err=-117 [ 265.546152][ T6695] netlink: 'syz.0.608': attribute type 38 has an invalid length. [ 265.564051][ T6692] EXT4-fs (loop1): 1 orphan inode deleted [ 265.570002][ T6692] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 265.571436][ T6695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 265.830283][ T6695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 265.864938][ T26] audit: type=1800 audit(1723665845.142:350): pid=6702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.597" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 266.203499][ T6695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 266.310049][ T6709] netlink: 16 bytes leftover after parsing attributes in process `syz.4.601'. [ 266.343369][ T6503] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 266.598246][ T6717] fuse: Bad value for 'fd' [ 266.760849][ T6503] usb 4-1: Using ep0 maxpacket: 32 [ 267.200067][ T6718] loop2: detected capacity change from 0 to 256 [ 267.241267][ T6503] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 267.268942][ T6503] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.287740][ T6503] usb 4-1: config 0 descriptor?? [ 267.316006][ T6722] loop1: detected capacity change from 0 to 128 [ 267.342876][ T6503] gspca_main: sunplus-2.14.0 probing 041e:400b [ 267.343020][ T6721] loop0: detected capacity change from 0 to 128 [ 267.370657][ T6724] IPv4: Oversized IP packet from 127.202.26.0 [ 267.426190][ T6722] FAT-fs (loop1): bogus number of reserved sectors [ 267.435874][ T6721] FAT-fs (loop0): bogus number of reserved sectors [ 267.443960][ T6722] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 267.458954][ T6721] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 267.482541][ T6722] FAT-fs (loop1): Can't find a valid FAT filesystem [ 267.515054][ T6721] FAT-fs (loop0): Can't find a valid FAT filesystem [ 267.535320][ T6727] netlink: 'syz.4.609': attribute type 11 has an invalid length. [ 267.556682][ T6697] loop3: detected capacity change from 0 to 128 [ 267.616228][ T6697] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 267.633026][ T6697] ext4 filesystem being mounted at /123/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 267.734452][ T6732] loop1: detected capacity change from 0 to 16 [ 267.781103][ T6734] IPv4: Oversized IP packet from 127.202.26.0 [ 267.910234][ T6503] gspca_sunplus: reg_w_riv err -110 [ 267.915725][ T6503] sunplus: probe of 4-1:0.0 failed with error -110 [ 267.929699][ T6732] erofs: (device loop1): mounted with root inode @ nid 36. [ 268.341278][ T6503] usb 4-1: USB disconnect, device number 16 [ 268.364944][ T6739] IPv4: Oversized IP packet from 127.202.26.0 [ 268.376834][ T6745] loop2: detected capacity change from 0 to 512 [ 268.484386][ T6745] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.613: inode #1: comm syz.2.613: iget: illegal inode # [ 268.520711][ T6745] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.613: error while reading EA inode 1 err=-117 [ 268.616068][ T6745] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.613: inode #1: comm syz.2.613: iget: illegal inode # [ 268.662966][ T6745] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.613: error while reading EA inode 1 err=-117 [ 268.783931][ T6745] EXT4-fs (loop2): 1 orphan inode deleted [ 268.789719][ T6745] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 268.844919][ T6760] IPVS: set_ctl: invalid protocol: 94 255.255.255.255:20001 [ 268.976536][ T6751] loop0: detected capacity change from 0 to 64 [ 269.089850][ T26] audit: type=1800 audit(1723665848.362:351): pid=6765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.613" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 269.434356][ T6763] netlink: 'syz.3.617': attribute type 4 has an invalid length. [ 269.522046][ T6760] netlink: 'syz.1.618': attribute type 38 has an invalid length. [ 269.587693][ T6769] IPv4: Oversized IP packet from 127.202.26.0 [ 269.597992][ T6760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.683473][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.848621][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.318282][ T6782] loop2: detected capacity change from 0 to 128 [ 270.420455][ T6786] IPv4: Oversized IP packet from 127.202.26.0 [ 270.435939][ T6781] loop3: detected capacity change from 0 to 256 [ 270.506773][ T6782] FAT-fs (loop2): bogus number of reserved sectors [ 270.522710][ T6782] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 270.534917][ T6782] FAT-fs (loop2): Can't find a valid FAT filesystem [ 270.744933][ T6800] IPv4: Oversized IP packet from 127.202.26.0 [ 270.751684][ T6802] loop2: detected capacity change from 0 to 512 [ 270.780945][ T6499] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 270.878694][ T6802] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.631: inode #1: comm syz.2.631: iget: illegal inode # [ 270.910260][ T6802] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.631: error while reading EA inode 1 err=-117 [ 270.930889][ T6802] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.631: inode #1: comm syz.2.631: iget: illegal inode # [ 270.958150][ T6802] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.631: error while reading EA inode 1 err=-117 [ 270.988903][ T6802] EXT4-fs (loop2): 1 orphan inode deleted [ 270.995702][ T6802] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 271.053660][ T6499] usb 5-1: Using ep0 maxpacket: 8 [ 271.063970][ T6809] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 271.194594][ T6499] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.281837][ T6815] loop1: detected capacity change from 0 to 16 [ 271.364297][ T26] audit: type=1800 audit(1723665850.642:352): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.631" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 271.418789][ T6499] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.429330][ T6499] usb 5-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00 [ 271.442316][ T6499] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.452814][ T6499] usb 5-1: config 0 descriptor?? [ 271.522380][ T6817] netlink: 703 bytes leftover after parsing attributes in process `syz.3.634'. [ 271.541741][ T26] audit: type=1326 audit(1723665850.822:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.3.634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b3e0ce9f9 code=0x0 [ 271.669532][ T6815] erofs: (device loop1): mounted with root inode @ nid 36. [ 272.432541][ T6828] loop0: detected capacity change from 0 to 256 [ 273.053771][ T26] audit: type=1326 audit(1723665852.012:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6825 comm="syz.0.640" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7b683e9f9 code=0x0 [ 273.250999][ T6499] usbhid 5-1:0.0: can't add hid device: -71 [ 273.257154][ T6499] usbhid: probe of 5-1:0.0 failed with error -71 [ 273.311640][ T6499] usb 5-1: USB disconnect, device number 5 [ 273.400505][ T6850] loop0: detected capacity change from 0 to 2048 [ 273.517520][ T6850] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 273.885113][ T26] audit: type=1107 audit(1723665853.172:355): pid=6847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='yס' [ 273.903881][ T6858] syz.1.644[6858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 273.903972][ T6858] syz.1.644[6858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 273.978842][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.645'. [ 273.998901][ T6859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.006448][ T6859] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.210146][ T6859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.217631][ T6859] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.305106][ T6857] loop4: detected capacity change from 0 to 256 [ 274.436029][ T3651] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 274.563961][ T3651] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28 [ 274.589077][ T6868] loop2: detected capacity change from 0 to 256 [ 274.593905][ T3651] EXT4-fs (loop0): This should not happen!! Data will be lost [ 274.593905][ T3651] [ 274.656184][ T3651] EXT4-fs (loop0): Total free blocks count 0 [ 274.663755][ T3651] EXT4-fs (loop0): Free/Dirty block details [ 274.669752][ T3651] EXT4-fs (loop0): free_blocks=2415919104 [ 274.677360][ T3651] EXT4-fs (loop0): dirty_blocks=16 [ 274.698320][ T6868] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x891ea09f, utbl_chksum : 0x7319d30d) [ 274.725854][ T6873] loop3: detected capacity change from 0 to 65 [ 274.734031][ T3651] EXT4-fs (loop0): Block reservation details [ 274.740032][ T3651] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 274.823371][ T6873] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 274.863967][ T6874] netlink: 'syz.1.654': attribute type 16 has an invalid length. [ 274.870425][ T6873] BFS-fs: bfs_fill_super(): Last block not available on loop3: 511 [ 274.883345][ T6877] loop0: detected capacity change from 0 to 256 [ 274.891409][ T6874] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.654'. [ 274.949540][ T6877] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 275.032462][ T6877] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 275.067849][ T6887] netlink: 12 bytes leftover after parsing attributes in process `syz.4.657'. [ 275.126944][ T6888] loop3: detected capacity change from 0 to 512 [ 275.227988][ T6888] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:163: inode #12: comm syz.3.652: inline data xattr refers to an external xattr inode [ 275.254031][ T6888] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.652: couldn't read orphan inode 12 (err -117) [ 275.283221][ T6888] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: none. [ 275.420587][ T6895] IPv4: Oversized IP packet from 127.202.26.0 [ 275.432671][ T6175] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000005) [ 275.472251][ T6175] exFAT-fs (loop0): Filesystem has been set read-only [ 275.486582][ T6175] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000005) [ 276.808267][ T6922] loop2: detected capacity change from 0 to 256 [ 276.849713][ T6922] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x891ea09f, utbl_chksum : 0x7319d30d) [ 277.620309][ T6930] IPv4: Oversized IP packet from 127.202.26.0 [ 277.659748][ T6926] netlink: 12 bytes leftover after parsing attributes in process `syz.3.672'. [ 277.725815][ T6936] loop4: detected capacity change from 0 to 1024 [ 277.763566][ T6936] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 277.809520][ T6939] x_tables: ip_tables: ah match: only valid for protocol 51 [ 277.836721][ T6934] netlink: 'syz.1.675': attribute type 3 has an invalid length. [ 278.092440][ T6949] netlink: 'syz.1.687': attribute type 3 has an invalid length. [ 278.203402][ T6950] netlink: 20 bytes leftover after parsing attributes in process `syz.2.679'. [ 278.248507][ T6954] 9pnet: Insufficient options for proto=fd [ 279.119895][ T6964] loop2: detected capacity change from 0 to 256 [ 279.146592][ T6943] chnl_net:caif_netlink_parms(): no params data found [ 279.875551][ T6964] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x891ea09f, utbl_chksum : 0x7319d30d) [ 279.890805][ T5430] Bluetooth: hci2: command 0x0409 tx timeout [ 280.273986][ T6943] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.355860][ T6943] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.459024][ T6943] device bridge_slave_0 entered promiscuous mode [ 280.553951][ T6943] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.605972][ T6943] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.729727][ T6943] device bridge_slave_1 entered promiscuous mode [ 280.818274][ T6981] netlink: 'syz.3.688': attribute type 11 has an invalid length. [ 280.957769][ T6986] loop1: detected capacity change from 0 to 1024 [ 281.050402][ T6943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.105735][ T6986] EXT4-fs (loop1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 281.120170][ T6988] loop3: detected capacity change from 0 to 512 [ 281.142268][ T6943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.167088][ T6990] netlink: 'syz.2.690': attribute type 3 has an invalid length. [ 281.220277][ T6988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 281.237043][ T6943] team0: Port device team_slave_0 added [ 281.246897][ T6994] loop2: detected capacity change from 0 to 512 [ 281.259695][ T6988] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 281.272993][ T6988] System zones: 1-12 [ 281.292981][ T6943] team0: Port device team_slave_1 added [ 281.300106][ T6986] EXT4-fs (loop1): Test dummy encryption mode enabled [ 281.324628][ T6988] EXT4-fs (loop3): 1 truncate cleaned up [ 281.330293][ T6988] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback. [ 281.340899][ T6986] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 281.367583][ T6986] EXT4-fs (loop1): Cannot use DAX on a filesystem that may contain inline data [ 281.382442][ T6994] EXT4-fs (loop2): 1 truncate cleaned up [ 281.388098][ T6994] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 281.404249][ T6943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.411651][ T6943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.439228][ T6943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.451826][ T6943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.458767][ T6943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.514387][ T6943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.386537][ T6986] overlayfs: empty lowerdir [ 282.387641][ T6503] Bluetooth: hci2: command 0x041b tx timeout [ 282.513221][ T6943] device hsr_slave_0 entered promiscuous mode [ 282.531408][ T7003] loop4: detected capacity change from 0 to 8192 [ 282.540479][ T6943] device hsr_slave_1 entered promiscuous mode [ 282.591694][ T6943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.616051][ T6943] Cannot create hsr debugfs directory [ 282.708967][ T7003] REISERFS warning (device loop4): super-6515 reiserfs_parse_options: journaled quota format not specified. [ 282.986029][ T6943] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.136653][ T7001] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 283.179457][ T7001] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 283.190882][ T6499] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 283.199722][ T6943] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.219665][ T7001] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 283.306911][ T6943] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.385184][ T6943] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.479497][ T6499] usb 4-1: Using ep0 maxpacket: 8 [ 284.158404][ T6943] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 284.168108][ T6943] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 284.176952][ T6943] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 284.186472][ T6943] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 284.241379][ T6499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.273845][ T6499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.278953][ T6943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.284967][ T6499] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00 [ 284.300011][ T6499] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.303109][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 284.316236][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 284.326733][ T6943] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.334190][ T6499] usb 4-1: config 0 descriptor?? [ 284.342754][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 284.351789][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 284.360276][ T6502] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.367356][ T6502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.392766][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 284.400547][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 284.409332][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 284.417733][ T6503] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.424870][ T6503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.433519][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 284.442303][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 284.450738][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 284.460132][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 284.468406][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 284.476991][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 284.485436][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 284.494247][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 284.506229][ T6943] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 284.517055][ T6502] Bluetooth: hci2: command 0x040f tx timeout [ 284.526257][ T6943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 284.534894][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 284.543253][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 284.551694][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 284.627977][ T6943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.641454][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 284.650130][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 284.682639][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 284.703316][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 284.729913][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 284.738977][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 284.749488][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 284.761504][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 284.772520][ T6943] device veth0_vlan entered promiscuous mode [ 284.789909][ T6943] device veth1_vlan entered promiscuous mode [ 284.810047][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 284.818448][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 284.826818][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 284.835659][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 284.845823][ T6943] device veth0_macvtap entered promiscuous mode [ 284.858118][ T6943] device veth1_macvtap entered promiscuous mode [ 284.871863][ T6943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.883203][ T6943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.893090][ T6943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.904012][ T6943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.915185][ T6943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.923303][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 284.932156][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 284.940095][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 284.948680][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 284.958888][ T6943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.971931][ T6943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.982903][ T6943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 284.994748][ T6943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.007592][ T6943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.017732][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 285.026522][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 285.036547][ T6943] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.045593][ T6943] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.054781][ T6943] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.063966][ T6943] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.127353][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.141858][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.155336][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 285.156116][ T3650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.172248][ T3650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.188742][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 285.239972][ T7045] netlink: 16 bytes leftover after parsing attributes in process `syz.2.710'. [ 285.714608][ T7048] loop2: detected capacity change from 0 to 1024 [ 286.015647][ T7048] netlink: 'syz.2.710': attribute type 20 has an invalid length. [ 286.601130][ T3678] Bluetooth: hci2: command 0x0419 tx timeout [ 286.697288][ T7063] loop0: detected capacity change from 0 to 1024 [ 286.718635][ T7065] loop2: detected capacity change from 0 to 512 [ 286.728389][ T6499] usbhid 4-1:0.0: can't add hid device: -71 [ 286.742191][ T6499] usbhid: probe of 4-1:0.0 failed with error -71 [ 286.758371][ T6499] usb 4-1: USB disconnect, device number 17 [ 286.849544][ T7065] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.703: inode #1: comm syz.2.703: iget: illegal inode # [ 286.851029][ T7063] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 286.903184][ T7065] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.703: error while reading EA inode 1 err=-117 [ 286.931866][ T7065] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.703: inode #1: comm syz.2.703: iget: illegal inode # [ 287.025282][ T7065] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.703: error while reading EA inode 1 err=-117 [ 287.219292][ T7065] EXT4-fs (loop2): 1 orphan inode deleted [ 287.338559][ T7065] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 287.745022][ T7076] loop1: detected capacity change from 0 to 128 [ 288.026993][ T7081] loop4: detected capacity change from 0 to 4096 [ 288.051393][ T26] audit: type=1800 audit(1723665867.262:356): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.703" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 288.201675][ T7076] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 288.239980][ T7081] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 288.756021][ T7093] 9pnet: Insufficient options for proto=fd [ 289.395541][ T7095] raw_sendmsg: syz.1.707 forgot to set AF_INET. Fix it! [ 289.931292][ T1243] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000772 (sector = 1) [ 290.303037][ T3576] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 291.048174][ T7098] device syzkaller0 entered promiscuous mode [ 291.065607][ T7105] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 292.299807][ T7133] loop0: detected capacity change from 0 to 512 [ 297.559544][ T7144] loop4: detected capacity change from 0 to 1024 [ 297.832087][ T7144] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 298.229569][ T7161] 9pnet: Insufficient options for proto=fd [ 298.289066][ T7159] netlink: 'syz.3.734': attribute type 11 has an invalid length. [ 299.886094][ T7183] loop0: detected capacity change from 0 to 512 [ 299.984213][ T7183] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.741: inode #1: comm syz.0.741: iget: illegal inode # [ 299.999164][ T7187] loop2: detected capacity change from 0 to 128 [ 300.013031][ T7183] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.741: error while reading EA inode 1 err=-117 [ 300.035009][ T7189] 9pnet: Insufficient options for proto=fd [ 300.058142][ T7187] FAT-fs (loop2): bogus number of reserved sectors [ 300.080914][ T7187] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 300.143962][ T7183] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.741: inode #1: comm syz.0.741: iget: illegal inode # [ 300.180950][ T7187] FAT-fs (loop2): Can't find a valid FAT filesystem [ 300.254153][ T7183] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.741: error while reading EA inode 1 err=-117 [ 300.277863][ T7183] EXT4-fs (loop0): 1 orphan inode deleted [ 300.312092][ T7183] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 300.316158][ T7187] netlink: 'syz.2.742': attribute type 3 has an invalid length. [ 300.377218][ T7194] loop2: detected capacity change from 0 to 16 [ 300.598405][ T26] audit: type=1800 audit(1723665879.872:357): pid=7196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.741" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 300.951549][ T7194] erofs: (device loop2): mounted with root inode @ nid 36. [ 302.075781][ T7209] loop4: detected capacity change from 0 to 1024 [ 302.156961][ T7209] EXT4-fs (loop4): Ignoring removed nobh option [ 302.167851][ T7209] EXT4-fs (loop4): Ignoring removed orlov option [ 302.238303][ T7209] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,abort,block_validity,init_itable=0x0000000000000006,dioread_lock,min_batch_time=0x0000000000000002,nobh,block_validity,orlov,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 302.365802][ T7223] fuse: Bad value for 'fd' [ 302.374841][ T7223] xt_l2tp: missing protocol rule (udp|l2tpip) [ 303.346357][ T7237] loop0: detected capacity change from 0 to 512 [ 303.356063][ T7202] chnl_net:caif_netlink_parms(): no params data found [ 303.437745][ T7237] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.757: inode #1: comm syz.0.757: iget: illegal inode # [ 303.491945][ T7237] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.757: error while reading EA inode 1 err=-117 [ 303.513728][ T7237] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.757: inode #1: comm syz.0.757: iget: illegal inode # [ 303.529301][ T7237] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.757: error while reading EA inode 1 err=-117 [ 303.542796][ T6503] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 303.562322][ T7202] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.573958][ T7237] EXT4-fs (loop0): 1 orphan inode deleted [ 303.580126][ T7237] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 303.609065][ T7202] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.629326][ T7202] device bridge_slave_0 entered promiscuous mode [ 303.656780][ T7202] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.675946][ T7202] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.767031][ T7202] device bridge_slave_1 entered promiscuous mode [ 303.901205][ T6503] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 303.901707][ T7202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.996292][ T26] audit: type=1800 audit(1723665883.272:358): pid=7249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.757" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 304.396379][ T6503] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 304.417137][ T7202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.431138][ T6503] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 304.440199][ T6503] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.483811][ T6502] Bluetooth: hci5: command 0x0409 tx timeout [ 304.516106][ T7230] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 304.566062][ T7202] team0: Port device team_slave_0 added [ 304.574593][ T7202] team0: Port device team_slave_1 added [ 304.664550][ T7202] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.681613][ T7202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.726460][ T7202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.808022][ T7202] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.837170][ T7202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.873344][ T7202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.754603][ T7202] device hsr_slave_0 entered promiscuous mode [ 305.762514][ T7202] device hsr_slave_1 entered promiscuous mode [ 305.769825][ T7202] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 306.350626][ T7202] Cannot create hsr debugfs directory [ 306.361058][ T6503] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 306.369633][ T6503] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input12 [ 306.413837][ T7270] loop0: detected capacity change from 0 to 64 [ 306.531332][ T3678] Bluetooth: hci5: command 0x041b tx timeout [ 306.592892][ T6503] usb 5-1: USB disconnect, device number 6 [ 306.611283][ C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 306.621503][ T3574] Bluetooth: hci3: Ignoring connect complete event for invalid link type [ 306.808824][ T7275] loop4: detected capacity change from 0 to 4096 [ 306.909819][ T7275] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 306.956636][ T7275] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 307.041217][ T7202] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.108016][ T7202] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.150917][ T3678] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 307.213865][ T7284] netlink: 'syz.0.770': attribute type 2 has an invalid length. [ 307.284472][ T7202] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.381597][ T7202] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.393894][ T7288] loop0: detected capacity change from 0 to 512 [ 307.420997][ T3678] usb 3-1: Using ep0 maxpacket: 8 [ 307.550977][ T3678] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 307.574737][ T7288] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.772: inode #1: comm syz.0.772: iget: illegal inode # [ 307.600937][ T7288] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.772: error while reading EA inode 1 err=-117 [ 307.679077][ T7288] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.772: inode #1: comm syz.0.772: iget: illegal inode # [ 307.714755][ T7202] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 307.732960][ T7288] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.772: error while reading EA inode 1 err=-117 [ 307.734082][ T7202] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 307.752951][ T3678] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 307.762072][ T3678] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.770323][ T3678] usb 3-1: Product: syz [ 307.774651][ T3678] usb 3-1: Manufacturer: syz [ 307.780739][ T3678] usb 3-1: SerialNumber: syz [ 307.788062][ T3678] usb 3-1: config 0 descriptor?? [ 307.796516][ T7202] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 307.817769][ T7288] EXT4-fs (loop0): 1 orphan inode deleted [ 307.819885][ T7202] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 307.840990][ T7288] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 307.846601][ T3678] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 307.955987][ T7296] device veth0_vlan left promiscuous mode [ 308.078016][ T7202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.123204][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.133721][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.145253][ T7202] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.222282][ T26] audit: type=1800 audit(1723665887.502:359): pid=7302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.772" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 308.261012][ T5430] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 308.393372][ T7202] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 308.410525][ T7202] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 308.536219][ T5430] usb 5-1: Using ep0 maxpacket: 32 [ 308.603189][ T7202] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.611353][ T2988] Bluetooth: hci5: command 0x040f tx timeout [ 308.671048][ T5430] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 308.681181][ T6499] Bluetooth: hci3: command 0x0409 tx timeout [ 308.690529][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.699500][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.708129][ T6503] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.713119][ T5430] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.715235][ T6503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.733487][ T5430] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 308.736795][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.743213][ T5430] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.757229][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.792927][ T6503] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.800009][ T6503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.812066][ T5430] hub 5-1:4.0: USB hub found [ 308.820681][ T26] audit: type=1326 audit(1723665888.102:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.3.777" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b3e0ce9f9 code=0x0 [ 308.821830][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 308.852398][ T7313] loop0: detected capacity change from 0 to 64 [ 308.860582][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 308.875699][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 308.887225][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 308.901276][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 308.918451][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 308.927564][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 308.935976][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 308.944666][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 308.953135][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 308.961557][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 308.969862][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 308.977687][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 308.985859][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 308.993829][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 309.032299][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 309.045954][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 309.080167][ T7202] device veth0_vlan entered promiscuous mode [ 309.105719][ T6499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 309.114165][ T6499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 309.127773][ T7202] device veth1_vlan entered promiscuous mode [ 309.135844][ T6499] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 309.143692][ T6499] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 309.151589][ T6499] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 309.174130][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 309.182709][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 309.194123][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 309.204724][ T7202] device veth0_macvtap entered promiscuous mode [ 309.217686][ T7202] device veth1_macvtap entered promiscuous mode [ 309.231474][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.243776][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.253730][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.264991][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.275760][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.286224][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.297188][ T7202] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.306320][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 309.315120][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 309.323178][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 309.331820][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 309.342449][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.371251][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.390835][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.410807][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.420621][ T7202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.432369][ T7202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.443679][ T7202] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.454429][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 309.463708][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 309.489626][ T7202] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.499594][ T5430] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 309.524894][ T7202] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.538725][ T7202] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.547803][ T7202] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.566156][ T5430] usb 5-1: USB disconnect, device number 7 [ 309.770420][ T3651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.794738][ T3651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.819186][ T7327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.782'. [ 309.848658][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 309.860611][ T7327] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 309.868205][ T7327] IPv6: NLM_F_CREATE should be set when creating new route [ 309.883895][ T3651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.911322][ T3651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.925036][ T7329] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 309.932297][ T7329] IPv6: NLM_F_CREATE should be set when creating new route [ 309.944406][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 310.038708][ T7321] chnl_net:caif_netlink_parms(): no params data found [ 310.176061][ T7342] loop4: detected capacity change from 0 to 512 [ 310.341126][ T3678] gspca_zc3xx: i2c_w status error 4a [ 310.588823][ T3678] gspca_zc3xx: reg_w_i err -71 [ 310.928021][ T3618] Bluetooth: hci5: command 0x0419 tx timeout [ 310.974730][ T7342] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.786: inode #1: comm syz.4.786: iget: illegal inode # [ 310.998366][ T7342] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.786: error while reading EA inode 1 err=-117 [ 311.002052][ T7321] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.020973][ T7342] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.786: inode #1: comm syz.4.786: iget: illegal inode # [ 311.095927][ T7342] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.786: error while reading EA inode 1 err=-117 [ 311.219253][ T7342] EXT4-fs (loop4): 1 orphan inode deleted [ 311.226688][ T7321] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.230873][ T7342] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 311.401743][ T7355] loop1: detected capacity change from 0 to 2048 [ 311.642487][ T6502] Bluetooth: hci0: command 0x0409 tx timeout [ 311.911062][ T3678] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 311.918589][ T3678] gspca_zc3xx: probe of 3-1:0.0 failed with error -71 [ 311.929141][ T3678] usb 3-1: USB disconnect, device number 9 [ 311.939124][ T7356] loop1: p1 < > p4 [ 311.943832][ T7356] loop1: p4 size 8388608 extends beyond EOD, truncated [ 311.955914][ T7355] loop1: p1 < > p4 [ 311.991431][ T7355] loop1: p4 size 8388608 extends beyond EOD, truncated [ 312.102724][ T7321] device bridge_slave_0 entered promiscuous mode [ 312.113293][ T26] audit: type=1800 audit(1723665891.402:361): pid=7342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.786" name="file0" dev="loop4" ino=13 res=0 errno=0 [ 312.153313][ T7321] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.160592][ T7321] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.169400][ T7321] device bridge_slave_1 entered promiscuous mode [ 312.203961][ T7321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.216002][ T7321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.320743][ T7362] loop1: detected capacity change from 0 to 16 [ 312.393899][ T7321] team0: Port device team_slave_0 added [ 312.407431][ T7364] syz.4.791[7364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.407486][ T7364] syz.4.791[7364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.422745][ T7362] erofs: (device loop1): mounted with root inode @ nid 36. [ 312.476508][ T7321] team0: Port device team_slave_1 added [ 312.525301][ T3559] udevd[3559]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 312.541972][ T5300] udevd[5300]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 312.558773][ T26] audit: type=1326 audit(1723665891.802:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7363 comm="syz.4.791" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75071b29f9 code=0x0 [ 312.611443][ T3678] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 312.639565][ T7321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 312.646720][ T7321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.676480][ T7364] loop4: detected capacity change from 0 to 2048 [ 312.682460][ T5303] udevd[5303]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 312.688493][ T7321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.925761][ T5300] udevd[5300]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 312.945999][ T7321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.035520][ T7321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.065579][ T7321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.077782][ T7364] Alternate GPT is invalid, using primary GPT. [ 313.087176][ T7364] loop4: p1 p2 p3 [ 313.286891][ T3678] usb 3-1: Using ep0 maxpacket: 16 [ 313.365410][ T7321] device hsr_slave_0 entered promiscuous mode [ 313.377510][ T7321] device hsr_slave_1 entered promiscuous mode [ 313.409993][ T7321] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 313.429778][ T7321] Cannot create hsr debugfs directory [ 313.721007][ T3610] Bluetooth: hci0: command 0x041b tx timeout [ 314.102513][ T3678] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 314.110541][ T3678] usb 3-1: config 0 has no interface number 0 [ 314.183848][ T3678] usb 3-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 314.258492][ T7321] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.297841][ T7321] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.331067][ T3678] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 314.340114][ T3678] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 314.349735][ T3678] usb 3-1: Product: syz [ 314.354016][ T3678] usb 3-1: SerialNumber: syz [ 314.359949][ T3678] usb 3-1: config 0 descriptor?? [ 314.376239][ T7321] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.412648][ T3678] usbhid 3-1:0.8: couldn't find an input interrupt endpoint [ 314.447329][ T7321] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.518628][ T7321] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 314.529211][ T7321] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 314.538239][ T7321] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 314.548698][ T7321] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 314.600541][ T7321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.614943][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 314.623673][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 314.634890][ T7321] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.646873][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 314.657257][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 314.665819][ T3678] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.672918][ T3678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.702616][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 314.710683][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 314.731484][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 314.739874][ T5430] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.746943][ T5430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.754904][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 314.763839][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 314.791494][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 314.802918][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 314.812041][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 314.820734][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 314.829578][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 314.838120][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 314.850726][ T7321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 314.868265][ T7321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 314.878705][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 314.892629][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 314.907612][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 315.030057][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 315.039273][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 315.056563][ T7321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.083186][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 315.092882][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 315.116674][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 315.125983][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 315.136556][ T7321] device veth0_vlan entered promiscuous mode [ 315.144806][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 315.153292][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 315.167117][ T7321] device veth1_vlan entered promiscuous mode [ 315.200684][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 315.216555][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 315.228294][ T5430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 315.243570][ T7321] device veth0_macvtap entered promiscuous mode [ 315.266584][ T7321] device veth1_macvtap entered promiscuous mode [ 315.284271][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.296358][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.306704][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.318002][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.328294][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.338904][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.348809][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.359350][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.371518][ T7321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.373430][ T1074] usb 3-1: USB disconnect, device number 10 [ 315.380353][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 315.394376][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 315.405292][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.418095][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.428343][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.439372][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.449520][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.460094][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.470146][ T7321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.480668][ T7321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.492307][ T7321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.501848][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 315.510313][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 315.525526][ T7321] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.534361][ T7321] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.545349][ T7321] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.554099][ T7321] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.616350][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.635551][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.643843][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.654889][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.667998][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 315.681531][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 315.799502][ T7383] 9pnet: Insufficient options for proto=fd [ 315.805362][ T3610] Bluetooth: hci0: command 0x040f tx timeout [ 315.960617][ T7386] loop3: detected capacity change from 0 to 16 [ 316.001038][ T21] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 316.057223][ T7386] erofs: (device loop3): mounted with root inode @ nid 36. [ 316.261125][ T3678] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 316.290948][ T3610] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 316.317312][ T7394] kvm: emulating exchange as write [ 316.411393][ T21] usb 2-1: config 1 has an invalid interface number: 3 but max is 2 [ 316.425811][ T21] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 316.443866][ T21] usb 2-1: config 1 has no interface number 1 [ 316.453604][ T21] usb 2-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 316.472049][ T21] usb 2-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 316.493922][ T21] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 316.521267][ T3678] usb 3-1: Using ep0 maxpacket: 8 [ 316.534185][ T3610] usb 5-1: Using ep0 maxpacket: 16 [ 316.650967][ T3610] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 316.651157][ T3678] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.658981][ T3610] usb 5-1: config 0 has no interface number 0 [ 316.659017][ T3610] usb 5-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 316.694979][ T3678] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.705621][ T21] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 316.715065][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.723675][ T3678] usb 3-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00 [ 316.733076][ T21] usb 2-1: Product: syz [ 316.737589][ T3678] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.747122][ T21] usb 2-1: Manufacturer: syz [ 316.752237][ T21] usb 2-1: SerialNumber: syz [ 316.758741][ T3678] usb 3-1: config 0 descriptor?? [ 316.774506][ T3610] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 316.839003][ T3610] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 316.860868][ T3610] usb 5-1: Product: syz [ 316.865045][ T3610] usb 5-1: SerialNumber: syz [ 316.883990][ T3610] usb 5-1: config 0 descriptor?? [ 316.923107][ T3610] usbhid 5-1:0.8: couldn't find an input interrupt endpoint [ 316.927375][ T7397] loop3: detected capacity change from 0 to 512 [ 316.975554][ T7397] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.796: inode #1: comm syz.3.796: iget: illegal inode # [ 317.011346][ T7397] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.796: error while reading EA inode 1 err=-117 [ 317.047233][ T7397] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.796: inode #1: comm syz.3.796: iget: illegal inode # [ 317.064246][ T7397] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.796: error while reading EA inode 1 err=-117 [ 317.086949][ T7397] EXT4-fs (loop3): 1 orphan inode deleted [ 317.106047][ T7397] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 317.252393][ T26] audit: type=1800 audit(1723665896.542:363): pid=7397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.796" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 317.331947][ T21] hub 2-1:1.3: bad descriptor, ignoring hub [ 317.345074][ T21] hub: probe of 2-1:1.3 failed with error -5 [ 317.441729][ T21] usb 2-1: USB disconnect, device number 11 [ 317.493180][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.499633][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.642943][ T3678] usbhid 3-1:0.0: can't add hid device: -71 [ 317.653927][ T7413] loop1: detected capacity change from 0 to 512 [ 317.660329][ T3678] usbhid: probe of 3-1:0.0 failed with error -71 [ 317.776148][ T3678] usb 3-1: USB disconnect, device number 11 [ 317.824874][ T5301] udevd[5301]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.881991][ T1074] Bluetooth: hci0: command 0x0419 tx timeout [ 317.961585][ T7418] No such timeout policy "syz1" [ 318.554187][ T7413] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.800: inode #1: comm syz.1.800: iget: illegal inode # [ 318.574044][ T7413] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.800: error while reading EA inode 1 err=-117 [ 318.595389][ T7427] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 318.655648][ T7413] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.800: inode #1: comm syz.1.800: iget: illegal inode # [ 318.701774][ T7427] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 318.709219][ T7427] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 318.724483][ T7413] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.800: error while reading EA inode 1 err=-117 [ 318.754594][ T7413] EXT4-fs (loop1): 1 orphan inode deleted [ 318.762721][ T7423] loop0: detected capacity change from 0 to 64 [ 318.780249][ T7413] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 318.835065][ T7427] device bridge_slave_0 left promiscuous mode [ 318.948055][ T7427] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.984976][ T26] audit: type=1800 audit(1723665898.272:364): pid=7433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.800" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 319.022193][ T3609] usb 5-1: USB disconnect, device number 8 [ 319.035071][ T7427] device bridge_slave_1 left promiscuous mode [ 319.166604][ T7427] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.279714][ T7427] bond0: (slave bond_slave_0): Releasing backup interface [ 319.297437][ T7427] bond0: (slave bond_slave_1): Releasing backup interface [ 320.218803][ T3609] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 320.336604][ T7442] loop1: detected capacity change from 0 to 256 [ 320.359973][ T7427] team0: Port device team_slave_0 removed [ 320.417056][ T7442] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 320.436704][ T7444] syz.0.806[7444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.436796][ T7444] syz.0.806[7444] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.450088][ T7427] team0: Port device team_slave_1 removed [ 320.534879][ T7429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 320.561456][ T3609] usb 5-1: Using ep0 maxpacket: 16 [ 320.569441][ T26] audit: type=1326 audit(1723665899.852:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.0.806" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae33ca09f9 code=0x0 [ 320.572264][ T7429] team0: Port device bond0 added [ 320.591101][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.640049][ T7202] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000005) [ 320.669094][ T7444] loop0: detected capacity change from 0 to 2048 [ 320.671070][ T7202] exFAT-fs (loop1): Filesystem has been set read-only [ 320.688586][ T7448] loop2: detected capacity change from 0 to 16 [ 320.722697][ T7444] Alternate GPT is invalid, using primary GPT. [ 320.736521][ T7444] loop0: p1 p2 p3 [ 320.742595][ T3609] usb 5-1: device descriptor read/all, error -61 [ 320.789423][ T7452] loop3: detected capacity change from 0 to 512 [ 320.806132][ T7448] erofs: (device loop2): mounted with root inode @ nid 36. [ 320.978197][ T3609] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 321.027998][ T7452] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.810: inode #1: comm syz.3.810: iget: illegal inode # [ 321.185458][ T7452] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.810: error while reading EA inode 1 err=-117 [ 321.199245][ T3609] usb 5-1: device descriptor read/64, error -71 [ 321.381987][ T3609] usb usb5-port1: attempt power cycle [ 321.410614][ T7452] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.810: inode #1: comm syz.3.810: iget: illegal inode # [ 321.436275][ T3559] udevd[3559]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 321.447797][ T5303] udevd[5303]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 321.461129][ T5300] udevd[5300]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 321.477794][ T7452] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.810: error while reading EA inode 1 err=-117 [ 321.493802][ T7452] EXT4-fs (loop3): 1 orphan inode deleted [ 321.500594][ T7452] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 321.610209][ T7461] loop0: detected capacity change from 0 to 512 [ 321.764473][ T26] audit: type=1800 audit(1723665901.052:366): pid=7452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.810" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 321.866924][ T7463] kvm [7462]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0 [ 321.871800][ T3609] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 321.889935][ T7461] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.816: inode #1: comm syz.0.816: iget: illegal inode # [ 321.958513][ T7461] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.816: error while reading EA inode 1 err=-117 [ 321.991169][ T3609] usb 5-1: device descriptor read/8, error -71 [ 322.070221][ T7461] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.816: inode #1: comm syz.0.816: iget: illegal inode # [ 322.104942][ T26] audit: type=1800 audit(1723665901.382:367): pid=7472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.818" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 322.220237][ T7461] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.816: error while reading EA inode 1 err=-117 [ 322.251490][ T7461] EXT4-fs (loop0): 1 orphan inode deleted [ 322.292576][ T7469] chnl_net:caif_netlink_parms(): no params data found [ 322.314476][ T7461] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 322.506250][ T26] audit: type=1800 audit(1723665901.792:368): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.816" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 322.547645][ T7483] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 322.558602][ T7483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 322.566575][ T7483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 322.579630][ T7483] device bridge_slave_0 left promiscuous mode [ 322.589077][ T7483] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.613453][ T7483] device bridge_slave_1 left promiscuous mode [ 322.621072][ T7483] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.778998][ T7483] bond0: (slave bond_slave_0): Releasing backup interface [ 322.912572][ T7483] bond0: (slave bond_slave_1): Releasing backup interface [ 323.017747][ T7501] 9pnet: Insufficient options for proto=fd [ 323.567219][ T7483] team0: Port device team_slave_0 removed [ 323.590590][ T7505] loop3: detected capacity change from 0 to 16 [ 323.655453][ T7483] team0: Port device team_slave_1 removed [ 323.683968][ T7505] erofs: (device loop3): mounted with root inode @ nid 36. [ 323.684677][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.732281][ T7507] loop0: detected capacity change from 0 to 512 [ 323.761934][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.819764][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.835614][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 323.857797][ T7483] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 323.880249][ T7486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.897340][ T7486] team0: Port device bond0 added [ 323.897582][ T7507] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.827: inode #1: comm syz.0.827: iget: illegal inode # [ 324.285306][ T3609] Bluetooth: hci2: command 0x0409 tx timeout [ 324.311795][ T7507] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.827: error while reading EA inode 1 err=-117 [ 324.337463][ T7469] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.347847][ T7507] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.827: inode #1: comm syz.0.827: iget: illegal inode # [ 324.364693][ T7469] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.374380][ T7507] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.827: error while reading EA inode 1 err=-117 [ 324.376298][ T7469] device bridge_slave_0 entered promiscuous mode [ 324.394310][ T7507] EXT4-fs (loop0): 1 orphan inode deleted [ 324.400321][ T7507] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 324.405011][ T7469] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.450615][ T7469] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.459369][ T7469] device bridge_slave_1 entered promiscuous mode [ 324.567297][ T7469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.593209][ T7469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.626631][ T7517] loop2: detected capacity change from 0 to 16 [ 324.693472][ T1074] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 324.743191][ T7469] team0: Port device team_slave_0 added [ 324.750641][ T7519] loop3: detected capacity change from 0 to 256 [ 324.768190][ T7469] team0: Port device team_slave_1 added [ 324.782357][ T26] audit: type=1800 audit(1723665904.012:369): pid=7520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.827" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 324.846534][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.855986][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.881904][ C0] vkms_vblank_simulate: vblank timer overrun [ 324.895605][ T7469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.909827][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.926497][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.952451][ C0] vkms_vblank_simulate: vblank timer overrun [ 324.966768][ T7469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.027871][ T7469] device hsr_slave_0 entered promiscuous mode [ 325.038269][ T7469] device hsr_slave_1 entered promiscuous mode [ 325.069345][ T7469] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.077077][ T7469] Cannot create hsr debugfs directory [ 325.085470][ T7519] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 325.102340][ T1074] usb 5-1: config 1 has an invalid interface number: 3 but max is 2 [ 325.110369][ T1074] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 325.141242][ T7517] erofs: (device loop2): mounted with root inode @ nid 36. [ 325.169246][ T7519] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 325.169246][ T1074] usb 5-1: config 1 has no interface number 1 [ 325.169287][ T1074] usb 5-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 325.205236][ T1074] usb 5-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 325.225389][ T1074] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 325.292885][ T7523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.830'. [ 325.352928][ T7522] device bond0 entered promiscuous mode [ 325.358499][ T7522] device bond_slave_0 entered promiscuous mode [ 325.372506][ T7522] device bond_slave_1 entered promiscuous mode [ 326.262230][ T1074] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 326.311498][ T1074] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.386900][ T2988] Bluetooth: hci2: command 0x041b tx timeout [ 326.397189][ T1074] usb 5-1: Product: syz [ 326.427553][ T1074] usb 5-1: Manufacturer: syz [ 326.441831][ T1074] usb 5-1: SerialNumber: syz [ 326.476404][ T7532] loop0: detected capacity change from 0 to 512 [ 326.594157][ T7469] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.637886][ T7532] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.832: inode #1: comm syz.0.832: iget: illegal inode # [ 326.651616][ T7532] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.832: error while reading EA inode 1 err=-117 [ 326.655099][ T7540] loop2: detected capacity change from 0 to 512 [ 326.716410][ T7532] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.832: inode #1: comm syz.0.832: iget: illegal inode # [ 326.750291][ T7532] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.832: error while reading EA inode 1 err=-117 [ 326.797817][ T7469] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.824599][ T7542] loop3: detected capacity change from 0 to 64 [ 326.834935][ T7532] EXT4-fs (loop0): 1 orphan inode deleted [ 326.836751][ T7540] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.834: inode #1: comm syz.2.834: iget: illegal inode # [ 326.840672][ T7532] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 326.880719][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.908512][ T1074] hub 5-1:1.3: bad descriptor, ignoring hub [ 326.910046][ T7540] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.834: error while reading EA inode 1 err=-117 [ 326.915321][ T1074] hub: probe of 5-1:1.3 failed with error -5 [ 326.952171][ T7540] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.834: inode #1: comm syz.2.834: iget: illegal inode # [ 326.972319][ T7540] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.834: error while reading EA inode 1 err=-117 [ 326.992736][ T7540] EXT4-fs (loop2): 1 orphan inode deleted [ 326.998473][ T7540] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 327.074823][ T1074] usb 5-1: USB disconnect, device number 13 [ 327.135092][ T26] audit: type=1800 audit(1723665906.422:370): pid=7544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.832" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 327.258129][ T7469] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.696651][ T26] audit: type=1800 audit(1723665906.672:371): pid=7546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.834" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 327.831716][ T7469] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.873714][ T3776] udevd[3776]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 328.109305][ T7557] 9pnet: Insufficient options for proto=fd [ 328.254848][ T7548] netlink: 16 bytes leftover after parsing attributes in process `syz.4.837'. [ 328.445611][ T3609] Bluetooth: hci2: command 0x040f tx timeout [ 328.858069][ T7566] loop3: detected capacity change from 0 to 512 [ 328.870080][ T7567] loop4: detected capacity change from 0 to 512 [ 328.924474][ T7566] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 328.924474][ T7566] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 328.924474][ T7566] [ 328.942407][ T7469] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 328.952000][ T7469] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 328.972980][ T7469] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 328.979503][ T7567] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.840: inode #1: comm syz.4.840: iget: illegal inode # [ 328.995946][ T7469] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 329.071446][ T7567] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.840: error while reading EA inode 1 err=-117 [ 329.167392][ T7469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.183992][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.192300][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.203341][ T7469] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.215270][ T7567] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.840: inode #1: comm syz.4.840: iget: illegal inode # [ 329.229430][ T7566] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 329.265721][ T7567] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.840: error while reading EA inode 1 err=-117 [ 329.269428][ T7566] EXT4-fs (loop3): 1 truncate cleaned up [ 329.284348][ T7567] EXT4-fs (loop4): 1 orphan inode deleted [ 329.290215][ T7567] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 329.294361][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.317956][ T7566] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 329.333603][ T6502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.875366][ T6502] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.882516][ T6502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.104199][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.113293][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 330.122724][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 330.317581][ T7580] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 330.976499][ T26] audit: type=1800 audit(1723665910.252:372): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.840" name="file0" dev="loop4" ino=13 res=0 errno=0 [ 331.004101][ T6493] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.011272][ T6493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.182302][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 331.192419][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 331.293395][ T3678] Bluetooth: hci2: command 0x0419 tx timeout [ 331.322330][ T7585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'. [ 331.365371][ T7588] loop0: detected capacity change from 0 to 512 [ 331.381669][ T7585] device ip6gretap0 entered promiscuous mode [ 331.404047][ T7469] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 331.438954][ T7590] loop3: detected capacity change from 0 to 512 [ 331.443873][ T7469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 331.461320][ T7585] netlink: 72 bytes leftover after parsing attributes in process `syz.2.845'. [ 331.469883][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 331.482835][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 331.492989][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 331.504153][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 331.513207][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 331.516598][ T7588] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.856: inode #1: comm syz.0.856: iget: illegal inode # [ 331.524199][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 331.542909][ T7588] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.856: error while reading EA inode 1 err=-117 [ 331.566295][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 331.584074][ T7588] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.856: inode #1: comm syz.0.856: iget: illegal inode # [ 331.606815][ T7588] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.856: error while reading EA inode 1 err=-117 [ 331.608403][ T6492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 331.627364][ T7588] EXT4-fs (loop0): 1 orphan inode deleted [ 331.632011][ T7596] loop4: detected capacity change from 0 to 128 [ 331.633538][ T7588] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 331.698150][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 331.813149][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.829847][ T7590] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.846: inode #1: comm syz.3.846: iget: illegal inode # [ 331.892087][ T26] audit: type=1800 audit(1723665911.172:373): pid=7601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.856" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 332.030723][ T7596] EXT4-fs (loop4): Invalid want_extra_isize 1365870823 [ 332.108911][ T7590] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.846: error while reading EA inode 1 err=-117 [ 332.245533][ T7590] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.846: inode #1: comm syz.3.846: iget: illegal inode # [ 332.348203][ T7590] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.846: error while reading EA inode 1 err=-117 [ 332.474760][ T7590] EXT4-fs (loop3): 1 orphan inode deleted [ 332.484278][ T7592] loop4: detected capacity change from 0 to 2048 [ 332.496740][ T7590] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 332.551152][ T6503] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 332.579468][ T7612] 9pnet: Insufficient options for proto=fd [ 332.994941][ T7469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.116537][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 333.127633][ T7592] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.128848][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 333.171174][ T6503] usb 3-1: Using ep0 maxpacket: 32 [ 333.222399][ T26] audit: type=1800 audit(1723665912.502:374): pid=7614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.846" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 333.324803][ T7616] IPVS: length: 96 != 8 [ 333.330539][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.851'. [ 333.396056][ T6503] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 333.408006][ T6503] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.420687][ T6503] usb 3-1: config 0 descriptor?? [ 333.426118][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 333.472942][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.492073][ T6503] rndis_host: probe of 3-1:0.0 failed with error -22 [ 333.533612][ T7469] device veth0_vlan entered promiscuous mode [ 333.593128][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.602455][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.618145][ T7469] device veth1_vlan entered promiscuous mode [ 333.678183][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.693339][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.729528][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 333.780293][ T7625] loop2: detected capacity change from 0 to 512 [ 333.810398][ T7469] device veth0_macvtap entered promiscuous mode [ 333.835527][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 333.856402][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 333.869715][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.877935][ T7625] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.849: invalid indirect mapped block 10 (level 1) [ 333.891516][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 333.948099][ T7469] device veth1_macvtap entered promiscuous mode [ 333.997944][ T7630] IPv4: Oversized IP packet from 127.202.26.0 [ 334.026017][ T7625] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.849: invalid indirect mapped block 8 (level 1) [ 334.039695][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.069507][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.072106][ T7625] EXT4-fs (loop2): 1 truncate cleaned up [ 334.089817][ T7625] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 334.106550][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.156374][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.167137][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.178186][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.188652][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.199696][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.214026][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.225537][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 334.244035][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 334.251607][ T26] audit: type=1800 audit(1723665913.542:375): pid=7632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.849" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 334.316013][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 334.361841][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.390956][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.394667][ T7638] loop4: detected capacity change from 0 to 1024 [ 334.401198][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.414386][ T7639] loop3: detected capacity change from 0 to 512 [ 334.429520][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.439681][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.458993][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.470523][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.485181][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.498364][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.508127][ T6503] usb 3-1: USB disconnect, device number 12 [ 334.509021][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 334.524958][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 334.540470][ T7469] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.551179][ T7469] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.560174][ T7469] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.574373][ T7469] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.627938][ T26] audit: type=1800 audit(1723665913.912:376): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.855" name="bus" dev="loop4" ino=25 res=0 errno=0 [ 334.841328][ T7646] loop3: detected capacity change from 0 to 16 [ 334.892068][ T7644] loop0: detected capacity change from 0 to 512 [ 334.908266][ T7558] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.925793][ T26] audit: type=1800 audit(1723665914.002:377): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.855" name="bus" dev="loop4" ino=25 res=0 errno=0 [ 334.930734][ T7646] erofs: (device loop3): mounted with root inode @ nid 36. [ 334.946628][ T7558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.017437][ T1243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.321302][ T1243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.376694][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 335.403394][ T6503] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 335.455614][ T7652] loop2: detected capacity change from 0 to 512 [ 335.532039][ T7655] loop1: detected capacity change from 0 to 128 [ 335.535031][ T7644] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.860: inode #1: comm syz.0.860: iget: illegal inode # [ 335.567243][ T5965] [ 335.569583][ T5965] ====================================================== [ 335.571140][ T7644] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.860: error while reading EA inode 1 err=-117 [ 335.576575][ T5965] WARNING: possible circular locking dependency detected [ 335.576584][ T5965] 5.15.164-syzkaller #0 Not tainted [ 335.576592][ T5965] ------------------------------------------------------ [ 335.576598][ T5965] syz-executor/5965 is trying to acquire lock: [ 335.590602][ T7644] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.860: inode #1: comm syz.0.860: iget: illegal inode # [ 335.595623][ T5965] ffff88807e1fa0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x864/0xb80 [ 335.595668][ T5965] [ 335.595668][ T5965] but task is already holding lock: [ 335.595673][ T5965] ffff888074d70e88 [ 335.601714][ T7644] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.860: error while reading EA inode 1 err=-117 [ 335.607829][ T5965] (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2e1/0xb80 [ 335.614917][ T7644] EXT4-fs (loop0): 1 orphan inode deleted [ 335.626800][ T5965] [ 335.626800][ T5965] which lock already depends on the new lock. [ 335.626800][ T5965] [ 335.626809][ T5965] [ 335.626809][ T5965] the existing dependency chain (in reverse order) is: [ 335.626813][ T5965] [ 335.626813][ T5965] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 335.626839][ T5965] lock_acquire+0x1db/0x4f0 [ 335.626857][ T5965] __mutex_lock_common+0x1da/0x25a0 [ 335.626872][ T5965] mutex_lock_nested+0x17/0x20 [ 335.626884][ T5965] hfsplus_file_extend+0x1d2/0x1b10 [ 335.725081][ T5965] hfsplus_bmap_reserve+0x101/0x4e0 [ 335.730783][ T5965] hfsplus_create_cat+0x1a9/0x1ba0 [ 335.736391][ T5965] hfsplus_fill_super+0x13e6/0x1c90 [ 335.742086][ T5965] mount_bdev+0x2c9/0x3f0 [ 335.746911][ T5965] legacy_get_tree+0xeb/0x180 [ 335.752089][ T5965] vfs_get_tree+0x88/0x270 [ 335.757011][ T5965] do_new_mount+0x2ba/0xb40 [ 335.762007][ T5965] __se_sys_mount+0x2d5/0x3c0 [ 335.767178][ T5965] do_syscall_64+0x3b/0xb0 [ 335.772090][ T5965] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 335.778481][ T5965] [ 335.778481][ T5965] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 335.786184][ T5965] validate_chain+0x1649/0x5930 [ 335.791534][ T5965] __lock_acquire+0x1295/0x1ff0 [ 335.796880][ T5965] lock_acquire+0x1db/0x4f0 [ 335.801877][ T5965] __mutex_lock_common+0x1da/0x25a0 [ 335.807571][ T5965] mutex_lock_nested+0x17/0x20 [ 335.812831][ T5965] hfsplus_file_truncate+0x864/0xb80 [ 335.818612][ T5965] hfsplus_delete_inode+0x170/0x220 [ 335.824305][ T5965] hfsplus_unlink+0x50d/0x7f0 [ 335.829475][ T5965] vfs_unlink+0x359/0x5f0 [ 335.834300][ T5965] do_unlinkat+0x4a3/0x950 [ 335.839210][ T5965] __x64_sys_unlink+0x45/0x50 [ 335.844384][ T5965] do_syscall_64+0x3b/0xb0 [ 335.849295][ T5965] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 335.855689][ T5965] [ 335.855689][ T5965] other info that might help us debug this: [ 335.855689][ T5965] [ 335.865900][ T5965] Possible unsafe locking scenario: [ 335.865900][ T5965] [ 335.873334][ T5965] CPU0 CPU1 [ 335.878758][ T5965] ---- ---- [ 335.884095][ T5965] lock(&HFSPLUS_I(inode)->extents_lock); [ 335.889901][ T5965] lock(&tree->tree_lock); [ 335.896985][ T5965] lock(&HFSPLUS_I(inode)->extents_lock); [ 335.905282][ T5965] lock(&tree->tree_lock); [ 335.909759][ T5965] [ 335.909759][ T5965] *** DEADLOCK *** [ 335.909759][ T5965] [ 335.917874][ T5965] 5 locks held by syz-executor/5965: [ 335.923130][ T5965] #0: ffff888023ce0460 (sb_writers#27){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 335.932335][ T5965] #1: ffff8880786e3240 (&type->i_mutex_dir_key#16/1){+.+.}-{3:3}, at: do_unlinkat+0x266/0x950 [ 335.942674][ T5965] #2: ffff888074d71080 (&sb->s_type->i_mutex_key#37){+.+.}-{3:3}, at: vfs_unlink+0xe0/0x5f0 [ 335.952828][ T5965] #3: ffff88805b40b198 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x15d/0x7f0 [ 335.962278][ T5965] #4: ffff888074d70e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2e1/0xb80 [ 335.973898][ T5965] [ 335.973898][ T5965] stack backtrace: [ 335.979756][ T5965] CPU: 1 PID: 5965 Comm: syz-executor Not tainted 5.15.164-syzkaller #0 [ 335.988051][ T5965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 335.998081][ T5965] Call Trace: [ 336.001335][ T5965] [ 336.004243][ T5965] dump_stack_lvl+0x1e3/0x2d0 [ 336.008901][ T5965] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 336.014510][ T5965] ? print_circular_bug+0x12b/0x1a0 [ 336.019683][ T5965] check_noncircular+0x2f8/0x3b0 [ 336.024603][ T5965] ? check_path+0x21/0x40 [ 336.028908][ T5965] ? add_chain_block+0x850/0x850 [ 336.033820][ T5965] ? lockdep_lock+0x11f/0x2a0 [ 336.038470][ T5965] ? add_chain_block+0x850/0x850 [ 336.043385][ T5965] validate_chain+0x1649/0x5930 [ 336.048216][ T5965] ? reacquire_held_locks+0x660/0x660 [ 336.053564][ T5965] ? reacquire_held_locks+0x660/0x660 [ 336.058907][ T5965] ? look_up_lock_class+0x77/0x120 [ 336.063994][ T5965] ? register_lock_class+0x100/0x9a0 [ 336.069253][ T5965] ? is_dynamic_key+0x1f0/0x1f0 [ 336.074077][ T5965] ? mark_lock+0x98/0x340 [ 336.078402][ T5965] __lock_acquire+0x1295/0x1ff0 [ 336.083230][ T5965] lock_acquire+0x1db/0x4f0 [ 336.087704][ T5965] ? hfsplus_file_truncate+0x864/0xb80 [ 336.093139][ T5965] ? read_lock_is_recursive+0x10/0x10 [ 336.098492][ T5965] ? __might_sleep+0xc0/0xc0 [ 336.103062][ T5965] __mutex_lock_common+0x1da/0x25a0 [ 336.108235][ T5965] ? hfsplus_file_truncate+0x864/0xb80 [ 336.113669][ T5965] ? hfsplus_file_truncate+0x864/0xb80 [ 336.119103][ T5965] ? mutex_lock_io_nested+0x60/0x60 [ 336.124276][ T5965] ? hfsplus_free_extents+0x47e/0xae0 [ 336.129624][ T5965] mutex_lock_nested+0x17/0x20 [ 336.134361][ T5965] hfsplus_file_truncate+0x864/0xb80 [ 336.139622][ T5965] ? hfsplus_add_extent+0x880/0x880 [ 336.144794][ T5965] ? mutex_lock_io_nested+0x60/0x60 [ 336.149967][ T5965] hfsplus_delete_inode+0x170/0x220 [ 336.155141][ T5965] hfsplus_unlink+0x50d/0x7f0 [ 336.159790][ T5965] ? read_lock_is_recursive+0x10/0x10 [ 336.165156][ T5965] ? hfsplus_link+0x840/0x840 [ 336.169804][ T5965] ? clear_nonspinnable+0x60/0x60 [ 336.174811][ T5965] ? bpf_lsm_inode_unlink+0x5/0x10 [ 336.179898][ T5965] ? security_inode_unlink+0xca/0x110 [ 336.185246][ T5965] vfs_unlink+0x359/0x5f0 [ 336.189553][ T5965] do_unlinkat+0x4a3/0x950 [ 336.193945][ T5965] ? fsnotify_link_count+0xf0/0xf0 [ 336.199031][ T5965] ? strncpy_from_user+0x209/0x370 [ 336.204123][ T5965] __x64_sys_unlink+0x45/0x50 [ 336.208775][ T5965] do_syscall_64+0x3b/0xb0 [ 336.213166][ T5965] ? clear_bhb_loop+0x15/0x70 [ 336.217817][ T5965] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 336.223701][ T5965] RIP: 0033:0x7f75071b1fa7 [ 336.228091][ T5965] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.247669][ T5965] RSP: 002b:00007ffc06e4e668 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 336.256059][ T5965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f75071b1fa7 [ 336.264005][ T5965] RDX: 00007ffc06e4e690 RSI: 00007ffc06e4e720 RDI: 00007ffc06e4e720 [ 336.271951][ T5965] RBP: 00007ffc06e4e720 R08: 0000000000000000 R09: 0000000000000000 [ 336.279902][ T5965] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc06e4f810 [ 336.287848][ T5965] R13: 00007f750722078c R14: 00000000000517cb R15: 00007ffc06e519c0 [ 336.295799][ T5965] [ 336.323230][ T7655] FAT-fs (loop1): bogus number of reserved sectors [ 336.330537][ T7655] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 336.342249][ T7655] FAT-fs (loop1): Can't find a valid FAT filesystem [ 336.360074][ T7644] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 336.366523][ T7652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.862: inode #1: comm syz.2.862: iget: illegal inode # [ 336.403276][ T7652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.862: error while reading EA inode 1 err=-117 [ 336.465338][ T7652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.862: inode #1: comm syz.2.862: iget: illegal inode # [ 336.478659][ T7652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.862: error while reading EA inode 1 err=-117 [ 336.511368][ T7659] loop4: detected capacity change from 0 to 1024 [ 336.513611][ T7652] EXT4-fs (loop2): 1 orphan inode deleted [ 336.525407][ T7652] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,inode_readahead_blks=0x0000000000000200,usrjquota=,,errors=continue. Quota mode: none. [ 336.554941][ T26] audit: type=1800 audit(1723665915.842:378): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.860" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 336.583363][ T7659] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 336.625424][ T7655] netlink: 'syz.1.814': attribute type 3 has an invalid length. [ 336.678652][ T7661] loop1: detected capacity change from 0 to 16 [ 336.720188][ T7661] erofs: (device loop1): mounted with root inode @ nid 36. [ 336.941729][ T26] audit: type=1800 audit(1723665916.222:379): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.862" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 337.024776][ T7665] 9pnet: Insufficient options for proto=fd [ 340.040973][ T6492] Bluetooth: hci3: command 0x0406 tx timeout