last executing test programs: 7.824130703s ago: executing program 1 (id=262): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f0000000340)='\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) read(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x0, 0x0, 0x103ff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x7, &(0x7f00000006c0)={0x1, 0x1, 0x7000000}) 6.572119077s ago: executing program 1 (id=269): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000980)={0x60, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.816215836s ago: executing program 1 (id=277): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) 5.815644609s ago: executing program 4 (id=278): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x450200, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CHANGE_FD(r1, 0x4c08, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000100)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x1, 0x3132564e, 0x7, 0x3, 0x3, @stepwise={{0x1000, 0x10001}, {0xca, 0x401}, {0x5, 0x7f}}}) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003bfa093f92d25f4b42889f58b36282edd6f82c49e007ed49b9ed030962f330bd57af2a"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0L9rE2Ecx/H397knPypUiYpDBRuweF6oJndVB6fgFCEHDi6CQUMam2KippfBlha6SEGq/Rd0qqMKOokoOBcHwUHPpZs0Q3EQB4nk8kTwb/B5Dfe57wfunodvK+pGGeD3/mqDMgmHg3xE0MC0jDqlRvnazN9Nbo2CS2beNPnM5FS0vHK73m43l/IX8+T+KYAfSfe3il5wTNEXysjn/dVGXW6GDMp01HxIrkrhEU6NrveYKT3J0Rs4DNxNLiu64lbhULHXuVeMllfOLHbqC82F5p0gmLtQOlcqnQ+KtxbbzdIrxHsoiies4YVkQia8NVI1HuzoA8wK4rVU7EihT7rG1o5z+uRsH+XtMUB45/bJfNWtvLrKKbLXh5evcER4ihMyU2VCoUkOqiBX1Evx9Sf9M6XIrjvO2cbd9vzGNSW/0ttl2cuKv0vK9QkKPnPD1XCY92zEzMRUYrZjdr8xLW+Gp4z3qteHz+dmOs4JSHO/3ust+Wn4IDokcEOCHEwmv1PJvXLw1nxjgi/jF8uyLMuyLMuyLOs/8CcAAP//o/hj9Q==") bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$rtc(0x0, 0x2000000003, 0x50dc82) fcntl$setownex(r4, 0xf, &(0x7f00000000c0)={0x2, r2}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0) sendmsg$IPSET_CMD_SAVE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x8, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 4.961521213s ago: executing program 4 (id=282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x8000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x9) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d80)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) 3.373519886s ago: executing program 4 (id=289): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/185, 0xb9}, 0x5}, {{0x0, 0x0, 0x0}, 0x9}], 0x2, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 3.340136666s ago: executing program 3 (id=290): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) finit_module(0xffffffffffffffff, 0x0, 0x3) 3.283704438s ago: executing program 3 (id=292): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x450200, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CHANGE_FD(r1, 0x4c08, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000100)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x1, 0x3132564e, 0x7, 0x3, 0x3, @stepwise={{0x1000, 0x10001}, {0xca, 0x401}, {0x5, 0x7f}}}) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003bfa093f92d25f4b42889f58b36282edd6f82c49e007ed49b9ed030962f330bd57af2a"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0L9rE2Ecx/H397knPypUiYpDBRuweF6oJndVB6fgFCEHDi6CQUMam2KippfBlha6SEGq/Rd0qqMKOokoOBcHwUHPpZs0Q3EQB4nk8kTwb/B5Dfe57wfunodvK+pGGeD3/mqDMgmHg3xE0MC0jDqlRvnazN9Nbo2CS2beNPnM5FS0vHK73m43l/IX8+T+KYAfSfe3il5wTNEXysjn/dVGXW6GDMp01HxIrkrhEU6NrveYKT3J0Rs4DNxNLiu64lbhULHXuVeMllfOLHbqC82F5p0gmLtQOlcqnQ+KtxbbzdIrxHsoiies4YVkQia8NVI1HuzoA8wK4rVU7EihT7rG1o5z+uRsH+XtMUB45/bJfNWtvLrKKbLXh5evcER4ihMyU2VCoUkOqiBX1Evx9Sf9M6XIrjvO2cbd9vzGNSW/0ttl2cuKv0vK9QkKPnPD1XCY92zEzMRUYrZjdr8xLW+Gp4z3qteHz+dmOs4JSHO/3ust+Wn4IDokcEOCHEwmv1PJvXLw1nxjgi/jF8uyLMuyLMuyLOs/8CcAAP//o/hj9Q==") bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$rtc(0x0, 0x2000000003, 0x50dc82) fcntl$setownex(r4, 0xf, &(0x7f00000000c0)={0x2, r2}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0) sendmsg$IPSET_CMD_SAVE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x8, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 3.223269033s ago: executing program 4 (id=293): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f0000000340)='\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) read(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x0, 0x0, 0x103ff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x7, &(0x7f00000006c0)={0x1, 0x1, 0x7000000}) 2.946133694s ago: executing program 0 (id=295): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0xd00, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x9}}, 0x20) 2.860013746s ago: executing program 0 (id=296): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r1, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_bpf={{0x8}, {0x10, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}}, 0x20000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.189902696s ago: executing program 4 (id=297): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x3, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket(0x1e, 0x1, 0x0) connect$tipc(r3, &(0x7f0000000040)=@id, 0x10) 2.156970157s ago: executing program 0 (id=298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800) 2.15647366s ago: executing program 1 (id=299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x8000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x9) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d80)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) 2.156162262s ago: executing program 2 (id=300): socket$netlink(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x20004090) 2.155480159s ago: executing program 3 (id=301): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r4], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100000a000100be"], 0x40}}, 0x0) 1.835670554s ago: executing program 2 (id=302): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x2000000, &(0x7f0000000300)=ANY=[], 0x1, 0x5f3, &(0x7f0000000d40)="$eJzs3cFvHFcdB/Dvrh1n10jJxk3agCphFalCWCS7tkRShASUgixUoUocOFvESaxs0sreIrcHCIhDxal/Qjn4H0Aci5QD7RFOPRv1iMQZ31zN7Ky9jreunaTZdfL5SLPvvXkzb3/vN7OTmbWiDfDcWl7I9IPUsrzw5mbR3t5a6m5vLd0d1JOcTVJPGklqxeq/J/k8uZ/+km8OOobKQz77uHHr0w8/+aDfalRLuX3tqP0Oa45YtxdLqx9rWT6GA+MtPvZ4B2c4l2T+8eKDJ2N34D8ju0/wuQQATptaMjVqfSuZrW7Wi+eA/l1x/x771Dk/VL8/xjgAAADgaTm/k51s5ty44wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTpPr9/1q11Af1+dQGv/8/U61LVT/VHow7AAAAAAAAAAA4ntmjOr+9k51s5tygvVsr/+b/Stm4WL5+I+9mI6tZz5VsZiW99LKeTpLW0EAzmyu93nrnGHsujtxzca89/YTmDQAAAAAAAADPkz9lef/v/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAlqyVS/KJeLg3or9ekkjSQzxXb3k38P6qfZg3EHAAAAAE/B+Z3sZDPnBu3dWvnM/2L53N/Iu7mXXtbSSzeruVF+F9B/6q9vby11t7eW7hbL4XF/+r8ThVGOmP53D6Pf+XK5RTM3s1auuZLf5u10cyP1cs/C5UE8o+P6YxFT7ceVY0Z2oyqLmf+yKidDq8zImb2MtKvYimxcODoTJzw6D79TJ/W9b34ufg05n63KYj5vTHTOF4fOvhePzkQy95u/XLvdvXfn9s2NhcmZ0iN6OBNLQ5l46bnKRLvMxKW99nJ+kV9nIfN5K+tZy++ykl5WM583ytpKdT4Xr62jM/WTA623viqSmeq49K+iJ4vplXLfc1nLr/J2bpRHtJ1ruZbF/CCvpX3gCF8aGfcfdqvu8lNfP9mn/jvfrSpnkvy8KidDkdcLQ3kdvua2yr7hNftZmnvy18bpb1WV4ux5feKujRce+ldikIkXjs7EX8sTZ6N778767ZV3jvl+r1ZlkYGfHcrE7tRjT+iRFefLXHGwytbBs6Poe2FkX6fsu7jXVz/Ud2mv76s+qTPVPdzhkRbLvpdG9vX3u9zvaxa9o+63AJh4s9+bnWn+t/mv5kfNPzdvN99svH72+tmXZ3Lmn2d+ON2eerX+cu1v+Si/33/+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt3Ge+/fWel2V9cnu/L/3b5JiUdF5RmvjPvKBHzdrvbuvnN14733v792d+XW6q3Ve6+1r1/vdDrX2ldvrnVXq9dxRwkAPEn7N/3jjgQAAAAAAAAAAAAAAPgyT+O/E497jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLNteSHTD1JLp32lXbS3t5a6xTKo72/ZSFIrKv9I8nlyP/0lraHhal/2Pp993Lj16YeffLA/VmOwfe2o/Y7nR7NDsdSrcnfqkcc7MLfFh+Z4cvsznE8yV5Uwdl8EAAD//xM7C14=") listxattr(&(0x7f0000000200)='./file1\x00', 0x0, 0x0) 1.803464409s ago: executing program 0 (id=303): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/21, 0x15}, 0x9}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.703814978s ago: executing program 4 (id=304): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = eventfd2(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 1.595725587s ago: executing program 2 (id=305): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x0, 0x4ce, 0x0, 0x9dff, 0x1, "0007edeb00cbe600"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) ioctl$TIOCSTI(r0, 0x5412, 0x0) 1.564174496s ago: executing program 3 (id=306): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000000e40)=ANY=[@ANYBLOB='iocharset=iso8859-1,nostrict,uid=forget,anchor=0000000000000145,gid=', @ANYRESDEC=0x0, @ANYBLOB=',dmode=00000000000000000002004,undelete,partition=00000000000000000001,unhide,\x00'], 0x1, 0xc43, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==") bpf$PROG_LOAD(0x5, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0xc01, 0x3, 0x200, 0x2c8, 0x5002004a, 0x6, 0x2c8, 0x3, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0x0, 'hsr0\x00', 'bridge0\x00'}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x3fa}}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x180}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) 878.417238ms ago: executing program 0 (id=307): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f0000000340)='\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) read(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x0, 0x0, 0x103ff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x7, &(0x7f00000006c0)={0x1, 0x1, 0x7000000}) 758.017114ms ago: executing program 3 (id=308): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r1, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_bpf={{0x8}, {0x10, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}}, 0x20000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 536.292697ms ago: executing program 3 (id=309): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) 506.879437ms ago: executing program 1 (id=310): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f000000d340)={0x0, 0x0, &(0x7f000000d300)={&(0x7f0000000400)={0x4c, r1, 0x1, 0x70bd29, 0x5, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x25, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_b, @broadcast, @initial, {0x1, 0x7f}, @value=@ver_80211n={0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, @tdls_setup_cfm={0xc, 0x2, {0x65, 0x7}}}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xdd7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8010}, 0x84d0) 436.235122ms ago: executing program 1 (id=311): r0 = eventfd2(0x9, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = dup3(r1, r0, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfd}, 0x18) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f000009de80)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x4c}}, 0x0) sendmsg$can_j1939(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)="8d11", 0x2}, 0x1, 0x0, 0x0, 0x4}, 0x4008880) 424.88801ms ago: executing program 2 (id=312): r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffffc}) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000280)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x1, 0x2}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 378.247248ms ago: executing program 2 (id=313): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800) 312.742116ms ago: executing program 2 (id=314): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x3, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000040)=@id, 0x10) 0s ago: executing program 0 (id=315): socket(0x40000000015, 0x5, 0x0) r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000140)={'\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x44}}}) syz_io_uring_setup(0x110, &(0x7f00000004c0)={0x0, 0xaada, 0x400, 0x0, 0x4}, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$qrtr(0x2a, 0x2, 0x0) r4 = epoll_create1(0x0) r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x101000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000580)={0x2004}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts. [ 31.092481][ T6406] cgroup: Unknown subsys name 'net' [ 31.321715][ T6406] cgroup: Unknown subsys name 'cpuset' [ 31.325288][ T6406] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.669564][ T6406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 33.837425][ T6426] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 33.840416][ T6427] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 33.842358][ T6427] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 33.856498][ T6433] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 33.858721][ T6433] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 33.860815][ T6433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 33.862530][ T6433] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 33.864683][ T6433] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 33.868075][ T6433] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 33.870245][ T6433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 33.871812][ T6433] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 33.873574][ T6433] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 33.874567][ T6434] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 33.875374][ T6433] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 33.877901][ T6434] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 33.878530][ T6433] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 33.880481][ T6434] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 33.882532][ T6433] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 33.883163][ T6433] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 33.885358][ T6434] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 33.885966][ T6433] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 33.887259][ T6434] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.888789][ T6433] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 33.890437][ T6434] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 33.892221][ T6433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 33.894343][ T6434] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 33.894809][ T6434] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 33.898012][ T6434] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 33.908862][ T6434] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 33.915251][ T6434] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 34.132505][ T6421] chnl_net:caif_netlink_parms(): no params data found [ 34.136063][ T6424] chnl_net:caif_netlink_parms(): no params data found [ 34.174954][ T6420] chnl_net:caif_netlink_parms(): no params data found [ 34.275382][ T6421] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.276950][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.278690][ T6421] bridge_slave_0: entered allmulticast mode [ 34.281218][ T6421] bridge_slave_0: entered promiscuous mode [ 34.285670][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.287143][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.288875][ T6421] bridge_slave_1: entered allmulticast mode [ 34.291249][ T6421] bridge_slave_1: entered promiscuous mode [ 34.307745][ T6424] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.309569][ T6424] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.311081][ T6424] bridge_slave_0: entered allmulticast mode [ 34.312842][ T6424] bridge_slave_0: entered promiscuous mode [ 34.316090][ T6424] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.317591][ T6424] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.319201][ T6424] bridge_slave_1: entered allmulticast mode [ 34.321049][ T6424] bridge_slave_1: entered promiscuous mode [ 34.323081][ T6422] chnl_net:caif_netlink_parms(): no params data found [ 34.356402][ T6432] chnl_net:caif_netlink_parms(): no params data found [ 34.364186][ T6421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.379833][ T6424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.400640][ T6421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.414946][ T6420] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.416473][ T6420] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.417933][ T6420] bridge_slave_0: entered allmulticast mode [ 34.419739][ T6420] bridge_slave_0: entered promiscuous mode [ 34.423274][ T6424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.425216][ T6420] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.426757][ T6420] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.428311][ T6420] bridge_slave_1: entered allmulticast mode [ 34.430692][ T6420] bridge_slave_1: entered promiscuous mode [ 34.471523][ T6421] team0: Port device team_slave_0 added [ 34.478563][ T6424] team0: Port device team_slave_0 added [ 34.495410][ T6421] team0: Port device team_slave_1 added [ 34.497041][ T6422] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.498758][ T6422] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.500923][ T6422] bridge_slave_0: entered allmulticast mode [ 34.502995][ T6422] bridge_slave_0: entered promiscuous mode [ 34.506383][ T6424] team0: Port device team_slave_1 added [ 34.513674][ T6420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.536296][ T6422] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.537885][ T6422] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.540195][ T6422] bridge_slave_1: entered allmulticast mode [ 34.541950][ T6422] bridge_slave_1: entered promiscuous mode [ 34.544950][ T6420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.555182][ T6424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.556698][ T6424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.563005][ T6424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.566166][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.567667][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.569431][ T6432] bridge_slave_0: entered allmulticast mode [ 34.571880][ T6432] bridge_slave_0: entered promiscuous mode [ 34.574518][ T6421] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.575933][ T6421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.581519][ T6421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.594484][ T6422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.596654][ T6424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.598132][ T6424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.603681][ T6424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.606564][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.608104][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.614025][ T6432] bridge_slave_1: entered allmulticast mode [ 34.616019][ T6432] bridge_slave_1: entered promiscuous mode [ 34.623129][ T6421] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.624616][ T6421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.630795][ T6421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.638379][ T6422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.658115][ T6420] team0: Port device team_slave_0 added [ 34.661549][ T6420] team0: Port device team_slave_1 added [ 34.673476][ T6422] team0: Port device team_slave_0 added [ 34.676198][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.679805][ T6422] team0: Port device team_slave_1 added [ 34.690316][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.761593][ T6424] hsr_slave_0: entered promiscuous mode [ 34.809773][ T6424] hsr_slave_1: entered promiscuous mode [ 34.850175][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.851809][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.857439][ T6420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.869484][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.870910][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.876080][ T6422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.879823][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.881195][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.886649][ T6422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.890101][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.891609][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.896654][ T6420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.903399][ T6432] team0: Port device team_slave_0 added [ 34.951704][ T6421] hsr_slave_0: entered promiscuous mode [ 34.989854][ T6421] hsr_slave_1: entered promiscuous mode [ 35.029522][ T6421] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.031454][ T6421] Cannot create hsr debugfs directory [ 35.039903][ T6432] team0: Port device team_slave_1 added [ 35.120983][ T6420] hsr_slave_0: entered promiscuous mode [ 35.159606][ T6420] hsr_slave_1: entered promiscuous mode [ 35.209439][ T6420] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.211034][ T6420] Cannot create hsr debugfs directory [ 35.228734][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.230544][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.236044][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.301700][ T6422] hsr_slave_0: entered promiscuous mode [ 35.339800][ T6422] hsr_slave_1: entered promiscuous mode [ 35.379690][ T6422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.381327][ T6422] Cannot create hsr debugfs directory [ 35.383232][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.384685][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.390361][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.531031][ T6432] hsr_slave_0: entered promiscuous mode [ 35.579533][ T6432] hsr_slave_1: entered promiscuous mode [ 35.629689][ T6432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.631241][ T6432] Cannot create hsr debugfs directory [ 35.741998][ T6424] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 35.747727][ T6424] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 35.756468][ T6424] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 35.760217][ T6424] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 35.795246][ T6421] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 35.800389][ T6421] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 35.804479][ T6421] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 35.817109][ T6421] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 35.851133][ T6420] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.860496][ T6420] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.863608][ T6420] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.869115][ T6424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.882991][ T6420] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.916247][ T6424] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.935987][ T6422] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 35.939831][ T6434] Bluetooth: hci4: command tx timeout [ 35.941564][ T6434] Bluetooth: hci2: command tx timeout [ 35.942720][ T6426] Bluetooth: hci3: command tx timeout [ 35.942807][ T6427] Bluetooth: hci0: command tx timeout [ 35.944302][ T6426] Bluetooth: hci1: command tx timeout [ 35.951160][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.952892][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.970649][ T6422] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 35.976135][ T6422] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 35.981380][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.982973][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.005688][ T6422] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 36.048303][ T6421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.051552][ T6432] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 36.054704][ T6432] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 36.070310][ T6432] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 36.079163][ T6421] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.084934][ T6432] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 36.103019][ T6422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.112408][ T6422] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.116063][ T1919] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.117529][ T1919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.126456][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.128137][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.139684][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.141187][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.162146][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.163871][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.201949][ T6420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.246177][ T6424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.255071][ T6420] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.283022][ T243] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.284372][ T243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.288750][ T243] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.290246][ T243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.354375][ T6422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.369070][ T6420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.408774][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.414437][ T6424] veth0_vlan: entered promiscuous mode [ 36.438583][ T6424] veth1_vlan: entered promiscuous mode [ 36.448879][ T6421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.461171][ T6432] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.477701][ T6424] veth0_macvtap: entered promiscuous mode [ 36.493315][ T1919] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.494936][ T1919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.505938][ T6421] veth0_vlan: entered promiscuous mode [ 36.516588][ T6421] veth1_vlan: entered promiscuous mode [ 36.527231][ T1919] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.528927][ T1919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.541256][ T6424] veth1_macvtap: entered promiscuous mode [ 36.573456][ T6420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.580867][ T6424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.585668][ T6424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.593366][ T6421] veth0_macvtap: entered promiscuous mode [ 36.601326][ T6424] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.603277][ T6424] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.604944][ T6424] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.606630][ T6424] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.619891][ T6421] veth1_macvtap: entered promiscuous mode [ 36.653313][ T6422] veth0_vlan: entered promiscuous mode [ 36.662537][ T6421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.664732][ T6421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.667910][ T6421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.679033][ T6420] veth0_vlan: entered promiscuous mode [ 36.686453][ T6421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.688697][ T6421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.692473][ T6421] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.695336][ T6422] veth1_vlan: entered promiscuous mode [ 36.710247][ T6421] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.712161][ T6421] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.714109][ T6421] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.715748][ T6421] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.726208][ T6420] veth1_vlan: entered promiscuous mode [ 36.766567][ T6422] veth0_macvtap: entered promiscuous mode [ 36.804382][ T6422] veth1_macvtap: entered promiscuous mode [ 36.808868][ T319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.812049][ T319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.812285][ T6420] veth0_macvtap: entered promiscuous mode [ 36.844169][ T6420] veth1_macvtap: entered promiscuous mode [ 36.869202][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.872979][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.874944][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.876949][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.881529][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.886705][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.888727][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.891689][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.893914][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.896818][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.903549][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.915248][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.917502][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.925590][ T6422] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.927386][ T6422] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.929760][ T1919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.931106][ T6422] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.931403][ T1919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.933327][ T6422] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.945534][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.947615][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.950638][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.952804][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.954793][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.956993][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.960948][ T6420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.964277][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.966436][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.968404][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.972160][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.974223][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.976350][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.981081][ T6420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.996565][ T6420] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.998409][ T6420] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.000953][ T6420] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.002657][ T6420] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.019158][ T1919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.021656][ T1919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.063029][ T6424] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 37.105690][ T6432] veth0_vlan: entered promiscuous mode [ 37.116576][ T319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.118249][ T319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.132951][ T6432] veth1_vlan: entered promiscuous mode [ 37.139574][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.141113][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.147631][ T1919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.149186][ T1919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.164438][ T6432] veth0_macvtap: entered promiscuous mode [ 37.185307][ T6432] veth1_macvtap: entered promiscuous mode [ 37.220947][ T243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.222408][ T243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.237770][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.240243][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.242270][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.244175][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.246186][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.249391][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.251842][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.253773][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.256771][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.269911][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.272166][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.274093][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.276578][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.282828][ T6509] Zero length message leads to an empty skb [ 37.399695][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.401791][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.403737][ T6432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.405806][ T6432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.416321][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.420101][ T6432] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.421901][ T6432] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.423882][ T6432] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.425728][ T6432] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.303206][ T6426] Bluetooth: hci1: command tx timeout [ 38.304304][ T6426] Bluetooth: hci2: command tx timeout [ 38.305399][ T6426] Bluetooth: hci0: command tx timeout [ 38.306501][ T6426] Bluetooth: hci3: command tx timeout [ 38.307549][ T6426] Bluetooth: hci4: command tx timeout [ 38.827979][ T6521] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 39.668150][ T243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.675841][ T243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.677802][ T243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.681169][ T243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.369365][ T53] Bluetooth: hci4: command tx timeout [ 40.370617][ T53] Bluetooth: hci3: command tx timeout [ 40.371756][ T53] Bluetooth: hci0: command tx timeout [ 40.372866][ T53] Bluetooth: hci2: command tx timeout [ 40.374021][ T53] Bluetooth: hci1: command tx timeout [ 40.435686][ T6529] loop1: detected capacity change from 0 to 32768 [ 40.493145][ T6529] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.9 (6529) [ 40.534189][ T6529] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 40.536622][ T6529] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 40.538373][ T30] audit: type=1326 audit(40.510:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6533 comm="syz.2.3" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9374d828 code=0x0 [ 40.538517][ T6529] BTRFS info (device loop1): using free-space-tree [ 40.748335][ T6558] loop0: detected capacity change from 0 to 256 [ 40.756325][ T6558] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 41.046922][ T6566] loop4: detected capacity change from 0 to 8 [ 41.263787][ T6566] squashfs image failed sanity check [ 41.562209][ T6529] BTRFS info (device loop1): rebuilding free space tree [ 42.376372][ T6594] loop0: detected capacity change from 0 to 128 [ 42.392061][ T6594] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 42.400136][ T6421] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 42.402184][ T6594] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 42.420288][ T6426] Bluetooth: hci1: command tx timeout [ 42.421445][ T6426] Bluetooth: hci2: command tx timeout [ 42.422617][ T6426] Bluetooth: hci0: command tx timeout [ 42.423894][ T6426] Bluetooth: hci3: command tx timeout [ 42.427662][ T53] Bluetooth: hci4: command tx timeout [ 43.162621][ T6603] netlink: 'syz.1.21': attribute type 21 has an invalid length. [ 43.164407][ T6603] netlink: 'syz.1.21': attribute type 20 has an invalid length. [ 43.166225][ T6603] IPv6: NLM_F_CREATE should be specified when creating new route [ 43.237882][ T6601] process 'syz.0.19' launched './file1' with NULL argv: empty string added [ 44.399201][ T6618] loop3: detected capacity change from 0 to 32768 [ 44.402981][ T6618] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.28 (6618) [ 44.413419][ T6618] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 44.415599][ T6618] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 44.417572][ T6618] BTRFS info (device loop3): using free-space-tree [ 44.536134][ T6641] loop0: detected capacity change from 0 to 64 [ 44.545086][ T6641] ======================================================= [ 44.545086][ T6641] WARNING: The mand mount option has been deprecated and [ 44.545086][ T6641] and is ignored by this kernel. Remove the mand [ 44.545086][ T6641] option from the mount to silence this warning. [ 44.545086][ T6641] ======================================================= [ 44.691924][ T6648] netlink: 24 bytes leftover after parsing attributes in process `syz.1.32'. [ 46.894982][ T6424] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 47.701012][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 48.798755][ T6708] loop4: detected capacity change from 0 to 64 [ 49.617945][ T6711] netlink: 44 bytes leftover after parsing attributes in process `syz.3.54'. [ 50.892144][ T6728] loop4: detected capacity change from 0 to 512 [ 50.894639][ T6728] EXT4-fs: Ignoring removed orlov option [ 50.918599][ T6728] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.58: casefold flag without casefold feature [ 50.922037][ T6728] EXT4-fs (loop4): Remounting filesystem read-only [ 50.926453][ T6728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.460244][ T6476] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 51.650016][ T6476] usb 1-1: Using ep0 maxpacket: 32 [ 51.678147][ T6476] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.684207][ T6476] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.686827][ T6476] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 51.757225][ T6476] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.850351][ T6476] usb 1-1: config 0 descriptor?? [ 51.862414][ T6476] hub 1-1:0.0: USB hub found [ 52.085568][ T6476] hub 1-1:0.0: 1 port detected [ 52.187115][ T6755] loop1: detected capacity change from 0 to 8 [ 52.990839][ T319] hub 1-1:0.0: activate --> -90 [ 53.306405][ T6423] usb 1-1-port1: config error [ 53.314869][ T6422] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.633016][ T6474] usb 1-1: USB disconnect, device number 2 [ 55.019771][ T6790] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 55.034762][ T6786] netlink: 12 bytes leftover after parsing attributes in process `syz.1.79'. [ 55.037509][ T6786] bridge_slave_1: left allmulticast mode [ 55.038769][ T6786] bridge_slave_1: left promiscuous mode [ 55.041122][ T6786] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.408210][ T6799] loop0: detected capacity change from 0 to 32768 [ 55.464245][ T6778] loop2: detected capacity change from 0 to 65536 [ 55.508201][ T6778] XFS (loop2): Mounting V5 Filesystem e4654a66-62e5-4963-a81e-012d9d4871af [ 55.533972][ T6802] loop4: detected capacity change from 0 to 32768 [ 55.590380][ T6778] XFS (loop2): Ending clean mount [ 55.592250][ T6799] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 55.597337][ T6799] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 55.600310][ T6799] bcachefs (loop0): Version upgrade required: [ 55.600310][ T6799] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 55.600310][ T6799] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 55.600310][ T6799] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 55.624325][ T6802] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 55.630139][ T6799] bcachefs (loop0): dropping and reconstructing all alloc info [ 55.658605][ T6799] bcachefs (loop0): check_topology... done [ 55.664867][ T6799] bcachefs (loop0): accounting_read... [ 55.690081][ T8] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x134/0x1f8, xfs_agfl block 0x3 [ 55.693747][ T8] XFS (loop2): Unmount and run xfs_repair [ 55.695019][ T8] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 55.696521][ T8] 00000000: 58 41 46 4c 00 00 00 00 e4 65 4a 66 62 e5 49 63 XAFL.....eJfb.Ic [ 55.697061][ T6422] ocfs2: Unmounting device (7,4) on (node local) [ 55.698339][ T8] 00000010: a8 1e 01 2d 9d 48 71 af 00 00 00 00 00 00 00 00 ...-.Hq......... [ 55.698367][ T8] 00000020: 2b a8 fe 5c ff ff ff ff 00 00 00 00 00 00 00 06 +..\............ [ 55.698379][ T8] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff ................ [ 55.698390][ T8] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.698401][ T8] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.709558][ T6799] done [ 55.709587][ T6799] bcachefs (loop0): alloc_read... done [ 55.709673][ T6799] bcachefs (loop0): stripes_read... done [ 55.709707][ T6799] bcachefs (loop0): snapshots_read... done [ 55.710291][ T6799] bcachefs (loop0): check_allocations... [ 55.716452][ T8] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.720345][ T8] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.725937][ T4639] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x1fc/0x414" at daddr 0x3 len 1 error 74 [ 55.728718][ T4639] XFS (loop2): page discard on page 00000000c533ce9a, inode 0x49, pos 0. [ 55.737766][ T8] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x134/0x1f8, xfs_agfl block 0x3 [ 55.740233][ T8] XFS (loop2): Unmount and run xfs_repair [ 55.741456][ T8] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 55.743081][ T8] 00000000: 58 41 46 4c 00 00 00 00 e4 65 4a 66 62 e5 49 63 XAFL.....eJfb.Ic [ 55.744954][ T8] 00000010: a8 1e 01 2d 9d 48 71 af 00 00 00 00 00 00 00 00 ...-.Hq......... [ 55.746980][ T8] 00000020: 2b a8 fe 5c ff ff ff ff 00 00 00 00 00 00 00 06 +..\............ [ 55.748732][ T8] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff ................ [ 55.749709][ T6799] done [ 55.755800][ T8] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.757801][ T8] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.765274][ T8] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.765766][ T6799] bcachefs (loop0): going read-write [ 55.767121][ T8] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.767185][ T4639] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x1fc/0x414" at daddr 0x3 len 1 error 74 [ 55.779419][ T4639] XFS (loop2): page discard on page 00000000d85c0b9e, inode 0x49, pos 32768. [ 55.782095][ T8] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x134/0x1f8, xfs_agfl block 0x3 [ 55.784721][ T8] XFS (loop2): Unmount and run xfs_repair [ 55.786047][ T8] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 55.786207][ T6799] bcachefs (loop0): done starting filesystem [ 55.787708][ T8] 00000000: 58 41 46 4c 00 00 00 00 e4 65 4a 66 62 e5 49 63 XAFL.....eJfb.Ic [ 55.787726][ T8] 00000010: a8 1e 01 2d 9d 48 71 af 00 00 00 00 00 00 00 00 ...-.Hq......... [ 55.815789][ T8] 00000020: 2b a8 fe 5c ff ff ff ff 00 00 00 00 00 00 00 06 +..\............ [ 55.817942][ T8] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff ................ [ 55.829877][ T8] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.831813][ T8] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.833914][ T8] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.835821][ T8] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 55.837771][ T4639] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x1fc/0x414" at daddr 0x3 len 1 error 74 [ 55.841161][ T6420] bcachefs (loop0): shutting down [ 55.843284][ T6420] bcachefs (loop0): going read-only [ 55.844592][ T4639] XFS (loop2): page discard on page 00000000c7c4f78a, inode 0x49, pos 49152. [ 55.845520][ T6420] bcachefs (loop0): finished waiting for writes to stop [ 55.872109][ T6432] XFS (loop2): Unmounting Filesystem e4654a66-62e5-4963-a81e-012d9d4871af [ 55.875404][ T6420] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10 [ 55.877701][ T6420] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 10 [ 55.887673][ T6432] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 55.896134][ T6420] bcachefs (loop0): unshutdown complete, journal seq 11 [ 55.898373][ T6420] bcachefs (loop0): done going read-only, filesystem not clean [ 55.948192][ T6420] bcachefs (loop0): shutdown complete [ 56.058249][ T6830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.061582][ T6830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.918182][ T6832] loop1: detected capacity change from 0 to 32768 [ 56.929475][ T6832] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.92 (6832) [ 56.948788][ T6832] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 56.954665][ T6832] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 56.956767][ T6832] BTRFS info (device loop1): disk space caching is enabled [ 56.958488][ T6832] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 57.046074][ T6832] BTRFS info (device loop1): rebuilding free space tree [ 57.055619][ T6832] BTRFS info (device loop1): disabling free space tree [ 57.057881][ T6832] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.060173][ T6832] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.275689][ T6421] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 57.710546][ T6858] loop4: detected capacity change from 0 to 40427 [ 57.731895][ T6858] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1fffff [ 57.738412][ T6858] F2FS-fs (loop4): invalid crc value [ 57.763698][ T6858] F2FS-fs (loop4): Found nat_bits in checkpoint [ 57.789811][ T6858] F2FS-fs (loop4): Start checkpoint disabled! [ 57.829862][ T6858] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 57.848410][ T6858] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_map_blocks+0xd20/0x3cd0 [ 57.868748][ T6858] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_map_blocks+0xd20/0x3cd0 [ 57.929175][ T6772] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x4bc/0x1a48 [ 57.932747][ T6772] F2FS-fs (loop4): invalid blkaddr: 5120, type: 7, run fsck to fix. [ 57.935580][ T6772] kworker/u8:9: attempt to access beyond end of device [ 57.935580][ T6772] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 57.942022][ T6772] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 57.944704][ T6772] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 58.350733][ T6880] loop0: detected capacity change from 0 to 8 [ 58.361132][ T6884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.363011][ T6884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.521822][ T6876] loop3: detected capacity change from 0 to 32768 [ 58.529090][ T6876] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.103 (6876) [ 58.908142][ T6876] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 58.910969][ T6876] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 58.917513][ T6876] BTRFS info (device loop3): using free-space-tree [ 58.920529][ T6878] netlink: 12 bytes leftover after parsing attributes in process `syz.4.102'. [ 58.930347][ T6878] bridge_slave_1: left allmulticast mode [ 58.931837][ T6878] bridge_slave_1: left promiscuous mode [ 58.933212][ T6878] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.052748][ T6424] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 60.085078][ T6919] netlink: 'syz.4.111': attribute type 1 has an invalid length. [ 60.086958][ T6919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.111'. [ 60.208666][ T6929] loop4: detected capacity change from 0 to 512 [ 60.266150][ T6910] loop2: detected capacity change from 0 to 32768 [ 60.289040][ T6910] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.109 (6910) [ 60.301564][ T6929] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 60.336940][ T6910] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 60.346916][ T6910] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 61.705507][ T6910] BTRFS info (device loop2): disk space caching is enabled [ 61.707169][ T6910] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 61.888473][ T6422] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.910176][ T6910] BTRFS info (device loop2): rebuilding free space tree [ 61.942265][ T6910] BTRFS info (device loop2): disabling free space tree [ 61.943681][ T6910] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.945869][ T6910] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.168374][ T6432] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 62.200054][ T6963] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 3, id = 0 [ 62.226179][ T6939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.116'. [ 62.336802][ T6965] loop3: detected capacity change from 0 to 8 [ 62.565252][ T6975] netlink: 'syz.2.125': attribute type 1 has an invalid length. [ 62.567033][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.125'. [ 62.595409][ T6977] loop4: detected capacity change from 0 to 128 [ 62.613254][ T6977] ADFS-fs (loop4): error: can't find an ADFS filesystem on dev loop4. [ 63.121387][ T6983] bridge0: port 3(erspan0) entered blocking state [ 63.123318][ T6983] bridge0: port 3(erspan0) entered disabled state [ 63.125764][ T6983] erspan0: entered allmulticast mode [ 63.134259][ T6983] erspan0: entered promiscuous mode [ 63.138440][ T6983] bridge0: port 3(erspan0) entered blocking state [ 63.139952][ T6983] bridge0: port 3(erspan0) entered forwarding state [ 63.816579][ T6990] loop2: detected capacity change from 0 to 1764 [ 64.502104][ T2345] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.503742][ T2345] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.858128][ T6995] loop0: detected capacity change from 0 to 32768 [ 64.875361][ T6995] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.130 (6995) [ 64.905923][ T6995] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 64.908149][ T6995] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 64.910233][ T6995] BTRFS info (device loop0): disk space caching is enabled [ 64.911777][ T6995] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 64.924967][ T7004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.133'. [ 64.928002][ T7004] bridge_slave_1: left allmulticast mode [ 64.929504][ T7004] bridge_slave_1: left promiscuous mode [ 64.930785][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.076378][ T6995] BTRFS info (device loop0): rebuilding free space tree [ 65.114937][ T6995] BTRFS info (device loop0): disabling free space tree [ 65.127022][ T6995] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.146659][ T6995] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.302675][ T7031] netlink: 'syz.3.136': attribute type 1 has an invalid length. [ 65.304483][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.136'. [ 65.310103][ T6420] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 65.403037][ T7037] loop3: detected capacity change from 0 to 128 [ 65.433070][ T7038] loop1: detected capacity change from 0 to 1024 [ 65.744047][ T7050] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 65.746365][ T7050] FAT-fs (loop3): Filesystem has been set read-only [ 65.747906][ T7050] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 65.750163][ T7050] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 66.587069][ T7038] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.329038][ T6421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.565350][ T7066] netlink: 12 bytes leftover after parsing attributes in process `syz.4.149'. [ 67.579893][ T7066] bridge1: port 1(bridge_slave_1) entered blocking state [ 67.581667][ T7066] bridge1: port 1(bridge_slave_1) entered disabled state [ 67.583249][ T7066] bridge_slave_1: entered allmulticast mode [ 67.584992][ T7066] bridge_slave_1: entered promiscuous mode [ 67.687014][ T7069] loop2: detected capacity change from 0 to 32768 [ 67.691616][ T7069] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.150 (7069) [ 67.722683][ T7069] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 67.724940][ T7069] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 67.726753][ T7069] BTRFS info (device loop2): disk space caching is enabled [ 67.728317][ T7069] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 68.059696][ T7099] Bluetooth: MGMT ver 1.23 [ 69.684280][ T25] cfg80211: failed to load regulatory.db [ 70.320687][ T7132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.322662][ T7132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.326772][ T7069] BTRFS error (device loop2): open_ctree failed [ 70.508071][ T7130] netlink: 12 bytes leftover after parsing attributes in process `syz.1.166'. [ 70.530335][ T7137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.532259][ T7137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.535248][ T7130] bridge1: port 1(bridge_slave_1) entered blocking state [ 70.537057][ T7130] bridge1: port 1(bridge_slave_1) entered disabled state [ 70.544222][ T7130] bridge_slave_1: entered allmulticast mode [ 70.547277][ T7130] bridge_slave_1: entered promiscuous mode [ 72.521997][ T2252] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 73.031254][ T2252] usb 1-1: Using ep0 maxpacket: 8 [ 73.130339][ T2252] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 73.135260][ T2252] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.138043][ T2252] usb 1-1: Product: syz [ 73.141476][ T2252] usb 1-1: Manufacturer: syz [ 73.142991][ T2252] usb 1-1: SerialNumber: syz [ 73.647987][ T2252] usb 1-1: config 0 descriptor?? [ 73.907482][ T2252] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 73.966128][ T7223] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 73.988630][ T7221] loop2: detected capacity change from 0 to 40427 [ 73.992140][ T7221] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 73.993945][ T7221] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 73.996836][ T7221] F2FS-fs (loop2): invalid crc value [ 74.008893][ T7221] F2FS-fs (loop2): Found nat_bits in checkpoint [ 74.027519][ T7221] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 74.029434][ T7221] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 74.841415][ T6432] syz-executor: attempt to access beyond end of device [ 74.841415][ T6432] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 74.857050][ T7238] netlink: 28 bytes leftover after parsing attributes in process `syz.1.208'. [ 74.865439][ T6432] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 74.867549][ T4639] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 74.880893][ T4639] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 75.277151][ T7243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.209'. [ 75.285436][ T7243] bridge_slave_1: left allmulticast mode [ 75.286730][ T7243] bridge_slave_1: left promiscuous mode [ 75.288075][ T7243] bridge1: port 1(bridge_slave_1) entered disabled state [ 75.343944][ T7243] bridge2: port 1(bridge_slave_1) entered blocking state [ 75.345571][ T7243] bridge2: port 1(bridge_slave_1) entered disabled state [ 75.347174][ T7243] bridge_slave_1: entered allmulticast mode [ 75.349032][ T7243] bridge_slave_1: entered promiscuous mode [ 75.531837][ T2252] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 75.537193][ T2252] usb 1-1: USB disconnect, device number 3 [ 78.255250][ T7292] netlink: 76 bytes leftover after parsing attributes in process `syz.0.222'. [ 78.448031][ T7296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.221'. [ 78.455679][ T7299] bridge1: port 1(bridge_slave_1) entered blocking state [ 78.457280][ T7299] bridge1: port 1(bridge_slave_1) entered disabled state [ 78.464957][ T7299] bridge_slave_1: entered allmulticast mode [ 78.467074][ T7299] bridge_slave_1: entered promiscuous mode [ 79.260234][ T6423] IPVS: starting estimator thread 0... [ 79.349443][ T7313] IPVS: using max 26 ests per chain, 62400 per kthread [ 80.055017][ T7317] loop2: detected capacity change from 0 to 4096 [ 80.230341][ T7328] netlink: 76 bytes leftover after parsing attributes in process `syz.1.233'. [ 80.429460][ T7333] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.959908][ T7343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.239'. [ 81.971826][ T7343] bridge_slave_1: left allmulticast mode [ 81.973053][ T7343] bridge_slave_1: left promiscuous mode [ 81.974395][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.035734][ T7343] bridge1: port 1(bridge_slave_1) entered blocking state [ 82.037242][ T7343] bridge1: port 1(bridge_slave_1) entered disabled state [ 82.038919][ T7343] bridge_slave_1: entered allmulticast mode [ 82.040847][ T7343] bridge_slave_1: entered promiscuous mode [ 82.085494][ T7350] loop1: detected capacity change from 0 to 128 [ 82.093847][ T7350] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 82.097852][ T7350] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 83.594709][ T7368] loop3: detected capacity change from 0 to 64 [ 83.701729][ T7372] loop3: detected capacity change from 0 to 1024 [ 83.711885][ T7372] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 85.190150][ T7388] netlink: 12 bytes leftover after parsing attributes in process `syz.1.253'. [ 85.196326][ T7388] bridge_slave_1: left allmulticast mode [ 85.197509][ T7388] bridge_slave_1: left promiscuous mode [ 85.198773][ T7388] bridge2: port 1(bridge_slave_1) entered disabled state [ 85.321551][ T7385] loop4: detected capacity change from 0 to 32768 [ 85.423193][ T7385] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.252 (7385) [ 85.480566][ T7399] sp0: Synchronizing with TNC [ 85.487094][ T7385] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 85.494985][ T7385] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 85.512445][ T7385] BTRFS info (device loop4): using free-space-tree [ 85.816551][ T1919] BTRFS warning (device loop4): checksum verify failed on logical 5308416 mirror 1 wanted 0x77808b7ecca445f549ae3d233ea0eb27adb628f92d0be59092c566b0ee5e6744 found 0x60de627d100598bf359a16df5e2192f96c915829a41fe25c04d94167c746e2ec level 0 [ 85.824115][ T7428] loop2: detected capacity change from 0 to 8 [ 85.835094][ T7385] BTRFS: error (device loop4) in btrfs_fill_super:983: errno=-5 IO failure [ 85.859941][ T7385] BTRFS error (device loop4 state E): commit super ret -30 [ 86.103297][ T7437] loop0: detected capacity change from 0 to 256 [ 86.693156][ T7446] loop0: detected capacity change from 0 to 1024 [ 86.697973][ T7446] EXT4-fs: Ignoring removed orlov option [ 86.699187][ T7446] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.060646][ T7452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.062556][ T7452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.081626][ T7446] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 87.083455][ T7446] System zones: 0-1, 3-36 [ 87.099824][ T7446] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.247197][ T7456] netlink: 12 bytes leftover after parsing attributes in process `syz.3.271'. [ 87.255892][ T7456] bridge_slave_1: left allmulticast mode [ 87.257499][ T7456] bridge_slave_1: left promiscuous mode [ 87.258792][ T7456] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.263818][ T7457] loop2: detected capacity change from 0 to 8 [ 87.271578][ T7457] SQUASHFS error: lzo decompression failed, data probably corrupt [ 87.273556][ T7457] SQUASHFS error: Failed to read block 0x91: -5 [ 87.274851][ T7457] SQUASHFS error: Unable to read metadata cache entry [8f] [ 87.287261][ T7457] SQUASHFS error: Unable to read inode 0x11f [ 87.451371][ T6420] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.715755][ T7471] loop4: detected capacity change from 0 to 8 [ 88.030204][ T7480] bridge0: port 3(erspan0) entered disabled state [ 88.067171][ T7480] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.117236][ T7482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.121273][ T7482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.412208][ T7480] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.420728][ T7480] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.793119][ T7480] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.795106][ T7480] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.796853][ T7480] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.798842][ T7480] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.805484][ T7499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.809505][ T7499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.072838][ T7492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.284'. [ 90.126260][ T7501] ip6tnl2: entered promiscuous mode [ 90.291224][ T7511] loop3: detected capacity change from 0 to 8 [ 91.536120][ T7531] ip6tnl2: entered promiscuous mode [ 91.862542][ T7536] loop2: detected capacity change from 0 to 1024 [ 92.665736][ T7544] loop3: detected capacity change from 0 to 2048 [ 92.686308][ T7544] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 93.648537][ C0] ------------[ cut here ]------------ [ 93.650020][ C0] refcount_t: underflow; use-after-free. [ 93.651552][ C0] WARNING: CPU: 0 PID: 7569 at lib/refcount.c:28 refcount_warn_saturate+0x1c8/0x20c [ 93.653679][ C0] Modules linked in: [ 93.654397][ C0] CPU: 0 UID: 0 PID: 7569 Comm: syz.2.314 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 93.656501][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 93.658518][ C0] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 93.660109][ C0] pc : refcount_warn_saturate+0x1c8/0x20c [ 93.661378][ C0] lr : refcount_warn_saturate+0x1c8/0x20c [ 93.662515][ C0] sp : ffff800080007660 [ 93.663365][ C0] x29: ffff800080007660 x28: 0000000000000001 x27: 00000000ffffffff [ 93.665074][ C0] x26: 1fffe0001ae53418 x25: dfff800000000000 x24: 0000000000000000 [ 93.666946][ C0] x23: ffff0000d7dd75e4 x22: ffff80008a63b670 x21: 0000000000000003 [ 93.668686][ C0] x20: ffff0000d7dd75e4 x19: ffff800092b74000 x18: 0000000000000008 [ 93.670828][ C0] x17: 0000000000000000 x16: ffff8000831615b0 x15: 0000000000000001 [ 93.672576][ C0] x14: 1fffe000366c38e2 x13: 0000000000000000 x12: 0000000000000000 [ 93.674442][ C0] x11: 0000000000000102 x10: 0000000000ff0100 x9 : 642fd0d5b3db8b00 [ 93.676284][ C0] x8 : 642fd0d5b3db8b00 x7 : 0000000000000001 x6 : 0000000000000001 [ 93.678087][ C0] x5 : ffff800080006d98 x4 : ffff80008f9bd220 x3 : ffff800080626d8c [ 93.680023][ C0] x2 : 0000000000000001 x1 : 0000000000000100 x0 : 0000000000000000 [ 93.681849][ C0] Call trace: [ 93.682512][ C0] refcount_warn_saturate+0x1c8/0x20c (P) [ 93.683927][ C0] refcount_warn_saturate+0x1c8/0x20c (L) [ 93.685095][ C0] sk_skb_reason_drop+0x210/0x43c [ 93.686127][ C0] j1939_session_put+0x1c8/0x460 [ 93.687202][ C0] j1939_xtp_rx_dat_one+0x680/0xdb4 [ 93.688286][ C0] j1939_tp_recv+0x2c8/0xe14 [ 93.689325][ C0] j1939_can_recv+0x5bc/0x934 [ 93.690186][ C0] can_rcv_filter+0x308/0x714 [ 93.691137][ C0] can_receive+0x328/0x488 [ 93.692036][ C0] can_rcv+0x128/0x240 [ 93.692911][ C0] __netif_receive_skb+0x18c/0x3c8 [ 93.693937][ C0] process_backlog+0x640/0x123c [ 93.695033][ C0] __napi_poll+0xb4/0x3fc [ 93.695902][ C0] net_rx_action+0x6a8/0xf4c [ 93.696792][ C0] handle_softirqs+0x2e0/0xbf8 [ 93.697785][ C0] __do_softirq+0x14/0x20 [ 93.698719][ C0] ____do_softirq+0x14/0x20 [ 93.699774][ C0] call_on_irq_stack+0x24/0x4c [ 93.700758][ C0] do_softirq_own_stack+0x20/0x2c [ 93.701783][ C0] __irq_exit_rcu+0x1d8/0x544 [ 93.702888][ C0] irq_exit_rcu+0x14/0x84 [ 93.703891][ C0] el1_interrupt+0x38/0x68 [ 93.704814][ C0] el1h_64_irq_handler+0x18/0x24 [ 93.705830][ C0] el1h_64_irq+0x6c/0x70 [ 93.706761][ C0] __pi_memset_generic+0x11c/0x188 (P) [ 93.708072][ C0] __asan_memset+0x48/0x64 (L) [ 93.709035][ C0] do_recvmmsg+0x34c/0xb34 [ 93.710092][ C0] __arm64_sys_recvmmsg+0x180/0x23c [ 93.711230][ C0] invoke_syscall+0x98/0x2b8 [ 93.712279][ C0] el0_svc_common+0x130/0x23c [ 93.713355][ C0] do_el0_svc+0x48/0x58 [ 93.714227][ C0] el0_svc+0x54/0x168 [ 93.715228][ C0] el0t_64_sync_handler+0x84/0x108 [ 93.716393][ C0] el0t_64_sync+0x198/0x19c [ 93.717336][ C0] irq event stamp: 28785 [ 93.718252][ C0] hardirqs last enabled at (28784): [] __console_unlock+0x70/0xc4 [ 93.720227][ C0] hardirqs last disabled at (28785): [] el1_dbg+0x24/0x80 [ 93.722026][ C0] softirqs last enabled at (26638): [] handle_softirqs+0xa38/0xbf8 [ 93.724063][ C0] softirqs last disabled at (28705): [] __do_softirq+0x14/0x20 [ 93.726116][ C0] ---[ end trace 0000000000000000 ]--- [ 93.906827][ T7574] bridge_slave_1: left allmulticast mode [ 93.908022][ T7574] bridge_slave_1: left promiscuous mode [ 93.909441][ T7574] bridge1: port 1(bridge_slave_1) entered disabled state