last executing test programs: 9m18.372131715s ago: executing program 2 (id=124): r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='cgroup.freeze\x00', 0x275a, 0x0) ftruncate(r2, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) 9m17.397508386s ago: executing program 2 (id=130): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x440, 0x0, @multicast1=0xe000cc02}}) 9m16.384975178s ago: executing program 2 (id=138): ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, 0x0) r0 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x13, r2, 0x0) ftruncate(r2, 0xc17a) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000840)=ANY=[@ANYBLOB="050000000000000073116c00000000008510000002000000850000007600000095000000000000009500a5050000000019913cf0384097d17dcc03852924f62523a0bfda8ec8719a52dee1d0a8ce1d351faaa68943c61886733e905038e829ed40f9d9cd4f33f03e9df9a9f425b66b07a14ccfbf5f10eb26e9118bfff901693db686892fe1aa5adf18407c82230f4ea644f5d4dcd7631621ccc8dcd2462646f19bde0641c8f03002c231e18f36b19f081aab8c66a2589315d2f87fef2244cb13de872c4bbe099c7ce6eae65007c71a63b4a13abc81ca860f23bcde1f42229bd7e4104fc31c974c00ac53e26cc9bc474e75f4ce825d265352467e9c763e8f083b8b33391441eb9bec2b141e8a66"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 9m16.027870029s ago: executing program 2 (id=141): write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r0 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x800, 0x1, 0x82}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={r5, 0x3}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x48, 0x0, r0}) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) 9m15.694850389s ago: executing program 2 (id=143): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) openat(r0, &(0x7f0000000280)='./file0\x00', 0x50000, 0x120) 9m15.449959577s ago: executing program 2 (id=144): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x4e21, 0xced, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x400}, &(0x7f00000000c0)=0x8) 9m8.09384586s ago: executing program 1 (id=181): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0) r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2000}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file3\x00', 0x100, 0x64) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) 9m7.890427556s ago: executing program 1 (id=183): pipe(&(0x7f00000001c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x4) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r3, 0x0, 0x80, 0x6) write$bt_hci(r3, &(0x7f0000000e80)={0x1, @write_class_of_dev={{0xc24, 0x3}, {"8d2c6f"}}}, 0x7) write(r1, 0x0, 0x0) 9m7.525649008s ago: executing program 1 (id=186): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x14}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001f80)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24008801}, 0x8000) 9m7.318317324s ago: executing program 1 (id=188): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./file1\x00', 0x3010018, &(0x7f0000000040), 0x5, 0x4c3, &(0x7f0000000ac0)="$eJzs3U1oXNUeAPD/nXw0L01f8j54r3SV9wp9fZQmTad5pdAH7apQtGArKOjC0EzStJO2NCmYLMQP0IoK7aYbi6ALBekirlQEkS5ERXDRjaAUVBAbSKtVpAshcu/MxLSZpE1Tc2n8/eBwz7kzc89/5uSeueefSxLAH1ZnROyKiIaI2BIR7dX9hWqJJyslfV6pOHEoLUlMTx+4mkQSEXuLE4dqx0qq29XVA7RExIUPI1ob5/Y7MjZ+pK9cLp2otrtHh493j4yNbx4a7hssDZaOFnu2F4vF3h3F3rv2Xn/45fCZd67vef7sle8//ebi2+eT2BVt1cdmv4+7pTM6Zz6T2RqTiP/f7c5y1pJ3ACza+fvPvJR3DADA8kuv8f8aEf/Orv/boyEqF+uHJx+91h7XBuZ7XcfPr1xezjgBAACAOzcd7bEz3QIAAAArViEi2iIpdFXvBWiLQqGrq3IP79+jtVA+NjK6aeDYyaP9kd0r2xFNhYGhcql2r3BHNCVpuyer/9beelO7GBF/iYhT7X/K2l0Hj5X7805+AAAAwArXFnHpkWfe/efqedb/qS/b844SAAAAWIp0/b/mUmv2p7p+ss4HAACAFSld/1979srHYf0PAAAAK1Zt/T/zf7hUVFRUZip5z1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw1/R0EtMAAADAipZ3/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvL3uLEoVpZrj4n9yxXT8xnandEdFTGv1QtlUcaoyXbtkRTRLT+mETjrNclEdGwxL67NkR0xqbPTz/x3VtpierP4RIPyz1i4uu8IyBPzdvyjoA8rXsg7wjI02en8o6APF2cyjsC8rT/QN4RkKd9/8s7AvL08tW8I+CD3RGxpV7+rxBrs20lC3Rz/qchyxAtzSfnIjqj69vZ++bmfwqTS+yGBUztjtgZEaU5+b9C7SkdDdXWmixV2JQMDJVLWyLizxGxMZpWpe2eBfrYu/ZC3UzPi/9Ix//kvlr+Ly1p/7VcYDWOycZVN76uv2+0b6nvm4qppyLWNdYb/2Qm/5vMk/9ddZt9vPfV/uF6+69/lI7/C+8vPP78nqZfjfhP3fM/mXlOWuseHT7ePTI2vnlouG+wNFg6WuzZXiwWe3cUe7uz+aC7NivM9ebTr9f9pv/XwWz+HzP++UnP/9aFxz+b/0fGxo/0lculEyOL7+O5DWfrfoe/cTYd/+YLdzL/NycPZgE2V/c93jc6eqInojm5b+7+rYuPeaWqfR61zysd/43r63//167/KvN/Yc78/7fqtlD5FeK8/vva5br7vzidjn/xIed/ftLx77/F+Z/ccP4vvvLY+v0b6/X9cGTXf+duff5vy4KpHcT1363d7gDlHScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMz2awAAAP//MEf3BQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x25080, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x2000, 0x56) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0x19, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f2833b738e062a00000000f730b7ecb98454c0b900", [0x204]}) write$binfmt_script(r0, &(0x7f0000000000), 0xfea7) 9m6.132829752s ago: executing program 1 (id=193): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f00000000c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x400c080}, 0x20000090) 9m5.88741518s ago: executing program 1 (id=195): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000110850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 9m5.630532168s ago: executing program 32 (id=195): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000110850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 9m0.384185364s ago: executing program 33 (id=144): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x4e21, 0xced, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x400}, &(0x7f00000000c0)=0x8) 7m15.236866809s ago: executing program 6 (id=909): timer_create(0x0, 0x0, 0x0) r0 = io_uring_setup(0x3c8d, &(0x7f0000000680)) r1 = epoll_create1(0x0) dup3(r1, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendfile(r3, r2, 0x0, 0x578410eb) 7m14.957494167s ago: executing program 6 (id=914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 7m14.743430954s ago: executing program 6 (id=918): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) fsopen(0x0, 0x1) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b5508000000000000009bc400", "c9063700", "46b0dc72b7b1d30e"}, 0x38) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x20000000, 0x0, 0x0) 7m14.399574245s ago: executing program 6 (id=919): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00', @ANYRES32=0x0], 0x47, 0xc15, &(0x7f0000001940)="$eJzs3V1sZOdZB/DnnWPHY6e0TtNuWmjKSEXtymWj/equq0WVt3ENlbabql5X5Koef+x2FO94ZXvppkBlQAWJm4rcIG6QRYlA6gVXhEtcGqRWCAlVvSgXSJZoo1xw4YtKCFBqdM68Y493vVk3G39s8vtFzv/MmeeM34/xmWNpX58AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+ko24FAHCYrk5+6fQ5n/8A8K5yze//AAAAAAAAAAAAAABw3KUo4kSkGHplM01XjzvqV1rt23emxif2PmwwRYpaFFV9+VU/c/bc+U9duDjazTc//u324Xhu8trlxrOLN28tzS8vz881ptqt2cW5+X2/wsMef7eRagAaN1+4PXf9+nLj7DPndj19Z/i1gcdPDF+6eOrCaLd2anxiYrKnpq//LX/3e9xvhcdjUUQzUrwx/HpqRkQtHn4sHvDeOWiDVSdGqk5MjU9UHVloNdsr5ZOplqtqEY2eg8a6Y3QIc/FQxiJWy+aXDR4puzd5q7nUnFmYb3yxubTSWmkttlOt09qyP42oxWiKWIuIjYF7X64/ivhopHjp9GaaiYiiOw6frBYGP7g9tQPo4z6U7Wz0R6zVHoE5O8YGooirkeJnr56M2XLM8ld8POILZb4S8XKZn4lI5RvjfMRP93gf8WjqiyL+NVIsps00V50PuueVK19ufL59fbGntnteeeQ/Hw7TMT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25Hij57+nWpdcVTr0t93afQ9z/9m75rxpx7wOmXtMxGxWtvfmtz+vHQ41cr/DqBj7Es9ivhGXv/3B0fdGAAAAAAAAAAAAAAAAAAAgHe1Ip6PFF85dTKtRe89xVvtG41rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzjsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KhbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIZyLF+vP16vFaLeJaRPx8a2ur+vqfra2tiM1y+2EddV8BAAAAAAAAAAAAAAAAAADg2EpFfCxSPPm/m6kREXeGXxt4/MTwpYunLowWUUQqS3rrn5u8drnx7OLNW0vzy8vzc42pdmt2cW5+v9+ufqXVvn1nanziQDrzQIMH3P7B+rOLt15cat346sqezw/VL88sryw1Z/d+OgajFjHdu2ekavDU+ETV6IVWs10dmmr3aWAtYmy/nQEAAAAAAAAAAAAAAAAAAODYGEpFfC5S/OQ/zqfuuvG+zpr/X+o8KrZrX/69nb8FsHBXdvX+/YD9bKf9NnSkWnjfmBqfmJjs2d3Xf29p2aaUingqUnzipQ9V6+FTDO25Nr6se29Zd/N8rhv+lbJudVdVfWRqfKJxdbF96vLCwuJsc6U5szDfmLzVnN33Hw4AAAAAAAAAAAAAAAAAAACANzGUivhRpPivv/231L3vfF7/39d51LP+/zeqJfSVetqd26q1/e+t1vZ3tt93aXToo0/fb/9BrP8v25RSEd+MFOd+9KHqfvrd9f/Td9WWdX8SKV5/+iO5rvZYWdfsdqfzitdbC/Ony9q/jBS/+ka3NqraG7n2yZ3aM2XtYKT4883dtV/NtR/YqT1b1p6MFN/7z71rP7hTe66s/Umk+Ie/aXRrh8ra3821J3Zqn5ldXJh70LCW8/+dSPHXV38rdft83/nv+fsPq3fltnvm/M233675H+7Zt5rn9Y/z/DcfMP8XIsV36h/JdZ2xn8nPP1H9f2f+PxEp/v1fdtdez7Xv36k9s99uHbVy/r8dKb77Fz/e7nOe/zyyOzPUO/+/3Lc7t98lRzT/T/TsG87tmv0Fx+LdaPnFr7/QXFiYX7Jhw4aN7Y2jPjNxGMrP/z+NFP93okjd65j8+f+ezqOd67///sbO5/+lu3LbEX3+v79n36V81dLfF1FfuXmr/6mI+vKLXz/Vutm8MX9jvn32zOlPf/rCmdNnLvQ/1r2429na99i9E5Tz/4NI8cO/++H27zG7r//2vv4fuiu3HdH8P9nbp13XNfseinelcv7/KlI88dkfb/+++WbX/93f/09+bHdu//wd0fx/oGffcG5X6xccCwAAAAAAAAAAgEfJUCrizyLFb//hr6fuGqL9/Pu/ubty2xH9+68TPfvmDmldw74HGQDgGCmv/z4YKf5x6/vba7l3X//Fr3Vre6//7uc43P8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAedSmK+P1IMfTKZlofKB931K+02rfvTI1P7H3YYIoUtSiq+vKrfubsufOfunBxtJtXBg6zGx+O5yavXW48u3jz1tL88vL8XGOq3ZpdnJvf9ys87PF3G6kGsHHzhdtz168vN84+c27X03eGXxt4/MTwpYunLox2a6fGJyYme2r6+t/yd79Hus/+x6KI70eKN4ZfT98diKjFw4/FA947B22w6sRI1Ymp8YmqIwutZnulfDLVclUtotFz0Fh3jA5hLh7KWMRq2fyywSNl9yZvNZeaMwvzjS82l1ZaK63Fdqp1Wlv2pxG1GE0RaxGxscePZH8U8c1I8dLpzfRPAxFFdxw+eXXyS6fPPbg9tQPo4z6U7Wz0R6zVHoE5O8YGooi/jxQ/e/VkfG8goi86X/HxiC+U+UrEy2V+JiKVb4zzET891FM7B6kvijgfKRbTZnp1oDwfdM8rV77c+Hz7+mJPbfe88sh/PhymY35uqkcRP6jO+Jvpn/1cAwAAAAAAAAAAAAAAABwjRaxFiq+cOpmq9cHba4pb7RuNa82Zhc6yvu7av+6a6a2tra1G6uRYzumcqznXcq7n3MgZtXx8zrGc0zlXc67lXM+5kTOKfHzOsZzTOVdzruVcz7mRM/ry8TnHck7nXM25lnM950bOOCZr9wAAAAAAAAAAAAAAAAAAgHeWWhTVXdy/9bXNtDXQub/0dHRy3f1A3/H+PwAA//8YNXNU") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000004200)={0x2020}, 0x1851) 7m13.379444457s ago: executing program 6 (id=922): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000680)={0x0, 0x1, 0xffff4f11, 0xfffd, 0xffffdfffffffffff, 0x20000000000000b, 0xfffffffffffffffd, 0xff, 0x4a, 0x2b, 0x80000005, 0x2}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 7m12.791554906s ago: executing program 6 (id=927): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="07000000040000000001000008"], 0x50) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x12) listen(r1, 0x787) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x9) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040), 0x400, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 7m12.32932858s ago: executing program 34 (id=927): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="07000000040000000001000008"], 0x50) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x12) listen(r1, 0x787) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x9) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040), 0x400, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5m46.455467396s ago: executing program 0 (id=1557): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000140)={0x0, 0x0, 0x6, 0x1000000002, 0x100, 0x80000000}) 5m46.039473789s ago: executing program 0 (id=1560): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000018000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001c006000100d9030000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000000d0a010800000000000000000a00fffe0900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 5m45.821218665s ago: executing program 0 (id=1563): socket$inet_udp(0x2, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183b41, 0x52) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) socket(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001000010700930000ffffffff0a000000060001001000000008000a00", @ANYRES32=r0], 0x24}}, 0x24008000) 5m45.67002295s ago: executing program 0 (id=1565): syz_mount_image$exfat(&(0x7f0000000a00), &(0x7f0000001540)='./file0\x00', 0x2010c00, &(0x7f00000003c0)=ANY=[], 0x1, 0x150f, &(0x7f0000001c00)="$eJzs3AuYjtXaOPB1r7UexjTpbZLDsO51P7xpsEyS5JCQQ5IkSZJTQtIkWxISQ05JQxJynCTnkBymMWmcz4eckyZbmiQJCUnW/5q+9mfv3f523/7a/8/+9ty/63quWfc8732/9/Pec73v8zzXzHzdc1S9FvVrNyMi8bvAf3xJEULECCGGCSGuEUIEQohK8ZXic/cXUJDy+56E/XM9OOdKd8CuJJ5/3sbzz9t4/nkbzz9v4/nnbTz/vI3nn7fx/BnLy3bMLXYtb3l3+4fu/6//O/v4/v//Qfz5/28kp/zkzzeVv77XP5DC88/beP55G88/b+P55208/7yN5//vr9bf2cfzz9t4/ozlZTtAC/EvcB+atyuzXemfP8YYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjecN5f5kWQvxpfaX7YowxxhhjjDHG2D+Pz3+lO2CMMcYYY4wxxtj/fyCkUEKLQOQT+UWMKCBixVUiTlwtCoprRERcK+LFdaKQuF4UFkVEUVFMJIjiooQwAoUVJEJRUpQSUXGDKC1uFIkFcmuWE06UF0niJlFB3CwqiltEJXGrqCxuE1VEVVFNVBe3ixriDlFT1BK1xZ2ijqgr6on64i7RQNwtGop7RCNxr2gs7hNNxP2iqXhANBMPiubiIdFCPCxaikdEK9FatBFtRbv/Uf7zoq94QfQT/UWKGCAGihfFIDFYDBFDxTDxkhguXhYjxCsiVYwUo8SrYrR4TYwRr4uxYpwYL94QE8REMUlMFlPEVJEm3hTTxFtiunhbzBAzxSwxW8wRc8U88Y6YLxaIheJdsUi8JxaLJWKpWCbSxfsiQywXmeIDsUJ8KLLESrFKrBZrxFqxTqwXG8RGsUlsFlvEVrFNbBc7xEdip9gldos9Yq/YJ/aLj8UB8Yk4KD4V2eKzfzD/3F/l9wIBAiRI0KAhH+SDGIiBWIiFOIiDglAQIhCBeIiHQlAICkNhKApFIQESoASUAAQEAoKSUBKiEIXSUBoSIRHKQllw4CAJkqAC3AwVoSJUgkpQGSpDFagKVaE6VIcaUANqQk2oDbWhDtSBelAP7oK74G5oCA2hETSCxtAYmkATaApNoRk0g+bQHFpAC2gJLaEVtII20AbaQTtoD+2hA3SATtAJOkNn6AJdIBmSoSt0hW7QDbpDd+gBPaAn9IRe0Bt6w/PwPLwAL0B/qCMHwEAYCINgEAyBoTAUXoLh8DK8DK9AKoyEUfAqvAqvwRg4C2NhHIyH8VBDToRJMBlIToU0SINpMA2mw3SYATNhJsyGOTAX5sE8mA8LYAG8C4vgPXgPlsASWAbpkA4ZsBwyIRNWwDnIgpWwClbDGlgLa2A9bID1sAk2wybYClthO2yHj+Aj2AW7YA/sgX2wDz6Gj+ET+ARSIRuy4RAcgsNwGI7AEciBHDgKR+EYHIPjcBxOwAk4CafgNJyCM3AGzsI5OA/n4QJcgIvwbMKXzfeV2ZgqZC4ttcwn88kYGSNjZayMk3GyoCwoIzIi42W8LCQLycKysCwqi8oEmSBLyBISJUqSoSwpS8qojMrSsrRMlImyrCwrnXQySSbJCrKCrCgrykryVllZ3iaryKqyo6suq8saspOrKWvJ2rK2rCPrynqyvqwvG8gGsqFsKBvJRrKxbCybyPtlUzkAhsCDMncyLeRIaClHQSvZWraRbeVr8KhsL8dAB9lRdpKPy3EwFrrI9i5ZPiW7yknQTf5BToZnZA85FXrK52Qv2Vv2kc/LvrKD6yf7yxkwQA6Us2GQHCyHyKFyPtSVuROrJ1+RqXKkHCVflcvgNTlGvi7HynFyvHxDTpAT5SQ5WU6RU2WafFNOk2/J6fJtOUPOlLPkbDlHzpXz5DtyvlwgF8p35SL5nlwsl8ilcplMl+/LDLlcZsoP5Ar5ocySK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2uV3ukB/JnXKX3C33yL1yn9wvP5YH5CfyoPxUZsvP5CH5R3lYfi6PyC9kjvxSHpVfyWPya3lcfiNPyG/lSXlKnpbfyTPye3lWnpPn5Q/ygvxRXpQ/yUvSS6FASaWUVoHKp/KrGFVAxaqrVJy6WhVU16iIulbFq+tUIXW9KqyKqKKqmEpQxVUJZRQqq0iFqqQqpaLqBlVa3agSVRlVVpVTTpVXSeomVUHdrCqqW1QldauqrG5TVVRVVU1VV7erGuoOVVPVUrXVnaqOqqvqqfrqLtVA3a0aqntUI3WvaqzuU03U/aqpekA1Uw+q5uoh1UI9rFqqR1Qr1Vq1UW1VO/Woaq8eUx1UR9VJPa46qydUF/WkSlZPqa7qadVN/UF1V8+oHupZ1VM9p3qp3qqP+kldUl71U/1VihqgBqoX1SA1WA1RQ9Uw9ZIarl5WI9QrKlWNVKPUq2q0ek2NUa+rsWqcGq/eUBPURDVJTVZT1FSVpt5U09Rbarp6W81QM9UsNVvNUXPVkF8qLfxv5L/1N/JH/Pzs29UO9ZHaqXap3WqP2qv2qf1qvzqgDqiD6qDKVtnqkDqkDqvD6og6onJUjjqqjqpj6pg6ro6rE+qEOqlOqR/Ud+qM+l6dVefUOfWDuqAuqIu/vAZCg5Zaaa0DnU/n1zG6gI7VV+k4fbUuqK/REX2tjtfX6UL6el1YF9FFdTGdoIvrEtpo1FaTDnVJXUpH9Q26tL5RJ+oyuqwup50ur5P0Tb87/7f6a6fb6fa6ve6gO+hOupPurDvrLrqLTtbJuqvuqrvpbrq77q576B66p+6pe+leuo/uo/vqvrqf7qdTdIoeqF/Ug/RgPUQP1cP0S3q4Hq5H6BE6VafqUXqUHq1H6zF6jB6rx+rxeryeoCfoSXqSnqKn6DSdpqfpaXq6nq5n6Bl6lp6l5+g5ep6ep+fr+XqhXqgX6UV6sV6sl+qlOl2n6wydoTN1pl6hV+gsvVKv1Kv1ar1Wr9Xr9Xq9UW/Um/VmvVVv1Vl6h96hd+qderferffqvXq/3q8P6AP6oD6os3W2PqQP6cP6sD6ij+gcnaOP6qP6mD6mj+vj+oQ+oU/qk/q0Pq3P6DP6rD6rz+vz+oK+oC/qi/qSvpR72hfIQAY60EG+IF8QE8QEsUFsEBfEBQWDgkEkiATxQXxQKLg+KBwUCYoGxYKEoHhQIjABBjagIAxKBqWCaHBDUDq4MUgMygRlg3KBC8oHScFNQYXg5qBicEtQKbg1qBzcFlQpIIJqQfXg9qBGcEdQM6gV1A7uDOoEdYN6Qf3grqBBcHfQMLgnaBTcGzQO7guaBPcHTYMHgmbBg0Hz4KGgRfBw0DJ4JGgVtA7aBG2Ddn9dP6j6O+p7f7bIY66f6W9SzAAz0LxoBpnBZogZaoaZl8xw87IZYV4xqWakGWVeNaPNa2aMed2MNePMePOGmWAmmklmsplippo086aZZt4y083bZoaZaWaZ2WaOmWvmmXfMfLPALDTvmkXmPbPYLDFLzTKTbt43GWa5yTQfmBXmQ5NlVppVZrVZY9aadWa92WA2mk1ms9litpptZrvZYT4yO80us9vsMXvNPrPffGwOmE/MQfOpyTafmUPmj+aw+dwcMV+YHPOlOWq+MsfM1+a4+cacMN+ak+aUOW2+M2fM9+asOWfOmx/MBfOjuWh+MpeMzz25z/14R40a82E+jMEYjMVYjMM4LIgFMYIRjMd4LISFsDAWxqJYFBMwAUtgCcxFSFgSS2IUo1gaS2MiJmJZLIsOHSZhElbAClgRK2IlrISVsTJWwSpYDavh7Xg73oF3YC2shXfinVgX62J9rI8NsAE2xIbYCBthY2yMTbAJNsWm2AybYXNsji2wBbbEltgKW2EbbIPtsB22x/bYATtgJ+yEnbEzdsEumIzJ2BW7Yjfsht2xO/bAHtgTe2Iv7IV9sA/2xb7YD/thCqbgQByIg3AQDsEhOAyH4XAcjiNwBKZiKo7CUTgaR+MYHINjcRyOxzdwAk7ESTgZp+BUTMM0nIbTcDpOxxk4A2fhLJyDc3AezsP5OB8X4kJchItwMS7GpbgU0zEdMzADMzETV+AKzMIsXIWrcA2uwXW4DjfgBtyEm3ALbsFtuA134A7ciTtxN+7GvbgX9+N+PIAH8CAexGzMxkN4CA/jYTyCRzAHc/AoHsVjeAyP43E8gSfwJJ7E03gaz+AZPItn8Tyexwv4I17En/ASeoyxUsTaq2ycvdoWtNfYGFvA/nlc1BazCba4LWGNLWyL/EWM1tpEW8aWteWss+Vtkr3pV3EVW9VWs9Xt7baGvcPW/FXcwN5tG9p7bCN7r61v7/qLuLG9zzaxD9um9hHbzLa2zW1b28I+bFvaR2wr29q2sW1tZ/uE7WKftMn2KdvVPv2rOMMutxvsRrvJbrYH7Cf2vP3BHrNf2wv2R9vP9rfD7Et2uH3ZjrCv2FQ78lfxePuGnWAn2kl2sp1ip/4qnmVn2zl2rp1n37Hz7YJfxen2fbvIZtrFdoldapf9HOf2lGk/sCvshzbLrrSr7Gq7xq616+z6/+x1td1qt9ntdr/92O60u+xuu8futft+jnOP46D91Gbbz+xR+5U9bD+3R+xxm2O//DnOPb7j9ht7wn5rT9pT9rT9zp6x39uz9tzPx5977N/Zn+wl660gIEmKNAWUj/JTDBWgWLqK4uhqKkjXUISupXi6jgrR9VSYilBRKkYJVJxKkCEkS0QhlaRSFKUbqDTdSIlUhspSOXJUnpLoJqpAN1NFuoUq0a1UmW6jKlSVqlF1up1q0B1Uk2pRbbqT6lBdqkf16S5qQHdTQ7qHGtG91JjuoyZ0PzWlB6gZPUjN6SFqQQ9TS3qEWlFrakNtqR09Su3pMepAHakT5fvlXseTlExPUVd6mrr96fce6FnqSc9RL+pNfeh56ksvUD/qTyk0gAbSizSIBtMQGkrD6CUaTi/TCHqFUmkkjaJXaTS9RmPodRpL42g8vUETaCJNosk0haZSGr1J0+gtmk5v0wyaSbNoNs2huTSP3qH5tIAW0ru0iN6jxbSEltIySqf3KYOWUyZ9QCvoQ8qilbSKVtMaWkvraD1toI20iTbTFtpK22g77aCPaCftot20h/bSPtpPH9MB+oQO0qeUTZ/RIfojHabP6Qh9QTn0JR2lr+gYfU3H6Rs6Qd/SSTpFp+k7OkPf01k6R+fpB7pAP9JF+okukScRQihDFeowCPOF+cOYsEAYG14VxuW+lOE1YSS8NowPrwsLhdeHhcMiYdGwWJgQFg9LhCbE0IYUhmHJsFQYDW8IS4c3holhmbBsWC50YfkwKbwprBDeHFYMbwkrhbeGlcPbwiph1fDhe6uHt4c1wjvCmmGtsHZ4Z1gnrBvWC+uHd4UNwrvDhuE9YaPw3rBieF/YJLw/bBo+EDYLHwybhw+FLcKHw5bhI2GrsHXYJmwbtgsfDduHj4Udwo5hp/DxsHP4RNglfDJMDp8Ku4ZP/+b+lHBAODB8MXwx9P4etTS6LJoefT+aEV0ezYx+EF0R/TCaFV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3RbdHvW+fn7hwEmnnHaBy+fyuxhXwMW6q1ycu9oVdNe4iLvWxbvrXCF3vSvsiriirphLcMVdCWccOuvIha6kK+Wi7gZX2t3oEl0ZV9aVc86Vd0murWvn2rn27jHXwXV0ndzj7nH3hHvCPemedE+5ru5p1839wXV3z7ge7ln3rHvO9XK9XR/3vOvrXnD9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLzXFz3Dw3z813891Ct9AtSlzkFrvFbqlb6tJdustwGS7TZboVboXLcllulVvl1rg1bp1b5za4DW6T2+S2uC1um9vmdrgdbqfb6Xa73W6v2+v2u/3ugDvgDrqDLttlu0PukDvsDrsj7guX4750R91X7pj72h1337gT7lt30p1yp9137oz73p1159x594O74H50F91P7pLzLi3yZmRa5K3I9MjbkRmRmZFZ8Mu7QuSdyPzIgsjCyLuRRZH3IosjSyJLI8si6ZH3IxmR5ZHMyAeRFZEPI1mRlZFVkdWRNZG1Ee+L7wx9SV/KR/0NvrS/0Sf6Mr6sL+edL++T/E2+gr/ZV/S3+Er+Vl/Z3+ar+Kq+mn/Et/KtfRvf1rfzj/r2/jHfwXf0nfzjvrN/wnfxT/pk/5Tv6p/23fwffHf/jO/hn/U9/XO+l+/t+/jnfV//gu/n+/sUP8AP9C/6QX6wH+KH+mH+JT/cv+xH+Fd8qh/pR/lX/Wj/mh/jX/dj/Tg/3r/hJ/iJfpKf7Kf4qT7Nv+mn+bf8dP+2n+Fn+ll+tp/j5/p5/h0/3y/wC/27fpF/zy/2S/xSv8yn+/d9hl/uM/0HfoX/0Gf5lX6VX+3X+LV+nV/vN/iNfpPf7Lf4rX6b3+53+I/8Tr/L7/Z7/F6/z+/3H/sD/hN/0H/qs/1n/pD/oz/sP/dH/Bc+x3/pj/qv/DH/tT/uv/En/Lf+pD/lT/vv/Bn/vT/rz/nz/gd/wf/oL/qf/CX+mzXGGGOMsf8W9Rv7B/yN78lftlwDhRBX7yqW89c1txT+j/VgmdA5IoR4qn/PB/+01amTkpLyy2OzlAhKLck9476c//PV+i/xStFJPCGSRUdR4W/2N1j2vkC/UT96qxCx/9m5EDHiT/Gf17/5v6j/6OPjMyqH5+P/Tv0lQiSWupxTQFyOL9ev+F/UL9L+N/ov8HmaEB3+LCdOXI4v108Sj4mnRfJfPPJnBf/mEzPGGGOMMcYYy1MGy2rdf+v6Off6PEFfzskvLse/dX3OGGOMMcYYY4yxK++Z3n2efDQ5uWP3//uLQPxLtMGLy4uUf402ePE/WFzpdybGGGOMMcbYP9vlk/4r3QljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZZ3/W/8O7ErfYyMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYlfb/AgAA///6QTKO") r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9000, &(0x7f0000000000)={0x0, 0x87}, 0x20) 5m45.094307348s ago: executing program 0 (id=1569): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x10, 0x0, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e1a0200000000002604fdffff02000014010000030000001d140000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400000000000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x3, 0x9fa, 0x85, 0x41}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623"], &(0x7f00000001c0)='GPL\x00'}, 0x94) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r0}, 0x38) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 5m43.680163323s ago: executing program 0 (id=1574): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = eventfd2(0x74a6, 0x0) writev(r1, &(0x7f0000001780)=[{&(0x7f0000000280)="00ffffffffffffff", 0x8}], 0x1) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) 5m43.315912455s ago: executing program 35 (id=1574): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = eventfd2(0x74a6, 0x0) writev(r1, &(0x7f0000001780)=[{&(0x7f0000000280)="00ffffffffffffff", 0x8}], 0x1) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1m31.907318645s ago: executing program 5 (id=2926): timer_create(0xfffffffc, 0x0, &(0x7f00000011c0)=0x0) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) clock_gettime(0x4, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) timer_settime(r0, 0x1, &(0x7f0000000140)={{}, {r2, r3+10000000}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r5 = gettid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x6, 0x7fc00100}]}) ioprio_set$uid(0x3, 0x0, 0x4000) tkill(r5, 0x7) close_range(r4, 0xffffffffffffffff, 0x0) 1m30.575180526s ago: executing program 5 (id=2933): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000002700), r3) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040) 1m29.367986985s ago: executing program 5 (id=2938): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x442, 0x1ff) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0x2, 0x2, 0x2, 0x7}, 0x3b, [0x401, 0x7ff, 0x401, 0x8, 0x10000, 0x45, 0x200, 0x1, 0x7, 0x290, 0xfc, 0x80000000, 0x8, 0x3, 0xfffffd05, 0x9, 0x50d6, 0x7ff, 0xc, 0x0, 0xd4, 0x4, 0x5, 0x1d231da2, 0x6, 0x5, 0x0, 0x9, 0x0, 0x3, 0x101, 0xfffffffd, 0x800, 0xfffffff7, 0x9, 0x7, 0x8, 0x9, 0xf94d, 0x7, 0x3, 0xffffff00, 0x0, 0x575c, 0x2, 0x5a, 0x2, 0x0, 0x5, 0x5, 0x1, 0x2, 0x1, 0x3, 0x6, 0x670, 0x9, 0x1, 0x2, 0x9b2, 0x0, 0x2, 0x1, 0x1], [0x4, 0xfff, 0xa, 0xfffff2e1, 0x9ca4, 0xffffffff, 0x1, 0x7f, 0x72a8, 0x400, 0x86, 0x2, 0x4, 0x56e, 0x6, 0x4, 0x1100, 0x88a, 0x2, 0x8, 0xb2, 0x106c, 0xa2b8, 0xc60, 0x6740, 0xf2f1, 0x5, 0x1, 0x5, 0xfffffffd, 0x3, 0x0, 0x7fffffff, 0x1, 0x81, 0x6, 0x6, 0x0, 0x183, 0x401, 0x6, 0xf, 0xd349, 0x9, 0x6, 0x0, 0x9, 0x0, 0x7fff, 0x2, 0xffffffb1, 0x4, 0x6, 0x6, 0x9, 0x1, 0x2, 0x800, 0x4, 0x3, 0x4, 0x7fffffff, 0xc2577134, 0x7], [0x4, 0x5, 0x8, 0x2, 0x5, 0x80, 0xfffffff7, 0x3, 0x7, 0xb5, 0xfffffffa, 0x100, 0x0, 0x1, 0x4, 0x7, 0x8a85, 0x4, 0x430fb4df, 0x7, 0x7, 0x8, 0x8, 0x2, 0x2, 0x9, 0x1000, 0x54e934b9, 0x37, 0x10001, 0x0, 0x8000, 0x32, 0x4, 0x6, 0x6, 0x5, 0xcfc, 0x6, 0x9, 0x2, 0xe, 0x0, 0x7f, 0xffffffff, 0x20000000, 0xfffffffd, 0x5, 0x0, 0xa, 0x7fffffff, 0xffffffc0, 0x5, 0x6, 0xfff, 0x101, 0x400007, 0x4, 0x2, 0x3, 0x5, 0x83, 0xfffffff8, 0xb6], [0x4, 0x2, 0x4, 0x1, 0x6, 0x7, 0x2, 0x9, 0x16, 0x0, 0x7fff, 0x7fff, 0xd, 0x1, 0x5, 0x5, 0x4, 0x9, 0x20000005, 0x8, 0x7, 0x2, 0x4689, 0xe97f, 0x80000000, 0x5, 0xcd3, 0x80000000, 0x5, 0x8001, 0x8, 0x26419275, 0x80000001, 0x3, 0xfff, 0x8, 0xef7, 0x4ff, 0x1, 0xfffffff0, 0x7, 0x7b9, 0x4000052a, 0x5, 0x0, 0x6, 0x7fff, 0x7, 0x3ff, 0x0, 0x0, 0xb2a, 0x3, 0x189f, 0x9, 0x9, 0xffff, 0xd, 0xfb9, 0x77, 0x5, 0xfffffffa, 0x6e, 0x1]}, 0x45c) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d0200000000000000000000000038"], 0x51) r3 = fanotify_init(0x10, 0x1000) r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r3, 0x641, 0x8001018, r4, 0x0) close(r2) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 1m26.195789555s ago: executing program 5 (id=2943): syz_mount_image$udf(&(0x7f00000001c0), &(0x7f0000000100)='./file1\x00', 0x1004000, &(0x7f00000003c0)={[{@gid}, {@gid_forget}, {@undelete}, {@longad}, {@utf8}, {@unhide}, {@adinicb}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@uid_forget}, {@rootdir={'rootdir', 0x3d, 0x6}}, {@anchor={'anchor', 0x3d, 0x7}}, {@gid_forget}, {@session}, {@umask={'umask', 0x3d, 0x3}}, {@umask={'umask', 0x3d, 0xffffffff}}]}, 0x1, 0xc39, &(0x7f0000000a80)="$eJzs3U9sHNd9B/DfG3HFpdxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRMSOSEml/Pjb13Z19b/a9mfWMLOi3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiD945fKZs+lxjwIAeJSujn75zDn3fwD4SLn+8P//X9/zwQAAAAAAAAAAAAAAAFtJUcSTkWL26moar5531K+0a3fvjQ2PbN1tIFU9j1Tty5/62XPnL3zhhaGL3bzSnv4F/ffap+O10euXGy/P3Jmdm5yfn5xojE23b85MTO54D7vtv9mp6gA07rx+d+LWrfnGuefPb3j53uD7/U+cGLw09OzpZ7ptx4ZHRkbXm9S3fPiQtqvwOBpFnI4Uz33nx6kVEUXs/ljUH+2532ygmsSpahJjwyPVRKbaremF8sVr3QNRRDR6OjW7x2jrcxF9tUc6h+01IxbL4ZcDPlVOb3S2Nde6MTXZuNaaW2gvtGemr6XOaMv5NKKIiyliKSJW+h/cXS2K6IsU3zq+mm5ExJHucfh8VRi8/TiKfZzjDpTjbNQilopDcM4OsP4o4tVI8ZN3TsbN8pjln/hcxKtlfi/irTJfikjlB+NCxHtbfI44nPqiiL8sz/+l1TRRXQ+615UrX2l8afrWTE/b7nXll7w/PHCleEz3h4FN+Wgc8GtTPYpoVVf81fTwv9kBAAAAAAAAAAAAAAAAYK8NRBGfihSv/MefVHXFUdWlH7809IeDv9pbM/70B+ynbPt8RCwWO6vJPZoLA6+laynttJZY3emeq0cRf5rr/77xuAcDAAAAAAAAAAAAAAAAAADwkVbEjyLFi++eTEvRu6Z4e/p243rrxlRnVdju2r/dNdPX1tbWGqmTzZzjORdzLuVczrmSM4rcP2cz5/hAZ8eL+flSzuWcKznjSO6fs5lzPOdizqWcyzlXckZf7p+zmXM852LOpZzLOVdyxgFZuxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MOkiCJ+Fim++bXVFCkimhHj0cnl/sc9OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg1J+K+G6kaPxR8/62vohI1b8dJ8tfLkTzaJkfj+ZQmS9F83LOVpV9zW88hvGzO7VUxA8jRX/97fsnPJ//WufZ/Y9BvPX19Wef7uvkke6Lg+/3P3Hi+KWhkd94ervHaasBnLrSnr57rzE2PDIy2rO5L7/7x3u2Deb3LfZm6kTE/Btvvt6ampqce/gH5UdgF90P0YPUd/BnWjvwIzxED6LvQAzj8cydj4Dy/v9epPjdd/+ze8Pv3P/r8SudZ/fv8PHTP1u//7+4eUc7vP/3be6X7//lPX2r+/+TPdtezL8bqfVF1BfuzNZORNTn33jzdPtO6/bk7cnpC2fOfHFo6Ivnz9SORtRvtacmex7tyeECAAAAAAAAAAAAAAAAeHRSEb8fKVo/XE2NiLhX1WsNXhp69vQzR+JIVW+1oW77tdHrlxsvz9yZnZucn5+caIxNt2/OTEzu9O3qVbnX2PDIvkzmAw3s8/gH6i/PzL4x1779xwtbvn6sfvnG/MJc6+bWL8dAFBHN3i2nqgGPDY9Ug55qt6arrte2LKb/5dVSEf8VKW5eaKTP5m25/n9zhf+G+v/FzTvap/r/j/VsK98zpSJ+Gil+56+ejs9W4zwWDxyz3O7vIsWpi5/J7eJo2a47hs73CnQqA8u2/xcp/ulnG9t26yGfXG97dscH9pAoz//xSPHdv/h2/GbetvH7H7Y+/8c272ifzv9TPduObfi+gl1PnXz+T0eKl558O34rb0sRi9t9/0f3uzdO5sb3v59jn87/J3q2Deb3/e29mToAAAAAAAAAAMChVktF/H2k+P5IX3ohb9vJ3/+b2Lyjffr7X5/s2TaxN+sVfeCDXR9UAAAAADggaqmIH0WK2wtv36+h3lj/3VP/+Xvr9Z/DadOr1Z/z/Vr1vQF7+ed/vQbz+47vftoAAAAAAAAAAAAAAAAAAABwoKRUxAt5PfXxqp5/Ytv11JcjxSv/81xul06U7brrwA9Wv9avzkyfvjw1NXOztdC6MTXZGJ1t3Zws+z4VKVb/9jO5b1Gtr95db76zxvv6WuxzkWLkH7ptO2uxd9cmf2q97dmy7ccixX//48a23XWsP7He9lzZ9m8ixVf/Zeu2J9bbni/bfjtS/OCrjW7bY2Xb7vejfnK97fM3Z4p9OCsAAAAAAAAAAAAAAAAAAAB81NRSEX8eKf73ztL9Wv68/n+t52nlra/3rPe/yb1qnf/Bav3/7R4/zPr/1fcKLG73rgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OGUoog3I8Xs1dW03F8+76hfaU/fvTc2PLJ1t4FU9TxStS9/6mfPnb/whReGLnbzF/ffa5+K10avX268PHNndm5yfn5yojE23b45MzG54z3stv9mp6oD0Ljz+t2JW7fmG+eeP7/h5XuD7/c/cWLw0tCzp5/pth0bHhkZ7WnTV3vod39A2mb70SjiryPFc9/5cfp+f0QRuz8WH/DZ2W8D1SROVZMYGx6pJjLVbk0vlC9e6x6IIqLR06nZPUaP4FzsSjNisRx+OeBT5fRGZ1tzrRtTk41rrbmF9kJ7Zvpa6oy2nE8jiriYIpYiYqX/wd3VoojXI8W3jq+mf+2PONI9Dp+/OvrlM+e2H0exj3PcgXKcjVrEUnEIztkB1h9F/HOk+Mk7J+Pf+iP6ovMTn4t4tczvRbwVnfOdyg/GhYj3tvgccTj1RRH/X57/S6vpnf7yetC9rlz5SuNL07dmetp2ryuH/v7wKB3wa1M9ivhBdcVfTf/uv2sAAAAAAAAAAAAAAACAA6SIX48UL757MlX1wfdritvTtxvXWzemOmV93dq/bs302traWiN1splzPOdizqWcyzlXckaR++dslllfWxvPzxdzLuVczrmSM47k/jmbOcdzLuZcyrmccyVn9OX+OZs5x3Mu5lzKuZxzJWcckNo9AAAAAAAAAAAAAAAAAADgw6Wo/knxza+tprX+zvrS49HJZeuBfuj9PAAA//9ns/d3") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000001740)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fchdir(r2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r3, &(0x7f00000102c0)={0x2020}, 0x7) 1m23.761854912s ago: executing program 5 (id=2949): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_mount_image$ext4(&(0x7f0000000180)='ext2\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f0000000280), 0x1, 0x51a, &(0x7f0000000f00)="$eJzs3c9vI1cdAPCvnThxfnSTlh4AQbu0hQWt1km8bVT1AOWIUCVEjyBtQ+KNothxFDulCXtIz1yRqMSJHvkDOPfEgRsXBDcuywGJHxFog8TBaMaTrDdrb6xNYqfx5yON5r2ZWX+/L868t36O/QIYWTcj4iAiJiLig4iYy47nsi3ebW/JdY8OH6weHT5YzUWr9f4/c+n55Fh0/JvETPaYxYj44acRP8k9Hbext7+5Uq1WdrL6QrO2vdDY27+zUVtZr6xXtsrl5aXlxbfvvlW+sLa+WpvISl99+IeDb/0sSWs2O9LZjovUbnrhJE5iPCK+fxnBhmAsa8/EsBPhueQj4qWIeC29/+diLH02AYDrrNWai9ZcZx0AuO7y6RxYLl/K5gJmI58vldpzeC/HdL5abzRv36/vbq2158rmo5C/v1GtLGZzhfNRyCX1pbT8uF4+Vb8bES9GxC8mp9J6abVeXRvmf3wAYITNnBr//zPZHv8BgGuuOOwEAICB6zH+Hww6DwBgcLz+B4DRY/wHgNFTTL/DYWrYaQAAA+T1PwCMHuM/AIyUH7z3XrK1jrLvv177cG93s/7hnbVKY7NU210trdZ3tkvr9fp6+p09tbMer1qvby+9GbsfzX97u9FcaOzt36vVd7ea99Lv9b5XKaRX+WQBAAzTi69+9udcMiK/M5Vu0bGWQ2GomQGXLT/sBIChGetRBq4/q33B6DrHa3zTA3BNdFmi9wnF6PIBoVar1bq8lIBLdutL5v9hVHXM//srYBgx5vxhdJn/h9HVauX6XfM/+r0QALjazPEDPd7/fynb/yZ7c+DHa6ev+OQyswIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICr7Xj931K2Fvhs5POlUsQLETEfhdz9jWplMSJuRMSfJguTSX1pyDkDAOeV/1suW//r1twbs0+cemXmpDgRET/91fu//Gil2dz5Y8RE7l+Tx8ebn2THy4PPHgA42/E4ne47Xsg/OnywerwNMp+/fzciiu34R4cTcXQSfzzG030xChEx/e9cVm/LdcxdnMfBxxHxxW7tz8VsOgfSXvn0dPwk9gsDjZ9/In4+PdfeJz+LL1xALjBqPkv6n3e73X/5uJnuu9//xbSHOr+s/0seavUo7QMfxz/u/8Z69H83+43x5u++1y5NPX3u44gvj0ccxz7q6H+O4+d6xH+jz/h/+corr/U61/p1xK3oHr8z1kKztr3Q2Nu/s1FbWa+sV7bK5eWl5cW3775VXkjnqBd6jwb/eOf2jV7nkvZP94hfPKP9X++z/Z/+74Mffe0Z8b/5erf4+Xj5GfGTMfEbfcZfmf5tsde5JP5aj/af9fzf7jP+w7/uP7VsOAAwPI29/c2VarWy86zCjaOIs675XBaiv4t/n/2wrkTOI11InoUrkEbXwnc6jszEJcaa6HEz/vz19q/pZETnL3ar9VyxevUYFzHrBlwFJzd9RPx32MkAAAAAAAAAAAAAAABdDeLTUcNuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANfX/wMAAP//jMfJaQ==") madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 1m19.467313738s ago: executing program 5 (id=2966): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xb, 0x1000}, 0x50) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0x1, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x3, 0xff, 0x81, 0x1000057e, 0xfffffffffbfffffd, 0x4002004c4, 0xfffffffffffffffa, 0x3, 0x8, 0x10, 0x1, 0x2, 0x0, 0x8, 0xfffffffffffff001], 0x10000, 0x2100}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000280), &(0x7f0000000300)=@udp6=r0, 0x2}, 0x20) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r3, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 1m18.308665234s ago: executing program 36 (id=2966): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xb, 0x1000}, 0x50) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0x1, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x3, 0xff, 0x81, 0x1000057e, 0xfffffffffbfffffd, 0x4002004c4, 0xfffffffffffffffa, 0x3, 0x8, 0x10, 0x1, 0x2, 0x0, 0x8, 0xfffffffffffff001], 0x10000, 0x2100}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000280), &(0x7f0000000300)=@udp6=r0, 0x2}, 0x20) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r3, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 21.651380906s ago: executing program 4 (id=3159): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4000000000000, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$6lowpan_control(r2, &(0x7f0000000240)='disconnect aa:aa:aa:aa:aa:10 1', 0x1e) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) 20.431942604s ago: executing program 4 (id=3163): setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x3, 0xc, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmmsg$unix(r2, &(0x7f0000007b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2404c05c}}], 0x1, 0x2000c080) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x511}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 16.15090936s ago: executing program 9 (id=3174): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfc4e, 0x5, 0x101}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffbb4, 0x5, 0x5, 0x6e0, 0x5}, 0x51}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x884}, 0x40) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f00000004c0)=@xdp={0x2c, 0x0, r3, 0x18}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000001c0)="27030200dc0f14000e0005000024c10200000006125ce882cbf400930bf4533f00429c65112a093bbf60b85bcb06", 0x2e}], 0x1}, 0x4005) 14.787020853s ago: executing program 9 (id=3178): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x800) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x2, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0xfffffffffffffffd}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x200001, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 10.76086673s ago: executing program 9 (id=3191): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) mprotect(&(0x7f0000053000/0x3000)=nil, 0x3000, 0x1000002) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) unshare(0x22020400) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmmsg(r1, &(0x7f0000002b40)=[{{&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x2, {{0x43, 0x3}, 0x1}}, 0x80, 0x0}}], 0x1, 0x8000) ioctl$VIDIOC_SUBDEV_S_EDID(0xffffffffffffffff, 0xc0285629, 0x0) 7.322090399s ago: executing program 8 (id=3198): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x800, 0x4) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x33e000, 0x1000}, 0x20) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000340)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) bind$xdp(r1, &(0x7f0000000280)={0x2c, 0x1, r3, 0x3c, r2}, 0x10) 7.29843737s ago: executing program 9 (id=3199): r0 = socket(0x10, 0x3, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000200)={0x40, 0x15, 0xa2, "941339e399fb0d5322214275e2487f41868d71455aa0e63fe29305a5eb72b5e914051a41db7b9a1382cfabd01bb11311ad7b64a18f147e68dea2fbe048e73c578396e08f304687ce29f74da4509a83fc8f0cdca73eb9810591ba4f25b98a18d866a7733384eba09127db1f3785764c69f9943e63c8d1f21af5dc3bab5e1f29b0f302f60cb615ed790b5faf9fef85063dfaf3b21bcec5c914ce06caedd105670f1b1b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e145000905"], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000140)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000040)={0x7, @output={0x0, 0x0, {0x8, 0x4}, 0x4, 0x14fb7b31}}) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r4}}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x4004080) write(r0, &(0x7f0000000000)="240000001e005f0214f6ffff12fffff80700fff10200000000000000080083009c0d0000", 0x24) 6.795277606s ago: executing program 8 (id=3202): socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) timer_create(0x2, 0x0, &(0x7f0000000280)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_gettime(r1, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x50) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000440)={@mcast1, 0x30, r0}) syz_emit_ethernet(0x6a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd605abc8000343c00fc0000000000000000000000000000ffff0200000000000000000000000000010003000000000000c910ff0200000000000000000000000000010708000800000c90780100"/106], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x20}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x4a}, 0x20) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x800, 0x0) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040)='exfat\x00', 0x18, &(0x7f0000000340)='debug') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) 5.997048761s ago: executing program 4 (id=3204): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x138, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x10) 5.960810582s ago: executing program 3 (id=3205): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_access\x00', 0x0, 0x1c, 0x1) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x2, 0x0, 0x2, 0xd, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa0000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}, @sadb_x_nat_t_type={0x1}]}, 0x68}, 0x1, 0x7}, 0x0) 5.760883778s ago: executing program 8 (id=3206): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x37, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0xffffff9e, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x18000000, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x8}]}, @NFT_MSG_NEWSETELEM={0x74, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x4, 0x6, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x480}}}]}]}]}]}], {0x14, 0x10}}, 0xe4}}, 0x0) 4.325622924s ago: executing program 4 (id=3208): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key(&(0x7f0000000140)='dns_resolver\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3ab0a281077b472f633f263e6cec7a46ae5a30d3b4a34df3f57560217ec82ad86f90bcdc0538fb8d3974e4345d3653747b5e8e4effd9e38b7d65a6e70ead21cf7dfda1f078866875d57cfd0e398fea002ae797187ebfa9f216c998eb937235458bcf702c6ae803dfa6793c87e4471f181c01ac16cb88a61517b028928a8d3768eb6c7ffe91ec60acba2e36b0f517bc3469e9ab5a000c95300c7e59dfa32e844a00ababe920de9e0700a7a15450d9c090d2d2dff7170fd51617a", 0xc6, 0xfffffffffffffffe) 4.234278457s ago: executing program 7 (id=3209): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x11}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x4) 4.11055526s ago: executing program 3 (id=3210): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x56, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20000c}], 0x1) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000900)=r6, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2f, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001640)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfc, {0x60, 0x0, 0x0, r7, {}, {0xffe0, 0xa}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1889}, @TCA_TBF_RATE64={0xc, 0x4, 0xb78fea3163f663ab}, @TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0xfffa, 0x9, 0x9, 0x4}, {0x71, 0x2, 0x4, 0x8, 0x7, 0x101}, 0x0, 0x7, 0x1aa2}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xf0cda79ea301acfa}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0xc5}, 0xc010) 4.096407501s ago: executing program 8 (id=3211): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x687, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@nat={'nat\x00', 0x670, 0x5, 0x418, 0xf0, 0xf0, 0xfeffffff, 0x198, 0x198, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {0xff}, 0x6}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0xf}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @multicast1, @gre_key=0x20dd, @gre_key=0x2}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@ttl={{0x28}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@icmp={{0x28}, {0x5, '2<', 0x1}}, @common=@unspec=@owner={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x7}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev, @port, @icmp_id=0x65}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) 3.877225428s ago: executing program 4 (id=3212): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x9102}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x40480, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x5, 0x6361, 0x5, 0xffffffff, 0x407}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd, 0x101}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x80) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r6, 0x4}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000180)="27030200590214000600006fb96dbcf7", 0x10}, {&(0x7f0000000640)="0b676ae7ce0aa301d6ff23b6557b3e02be56268cb67cc8df76c62092c9dc73bf02e2fbfd0d14f594db9a8faca2d1ee15bc4c2c588479eb0b462fed8714ae90e42c4c1477864b7c37d96279e5c380cb5f53b2983f7e1ec1fb074a8d4be7374be1c9b65b8587e435b5dc319cd5d25258ed81710608c0331449192c63736d71c7fbb72bd9ef8a3be726b464f445638ea32879fe12b88ebe8e141ba4b0efe8ae02c225a3c07cbd1c65a5f9a57267f88213743ea2ab323a2f8f1c50ecca7b6ee9a0fea79147e75e0eca42d7cf6d4d9a1e658e44cd8dc36a7b91cca77237962b41d760dd6e3aed631486ad0f453ef4501e60f923d992103a3845a67fca331897cac2bd51790acf2661efa41d90eda2061ce1aa53cbeab80229844f3954fe9ac6447af516907739ea3e6bbb832770194e6e655ec3a7ab80374b17059080c1fa21970d0147401a1ca1e58e3c86d77d116f4208299d7a3665898b2009c3752c786e4b45042b51366a133974ec564c9d2f0d7cbad234223a19b52e0efeccd654fd2bdd57df81cd7b478ef2b59f8446075d812f9d62e63d1b38375765aa7d63965484ef4d9b0b90ec00b39ac0430cbfee05cd73c34ad9922f50292d69194220339e3c923a9121d0e5ab3b7fc0bc6a33cc87d4cc23eb205848aa1febd8dd07bc25978ee5c6f83db659433b6187af151b76870a994fe4440c46b27fc4fae2e4ed9d711e652e6c397ccd89fc7181d168405d21d9f218508d0af65af34d43b95a83cdeb6a2bed82a8b75dcd514403aa7201818b9a0b5fe9c6ef1ce91bb73a66ee7c1a9a66b736f5556eb0d06ddef99bd96b0e9385db94623bbb509536211963e99cf3cacab5e61491086104702d8df7", 0x268}], 0x2}, 0x44081) 3.007257785s ago: executing program 8 (id=3213): syz_usb_connect$uac2(0x5, 0x83, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) gettid() read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000180)={0x335, @time={0x101, 0x10001}, 0x1b, {}, 0x2, 0x0, 0x6}) r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_macvtap\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r3 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}]}}, @TCA_STAB={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x10) 3.006993576s ago: executing program 3 (id=3214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) mlockall(0x7) brk(0x5d555ede6000) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100), 0x4) 2.972795496s ago: executing program 7 (id=3215): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be) sendmsg$tipc(r4, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f00000002c0)=@nameseq={0x1e, 0x1, 0x2, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0) 2.22317266s ago: executing program 7 (id=3216): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x90, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000600)="878b7cdfd4455cf49da7ba6f280ae012ce80389a2aefe4fd04084554d7015aba5330d1b817d6c08af29938b8a9bc2b83462ddadaad3a3a5c0181a0203e49b12c99ac8757fc317fe672938a06f89c133d615cf8c6"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.695094257s ago: executing program 4 (id=3217): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, r2}) 1.694813137s ago: executing program 3 (id=3218): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb62", 0x1c) socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1700, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0xfffffffffffffffc, 0x8000, 0x2, 0x10001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x7, 0x80000006}, 0x0, 0x0) 1.692413837s ago: executing program 9 (id=3219): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) accept4(r1, &(0x7f0000000740)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x60442, 0x0) dup(r2) recvmmsg$unix(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$uac2(0x4, 0x8b, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0}, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000200)}, 0xf) 1.487242473s ago: executing program 7 (id=3220): r0 = socket$inet6(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000808, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'erspan0\x00'}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000200)='bridge0\x00') ioctl$sock_SIOCBRDELBR(r3, 0x89a3, &(0x7f0000000200)='bridge0\x00') 1.485988793s ago: executing program 3 (id=3221): ioctl$BTRFS_IOC_DEFRAG_RANGE(0xffffffffffffffff, 0x8949, &(0x7f0000000000)={0xfffffffffffffffb, 0xd93a, 0x0, 0x0, 0x1, [0x0, 0x1ff]}) getresuid(0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@empty, 0x0, 0x4, 0x1, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe, 0x4}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000001"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x808}, 0x94) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x4040095}, 0x40010) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0) 1.255867811s ago: executing program 3 (id=3222): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x5, 0x41}]}) socket$nl_generic(0x10, 0x3, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f00000001c0)='\\', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r2, 0xa, 0x13) fcntl$setlease(r2, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.250691731s ago: executing program 8 (id=3223): syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x4) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000140)='.\x00', &(0x7f00000001c0), 0x10000, 0x0) 1.211237442s ago: executing program 7 (id=3224): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) removexattr(0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='nfsd\x00', 0x1000016, 0x0) 160.353525ms ago: executing program 9 (id=3225): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)={[{@data_err_ignore}, {@dioread_nolock}, {@errors_remount}, {@nouid32}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3a}}, {@dioread_lock}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x3) r0 = openat(0xffffffffffffff9c, 0x0, 0x442, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) write$binfmt_aout(r0, 0x0, 0x29) splice(r0, 0x0, r2, 0x0, 0x807, 0x0) vmsplice(r1, 0x0, 0x0, 0xd) timer_create(0x2, 0x0, &(0x7f00000000c0)=0x0) timer_settime(r3, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r4, &(0x7f0000000300)='./file0\x00', 0xffffffffffffff9c, 0x0, 0x32) 0s ago: executing program 7 (id=3226): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000010c0)={0x3, r0, 'id1\x00'}) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f0000001240)={0x3, 0x28, '\x00', 0x1, &(0x7f0000001200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001140)={0x11, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@alu={0x7, 0x0, 0xdde0e440e894aaa1, 0x9, 0x0, 0x0, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x5}, 0x94) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000180)={0xa, 0x0, 0x404000, @loopback, 0x7cfd1f0f}, 0x20) syz_read_part_table(0x10ab, &(0x7f0000000000)="$eJzs0MFJ9EAYBuA3f5JNll8Q7EDBoyXYgnV4sgEv24x92IngQQQrEHRHZhLMeU9enuewvPvl/WZCwp+6e8yxlDlJGetPP5Rd6t85+yS3z0vt8iYpXeY56Q7/6+T6tT3otqNq/C5Vt1tHpZRaG5Kuy0cb/evTtzC0S5LsMu2X9vl6ykWm1nl/S+os05hl6+FsqYyH3wuamvvPl6erHJL99k5bvJ+36ZhxTce6ObX4VU7+eMPJGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI9GwSgYBaNgFIyCUYAVAAIAAP//Ot0pnw==") r3 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x3, {0x8000, 0x6f2, 0x6, 0xff}}) r4 = socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) bind$l2tp6(r4, &(0x7f0000000000)={0xa, 0x7, 0x0, @local, 0x8}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) kernel console output (not intermixed with test programs): 9] EXT4-fs (loop5): free_blocks=0 [ 298.852790][ T9039] EXT4-fs (loop5): dirty_blocks=2956 [ 298.892828][ T9039] EXT4-fs (loop5): Block reservation details [ 298.929929][ T9039] EXT4-fs (loop5): i_reserved_data_blocks=2956 [ 299.136706][ T129] usb 6-1: unable to get BOS descriptor or descriptor too short [ 299.196510][ T129] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 299.216865][ T129] usb 6-1: can't read configurations, error -71 [ 299.823917][ T4932] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 900 with error 28 [ 299.917408][ T9081] netlink: 'syz.4.1399': attribute type 11 has an invalid length. [ 300.052918][ T7] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 300.241620][ T7] usb 8-1: Using ep0 maxpacket: 16 [ 300.252111][ T7] usb 8-1: config 0 has an invalid interface number: 105 but max is 0 [ 300.285988][ T7] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.341526][ T7] usb 8-1: config 0 has no interface number 0 [ 300.360925][ T7] usb 8-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 300.387374][ T7] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.407923][ T7] usb 8-1: Product: syz [ 300.412769][ T7] usb 8-1: Manufacturer: syz [ 300.418675][ T7] usb 8-1: SerialNumber: syz [ 300.430956][ T7] usb 8-1: config 0 descriptor?? [ 300.502704][ T9095] IPv6: sit1: Disabled Multicast RS [ 300.680407][ T9076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.719981][ T9076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.740944][ T4290] Bluetooth: hci4: Unknown advertising packet type: 0xb213 [ 300.741066][ T4290] Bluetooth: hci4: Malformed LE Event: 0x0d [ 300.742423][ T126] usb 8-1: USB disconnect, device number 6 [ 301.157652][ T9107] loop0: detected capacity change from 0 to 512 [ 301.247971][ T9107] EXT4-fs error (device loop0): ext4_get_branch:178: inode #13: block 2: comm syz.0.1408: invalid block [ 301.342729][ T9107] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1408: invalid indirect mapped block 10 (level 1) [ 301.425410][ T9107] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1408: invalid indirect mapped block 8 (level 1) [ 301.462906][ T9107] EXT4-fs (loop0): 1 truncate cleaned up [ 301.473184][ T9107] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 301.643229][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 301.951114][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 301.951132][ T26] audit: type=1326 audit(1781910181.092:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9123 comm="syz.0.1414" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7fc00000 [ 302.052024][ T26] audit: type=1326 audit(1781910181.142:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9123 comm="syz.0.1414" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd4bcd9ce59 code=0x7fc00000 [ 302.137527][ T26] audit: type=1326 audit(1781910181.142:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9123 comm="syz.0.1414" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7fc00000 [ 302.608863][ T9143] loop7: detected capacity change from 0 to 512 [ 302.735685][ T9143] EXT4-fs (loop7): Test dummy encryption mode enabled [ 302.753405][ T9148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1423'. [ 302.784944][ T9143] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 302.801629][ T9148] netlink: 10716 bytes leftover after parsing attributes in process `syz.0.1423'. [ 302.846669][ T9143] EXT4-fs error (device loop7): ext4_orphan_get:1431: comm syz.7.1422: bad orphan inode 131083 [ 302.895389][ T9143] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 302.902504][ T9148] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1423'. [ 302.976486][ T9148] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1423'. [ 303.301784][ T9143] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 303.331759][ T9164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1429'. [ 303.575402][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 305.091632][ T129] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 305.303582][ T129] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.325025][ T129] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 305.348899][ T129] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.388747][ T129] usb 8-1: config 0 descriptor?? [ 305.949775][ T129] usbhid 8-1:0.0: can't add hid device: -71 [ 305.961681][ T129] usbhid: probe of 8-1:0.0 failed with error -71 [ 305.994010][ T129] usb 8-1: USB disconnect, device number 7 [ 306.581657][ T129] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 306.793029][ T129] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.817635][ T129] usb 8-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 306.849391][ T129] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.905981][ T129] usb 8-1: config 0 descriptor?? [ 306.979755][ T9234] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1451'. [ 307.571911][ T9242] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1454'. [ 307.765765][ T129] aiptek 8-1:0.0: Aiptek using 400 ms programming speed [ 307.779240][ T129] input: Aiptek as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input6 [ 308.096435][ T7] usb 8-1: USB disconnect, device number 8 [ 308.096479][ C1] aiptek 8-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 308.794887][ T9271] loop5: detected capacity change from 0 to 1024 [ 308.850462][ T9271] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 309.054722][ T9271] EXT4-fs (loop5): unmounting filesystem. [ 310.036901][ T9304] loop0: detected capacity change from 0 to 1024 [ 310.065201][ T9304] EXT4-fs: Ignoring removed nomblk_io_submit option [ 310.088885][ T9309] netlink: 'syz.7.1479': attribute type 1 has an invalid length. [ 310.178358][ T9304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 310.294781][ T9309] 8021q: adding VLAN 0 to HW filter on device bond3 [ 310.425144][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 310.435662][ T9313] bond3: (slave veth1): Enslaving as a backup interface with a down link [ 310.495778][ T9318] bond3: (slave dummy0): Enslaving as a backup interface with an up link [ 310.512354][ T8859] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 310.556261][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 310.627487][ T9334] loop0: detected capacity change from 0 to 512 [ 310.661764][ T8858] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 310.683757][ T9334] EXT4-fs error (device loop0): ext4_orphan_get:1405: inode #15: comm syz.0.1486: iget: bad i_size value: 38620345925642 [ 310.718054][ T9334] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.1486: couldn't read orphan inode 15 (err -117) [ 310.731262][ T9334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 311.181551][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 311.844566][ T9334] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.1486: bg 0: block 5: invalid block bitmap [ 311.982463][ T9334] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 312.018974][ T9334] EXT4-fs (loop0): This should not happen!! Data will be lost [ 312.018974][ T9334] [ 312.050325][ T9334] EXT4-fs (loop0): Total free blocks count 0 [ 312.088195][ T9334] EXT4-fs (loop0): Free/Dirty block details [ 312.108094][ T9334] EXT4-fs (loop0): free_blocks=0 [ 312.115261][ T9334] EXT4-fs (loop0): dirty_blocks=2548 [ 312.120811][ T9334] EXT4-fs (loop0): Block reservation details [ 312.140846][ T9334] EXT4-fs (loop0): i_reserved_data_blocks=2548 [ 312.402190][ T9385] loop7: detected capacity change from 0 to 1024 [ 312.429293][ T9385] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 312.442303][ T9383] lo speed is unknown, defaulting to 1000 [ 312.452161][ T7] usb 1-1: unable to get BOS descriptor or descriptor too short [ 312.463208][ T9385] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.489872][ T7] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 312.528292][ T9385] EXT4-fs error (device loop7): ext4_map_blocks:747: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.551691][ T7] usb 1-1: can't read configurations, error -71 [ 312.609156][ T9385] EXT4-fs (loop7): Remounting filesystem read-only [ 312.644325][ T9392] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.661729][ T129] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 312.691853][ T9392] EXT4-fs (loop7): Remounting filesystem read-only [ 312.701701][ T9384] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.741087][ T9384] EXT4-fs (loop7): Remounting filesystem read-only [ 312.761730][ T9384] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.783320][ T9384] EXT4-fs (loop7): Remounting filesystem read-only [ 312.792202][ T9392] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.814347][ T9392] EXT4-fs (loop7): Remounting filesystem read-only [ 312.828333][ T9392] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.855706][ T129] usb 4-1: config 0 has no interfaces? [ 312.857731][ T9392] EXT4-fs (loop7): Remounting filesystem read-only [ 312.876639][ T129] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 312.892752][ T9384] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.897893][ T129] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.918873][ T9384] EXT4-fs (loop7): Remounting filesystem read-only [ 312.927098][ T9392] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 312.945360][ T129] usb 4-1: config 0 descriptor?? [ 312.955785][ T9392] EXT4-fs (loop7): Remounting filesystem read-only [ 313.001637][ T9392] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 313.033383][ T9392] EXT4-fs (loop7): Remounting filesystem read-only [ 313.040275][ T9384] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #15: comm syz.7.1503: lblock 0 mapped to illegal pblock 0 (length 1) [ 313.075156][ T8282] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 492 with error 28 [ 313.268358][ T9383] netlink: 'syz.3.1502': attribute type 1 has an invalid length. [ 313.453691][ T9383] device bond0 entered promiscuous mode [ 313.472222][ T9383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.535192][ T9411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.568944][ T9411] bond0: (slave vti0): The slave device specified does not support setting the MAC address [ 313.600757][ T9411] bond0: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 313.654260][ T9411] bond0: (slave vti0): making interface the new active one [ 313.691874][ T9411] device vti0 entered promiscuous mode [ 313.703758][ T9411] bond0: (slave vti0): Enslaving as an active interface with an up link [ 313.732823][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 313.781782][ T9420] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1513'. [ 313.840659][ T7] usb 4-1: USB disconnect, device number 6 [ 313.901050][ T9420] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1513'. [ 314.773510][ T46] bond0: (slave vti0): Releasing backup interface [ 314.798749][ T46] device vti0 left promiscuous mode [ 314.863346][ T46] bond0: Destroying bond [ 315.629376][ T46] bond0 (unregistering): Released all slaves [ 315.664478][ T9464] loop3: detected capacity change from 0 to 512 [ 315.784542][ T9464] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 315.811717][ T9464] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 316.789483][ T7782] EXT4-fs (loop3): unmounting filesystem. [ 317.265109][ T9500] loop0: detected capacity change from 0 to 16 [ 317.282782][ T9500] erofs: (device loop0): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 317.355414][ T26] audit: type=1326 audit(1781910196.502:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 317.428706][ T26] audit: type=1326 audit(1781910196.502:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 317.560658][ T26] audit: type=1326 audit(1781910196.532:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 317.679668][ T26] audit: type=1326 audit(1781910196.532:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 317.796350][ T26] audit: type=1326 audit(1781910196.532:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 317.910260][ T26] audit: type=1326 audit(1781910196.532:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 318.013429][ T26] audit: type=1326 audit(1781910196.532:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 318.119574][ T26] audit: type=1326 audit(1781910196.532:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 318.220518][ T26] audit: type=1326 audit(1781910196.532:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9499 comm="syz.0.1540" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fd4bcd9ce59 code=0x7ffc0000 [ 318.555184][ T9513] ip: renamed from gretap0 [ 318.954459][ T9519] loop5: detected capacity change from 0 to 1024 [ 319.042468][ T9519] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 319.367271][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 319.563825][ T9534] loop5: detected capacity change from 0 to 128 [ 319.622622][ T9534] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 319.636672][ T9534] ext4 filesystem being mounted at /249/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 319.756776][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 320.626881][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1562'. [ 320.767611][ T9566] loop0: detected capacity change from 0 to 256 [ 320.778092][ T9557] device bridge_slave_1 left promiscuous mode [ 320.789640][ T9557] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.822998][ T9566] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x8277d129, utbl_chksum : 0xe619d30d) [ 321.259383][ T9553] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1559'. [ 321.341020][ T9578] loop3: detected capacity change from 0 to 512 [ 321.433732][ T9578] EXT4-fs error (device loop3): ext4_orphan_get:1405: inode #15: comm syz.3.1568: iget: bad i_size value: 38620345925642 [ 321.473914][ T9578] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.1568: couldn't read orphan inode 15 (err -117) [ 321.496139][ T9578] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 321.704815][ T26] audit: type=1326 audit(1781910200.852:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9584 comm="syz.4.1571" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89119ce59 code=0x0 [ 321.921588][ T129] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 322.237174][ T9594] netlink: 'syz.5.1573': attribute type 1 has an invalid length. [ 322.328757][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.335241][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.353232][ T9578] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.1568: bg 0: block 5: invalid block bitmap [ 322.367429][ T9594] 8021q: adding VLAN 0 to HW filter on device bond4 [ 322.396766][ T9578] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 322.453058][ T9578] EXT4-fs (loop3): This should not happen!! Data will be lost [ 322.453058][ T9578] [ 322.477666][ T9596] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.487639][ T9578] EXT4-fs (loop3): Total free blocks count 0 [ 322.522196][ T9578] EXT4-fs (loop3): Free/Dirty block details [ 322.534809][ T9596] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.540213][ T9578] EXT4-fs (loop3): free_blocks=0 [ 322.562869][ T9578] EXT4-fs (loop3): dirty_blocks=2504 [ 322.579487][ T9578] EXT4-fs (loop3): Block reservation details [ 322.598674][ T9578] EXT4-fs (loop3): i_reserved_data_blocks=2504 [ 322.605063][ T9596] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.655354][ T9596] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.691601][ T9596] bond4: (slave geneve2): making interface the new active one [ 322.738645][ T9596] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 322.770177][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 322.915737][ T129] usb 4-1: unable to get BOS descriptor or descriptor too short [ 322.934982][ T129] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 322.951454][ T129] usb 4-1: can't read configurations, error -71 [ 322.980754][ T9596] syz.5.1573 (9596) used greatest stack depth: 20224 bytes left [ 323.141978][ T26] audit: type=1326 audit(1781910202.292:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.191471][ T26] audit: type=1326 audit(1781910202.292:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.258107][ T26] audit: type=1326 audit(1781910202.322:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.288747][ T26] audit: type=1326 audit(1781910202.322:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.326876][ T26] audit: type=1326 audit(1781910202.322:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.421442][ T26] audit: type=1326 audit(1781910202.322:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.502487][ T26] audit: type=1326 audit(1781910202.322:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.516429][ T4591] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 448 with error 28 [ 323.561043][ T26] audit: type=1326 audit(1781910202.322:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.595639][ T26] audit: type=1326 audit(1781910202.322:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 323.641076][ T26] audit: type=1326 audit(1781910202.322:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9604 comm="syz.5.1576" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 324.049455][ T4294] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 324.060912][ T4294] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 324.071073][ T4294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 324.082328][ T4294] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 324.090204][ T4294] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 324.097860][ T4294] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 324.256109][ T9624] lo speed is unknown, defaulting to 1000 [ 324.815578][ T9624] chnl_net:caif_netlink_parms(): no params data found [ 324.911721][ T9644] loop5: detected capacity change from 0 to 2048 [ 324.961676][ T9624] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.972538][ T9624] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.014361][ T9644] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 325.024667][ T9624] device bridge_slave_0 entered promiscuous mode [ 325.054532][ T9624] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.071578][ T9624] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.090315][ T9624] device bridge_slave_1 entered promiscuous mode [ 325.133219][ T9643] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1589'. [ 325.185035][ T9624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.237689][ T9624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.317694][ T9624] team0: Port device team_slave_0 added [ 325.343571][ T9624] team0: Port device team_slave_1 added [ 325.386153][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.394514][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.428558][ T9624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.442362][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.449687][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.477478][ T9624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.576021][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 325.588348][ T9624] device hsr_slave_0 entered promiscuous mode [ 325.609476][ T9624] device hsr_slave_1 entered promiscuous mode [ 325.643757][ T9624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.677446][ T9624] Cannot create hsr debugfs directory [ 326.161643][ T4294] Bluetooth: hci2: command 0x0409 tx timeout [ 326.482662][ T9656] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.490472][ T9656] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.462445][ T9656] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.535866][ T9656] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.242931][ T4294] Bluetooth: hci2: command 0x041b tx timeout [ 328.445580][ T9656] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.459667][ T9656] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.468858][ T9656] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.478352][ T9656] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.677585][ T9656] device bond1 left promiscuous mode [ 328.729532][ T9656] device team1 left promiscuous mode [ 328.752901][ T9656] device team2 left promiscuous mode [ 329.578910][ T9624] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 329.630952][ T9624] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 329.656153][ T9706] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 329.669750][ T9624] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 329.689348][ T9624] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 329.893589][ T9624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.941058][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.956783][ T8858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.984189][ T9624] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.008107][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 330.075083][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.119487][ T4935] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.126676][ T4935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.160397][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.252080][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 330.273358][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 330.300624][ T4935] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.307918][ T4935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.322084][ T4294] Bluetooth: hci2: command 0x040f tx timeout [ 330.348986][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 330.387996][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 330.427270][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 330.498849][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 330.514596][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 330.545508][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 330.557366][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 330.585704][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 330.629829][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 330.648987][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 330.669257][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 330.692566][ T9624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.148769][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 331.166834][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.196436][ T9624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.559005][ T9750] 9pnet: p9_errstr2errno: server reported unknown error 0x000000 [ 332.394450][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 332.402760][ T4294] Bluetooth: hci2: command 0x0419 tx timeout [ 332.427558][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 332.510673][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 332.540310][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 332.581742][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 332.614875][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 332.652687][ T9624] device veth0_vlan entered promiscuous mode [ 332.701807][ T9624] device veth1_vlan entered promiscuous mode [ 332.835955][ T9624] device veth0_macvtap entered promiscuous mode [ 332.883003][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 332.903710][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 332.952911][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 332.999733][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.033168][ T9624] device veth1_macvtap entered promiscuous mode [ 333.051907][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 333.082407][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 333.133341][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.141173][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.171100][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.195152][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.231311][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.240936][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.276162][ T9624] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.311878][ T9624] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.346970][ T9624] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.376074][ T9624] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.682168][ T4932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.690201][ T4932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.765055][ T4935] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 333.803585][ T8283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.819637][ T8283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.862144][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 334.415794][ T9793] netlink: 'syz.7.1638': attribute type 1 has an invalid length. [ 334.475749][ T9793] 8021q: adding VLAN 0 to HW filter on device bond4 [ 334.502916][ T9798] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.512411][ T9798] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.521170][ T9798] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.530221][ T9798] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.542040][ T9798] bond4: (slave geneve2): making interface the new active one [ 334.551787][ T9798] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 334.578107][ T8283] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 334.673957][ T9800] lo speed is unknown, defaulting to 1000 [ 335.760145][ T8283] Bluetooth: hci5: Frame reassembly failed (-84) [ 335.802089][ T9821] Bluetooth: hci5: Frame reassembly failed (-90) [ 337.761626][ T4294] Bluetooth: hci5: command 0x1003 tx timeout [ 337.770105][ T4290] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 338.663176][ T9887] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.1673'. [ 338.713277][ T9887] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1673'. [ 339.156440][ T9896] 9pnet: p9_errstr2errno: server reported unknown error @c0x0000000000000006 [ 339.240943][ T9880] loop8: detected capacity change from 0 to 40427 [ 339.283677][ T9880] F2FS-fs (loop8): invalid crc value [ 339.335097][ T9880] F2FS-fs (loop8): Found nat_bits in checkpoint [ 339.497093][ T9880] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 339.717375][ T9880] syz.8.1670: attempt to access beyond end of device [ 339.717375][ T9880] loop8: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 339.891007][ T9911] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1681'. [ 339.903837][ T9912] tipc: Enabling of bearer rejected, failed to enable media [ 339.977846][ T9915] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1681'. [ 340.205343][ T9918] lo speed is unknown, defaulting to 1000 [ 341.061983][ T9942] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1695'. [ 341.151020][ T9942] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1695'. [ 341.575064][ T9951] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1698'. [ 341.662882][ T9954] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1698'. [ 341.722796][ T9951] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1698'. [ 342.475173][ T9978] netlink: 'syz.7.1707': attribute type 12 has an invalid length. [ 345.964246][T10028] loop3: detected capacity change from 0 to 2048 [ 346.069342][T10028] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 346.098226][T10037] netlink: 'syz.8.1728': attribute type 4 has an invalid length. [ 346.177062][T10037] netlink: 'syz.8.1728': attribute type 4 has an invalid length. [ 346.256814][T10028] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 346.346094][T10028] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 142 with error 28 [ 346.447128][T10028] EXT4-fs (loop3): This should not happen!! Data will be lost [ 346.447128][T10028] [ 346.480111][T10028] EXT4-fs (loop3): Total free blocks count 0 [ 346.508862][T10028] EXT4-fs (loop3): Free/Dirty block details [ 346.521982][T10028] EXT4-fs (loop3): free_blocks=66060288 [ 346.537996][T10028] EXT4-fs (loop3): dirty_blocks=144 [ 346.548131][T10028] EXT4-fs (loop3): Block reservation details [ 346.581600][T10028] EXT4-fs (loop3): i_reserved_data_blocks=9 [ 346.749551][ T7782] EXT4-fs (loop3): unmounting filesystem. [ 347.339187][T10068] siw: device registration error -23 [ 347.467297][T10071] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 348.646488][T10102] 9pnet_fd: p9_fd_create_tcp (10102): problem connecting socket to 127.0.0.1 [ 348.895884][T10107] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1752'. [ 349.027775][T10115] loop5: detected capacity change from 0 to 128 [ 349.058025][T10115] EXT4-fs: Ignoring removed nobh option [ 349.120866][T10115] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 349.143388][T10115] ext4 filesystem being mounted at /297/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 349.412291][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 349.712957][T10133] mtd partition "" doesn't have enough space: 0x20003 < 0x2001f, disabled [ 349.799736][T10133] ftl_cs: FTL header not found. [ 350.444166][T10160] loop3: detected capacity change from 0 to 1024 [ 350.562709][T10160] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 351.095589][ T7782] EXT4-fs (loop3): unmounting filesystem. [ 351.839326][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1781'. [ 351.869057][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1781'. [ 351.895690][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1781'. [ 352.933203][T10212] netlink: 'syz.7.1791': attribute type 1 has an invalid length. [ 352.993767][T10212] 8021q: adding VLAN 0 to HW filter on device bond5 [ 353.017155][T10215] device veth0_virt_wifi entered promiscuous mode [ 353.139441][T10215] bond5: (slave veth0_virt_wifi): Enslaving as an active interface with a down link [ 353.206879][T10212] bond5: (slave veth0_virt_wifi): Releasing active interface [ 355.826574][T10262] IPVS: sed: FWM 3 0x00000003 - no destination available [ 356.346772][T10272] loop5: detected capacity change from 0 to 512 [ 356.395058][T10272] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 356.450101][T10272] EXT4-fs (loop5): 1 truncate cleaned up [ 356.460085][T10272] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 356.615958][T10272] EXT4-fs error (device loop5): ext4_find_dest_de:2115: inode #12: block 7: comm syz.5.1812: bad entry in directory: directory entry overrun - offset=0, inode=901261600, rec_len=7976, size=56 fake=0 [ 356.667248][T10272] EXT4-fs (loop5): Remounting filesystem read-only [ 356.822440][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 357.240827][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1819'. [ 357.592489][T10306] lo speed is unknown, defaulting to 1000 [ 358.541397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 358.608635][ T26] kauditd_printk_skb: 860 callbacks suppressed [ 358.608653][ T26] audit: type=1326 audit(1781910237.752:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10304 comm="syz.3.1824" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x0 [ 358.892289][T10335] loop5: detected capacity change from 0 to 1024 [ 358.936974][T10335] EXT4-fs: test_dummy_encryption requires encrypt feature [ 360.241522][ T4289] Bluetooth: hci4: command 0x0406 tx timeout [ 360.247674][ T4289] Bluetooth: hci0: command 0x0406 tx timeout [ 360.781541][ T129] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 360.961794][ T129] usb 4-1: Using ep0 maxpacket: 16 [ 360.969551][ T129] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 361.006314][ T129] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 361.033209][ T129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.061532][ T129] usb 4-1: Product: syz [ 361.065945][ T129] usb 4-1: Manufacturer: syz [ 361.074017][ T129] usb 4-1: SerialNumber: syz [ 361.102172][ T129] usb 4-1: config 0 descriptor?? [ 361.125565][ T129] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 361.146425][ T129] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 361.282993][T10384] loop5: detected capacity change from 0 to 40427 [ 361.314246][T10384] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 361.349581][T10384] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 361.428811][T10384] F2FS-fs (loop5): Found nat_bits in checkpoint [ 361.642060][T10384] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 361.649215][T10384] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 361.728792][ T129] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 361.896084][ T26] audit: type=1804 audit(1781910241.042:941): pid=10384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1846" name="/newroot/317/file0/bus" dev="loop5" ino=10 res=1 errno=0 [ 362.180939][ T129] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 362.193920][ T129] em28xx 4-1:0.0: board has no eeprom [ 362.491872][ T129] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 362.509497][ T129] em28xx 4-1:0.0: dvb set to bulk mode. [ 362.561949][ T129] usb 4-1: USB disconnect, device number 9 [ 362.581663][ T129] em28xx 4-1:0.0: Disconnecting em28xx [ 362.588126][ T4325] em28xx 4-1:0.0: Binding DVB extension [ 362.872385][ T4325] em28xx 4-1:0.0: Registering input extension [ 362.879566][ T129] em28xx 4-1:0.0: Closing input extension [ 363.082046][ T129] em28xx 4-1:0.0: Freeing device [ 363.475037][T10421] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1861'. [ 363.571448][ T129] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 363.686437][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1861'. [ 363.713727][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1861'. [ 363.771434][ T129] usb 4-1: Using ep0 maxpacket: 32 [ 363.787900][ T129] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 363.803699][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1861'. [ 363.820389][ T129] usb 4-1: config 0 has no interface number 0 [ 363.839763][ T129] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 363.875083][ T129] usb 4-1: config 0 interface 89 has no altsetting 0 [ 363.895070][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1861'. [ 363.913452][ T129] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 363.930034][ T129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.956712][ T129] usb 4-1: Product: syz [ 363.972513][ T129] usb 4-1: Manufacturer: syz [ 363.977178][ T129] usb 4-1: SerialNumber: syz [ 364.014795][ T129] usb 4-1: config 0 descriptor?? [ 364.049928][ T129] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 364.105528][ T129] em28xx 4-1:0.89: Video interface 89 found: [ 364.433467][T10429] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.633076][ T129] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 364.685556][T10429] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.915681][T10429] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.962276][T10437] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1866'. [ 365.114295][T10429] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.430858][T10429] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.454181][ T129] em28xx 4-1:0.89: writing to i2c device at 0xa0 failed (error=-5) [ 365.471600][ T129] em28xx 4-1:0.89: failed to read eeprom (err=-5) [ 365.487078][T10429] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.496059][ T129] em28xx 4-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 365.533129][T10429] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.569121][T10429] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.581649][ T129] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 365.602257][ T129] em28xx 4-1:0.89: analog set to bulk mode. [ 366.591341][ C1] sched: RT throttling activated [ 366.610064][ T129] usb 4-1: USB disconnect, device number 10 [ 366.659310][ T129] em28xx 4-1:0.89: Disconnecting em28xx [ 366.692235][ T4325] em28xx 4-1:0.89: Registering V4L2 extension [ 367.035455][ T4325] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 367.052591][ T4325] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 367.080111][ T4325] em28xx 4-1:0.89: No AC97 audio processor [ 367.132598][ T4325] usb 4-1: Decoder not found [ 367.147633][ T4325] em28xx 4-1:0.89: failed to create media graph [ 367.173115][ T4325] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 367.226621][ T4325] em28xx 4-1:0.89: Registering snapshot button... [ 367.286097][ T4325] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input8 [ 367.388174][ T4325] em28xx 4-1:0.89: Remote control support is not available for this card. [ 367.425558][ T129] em28xx 4-1:0.89: Closing input extension [ 367.434050][ T129] em28xx 4-1:0.89: Deregistering snapshot button [ 367.568753][ T129] em28xx 4-1:0.89: Freeing device [ 367.627962][T10462] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.651428][T10462] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.681689][T10462] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.690778][T10462] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.768662][ T126] lo speed is unknown, defaulting to 1000 [ 368.319404][T10473] loop7: detected capacity change from 0 to 1024 [ 368.948481][T10485] lo speed is unknown, defaulting to 1000 [ 369.796171][ T26] audit: type=1326 audit(1781910248.942:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10484 comm="syz.8.1881" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e4bd9ce59 code=0x0 [ 370.731360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 370.751361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 370.761373][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 370.771360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 370.791395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!! [ 371.738862][T10515] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1893'. [ 371.819639][T10517] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1893'. [ 371.881808][T10517] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1893'. [ 374.110791][ T4321] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 374.211885][ T4321] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 374.259123][T10590] loop5: detected capacity change from 0 to 4096 [ 374.318057][T10590] EXT4-fs: Ignoring removed orlov option [ 374.401038][T10590] EXT4-fs (loop5): Test dummy encryption mode enabled [ 374.502031][T10590] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 374.601633][ T129] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 374.786964][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 374.801640][ T129] usb 8-1: Using ep0 maxpacket: 16 [ 374.808761][ T129] usb 8-1: config 0 has no interfaces? [ 374.822799][ T129] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 374.871429][ T129] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.883799][ T129] usb 8-1: config 0 descriptor?? [ 375.093383][ T4602] usb 8-1: USB disconnect, device number 9 [ 377.900394][T10662] loop3: detected capacity change from 0 to 40427 [ 377.971525][T10662] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 377.994997][T10662] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 378.053747][T10662] F2FS-fs (loop3): Found nat_bits in checkpoint [ 378.150660][T10677] loop5: detected capacity change from 0 to 512 [ 378.252137][T10677] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 378.268960][T10662] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 378.277847][T10662] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 378.367051][ T26] audit: type=1804 audit(1781910257.512:943): pid=10662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1948" name="/newroot/191/file0/bus" dev="loop3" ino=10 res=1 errno=0 [ 378.388432][T10677] EXT4-fs error (device loop5): ext4_orphan_get:1405: inode #15: comm syz.5.1953: iget: bad i_size value: 38620345925642 [ 378.405943][T10677] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.1953: couldn't read orphan inode 15 (err -117) [ 378.421944][T10677] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 378.893432][ T4592] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm kworker/u4:11: bg 0: block 5: invalid block bitmap [ 378.959455][ T4592] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 220 with error 28 [ 379.060197][ T4592] EXT4-fs (loop5): This should not happen!! Data will be lost [ 379.060197][ T4592] [ 379.099753][ T4592] EXT4-fs (loop5): Total free blocks count 0 [ 379.125091][ T4592] EXT4-fs (loop5): Free/Dirty block details [ 379.146159][ T4592] EXT4-fs (loop5): free_blocks=0 [ 379.151301][ T4592] EXT4-fs (loop5): dirty_blocks=426 [ 379.178111][ T4592] EXT4-fs (loop5): Block reservation details [ 379.199308][ T4592] EXT4-fs (loop5): i_reserved_data_blocks=224 [ 379.227519][ T4592] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 202 with error 28 [ 379.597268][T10708] tipc: Enabling of bearer rejected, failed to enable media [ 380.519979][T10742] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 380.548010][ T126] lo speed is unknown, defaulting to 1000 [ 380.697125][T10747] device bond5 entered promiscuous mode [ 380.983643][T10754] loop5: detected capacity change from 0 to 128 [ 380.990809][T10754] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 381.087510][T10758] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1976'. [ 381.108209][T10754] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 381.138308][T10759] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1974'. [ 381.142302][T10758] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1976'. [ 381.201811][T10758] netlink: 'syz.3.1976': attribute type 6 has an invalid length. [ 381.207353][T10761] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1974'. [ 381.231571][T10758] netlink: 'syz.3.1976': attribute type 5 has an invalid length. [ 381.259788][T10758] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1976'. [ 381.783486][ T129] libceph: connect (1)[c::]:6789 error -101 [ 381.789790][ T129] libceph: mon0 (1)[c::]:6789 connect error [ 381.797593][T10774] ceph: No mds server is up or the cluster is laggy [ 381.804798][ T129] libceph: connect (1)[c::]:6789 error -101 [ 381.810959][ T129] libceph: mon0 (1)[c::]:6789 connect error [ 382.075133][T10789] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1988'. [ 382.075808][ T129] libceph: connect (1)[c::]:6789 error -101 [ 382.104532][ T129] libceph: mon0 (1)[c::]:6789 connect error [ 382.305812][T10793] loop7: detected capacity change from 0 to 128 [ 382.330296][T10793] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 382.375438][T10793] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 382.641917][ T4602] libceph: connect (1)[c::]:6789 error -101 [ 382.649276][ T4602] libceph: mon0 (1)[c::]:6789 connect error [ 382.887953][ T26] audit: type=1800 audit(1781910262.032:944): pid=10790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1987" name="/" dev="fuse" ino=4 res=0 errno=0 [ 382.940410][T10785] loop3: detected capacity change from 0 to 40427 [ 382.949862][T10785] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 382.972011][T10785] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 382.991226][T10785] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7 [ 383.000053][T10785] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff [ 383.031395][T10785] F2FS-fs (loop3): invalid crc value [ 383.061764][T10785] F2FS-fs (loop3): Found nat_bits in checkpoint [ 383.196052][T10785] F2FS-fs (loop3): Start checkpoint disabled! [ 383.269814][T10785] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 383.287477][T10785] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 383.765881][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.772587][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.863084][ T4600] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 383.933666][ T9213] F2FS-fs (loop3) : inject checkpoint error in f2fs_balance_fs of f2fs_write_inode+0x463/0x660 [ 383.991274][T10818] Process accounting resumed [ 384.063906][ T4600] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 384.101467][ T4600] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 384.110711][ T4600] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 384.136059][ T4600] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.160463][T10824] netlink: 'syz.7.2000': attribute type 13 has an invalid length. [ 384.555352][ T126] usb 6-1: USB disconnect, device number 7 [ 385.032325][T10832] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1997'. [ 386.146767][T10858] tipc: Enabled bearer , priority 0 [ 386.352745][T10858] device syzkaller0 entered promiscuous mode [ 386.380945][T10858] tipc: Resetting bearer [ 386.442969][T10855] tipc: Resetting bearer [ 387.540468][T10882] loop5: detected capacity change from 0 to 1024 [ 387.581693][T10882] EXT4-fs: inline encryption not supported [ 387.693597][T10882] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 387.822819][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 391.743761][T10855] tipc: Disabling bearer [ 391.765313][T10893] IPv6: sit1: Disabled Multicast RS [ 391.780998][T10911] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2024'. [ 391.859776][T10911] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 392.175466][T10926] loop7: detected capacity change from 0 to 512 [ 392.217279][T10926] EXT4-fs: Ignoring removed bh option [ 392.263338][T10926] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 392.353267][T10926] EXT4-fs (loop7): 1 truncate cleaned up [ 392.359005][T10926] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 392.688968][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 392.810908][T10949] netlink: 'syz.4.2037': attribute type 3 has an invalid length. [ 392.834024][T10949] netlink: 'syz.4.2037': attribute type 3 has an invalid length. [ 393.236541][T10957] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2041'. [ 396.249962][T10999] bond2: (slave ip6gretap1): making interface the new active one [ 396.332539][T10999] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 396.581167][ T26] audit: type=1804 audit(1781910275.722:945): pid=11011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.2057" name="file0" dev="ramfs" ino=59264 res=1 errno=0 [ 396.765566][T11015] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2058'. [ 397.172198][T11022] loop3: detected capacity change from 0 to 512 [ 397.312005][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2063'. [ 397.323902][T11022] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 397.343400][T11022] ext4 filesystem being mounted at /203/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.354542][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2063'. [ 397.510789][T11022] EXT4-fs (loop3): unmounting filesystem. [ 398.089333][T11038] netlink: 'syz.7.2067': attribute type 1 has an invalid length. [ 398.245672][T11038] 8021q: adding VLAN 0 to HW filter on device bond6 [ 398.355801][T11038] bond6: (slave geneve3): making interface the new active one [ 398.397199][T11038] bond6: (slave geneve3): Enslaving as an active interface with an up link [ 398.425290][ T4591] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready [ 398.794336][T11057] I/O error, dev loop14, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 398.907186][T11057] EXT4-fs (loop14): unable to read superblock [ 399.311923][T11060] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2072'. [ 399.955363][T11075] tipc: Failed to remove unknown binding: 66,1,1/0:3791797416/3791797418 [ 400.053286][T11075] tipc: Failed to remove unknown binding: 66,1,1/0:3791797416/3791797418 [ 400.098987][T11075] tipc: Failed to remove unknown binding: 66,1,1/0:3791797416/3791797418 [ 400.495438][T11086] device bridge0 entered promiscuous mode [ 400.778462][T11094] I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 400.797417][T11094] EXT4-fs (loop8): unable to read superblock [ 400.822789][T11100] sctp: [Deprecated]: syz.3.2086 (pid 11100) Use of struct sctp_assoc_value in delayed_ack socket option. [ 400.822789][T11100] Use struct sctp_sack_info instead [ 401.625313][T11111] netlink: 'syz.4.2089': attribute type 1 has an invalid length. [ 401.700478][T11111] 8021q: adding VLAN 0 to HW filter on device bond3 [ 401.871457][T11111] bond3: (slave ip6gretap2): making interface the new active one [ 401.914076][T11111] bond3: (slave ip6gretap2): Enslaving as an active interface with an up link [ 401.954240][ T9212] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 402.129624][T11130] lo speed is unknown, defaulting to 1000 [ 404.772131][T11172] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2110'. [ 404.830170][T11176] bridge0: port 1(syz_tun) entered blocking state [ 404.866200][T11176] bridge0: port 1(syz_tun) entered disabled state [ 404.926661][T11176] device syz_tun entered promiscuous mode [ 405.882876][T11198] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 407.478765][T11214] Process accounting resumed [ 407.667812][T11241] netlink: 'syz.8.2133': attribute type 4 has an invalid length. [ 407.732362][T11241] netlink: 'syz.8.2133': attribute type 4 has an invalid length. [ 409.213912][T11275] Bluetooth: MGMT ver 1.22 [ 410.059299][T11298] team0 (unregistering): Port device team_slave_0 removed [ 410.082372][T11298] team0 (unregistering): Failed to send options change via netlink (err -105) [ 410.115270][T11298] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 410.154545][T11298] team0 (unregistering): Port device team_slave_1 removed [ 410.662614][T11312] device syzkaller0 entered promiscuous mode [ 411.294859][T11327] loop7: detected capacity change from 0 to 1024 [ 411.412287][T11327] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 411.466283][T11327] overlayfs: missing 'lowerdir' [ 411.731759][T11327] EXT4-fs error (device loop7): xattr_find_entry:297: inode #12: comm syz.7.2168: corrupted xattr entries [ 411.895190][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 412.530920][T11359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.861245][T11364] lo speed is unknown, defaulting to 1000 [ 413.057542][T11367] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 414.045274][T11382] loop5: detected capacity change from 0 to 128 [ 414.081036][T11382] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 414.154736][T11382] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 414.469382][T11387] netlink: 'syz.4.2190': attribute type 4 has an invalid length. [ 414.513477][T11387] netlink: 'syz.4.2190': attribute type 4 has an invalid length. [ 414.643413][ T26] audit: type=1326 audit(1781910293.792:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11379 comm="syz.7.2187" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c6099ce59 code=0x0 [ 415.522825][T11408] device vlan2 entered promiscuous mode [ 415.529038][T11408] device syz_tun entered promiscuous mode [ 416.662645][T11417] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2201'. [ 417.908171][T11427] device syz_tun left promiscuous mode [ 417.917421][T11427] bridge0: port 1(syz_tun) entered disabled state [ 417.953990][T11425] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 417.960884][T11425] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 418.076662][T11425] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 418.136425][T11425] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 418.170217][T11425] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 418.220992][T11425] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 418.253310][T11425] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 418.276133][T11425] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 418.339899][T11425] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 418.370969][T11425] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 418.397827][T11425] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 418.434927][T11425] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 418.468729][T11425] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 418.496438][T11425] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 418.560753][T11425] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 418.601139][T11445] netlink: 'syz.4.2213': attribute type 10 has an invalid length. [ 418.691865][T11445] team0: Device netdevsim0 is of different type [ 419.212906][T11456] tipc: Failed to remove unknown binding: 66,0,0/2886997007:2479235751/2479235752 [ 419.242490][T11456] tipc: Failed to remove unknown binding: 66,0,0/2886997007:2479235751/2479235752 [ 419.318913][T11458] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2219'. [ 420.001461][ T4289] Bluetooth: hci3: command 0x0c1a tx timeout [ 420.043289][T11481] netlink: 388 bytes leftover after parsing attributes in process `syz.4.2230'. [ 420.083451][T11483] netlink: 'syz.3.2229': attribute type 1 has an invalid length. [ 420.161485][ T4289] Bluetooth: hci1: command 0x0c1a tx timeout [ 420.193059][T11483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 420.253206][T11483] bond1: (slave bond2): making interface the new active one [ 420.318954][T11483] bond1: (slave bond2): Enslaving as an active interface with an up link [ 420.335212][ T4289] Bluetooth: hci4: command 0x0c1a tx timeout [ 420.401834][ T4290] Bluetooth: hci0: command 0x0c1a tx timeout [ 420.481691][ T4290] Bluetooth: hci2: command 0x0c1a tx timeout [ 420.488943][T11489] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 420.517322][T11493] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 420.577114][T11493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 421.022031][T11504] fuse: Bad value for 'fd' [ 421.137935][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 422.081596][ T4290] Bluetooth: hci3: command 0x0406 tx timeout [ 422.251455][ T4290] Bluetooth: hci1: command 0x0406 tx timeout [ 422.411696][ T4290] Bluetooth: hci4: command 0x0406 tx timeout [ 422.481981][ T4290] Bluetooth: hci0: command 0x0406 tx timeout [ 422.561401][ T4290] Bluetooth: hci2: command 0x0406 tx timeout [ 422.935853][T11526] loop7: detected capacity change from 0 to 128 [ 422.975962][T11526] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 423.050676][T11526] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 423.114922][T11526] ext2 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 423.368570][T11538] loop5: detected capacity change from 0 to 512 [ 423.438409][T11538] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 423.461572][T11538] ext4 filesystem being mounted at /401/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 423.485950][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 423.819450][T11545] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2250'. [ 423.977893][T11545] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2250'. [ 424.125352][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 424.378434][T11552] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 424.409333][T11552] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 424.462473][T11552] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 424.543605][T11552] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 424.562363][T11552] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 424.602053][T11552] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 424.677187][T11552] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 424.899790][ T4290] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 425.295162][ T26] audit: type=1326 audit(1781910304.442:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11570 comm="syz.8.2260" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e4bd9ce59 code=0x0 [ 425.377708][T11573] lo speed is unknown, defaulting to 1000 [ 426.403087][ T4290] Bluetooth: hci3: command 0x0c1a tx timeout [ 426.470025][T11599] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2271'. [ 426.521587][ T4289] Bluetooth: hci4: command 0x0c1a tx timeout [ 426.523392][ T4290] Bluetooth: hci1: command 0x0c1a tx timeout [ 426.688716][ T4289] Bluetooth: hci2: command 0x0c1a tx timeout [ 428.721444][ T4289] Bluetooth: hci2: command 0x0406 tx timeout [ 428.961749][ T4289] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 428.971101][ T4289] Bluetooth: hci0: Injecting HCI hardware error event [ 428.983923][ T4290] Bluetooth: hci0: hardware error 0x00 [ 429.151669][T11655] netlink: 1320 bytes leftover after parsing attributes in process `syz.5.2291'. [ 429.294553][T11658] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 429.346644][T11658] batman_adv: batadv0: Adding interface: gretap1 [ 429.383954][T11658] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.461574][T11658] batman_adv: batadv0: Interface activated: gretap1 [ 429.878834][T11675] batman_adv: batadv0: Adding interface: dummy0 [ 429.885375][T11675] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.911114][T11675] batman_adv: batadv0: Interface activated: dummy0 [ 429.923875][T11675] batadv0: mtu less than device minimum [ 429.931603][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 429.944954][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 429.957471][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 429.969926][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 429.982351][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 429.994683][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.007106][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.019512][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.031989][T11675] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 431.041648][ T4290] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 431.056914][T11704] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2304'. [ 431.216717][T11705] lo speed is unknown, defaulting to 1000 [ 431.387631][T11714] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2307'. [ 431.479413][T11716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2308'. [ 432.369865][T11734] device bridge5 entered promiscuous mode [ 432.437745][T11738] loop7: detected capacity change from 0 to 512 [ 432.499598][T11738] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 432.543788][T11738] EXT4-fs (loop7): can't mount with data=, fs mounted w/o journal [ 432.783257][T11749] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 433.723453][ T4290] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 435.050049][T11791] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 436.821885][T11817] 9pnet: p9_errstr2errno: server reported unknown error 1844674407 [ 437.041649][ T4321] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 437.245108][ T4321] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 437.266159][ T4321] usb 6-1: config 0 has no interfaces? [ 437.302138][ T4321] usb 6-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 437.341728][ T4321] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.372209][ T4321] usb 6-1: Product: syz [ 437.386549][ T4321] usb 6-1: Manufacturer: syz [ 437.403997][ T4321] usb 6-1: SerialNumber: syz [ 437.435694][ T4321] usb 6-1: config 0 descriptor?? [ 437.761492][ T4290] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 437.770725][ T4290] Bluetooth: hci3: Injecting HCI hardware error event [ 437.787812][ T4289] Bluetooth: hci3: hardware error 0x00 [ 437.854546][ T4321] usb 6-1: USB disconnect, device number 8 [ 438.389936][T11855] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2358'. [ 438.547995][T11855] device bond7 entered promiscuous mode [ 438.576281][T11855] 8021q: adding VLAN 0 to HW filter on device bond7 [ 438.698451][T11865] 8021q: adding VLAN 0 to HW filter on device bond7 [ 438.726524][T11865] bond7: (slave sit2): The slave device specified does not support setting the MAC address [ 438.782623][T11865] bond7: (slave sit2): Error -95 calling set_mac_address [ 439.841548][ T4289] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 440.331997][T11881] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.339570][T11881] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.548406][T11881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 441.626769][T11881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 442.196290][T11881] netdevsim netdevsim8 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.204930][T11881] netdevsim netdevsim8 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.214193][T11881] netdevsim netdevsim8 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.223114][T11881] netdevsim netdevsim8 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.306776][T11899] netlink: 'syz.4.2371': attribute type 4 has an invalid length. [ 442.367003][T11902] netlink: 'syz.4.2371': attribute type 17 has an invalid length. [ 442.411966][T11902] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 442.441559][T11906] batman_adv: batadv0: Adding interface: dummy0 [ 442.447881][T11906] batman_adv: batadv0: The MTU of interface dummy0 is too small (1536) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.492869][T11906] batman_adv: batadv0: Interface activated: dummy0 [ 442.532171][T11907] net_ratelimit: 10 callbacks suppressed [ 442.532191][T11907] batadv0: mtu less than device minimum [ 442.554220][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.566723][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.579290][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.591780][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.604688][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.617211][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.629674][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.642113][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.654629][T11907] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 442.940844][T11933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2380'. [ 444.658739][T11963] netlink: 'syz.3.2387': attribute type 1 has an invalid length. [ 444.776137][T11963] 8021q: adding VLAN 0 to HW filter on device bond3 [ 444.871746][T11967] bond3: (slave veth5): Enslaving as an active interface with an up link [ 444.911700][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 445.204995][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.211458][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.256258][T11998] netlink: 452 bytes leftover after parsing attributes in process `syz.8.2396'. [ 446.954493][T12023] batman_adv: batadv0: Interface deactivated: dummy0 [ 446.972898][T12023] device team1 left promiscuous mode [ 446.978390][T12023] device team2 left promiscuous mode [ 447.194696][T12023] device bridge5 left promiscuous mode [ 447.446758][T12036] loop5: detected capacity change from 0 to 512 [ 447.512435][T12036] EXT4-fs (loop5): #blocks per group too big: 65535 [ 448.878948][T12063] netlink: 'syz.8.2417': attribute type 1 has an invalid length. [ 448.967798][T12063] 8021q: adding VLAN 0 to HW filter on device bond1 [ 448.995027][T12066] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.003914][T12066] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.012374][T12066] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.020848][T12066] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.034374][T12066] bond1: (slave geneve2): making interface the new active one [ 449.114967][T12066] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 449.171543][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 449.509898][T12074] netdevsim netdevsim8 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.542321][T12074] netdevsim netdevsim8 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.591861][T12074] netdevsim netdevsim8 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.622795][T12074] netdevsim netdevsim8 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.689701][T12079] bridge0: port 3(vlan2) entered blocking state [ 449.712154][T12079] bridge0: port 3(vlan2) entered disabled state [ 449.729507][T12079] device vlan2 entered promiscuous mode [ 449.763225][T12082] bond3: (slave dummy0): Removing an active aggregator [ 449.797873][T11663] tipc: Subscription rejected, illegal request [ 449.823106][T12082] bond3: (slave dummy0): Releasing backup interface [ 449.856016][T12082] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.879618][T12082] device bridge_slave_1 left promiscuous mode [ 449.896150][T12082] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.936770][T12082] bond0: (slave bond_slave_0): Releasing backup interface [ 449.946815][T12082] bond0: (slave bond_slave_1): Releasing backup interface [ 449.982284][T12082] team0: Port device team_slave_0 removed [ 450.005674][T12082] team0: Port device team_slave_1 removed [ 450.012267][T12082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.020512][T12082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.030599][T12089] loop5: detected capacity change from 0 to 256 [ 450.045378][T12082] bond3: (slave veth1): Releasing backup interface [ 450.079206][T12089] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963609d, utbl_chksum : 0xe619d30d) [ 450.099980][T12082] bond4: (slave geneve2): Releasing active interface [ 450.139188][T12082] bond6: (slave geneve3): Releasing active interface [ 450.167356][T12082] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.189100][T12082] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.249155][T12082] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.287711][T12082] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.366167][T12082] batman_adv: batadv0: Interface deactivated: gretap1 [ 450.398468][T12082] batman_adv: batadv0: Removing interface: gretap1 [ 450.410652][T12094] overlayfs: failed to clone upperpath [ 450.432342][T12082] device vlan2 left promiscuous mode [ 450.455465][T12082] device bridge_slave_0 left promiscuous mode [ 450.476225][T12082] bridge0: port 3(vlan2) entered disabled state [ 450.497446][T12083] tipc: Started in network mode [ 450.502643][T12083] tipc: Node identity 2007ff, cluster identity 4711 [ 450.512013][T12083] tipc: Node number set to 2099199 [ 450.852552][T12099] device bond6 entered promiscuous mode [ 452.333924][T12139] netlink: 'syz.3.2441': attribute type 1 has an invalid length. [ 452.463574][T12139] 8021q: adding VLAN 0 to HW filter on device bond4 [ 452.585610][T12144] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.617971][T12144] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.637534][T12144] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.653513][T12144] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.675905][T12144] bond4: (slave geneve2): making interface the new active one [ 452.699788][T12144] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 452.719656][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 452.752643][T12152] netlink: 'syz.8.2444': attribute type 4 has an invalid length. [ 453.433444][ T5817] kernel read not supported for file inotify (pid: 5817 comm: kworker/0:10) [ 453.529014][T12168] tipc: Failed to remove unknown binding: 66,0,0/0:1745322918/1745322919 [ 453.552345][T12168] tipc: Failed to remove unknown binding: 66,0,0/0:1745322918/1745322919 [ 454.319852][T12194] lo speed is unknown, defaulting to 1000 [ 454.568255][T12201] batman_adv: batadv0: Removing interface: dummy0 [ 454.585499][T12201] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.645448][T12201] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.779811][T12222] loop5: detected capacity change from 0 to 512 [ 456.228914][T12222] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.2467: invalid indirect mapped block 4294967295 (level 1) [ 456.230857][ C0] hrtimer: interrupt took 85922 ns [ 456.285944][T12222] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.2467: invalid indirect mapped block 4294967295 (level 1) [ 456.417506][T12222] EXT4-fs (loop5): 2 truncates cleaned up [ 456.451702][T12222] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 456.921667][ T126] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 457.115611][ T126] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.143595][ T126] usb 6-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 457.177614][ T126] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.218365][ T126] usb 6-1: config 0 descriptor?? [ 457.244488][ T126] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 457.451834][ T126] usb 6-1: USB disconnect, device number 9 [ 458.036713][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 458.071456][T12242] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2475'. [ 458.196333][T12242] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2475'. [ 458.835590][T12262] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2480'. [ 458.984185][T12262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2480'. [ 459.679471][T12282] batman_adv: batadv0: Interface deactivated: dummy0 [ 459.738493][T12282] batman_adv: batadv0: Removing interface: dummy0 [ 459.758663][T12282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.804172][T12282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.303004][T12324] loop7: detected capacity change from 0 to 512 [ 462.409328][T12324] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 462.432389][T12324] EXT4-fs (loop7): orphan cleanup on readonly fs [ 462.477392][T12324] EXT4-fs error (device loop7): ext4_orphan_get:1431: comm syz.7.2499: bad orphan inode 15 [ 462.501764][T12324] ext4_test_bit(bit=14, block=18) = 1 [ 462.507215][T12324] is_bad_inode(inode)=0 [ 462.548335][T12324] NEXT_ORPHAN(inode)=1023 [ 462.580394][T12324] max_ino=32 [ 462.608754][T12324] i_nlink=0 [ 462.686587][T12324] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.2499: bg 0: block 161: padding at end of block bitmap is not set [ 462.697846][T12320] lo speed is unknown, defaulting to 1000 [ 462.824666][T12324] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 462.881768][T12324] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 463.159534][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 463.731965][T12345] loop7: detected capacity change from 0 to 128 [ 463.759416][T12345] EXT4-fs: Ignoring removed mblk_io_submit option [ 463.811099][T12345] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 463.831941][T12345] ext4 filesystem being mounted at /289/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 463.841386][ T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!! [ 464.044853][ T26] audit: type=1800 audit(1781910343.192:948): pid=12345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2507" name="file1" dev="loop7" ino=12 res=0 errno=0 [ 464.161161][T12351] overlayfs: failed to clone upperpath [ 464.187377][ T7746] EXT4-fs (loop7): unmounting filesystem. [ 464.697130][T12359] lo speed is unknown, defaulting to 1000 [ 466.222545][T12385] lo speed is unknown, defaulting to 1000 [ 466.502222][ T26] audit: type=1804 audit(1781910345.642:949): pid=12392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2521" name="bus" dev="ramfs" ino=64501 res=1 errno=0 [ 466.571453][ T26] audit: type=1804 audit(1781910345.682:950): pid=12392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2521" name="bus" dev="ramfs" ino=64501 res=1 errno=0 [ 467.025882][T12405] netlink: 'syz.4.2525': attribute type 1 has an invalid length. [ 467.253011][T12408] bond4: (slave veth11): Enslaving as an active interface with a down link [ 469.474402][T12439] delete_channel: no stack [ 469.483004][T12439] delete_channel: no stack [ 470.398906][T12445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2535'. [ 471.602904][T12452] netlink: 'syz.7.2537': attribute type 4 has an invalid length. [ 471.637635][T12453] netlink: 'syz.7.2537': attribute type 4 has an invalid length. [ 473.169360][T12468] tipc: Failed to remove unknown binding: 66,0,0/0:63003887/63003889 [ 473.177930][T12468] tipc: Failed to remove unknown binding: 66,0,0/0:63003887/63003888 [ 473.187944][T12468] tipc: Failed to remove unknown binding: 66,0,0/0:63003887/63003889 [ 473.225580][T12468] tipc: Failed to remove unknown binding: 66,0,0/0:63003887/63003888 [ 473.391883][T12473] 9pnet_fd: Insufficient options for proto=fd [ 475.798397][T12505] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2552'. [ 479.373581][T12545] lo speed is unknown, defaulting to 1000 [ 481.128533][T12572] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2573'. [ 482.394373][T12609] device wlan1 entered promiscuous mode [ 482.415276][T12611] overlayfs: failed to clone upperpath [ 482.861174][T12626] loop5: detected capacity change from 0 to 512 [ 482.933460][T12626] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 482.991705][T12626] ext4 filesystem being mounted at /476/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 483.087144][T12625] lo speed is unknown, defaulting to 1000 [ 483.147488][ T26] audit: type=1804 audit(1781910362.292:951): pid=12639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2588" name="/newroot/476/bus/bus" dev="loop5" ino=18 res=1 errno=0 [ 483.220552][ T26] audit: type=1804 audit(1781910362.322:952): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2588" name="/newroot/476/bus/bus" dev="loop5" ino=18 res=1 errno=0 [ 483.937186][T12646] netlink: 'syz.8.2593': attribute type 1 has an invalid length. [ 483.951003][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 484.802214][T12646] 8021q: adding VLAN 0 to HW filter on device bond2 [ 484.809673][T12649] bond2: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 484.903888][T12650] IPv6: NLM_F_CREATE should be specified when creating new route [ 484.958874][T12651] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 485.274239][T12662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2598'. [ 486.269371][T12672] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 487.400081][ T4289] Bluetooth: hci1: unexpected event for opcode 0x0c5b [ 489.326926][T12714] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2615'. [ 490.014749][T12714] bond0: option arp_validate: invalid value (18446744073491447808) [ 490.319784][T12722] device macvlan2 entered promiscuous mode [ 490.339539][T12722] device bond8 entered promiscuous mode [ 490.378230][T12722] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 490.430146][T12722] device bond8 left promiscuous mode [ 491.413841][T12739] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 491.457762][T12739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2623'. [ 492.261454][T12744] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2625'. [ 493.044983][T12780] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2639'. [ 494.877967][T12797] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2645'. [ 494.938832][T12802] lo speed is unknown, defaulting to 1000 [ 496.271556][T12810] lo speed is unknown, defaulting to 1000 [ 496.376835][T12821] device ip6gre1 entered promiscuous mode [ 496.406959][T12821] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 497.435748][ T129] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 497.444630][ T129] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 497.461734][ T4369] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 498.091980][ T129] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 498.175182][ T4369] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 500.962842][T12870] netlink: 'syz.8.2667': attribute type 1 has an invalid length. [ 501.001451][T12870] netlink: 'syz.8.2667': attribute type 2 has an invalid length. [ 501.377314][T12880] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2672'. [ 501.448569][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 503.293276][T12903] netlink: 'syz.7.2680': attribute type 1 has an invalid length. [ 503.389384][T12903] 8021q: adding VLAN 0 to HW filter on device bond9 [ 503.665150][T12914] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2683'. [ 503.857784][T12916] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2682'. [ 504.084545][T12923] 8021q: adding VLAN 0 to HW filter on device bond8 [ 504.565284][T12946] syz.4.2692 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 504.655539][T12954] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2696'. [ 504.708606][T12955] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2696'. [ 505.554376][T12923] bond8 (unregistering): Released all slaves [ 505.656534][T12963] tipc: Enabling of bearer rejected, failed to enable media [ 506.507138][T12981] loop5: detected capacity change from 0 to 256 [ 506.658139][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.667384][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.918515][T12998] netlink: 'syz.5.2708': attribute type 1 has an invalid length. [ 508.062539][T12998] 8021q: adding VLAN 0 to HW filter on device bond8 [ 508.197586][T13002] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.251523][T13002] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.290303][T13002] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.331233][T13002] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.387923][T13002] bond8: (slave geneve3): making interface the new active one [ 508.440754][T13002] bond8: (slave geneve3): Enslaving as an active interface with an up link [ 508.478667][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bond8: link becomes ready [ 508.811118][T13012] loop5: detected capacity change from 0 to 1024 [ 508.872588][T13012] EXT4-fs: inline encryption not supported [ 508.924028][T13012] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 509.027897][T13012] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 509.674111][ T5045] EXT4-fs (loop5): unmounting filesystem. [ 512.788633][T13072] fuse: Bad value for 'fd' [ 514.374664][T13093] ipvlan1: Caught tx_queue_len zero misconfig [ 514.407689][T13094] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2740'. [ 514.525568][T13099] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2742'. [ 514.687070][T13099] device bond9 entered promiscuous mode [ 514.763952][T13099] 8021q: adding VLAN 0 to HW filter on device bond9 [ 515.093072][T13107] 8021q: adding VLAN 0 to HW filter on device bond9 [ 515.140223][T13107] bond9: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 515.257248][T13107] bond9: (slave ip6gre1): Error -95 calling set_mac_address [ 515.970853][T13138] netlink: 'syz.8.2750': attribute type 1 has an invalid length. [ 516.070168][T13138] 8021q: adding VLAN 0 to HW filter on device bond3 [ 516.199935][T13140] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.249926][T13140] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.303495][T13140] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.361718][T13140] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.445341][T13140] bond3: (slave geneve3): making interface the new active one [ 517.492819][T13140] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 517.714764][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 518.193412][T13181] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2757'. [ 520.639493][ T26] audit: type=1800 audit(1781910399.782:953): pid=13199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2761" name="bus" dev="ramfs" ino=67798 res=0 errno=0 [ 520.953950][T13212] Device name cannot be null; rc = [-22] [ 522.765430][T13231] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2770'. [ 523.490204][T13256] tmpfs: Bad value for 'nr_inodes' [ 524.615751][T10012] device hsr_slave_0 left promiscuous mode [ 524.639441][T10012] device hsr_slave_1 left promiscuous mode [ 524.656467][T10012] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.691060][T10012] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.762492][T10012] device bridge_slave_1 left promiscuous mode [ 524.768812][T10012] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.779343][T10012] device bridge_slave_0 left promiscuous mode [ 525.799550][T10012] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.038342][T10012] bond2 (unregistering): Released all slaves [ 529.285132][T10012] team0 (unregistering): Port device team_slave_1 removed [ 529.352212][T10012] team0 (unregistering): Port device team_slave_0 removed [ 529.422524][T10012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.492526][T10012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 530.013404][T10012] bond0 (unregistering): Released all slaves [ 530.175695][T13306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2793'. [ 530.289056][T13314] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2796'. [ 530.300016][T13326] MPTCP: kernel_bind error, err=-99 [ 530.338615][T13323] netlink: 'syz.5.2797': attribute type 12 has an invalid length. [ 530.377931][T13323] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2797'. [ 530.405165][T13323] bond0: option primary_reselect: invalid value (8) [ 530.532846][T13329] lo speed is unknown, defaulting to 1000 [ 534.281314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 534.291333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 534.697794][T13379] team0: Mode changed to "activebackup" [ 535.065067][T13388] netlink: 'syz.4.2816': attribute type 1 has an invalid length. [ 535.155666][T13388] 8021q: adding VLAN 0 to HW filter on device bond5 [ 535.305243][T10012] tipc: Left network mode [ 536.204484][T13402] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2818'. [ 536.478545][ T26] audit: type=1326 audit(1781910415.622:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 536.550570][ T26] audit: type=1326 audit(1781910415.662:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 536.671596][ T26] audit: type=1326 audit(1781910415.672:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 536.799402][T13422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2821'. [ 536.813889][ T26] audit: type=1326 audit(1781910415.672:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 536.923032][ T26] audit: type=1326 audit(1781910415.672:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 536.959675][ T26] audit: type=1326 audit(1781910415.672:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 537.033725][T13424] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2822'. [ 537.052560][T13424] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2822'. [ 537.068699][T13424] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2822'. [ 537.088557][ T26] audit: type=1326 audit(1781910415.672:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 537.114007][T13424] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2822'. [ 537.217352][ T26] audit: type=1326 audit(1781910415.672:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 537.346999][ T26] audit: type=1326 audit(1781910415.672:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 538.626058][ T26] audit: type=1326 audit(1781910415.672:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13411 comm="syz.7.2820" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 545.448939][T13503] overlayfs: './file0' not a directory [ 546.854171][T13515] loop5: detected capacity change from 0 to 4096 [ 546.976292][T13515] NILFS (loop5): invalid segment: Checksum error in segment payload [ 547.067028][T13515] NILFS (loop5): trying rollback from an earlier position [ 547.207877][T13515] NILFS (loop5): recovery complete [ 547.242421][T13527] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 547.392994][T10012] device hsr_slave_0 left promiscuous mode [ 547.408935][T10012] device hsr_slave_1 left promiscuous mode [ 547.430153][T10012] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 547.495411][T10012] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 547.531992][T10012] device bridge_slave_1 left promiscuous mode [ 547.560889][T10012] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.622627][T10012] device bridge_slave_0 left promiscuous mode [ 547.638551][T10012] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.197978][T10012] bond2 (unregistering): Released all slaves [ 549.398968][T10012] bond1 (unregistering): (slave veth5): Releasing active interface [ 550.809213][T13580] Invalid option length (1040762) for dns_resolver key [ 551.060554][T13582] autofs4:pid:13582:autofs_fill_super: called with bogus options [ 551.839185][T10012] bond1 (unregistering): (slave veth0_virt_wifi): Releasing active interface [ 551.900757][T10012] bond1 (unregistering): Released all slaves [ 554.465520][ T26] kauditd_printk_skb: 61 callbacks suppressed [ 554.465539][ T26] audit: type=1800 audit(1781910433.582:1025): pid=13593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2866" name="bus" dev="ramfs" ino=68363 res=0 errno=0 [ 555.989610][T13615] x_tables: duplicate underflow at hook 2 [ 558.850627][T10012] team0 (unregistering): Port device team_slave_1 removed [ 558.950760][T10012] team0 (unregistering): Port device team_slave_0 removed [ 562.856828][T13677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2887'. [ 563.331444][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.339950][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.359158][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.484614][T13689] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 563.707104][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.809868][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.817470][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.824974][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 563.858391][T13682] bond5 (unregistering): Released all slaves [ 564.624770][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 564.632922][T13689] virt_wifi0 speed is unknown, defaulting to 1000 [ 565.923902][T13714] sctp: [Deprecated]: syz.3.2896 (pid 13714) Use of struct sctp_assoc_value in delayed_ack socket option. [ 565.923902][T13714] Use struct sctp_sack_info instead [ 568.041387][ T26] audit: type=1326 audit(1781910447.082:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 568.180932][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.187379][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.332231][ T26] audit: type=1326 audit(1781910447.102:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.137471][T13747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2906'. [ 569.211334][ T26] audit: type=1326 audit(1781910447.102:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.372937][ T26] audit: type=1326 audit(1781910447.212:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.446825][ T26] audit: type=1326 audit(1781910447.212:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.487852][ T26] audit: type=1326 audit(1781910447.212:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.517261][ T26] audit: type=1326 audit(1781910447.212:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.629458][ T26] audit: type=1326 audit(1781910447.212:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 569.654515][ T26] audit: type=1326 audit(1781910447.222:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 570.050916][ T26] audit: type=1326 audit(1781910447.222:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13741 comm="syz.5.2915" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f8642d9ce59 code=0x7ffc0000 [ 573.174034][T13820] netlink: 1319 bytes leftover after parsing attributes in process `syz.7.2922'. [ 574.824538][ T26] kauditd_printk_skb: 45 callbacks suppressed [ 574.824554][ T26] audit: type=1326 audit(1781910453.972:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13835 comm="syz.5.2926" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8642d9ce59 code=0x7fc00000 [ 575.681418][ T26] audit: type=1326 audit(1781910454.632:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13835 comm="syz.5.2926" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f8642d9ce59 code=0x7fc00000 [ 575.903282][T13863] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2932'. [ 576.345829][T13864] Invalid option length (1040762) for dns_resolver key [ 581.189235][T13906] loop5: detected capacity change from 0 to 2048 [ 581.272069][T13906] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 581.474753][T13906] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 582.676229][ T5045] UDF-fs: error (device loop5): udf_read_inode: (ino 1440) failed !bh [ 582.723214][ T5045] UDF-fs: error (device loop5): udf_read_inode: (ino 1440) failed !bh [ 583.127725][T13948] netlink: 'syz.8.2951': attribute type 49 has an invalid length. [ 584.163124][T13948] device ip6gretap0 entered promiscuous mode [ 584.957164][T13974] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2959'. [ 585.080402][T13974] bridge2: port 1(veth3) entered blocking state [ 585.101716][T13974] bridge2: port 1(veth3) entered disabled state [ 585.123621][T13974] device veth3 entered promiscuous mode [ 585.175780][T13978] bridge2: port 2(veth0_to_bond) entered blocking state [ 585.193233][T13978] bridge2: port 2(veth0_to_bond) entered disabled state [ 585.236509][T13978] device veth0_to_bond entered promiscuous mode [ 589.693891][T14036] siw: device registration error -23 [ 590.360499][ T4290] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 590.375513][ T4290] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 590.398078][ T4290] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 590.407002][ T4290] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 590.415830][ T4290] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 590.426119][ T4290] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 590.536912][T14033] lo speed is unknown, defaulting to 1000 [ 590.558550][T14033] virt_wifi0 speed is unknown, defaulting to 1000 [ 590.730505][T14059] tipc: Enabling of bearer rejected, failed to enable media [ 592.368493][T14033] chnl_net:caif_netlink_parms(): no params data found [ 593.317300][ T4290] Bluetooth: hci1: command 0x0409 tx timeout [ 593.662900][ T26] audit: type=1326 audit(1781910472.812:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 593.859504][T14033] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.030215][T14033] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.043071][ T26] audit: type=1326 audit(1781910472.842:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.284051][T14033] device bridge_slave_0 entered promiscuous mode [ 594.333997][T14033] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.341797][T14033] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.350113][T14033] device bridge_slave_1 entered promiscuous mode [ 594.432999][ T26] audit: type=1326 audit(1781910472.842:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.476410][T14033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 594.488655][T14033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 594.570644][ T26] audit: type=1326 audit(1781910472.862:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.623481][ T26] audit: type=1326 audit(1781910472.862:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.652126][T14033] team0: Port device team_slave_0 added [ 594.678507][ T26] audit: type=1326 audit(1781910472.862:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.723867][T14033] team0: Port device team_slave_1 added [ 594.760867][ T26] audit: type=1326 audit(1781910472.872:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.835359][ T26] audit: type=1326 audit(1781910472.872:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 594.924511][T14033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 594.983487][T14033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.031388][ T26] audit: type=1326 audit(1781910472.872:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 595.095163][ T26] audit: type=1326 audit(1781910472.872:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14091 comm="syz.7.2984" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c6099ce59 code=0x7ffc0000 [ 595.103677][T14033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 595.361579][ T4290] Bluetooth: hci1: command 0x041b tx timeout [ 595.560898][T14033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 595.690545][T14033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.842733][T14033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 595.905837][T14033] device hsr_slave_0 entered promiscuous mode [ 595.943263][T14033] device hsr_slave_1 entered promiscuous mode [ 596.140438][T14033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 596.194186][T14033] Cannot create hsr debugfs directory [ 597.451436][ T4289] Bluetooth: hci1: command 0x040f tx timeout [ 597.537626][T14033] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 597.548393][T14033] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 597.560699][T14033] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 597.573609][T14033] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 597.719514][T14033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 597.741551][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 597.770856][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 597.784403][T14033] 8021q: adding VLAN 0 to HW filter on device team0 [ 597.803348][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 597.820400][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 597.830572][T11663] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.837770][T11663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 597.859040][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 597.868440][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 597.880972][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 597.890381][T11663] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.897588][T11663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 598.187344][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 598.222586][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 599.205417][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 599.231172][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 599.241095][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 599.295856][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 599.319530][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 599.440366][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 599.479755][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 599.541446][ T4289] Bluetooth: hci1: command 0x0419 tx timeout [ 599.609167][T14033] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 600.070302][T14033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 600.246134][T12465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 600.276981][T12465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 600.829927][T14180] Process accounting resumed [ 601.850880][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 601.889359][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 601.972708][T14033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 604.399664][T14253] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 604.470038][ T4593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 604.500821][ T4593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 604.556810][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 604.573400][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 604.603004][T14033] device veth0_vlan entered promiscuous mode [ 604.613625][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 604.636535][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 604.667585][T14033] device veth1_vlan entered promiscuous mode [ 604.714786][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 604.728644][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 604.740258][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 604.756329][T10012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 604.771039][T14033] device veth0_macvtap entered promiscuous mode [ 604.791165][T14033] device veth1_macvtap entered promiscuous mode [ 604.828772][T14033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 604.836896][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 604.853340][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 604.878639][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 604.905791][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 604.942512][T14033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 604.965390][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 604.980560][T11227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 605.010719][T14033] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.039698][T14033] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.068813][T14033] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.101561][T14033] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.469363][T10012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 605.579013][T10012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.637584][T14274] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3019'. [ 605.773186][T14274] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3019'. [ 606.016046][T14274] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3019'. [ 606.135572][T14274] netlink: 2 bytes leftover after parsing attributes in process `syz.7.3019'. [ 606.170750][T14274] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3019'. [ 606.202495][T14280] overlayfs: failed to clone upperpath [ 606.243366][ T4932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 606.333866][T14277] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3019'. [ 606.390220][ T8281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.418874][ T8281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.442229][ T8281] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 606.632348][T14285] capability: warning: `syz.4.3022' uses 32-bit capabilities (legacy support in use) [ 606.749352][ T26] kauditd_printk_skb: 54 callbacks suppressed [ 606.749370][ T26] audit: type=1326 audit(1781910485.892:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.362767][ T26] audit: type=1326 audit(1781910486.162:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.387674][ T26] audit: type=1326 audit(1781910486.272:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.431945][ T26] audit: type=1326 audit(1781910486.282:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.521948][ T26] audit: type=1326 audit(1781910486.292:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.547396][ T26] audit: type=1326 audit(1781910486.322:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.593525][ T26] audit: type=1326 audit(1781910486.322:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 607.691780][ T26] audit: type=1326 audit(1781910486.332:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 608.590738][ T26] audit: type=1326 audit(1781910486.352:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 608.625263][ T26] audit: type=1326 audit(1781910486.362:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14291 comm="syz.3.3025" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x7ffc0000 [ 609.752754][T14327] device syzkaller0 entered promiscuous mode [ 609.932142][T14327] tipc: Started in network mode [ 609.937414][T14327] tipc: Node identity 3ee1ec6de94a, cluster identity 4711 [ 609.952456][T14327] tipc: Enabled bearer , priority 0 [ 610.098642][T14325] tipc: Resetting bearer [ 611.053376][T14325] tipc: Disabling bearer [ 611.342498][ T129] tipc: Node number set to 3618368621 [ 614.693193][T14380] tipc: Enabling of bearer rejected, failed to enable media [ 615.137652][T14390] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3049'. [ 615.242169][T14390] bond10: (slave ip_vti0): The slave device specified does not support setting the MAC address [ 615.340522][T14390] bond10: (slave ip_vti0): Error -95 calling set_mac_address [ 616.317673][T14430] tipc: Enabling of bearer rejected, failed to enable media [ 617.321833][T14446] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3061'. [ 618.169029][T14446] 8021q: adding VLAN 0 to HW filter on device bond11 [ 618.279603][T14451] device macvlan2 entered promiscuous mode [ 618.293037][T14451] device bond11 entered promiscuous mode [ 618.299649][T14451] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 618.363704][T14451] device bond11 left promiscuous mode [ 618.957821][T14475] team0: Unable to change to the same mode the team is in [ 619.642167][T14498] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3074'. [ 620.535425][T14503] device bond4 entered promiscuous mode [ 621.383439][T14534] xt_recent: hitcount (33554435) is larger than allowed maximum (255) [ 623.387494][T14561] netlink: 212884 bytes leftover after parsing attributes in process `syz.4.3089'. [ 623.669343][T14562] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3090'. [ 623.969327][T14562] device ip6gre1 entered promiscuous mode [ 623.975963][T14558] 9pnet: p9_errstr2errno: server reported unknown error 'I$۷= [ 624.167285][T14570] netlink: 'syz.4.3093': attribute type 4 has an invalid length. [ 624.187495][T14562] netlink: 'syz.7.3090': attribute type 6 has an invalid length. [ 624.212128][T14562] netlink: 72 bytes leftover after parsing attributes in process `syz.7.3090'. [ 624.376996][T14576] netlink: 'syz.4.3093': attribute type 4 has an invalid length. [ 628.767248][T14616] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3106'. [ 629.525043][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.531582][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.704574][T14623] netlink: 'syz.4.3109': attribute type 1 has an invalid length. [ 630.910804][T14623] 8021q: adding VLAN 0 to HW filter on device bond6 [ 631.097836][T14643] netlink: 'syz.7.3113': attribute type 11 has an invalid length. [ 632.633728][T14659] loop9: detected capacity change from 0 to 256 [ 633.019843][T14659] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xf3da6b1f, utbl_chksum : 0xe619d30d) [ 634.467104][T14680] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3122'. [ 635.444281][T14692] device bond5 entered promiscuous mode [ 644.714844][T14817] loop9: detected capacity change from 0 to 128 [ 644.733077][T14817] ext4: Unknown parameter 'fsmagic' [ 647.557909][T14835] xt_hashlimit: size too large, truncated to 1048576 [ 652.288165][T14892] 9pnet: p9_errstr2errno: server reported unknown error 'I$۷= [ 652.616535][T14908] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3181'. [ 653.458437][T14930] ip6t_srh: unknown srh invflags 4449 [ 653.998356][T14931] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000009 [ 657.028633][T14960] netlink: 'syz.3.3192': attribute type 2 has an invalid length. [ 657.184425][T14960] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3192'. [ 657.941091][T14980] xt_nat: multiple ranges no longer supported [ 659.431430][ T4321] usb 10-1: new full-speed USB device number 2 using dummy_hcd [ 660.390556][ T4321] usb 10-1: config 0 has an invalid interface number: 214 but max is 0 [ 660.409240][ T4321] usb 10-1: config 0 has no interface number 0 [ 660.419855][ T4321] usb 10-1: config 0 interface 214 altsetting 0 has an invalid endpoint with address 0x1B, skipping [ 660.450970][ T4321] usb 10-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 660.491341][ T4321] usb 10-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 660.519995][ T4321] usb 10-1: Manufacturer: syz [ 660.560553][ T4321] usb 10-1: SerialNumber: syz [ 660.623055][ T4321] usb 10-1: config 0 descriptor?? [ 661.762174][T15035] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3206'. [ 662.563685][T15051] xt_TCPMSS: Only works on TCP SYN packets [ 664.651593][ T4600] usb 10-1: USB disconnect, device number 2 [ 664.967144][T15098] bridge0: port 1(erspan0) entered blocking state [ 664.991430][T15098] bridge0: port 1(erspan0) entered disabled state [ 665.009491][T15098] device erspan0 entered promiscuous mode [ 665.027232][T15099] device erspan0 left promiscuous mode [ 665.041544][T15099] bridge0: port 1(erspan0) entered disabled state [ 665.202015][ T26] kauditd_printk_skb: 25 callbacks suppressed [ 665.202032][ T26] audit: type=1326 audit(1781910544.352:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15102 comm="syz.3.3222" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f349899ce59 code=0x0 [ 665.841698][T15113] 9pnet_virtio: no channels available for device 127.0.0.1 [ 665.891879][ T26] audit: type=1326 audit(1781910544.982:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15102 comm="syz.3.3222" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f349899ce59 code=0x0 [ 666.354148][T15120] loop9: detected capacity change from 0 to 512 [ 666.435621][T15120] [ 666.438036][T15120] ====================================================== [ 666.445094][T15120] WARNING: possible circular locking dependency detected [ 666.452172][T15120] syzkaller #0 Not tainted [ 666.456636][T15120] ------------------------------------------------------ [ 666.463677][T15120] syz.9.3225/15120 is trying to acquire lock: [ 666.469848][T15120] ffff888062392c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x213/0x2e70 [ 666.480068][T15120] [ 666.480068][T15120] but task is already holding lock: [ 666.487475][T15120] ffff88804bab94d8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3f6/0x760 [ 666.497410][T15120] [ 666.497410][T15120] which lock already depends on the new lock. [ 666.497410][T15120] [ 666.507829][T15120] [ 666.507829][T15120] the existing dependency chain (in reverse order) is: [ 666.516874][T15120] [ 666.516874][T15120] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 666.524549][T15120] down_write+0x36/0x60 [ 666.529318][T15120] ext4_destroy_inline_data+0x24/0xe0 [ 666.535250][T15120] ext4_writepages+0x599/0x2e70 [ 666.540655][T15120] do_writepages+0x3c6/0x640 [ 666.545905][T15120] __writeback_single_inode+0x153/0x1170 [ 666.552154][T15120] writeback_sb_inodes+0xad5/0x17f0 [ 666.557917][T15120] wb_writeback+0x470/0xd40 [ 666.563015][T15120] wb_workfn+0x423/0xee0 [ 666.567813][T15120] process_one_work+0x8ab/0x1160 [ 666.573446][T15120] worker_thread+0xaf5/0x12a0 [ 666.578682][T15120] kthread+0x29d/0x330 [ 666.583343][T15120] ret_from_fork+0x1f/0x30 [ 666.588328][T15120] [ 666.588328][T15120] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 666.596826][T15120] __lock_acquire+0x2c92/0x7bd0 [ 666.602336][T15120] lock_acquire+0x1bb/0x4a0 [ 666.607387][T15120] percpu_down_read+0x44/0x1a0 [ 666.612697][T15120] ext4_writepages+0x213/0x2e70 [ 666.618108][T15120] do_writepages+0x3c6/0x640 [ 666.623250][T15120] __writeback_single_inode+0x153/0x1170 [ 666.629520][T15120] writeback_single_inode+0x3d2/0x8e0 [ 666.635463][T15120] write_inode_now+0x17f/0x210 [ 666.640776][T15120] iput+0x643/0x9c0 [ 666.645169][T15120] ext4_xattr_block_set+0x2224/0x2fe0 [ 666.651172][T15120] ext4_expand_extra_isize_ea+0xfca/0x1d40 [ 666.657538][T15120] __ext4_expand_extra_isize+0x301/0x3e0 [ 666.663724][T15120] __ext4_mark_inode_dirty+0x478/0x760 [ 666.669840][T15120] ext4_evict_inode+0xa67/0x10e0 [ 666.675330][T15120] evict+0x4b6/0x8b0 [ 666.679778][T15120] ext4_orphan_cleanup+0xc32/0x1470 [ 666.685534][T15120] ext4_fill_super+0x6f0c/0x78f0 [ 666.691017][T15120] get_tree_bdev+0x3e6/0x610 [ 666.696207][T15120] vfs_get_tree+0x88/0x270 [ 666.701179][T15120] do_new_mount+0x247/0xa40 [ 666.706239][T15120] __se_sys_mount+0x2e3/0x3d0 [ 666.711493][T15120] do_syscall_64+0x4c/0xa0 [ 666.716481][T15120] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 666.722962][T15120] [ 666.722962][T15120] other info that might help us debug this: [ 666.722962][T15120] [ 666.733210][T15120] Possible unsafe locking scenario: [ 666.733210][T15120] [ 666.740697][T15120] CPU0 CPU1 [ 666.746099][T15120] ---- ---- [ 666.751486][T15120] lock(&ei->xattr_sem); [ 666.755858][T15120] lock(&sbi->s_writepages_rwsem); [ 666.763601][T15120] lock(&ei->xattr_sem); [ 666.770477][T15120] lock(&sbi->s_writepages_rwsem); [ 666.775702][T15120] [ 666.775702][T15120] *** DEADLOCK *** [ 666.775702][T15120] [ 666.783861][T15120] 3 locks held by syz.9.3225/15120: [ 666.789088][T15120] #0: ffff8880623900e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x1fb/0x930 [ 666.799319][T15120] #1: ffff888062390650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x431/0x10e0 [ 666.808843][T15120] #2: ffff88804bab94d8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3f6/0x760 [ 666.819153][T15120] [ 666.819153][T15120] stack backtrace: [ 666.825109][T15120] CPU: 1 PID: 15120 Comm: syz.9.3225 Not tainted syzkaller #0 [ 666.832588][T15120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 666.842674][T15120] Call Trace: [ 666.846080][T15120] [ 666.849033][T15120] dump_stack_lvl+0x188/0x24e [ 666.853783][T15120] ? load_image+0x410/0x410 [ 666.858343][T15120] ? show_regs_print_info+0x12/0x12 [ 666.863661][T15120] ? print_circular_bug+0x12b/0x1a0 [ 666.868890][T15120] check_noncircular+0x296/0x330 [ 666.873867][T15120] ? look_up_lock_class+0x75/0x140 [ 666.879032][T15120] ? add_chain_block+0x9b0/0x9b0 [ 666.884007][T15120] ? lockdep_lock+0xf1/0x1f0 [ 666.888634][T15120] ? _find_first_zero_bit+0xd2/0x100 [ 666.893966][T15120] __lock_acquire+0x2c92/0x7bd0 [ 666.898854][T15120] ? __lock_acquire+0x130c/0x7bd0 [ 666.904003][T15120] ? verify_lock_unused+0x140/0x140 [ 666.909236][T15120] ? mark_lock+0x94/0x320 [ 666.913612][T15120] ? __lock_acquire+0x13e3/0x7bd0 [ 666.918708][T15120] lock_acquire+0x1bb/0x4a0 [ 666.923268][T15120] ? ext4_writepages+0x213/0x2e70 [ 666.928415][T15120] ? __might_sleep+0xd0/0xd0 [ 666.933092][T15120] ? read_lock_is_recursive+0x10/0x10 [ 666.938507][T15120] ? mark_lock+0x94/0x320 [ 666.942882][T15120] percpu_down_read+0x44/0x1a0 [ 666.947683][T15120] ? ext4_writepages+0x213/0x2e70 [ 666.952741][T15120] ext4_writepages+0x213/0x2e70 [ 666.957632][T15120] ? stack_trace_save+0xf0/0xf0 [ 666.962581][T15120] ? arch_stack_walk+0xf2/0x140 [ 666.967476][T15120] ? stack_trace_save+0xa6/0xf0 [ 666.972531][T15120] ? verify_lock_unused+0x140/0x140 [ 666.977760][T15120] ? mark_lock+0x94/0x320 [ 666.982129][T15120] ? __lock_acquire+0x130c/0x7bd0 [ 666.987188][T15120] ? ext4_read_folio+0x370/0x370 [ 666.992159][T15120] ? mark_lock+0x94/0x320 [ 666.996521][T15120] ? __lock_acquire+0x13e3/0x7bd0 [ 667.001585][T15120] ? __lock_acquire+0x7bd0/0x7bd0 [ 667.006644][T15120] ? do_raw_spin_lock+0x128/0x2f0 [ 667.011752][T15120] ? do_raw_spin_unlock+0x11d/0x230 [ 667.016979][T15120] ? ext4_read_folio+0x370/0x370 [ 667.021953][T15120] do_writepages+0x3c6/0x640 [ 667.026682][T15120] ? __writepage+0x130/0x130 [ 667.031469][T15120] ? writeback_single_inode+0x3c7/0x8e0 [ 667.037051][T15120] ? __lock_acquire+0x7bd0/0x7bd0 [ 667.042123][T15120] ? do_raw_spin_lock+0x128/0x2f0 [ 667.047189][T15120] __writeback_single_inode+0x153/0x1170 [ 667.052884][T15120] writeback_single_inode+0x3d2/0x8e0 [ 667.058297][T15120] ? write_inode_now+0x210/0x210 [ 667.063272][T15120] write_inode_now+0x17f/0x210 [ 667.068067][T15120] ? bdi_split_work_to_wbs+0x8f0/0x8f0 [ 667.073741][T15120] ? ext4_xattr_inode_update_ref+0x41b/0x560 [ 667.079849][T15120] ? do_raw_spin_unlock+0x11d/0x230 [ 667.085163][T15120] iput+0x643/0x9c0 [ 667.089003][T15120] ext4_xattr_block_set+0x2224/0x2fe0 [ 667.094428][T15120] ? ext4_xattr_block_find+0x2c0/0x2c0 [ 667.099926][T15120] ? xattr_find_entry+0x2a6/0x2f0 [ 667.104979][T15120] ? ext4_xattr_block_find+0xd7/0x2c0 [ 667.110387][T15120] ext4_expand_extra_isize_ea+0xfca/0x1d40 [ 667.116238][T15120] __ext4_expand_extra_isize+0x301/0x3e0 [ 667.121992][T15120] __ext4_mark_inode_dirty+0x478/0x760 [ 667.127494][T15120] ext4_evict_inode+0xa67/0x10e0 [ 667.132474][T15120] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 667.138400][T15120] ? do_raw_spin_unlock+0x11d/0x230 [ 667.143739][T15120] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 667.149771][T15120] evict+0x4b6/0x8b0 [ 667.153719][T15120] ? proc_nr_inodes+0x2f0/0x2f0 [ 667.158604][T15120] ? do_raw_spin_unlock+0x11d/0x230 [ 667.163839][T15120] ? _raw_spin_unlock+0x24/0x40 [ 667.168732][T15120] ? iput+0x79f/0x9c0 [ 667.172745][T15120] ext4_orphan_cleanup+0xc32/0x1470 [ 667.177987][T15120] ? ext4_orphan_del+0xc90/0xc90 [ 667.182957][T15120] ? ext4_register_sysfs+0x27e/0x2c0 [ 667.188270][T15120] ? errseq_check_and_advance+0x62/0x120 [ 667.193933][T15120] ext4_fill_super+0x6f0c/0x78f0 [ 667.198916][T15120] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 667.205280][T15120] ? set_blocksize+0x1d0/0x470 [ 667.210162][T15120] ? sb_set_blocksize+0xa5/0xe0 [ 667.215052][T15120] get_tree_bdev+0x3e6/0x610 [ 667.219692][T15120] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 667.225970][T15120] vfs_get_tree+0x88/0x270 [ 667.230434][T15120] do_new_mount+0x247/0xa40 [ 667.234989][T15120] __se_sys_mount+0x2e3/0x3d0 [ 667.239733][T15120] ? __x64_sys_mount+0xc0/0xc0 [ 667.244527][T15120] ? lockdep_hardirqs_on+0x94/0x140 [ 667.249757][T15120] ? __x64_sys_mount+0x1c/0xc0 [ 667.254564][T15120] do_syscall_64+0x4c/0xa0 [ 667.259035][T15120] ? clear_bhb_loop+0x60/0xb0 [ 667.263778][T15120] ? clear_bhb_loop+0x60/0xb0 [ 667.268484][T15120] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 667.274442][T15120] RIP: 0033:0x7fb07bd9e0ca [ 667.278986][T15120] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 667.298794][T15120] RSP: 002b:00007fb07cb6de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 667.307238][T15120] RAX: ffffffffffffffda RBX: 00007fb07cb6dee0 RCX: 00007fb07bd9e0ca [ 667.315235][T15120] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fb07cb6dea0 [ 667.323234][T15120] RBP: 0000200000000180 R08: 00007fb07cb6dee0 R09: 0000000000000000 [ 667.331233][T15120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 667.339249][T15120] R13: 00007fb07cb6dea0 R14: 000000000000047a R15: 000000000000002c [ 667.347261][T15120] [ 667.397662][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:401: inode #11: comm syz.9.3225: iget: bad extra_isize 58 (inode size 256) [ 667.435792][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.462921][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:406: comm syz.9.3225: error while reading EA inode 11 err=-117 [ 667.501589][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.522133][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:401: inode #11: comm syz.9.3225: iget: bad extra_isize 58 (inode size 256) [ 667.556297][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.572851][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:406: comm syz.9.3225: error while reading EA inode 11 err=-117 [ 667.603311][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.620249][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:401: inode #18: comm syz.9.3225: iget: bad extra_isize 58 (inode size 256) [ 667.646749][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.666710][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:406: comm syz.9.3225: error while reading EA inode 18 err=-117 [ 667.703406][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.710201][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:401: inode #18: comm syz.9.3225: iget: bad extra_isize 58 (inode size 256) [ 667.743292][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.749954][T15120] EXT4-fs error (device loop9): ext4_xattr_inode_iget:406: comm syz.9.3225: error while reading EA inode 18 err=-117 [ 667.771555][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.778270][T15120] EXT4-fs (loop9): 1 orphan inode deleted [ 667.803049][T15120] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 667.873943][T15120] EXT4-fs error (device loop9): __ext4_iget:5102: inode #14: block 1886221359: comm syz.9.3225: invalid block [ 667.907514][T15120] EXT4-fs (loop9): Remounting filesystem read-only [ 667.974899][T14033] EXT4-fs (loop9): unmounting filesystem.