last executing test programs: 4m5.327279287s ago: executing program 1 (id=38): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0x3000000) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r1 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x1e9) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 4m3.378890938s ago: executing program 1 (id=45): pipe2(&(0x7f0000000200), 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5000, 0x3, &(0x7f0000ffb000/0x5000)=nil) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000180)='./mnt\x00', 0x0, &(0x7f00000001c0)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@commit}]}, 0x1, 0x241, &(0x7f00000007c0)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x108b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="050000000000", @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0], 0x48}}, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="050000"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8800) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 4m1.927203726s ago: executing program 1 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x310) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040), 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) nanosleep(&(0x7f0000000040), 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x3, 0x0, 0xfffd, 0xa, 0x0, 0x20, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x184, 0x5, [{{@in=@dev={0xac, 0x14, 0x14, 0x3b}, 0x4d3, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x3, 0x0, 0xff, 0x0, 0x1000}, {{@in6=@private2, 0x0, 0x2b}, 0x0, @in=@local, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x1, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0x2, @in6=@mcast2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x278b6a28}, {{@in6=@empty, 0x0, 0x3c}, 0x2, @in=@loopback, 0xffffffff}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x3c}, 0xa, @in6=@mcast1, 0x0, 0x4}]}]}, 0x23c}, 0x1, 0x0, 0x0, 0x4158}, 0x0) preadv(r5, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000340)=""/54, 0x36}], 0x2, 0x5b, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000400)="e67da3387d6c52262f2c520a55255d097e61fdc11c233737968518b6", 0x6, r4}, 0x38) 3m59.302446332s ago: executing program 1 (id=60): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ff"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) 3m58.966732634s ago: executing program 1 (id=62): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000403810101400000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x7, {[@main=@item_012={0x1, 0x0, 0xa, "9c"}, @local=@item_4={0x3, 0x2, 0x2, "9b175419"}]}}, 0x0}, 0x0) 3m56.4381435s ago: executing program 1 (id=69): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r6}, 0x10) write$binfmt_aout(r4, 0x0, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket$inet6(0x10, 0x3, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, r10}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PMTUDISC={0x5}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) write(r8, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) 3m41.380615009s ago: executing program 32 (id=69): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r6}, 0x10) write$binfmt_aout(r4, 0x0, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket$inet6(0x10, 0x3, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, r10}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PMTUDISC={0x5}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) write(r8, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) 14.758607973s ago: executing program 4 (id=628): r0 = socket$netlink(0x10, 0x3, 0x14) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) 14.427547165s ago: executing program 4 (id=632): socketpair$unix(0x1, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, 0x0}, 0x20040010) io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x0, 0x0, 0x2}}, 0x0, 0x0}}) fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) r3 = socket$inet(0xa, 0x801, 0x84) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES64=r3], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r5 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000000000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x98}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040) prlimit64(0x0, 0x7, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x7, 0x2c, 0x0, @remote, @local, {[], {{0x400, 0xffff, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc0}}}}}}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() 11.604037594s ago: executing program 5 (id=641): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x80, &(0x7f00000008c0)=ANY=[], 0x1, 0x1b1, &(0x7f0000000280)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f600009500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) renameat2(r4, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000280)='.\x02\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x22, 0x0, &(0x7f0000000040)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$nl_generic(0x10, 0x3, 0x10) unlink(&(0x7f0000001ac0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r6, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f0000003240), 0x4000000000000e4, 0xf4) 11.476006495s ago: executing program 5 (id=642): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) socket(0x10, 0x803, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) socket(0xa, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101402) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, &(0x7f00000000c0)=0x58, 0x10) 11.329173055s ago: executing program 4 (id=644): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}, 0x1, 0x0, 0x0, 0x4008850}, 0x40) 11.106217387s ago: executing program 4 (id=645): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xffffffffffffffb0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, 0x0, 0x5, 0x4002) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x33}, 0xe70bdd3d34fcba6) r3 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x44) r4 = syz_io_uring_setup(0xbdf, &(0x7f0000000000)={0x0, 0x6d0a, 0x80, 0xfffffff9, 0x40000331, 0x0, r3}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r4, 0x847ba, 0x2000, 0xe, 0x0, 0x0) syz_io_uring_complete(r5) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0) sched_setattr(0x0, 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r7, 0x11, 0x0, 0x0, &(0x7f0000000040)) r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}}) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000011008b88040f80cb59acbc0413a1f8480f0000005e2900421803001825e60a001402000002800000121f", 0x2e}], 0x1}, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000000005000000480311802e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010) 9.13311659s ago: executing program 0 (id=651): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000010000107000000000000fd000a000000"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095", @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) r1 = open(0x0, 0x14000, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000004c0)='sched_switch\x00', r1}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) mount$overlay(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)={[{@redirect_dir_nofollow}, {@redirect_dir_on}], [{@fowner_gt={'fowner>', r3}}, {@fsname={'fsname', 0x3d, '/dev/fuse\x00'}}]}) chroot(&(0x7f0000000000)='./bus\x00') syz_open_dev$tty1(0xc, 0x4, 0x1) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x9, 0x0, 0x7ffc0002}]}) 8.737142042s ago: executing program 0 (id=653): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x80, &(0x7f00000008c0)=ANY=[], 0x1, 0x1b1, &(0x7f0000000280)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f600009500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) renameat2(r4, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000280)='.\x02\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x22, 0x0, &(0x7f0000000040)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$nl_generic(0x10, 0x3, 0x10) unlink(&(0x7f0000001ac0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r6, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f0000003240), 0x4000000000000e4, 0xf4) 8.269060695s ago: executing program 5 (id=654): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a30000000005c000000030a030000000000000000000300000009000b0073797a30000000000900010073797a300000000014000480080002400000000008000140000000001c0008800c00024000000000000000000c0001"], 0xcc}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 8.108982766s ago: executing program 5 (id=655): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x1d, 0xa, 0xa, 0x0, 0x0, 0x61, 0x10, 0x10}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 7.998998497s ago: executing program 0 (id=656): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) 7.950248697s ago: executing program 3 (id=657): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r4, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0xc, 0xa13ca8e5839881af, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 6.913657914s ago: executing program 3 (id=658): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000200)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, r1, 0xc0c0c0c0}) 6.758742505s ago: executing program 5 (id=659): connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fsopen(&(0x7f0000000000)='udf\x00', 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000600)={0x0, 0x6, 0x3, 0x1, 0x40}) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001400010000000000000000c903000080080002"], 0x1c}], 0x1, 0x0, 0x0, 0x100}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) 6.634440556s ago: executing program 3 (id=660): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82) prlimit64(0x0, 0x7, &(0x7f00000003c0)={0x7, 0x10003}, 0x0) r2 = fanotify_init(0x81, 0x40000) fanotify_mark(r2, 0x105, 0x40001032, r1, 0x0) read$FUSE(r2, &(0x7f0000002300)={0x2020}, 0x2020) open(&(0x7f0000000140)='./bus\x00', 0x143bc2, 0x1c0) connect$inet6(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 6.553183656s ago: executing program 0 (id=661): r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') r1 = dup(r0) ioctl$sock_SIOCADDRT(r1, 0x890b, 0x0) 6.517267337s ago: executing program 3 (id=662): r0 = syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a001000010000090588"], 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x6000000, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.465989577s ago: executing program 2 (id=663): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000010000107000000000000fd000a000000"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095", @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) r1 = open(0x0, 0x14000, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000004c0)='sched_switch\x00', r1}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) mount$overlay(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)={[{@redirect_dir_nofollow}, {@redirect_dir_on}], [{@fowner_gt={'fowner>', r3}}, {@fsname={'fsname', 0x3d, '/dev/fuse\x00'}}]}) chroot(&(0x7f0000000000)='./bus\x00') syz_open_dev$tty1(0xc, 0x4, 0x1) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x9, 0x0, 0x7ffc0002}]}) 6.370172558s ago: executing program 0 (id=664): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x310) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffff", 0x9) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) nanosleep(&(0x7f0000000040), 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x3, 0x0, 0xfffd, 0xa, 0x0, 0x20, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x144, 0x5, [{{@in=@dev={0xac, 0x14, 0x14, 0x3b}, 0x4d3, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x3, 0x0, 0xff, 0x0, 0x1000}, {{@in6=@private2, 0x0, 0x2b}, 0x0, @in=@local, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x1, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0x2, @in6=@mcast2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x278b6a28}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x3c}, 0xa, @in6=@mcast1, 0x0, 0x4}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4158}, 0x0) preadv(r5, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000340)=""/54, 0x36}], 0x2, 0x5b, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000400)="e67da3387d6c52262f2c520a55255d097e61fdc11c233737968518b6", 0x6, r4}, 0x38) 5.435504094s ago: executing program 0 (id=665): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) socket(0x10, 0x803, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) socket(0xa, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101402) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, &(0x7f00000000c0)=0x58, 0x10) 5.376120974s ago: executing program 2 (id=666): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0x80044dfe, &(0x7f0000000080)) 5.208161775s ago: executing program 2 (id=667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x80, &(0x7f00000008c0)=ANY=[], 0x1, 0x1b1, &(0x7f0000000280)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f600009500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) renameat2(r4, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000280)='.\x02\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x22, 0x0, &(0x7f0000000040)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$nl_generic(0x10, 0x3, 0x10) unlink(&(0x7f0000001ac0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r6, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f0000003240), 0x4000000000000e4, 0xf4) 5.032703637s ago: executing program 2 (id=668): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000500)=0x40, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c) sendmmsg$inet(r0, &(0x7f0000003a00)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000004c0)="f4de585a84f6894b16fc806f412cf93901d1f91e41579014244919a3af2f6a53d9b4922120e88859028e09ba2d4d2846e82d7a", 0x33}, {0x0}, {0x0}], 0x51, &(0x7f0000000b00)=[@ip_ttl={{0x14}}], 0x18}}, {{0x0, 0x0, 0x0}}, {{&(0x7f0000000540)={0x2, 0x4e24, @loopback}, 0x10, 0x0, 0xfffffffffffffee3, &(0x7f00000039c0)}}], 0x3, 0x10814) 4.766569608s ago: executing program 2 (id=669): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0xd, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) write$cgroup_pressure(r4, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000001100), 0x80942, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000b80)={{{@in=@dev, @in=@local}}, {{@in=@multicast1}, 0x0, @in=@broadcast}}, &(0x7f0000000c80)=0xe8) 4.765156108s ago: executing program 4 (id=670): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x1e4, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e22, 0x1cc, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76df434e4ec536c04816b127eb525176f5737b934b37a9d109ea3aa64d0fb30013becb29f6a39d4cbdbc4e2540996ed75b90498301c99df853d4baac4654e6f1a06cf03a87aa2d2d74199bcafa0dc84a8ea112fba51687b8727bb905c7b42a0c9b26559b4ecc397c6a33731df0fca1aee35968435e8129f8e6d52a0754fcaa693706c4557af6be8821983e702fdd3dac90b6cbe00b1fe59f5bcd890dbb87c0d8d80ba8727e4ff6b89af3ecda43705a9dc113396c950947e85193eabe1364909509babcad37d21392d071480ff4f69dc5db442263d4608ff94e5157c65bb35c3f4a7af6bfb562a317cf13292abdbd5ac3f31d47da6fe5e8be324c78b37e2f351955bbf5f18f86a0cd98d68dca14aea59917ce05e0dc0e3a2033d22a506109db846c49f8c7d575c02349736311e40bc497c9a7da1fe4f94d8e601a5cff4cbd63ed730a01c7f07dd74d603b951557b93e551b0e028232412d568dadc29c2c9e01ca85b83d779cd3b918f9c73ba471ee9079fc42b511b45c3d4f80a46f8e9ad22a05e"}}}}, 0x1f2) 4.45726652s ago: executing program 2 (id=671): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x881) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140), 0x4) r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r5, 0x10f, 0x81, &(0x7f0000000040)=0x10, 0x4) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x19033) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, 0x0, &(0x7f0000000080)) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r6}, 0x38) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xe) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) 2.014563646s ago: executing program 3 (id=672): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) 26.351049ms ago: executing program 4 (id=673): r0 = timerfd_create(0x7, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x3c) timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1) 26.0692ms ago: executing program 5 (id=674): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x8e, 0x0, 0x0) 0s ago: executing program 3 (id=675): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x310) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffff", 0x9) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) nanosleep(&(0x7f0000000040), 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x3, 0x0, 0xfffd, 0xa, 0x0, 0x20, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x144, 0x5, [{{@in=@dev={0xac, 0x14, 0x14, 0x3b}, 0x4d3, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x3, 0x0, 0xff, 0x0, 0x1000}, {{@in6=@private2, 0x0, 0x2b}, 0x0, @in=@local, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x1, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0x2, @in6=@mcast2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x278b6a28}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x3c}, 0xa, @in6=@mcast1, 0x0, 0x4}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4158}, 0x0) preadv(r5, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000340)=""/54, 0x36}], 0x2, 0x5b, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000400)="e67da3387d6c52262f2c520a55255d097e61fdc11c233737968518b6", 0x6, r4}, 0x38) kernel console output (not intermixed with test programs): oblems! [ 60.403250][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.422230][ T4263] device veth1_macvtap entered promiscuous mode [ 60.450941][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.462124][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.470733][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.483149][ T4266] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.492172][ T4266] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.500983][ T4266] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.510295][ T4266] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.564790][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.577373][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.587460][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.597922][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.609568][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.625711][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.642134][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.656570][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.667372][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.677243][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.687716][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.698875][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.717850][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.727998][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.738445][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.747625][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.758160][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.768935][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.779271][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.790820][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.803587][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.819591][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.834042][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.842393][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.849810][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.859993][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.870913][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.880806][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.891486][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.902306][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.909622][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.920095][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.928854][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.937005][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.945938][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.962548][ T4263] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.972003][ T4263] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.980692][ T4263] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.990082][ T4263] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.021344][ T4283] Bluetooth: hci0: command 0x040f tx timeout [ 61.027765][ T4281] Bluetooth: hci4: command 0x040f tx timeout [ 61.028139][ T4283] Bluetooth: hci1: command 0x040f tx timeout [ 61.041759][ T4267] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.050467][ T4267] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.059969][ T4267] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.068778][ T4267] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.101515][ T4281] Bluetooth: hci3: command 0x040f tx timeout [ 61.101785][ T4283] Bluetooth: hci2: command 0x040f tx timeout [ 61.118362][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.128502][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.160651][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.173047][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.197381][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.212000][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.219228][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.227300][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.238954][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.247465][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.263377][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.272786][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.286368][ T4268] device veth0_vlan entered promiscuous mode [ 61.309383][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.318685][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.328059][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.349308][ T4268] device veth1_vlan entered promiscuous mode [ 61.441571][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.449557][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.483314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 61.493835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 61.521714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.544789][ T4268] device veth0_macvtap entered promiscuous mode [ 61.550314][ T4379] loop1: detected capacity change from 0 to 512 [ 61.564458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.574330][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.590698][ T4268] device veth1_macvtap entered promiscuous mode [ 61.593642][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.619534][ T4379] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 61.637516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.639941][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.655284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.665048][ T4379] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a017c11c, mo2=0002] [ 61.696757][ T4379] System zones: 1-12 [ 61.701797][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.709717][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.736674][ T4379] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2196: inode #15: comm syz.1.2: corrupted in-inode xattr [ 61.756806][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.817424][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.842101][ T4379] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.2: couldn't read orphan inode 15 (err -117) [ 61.872643][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.876369][ T4379] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 61.884669][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.903264][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.914288][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.936737][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.961327][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.977516][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.009218][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.020741][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.035179][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.054998][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.071987][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.096902][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.119711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.153032][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.180503][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.221986][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.237543][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.251353][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.266312][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.278756][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.929696][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.953569][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.968734][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.014225][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.079132][ T4268] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.098125][ T4268] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.107410][ T4281] Bluetooth: hci1: command 0x0419 tx timeout [ 63.107429][ T4283] Bluetooth: hci0: command 0x0419 tx timeout [ 63.113438][ T4281] Bluetooth: hci4: command 0x0419 tx timeout [ 63.128442][ T4268] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.138248][ T4268] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.181686][ T4283] Bluetooth: hci2: command 0x0419 tx timeout [ 63.191315][ T4285] Bluetooth: hci3: command 0x0419 tx timeout [ 63.298664][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 64.388886][ T14] cfg80211: failed to load regulatory.db [ 64.448748][ T4406] loop0: detected capacity change from 0 to 2048 [ 64.577024][ T4406] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 64.797653][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.936900][ T4413] loop1: detected capacity change from 0 to 512 [ 65.062721][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.331342][ T4413] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 65.340632][ T4413] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.451961][ T4413] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.8: bg 0: block 328: padding at end of block bitmap is not set [ 65.997496][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.011152][ C0] sched: RT throttling activated [ 66.143358][ T4404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.155445][ T4404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.205239][ T4392] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.755463][ T4428] netlink: 'syz.2.10': attribute type 27 has an invalid length. [ 67.020404][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 67.031045][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 67.129644][ T4428] loop2: detected capacity change from 0 to 40427 [ 67.459930][ T4428] F2FS-fs (loop2): Unrecognized mount option "whint_mode=user-based" or missing value [ 68.348662][ T4431] loop1: detected capacity change from 0 to 8192 [ 68.952640][ T27] audit: type=1326 audit(1762591042.050:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 69.056066][ T27] audit: type=1326 audit(1762591042.070:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 69.156789][ T27] audit: type=1326 audit(1762591042.070:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 70.571448][ T27] audit: type=1326 audit(1762591042.070:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 70.609062][ T27] audit: type=1326 audit(1762591042.090:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 70.666836][ T27] audit: type=1326 audit(1762591042.090:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 70.738569][ T4450] loop4: detected capacity change from 0 to 512 [ 70.745901][ T27] audit: type=1326 audit(1762591042.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 70.840898][ T4454] loop1: detected capacity change from 0 to 1024 [ 70.843301][ T4450] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 71.083852][ T4450] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a017c11c, mo2=0002] [ 71.149712][ T4450] System zones: 1-12 [ 71.184921][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.191761][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.380156][ T27] audit: type=1326 audit(1762591042.090:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 71.447065][ T27] audit: type=1326 audit(1762591042.090:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 71.469975][ T4450] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2196: inode #15: comm syz.4.5: corrupted in-inode xattr [ 71.507643][ T4450] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.5: couldn't read orphan inode 15 (err -117) [ 71.530089][ T27] audit: type=1326 audit(1762591042.090:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4434 comm="syz.2.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 71.579580][ T4454] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 71.641797][ T4454] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.657909][ T4450] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 71.850631][ T4462] loop0: detected capacity change from 0 to 512 [ 71.977135][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 72.717530][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 73.472880][ T4473] loop4: detected capacity change from 0 to 1024 [ 73.506984][ T4480] loop2: detected capacity change from 0 to 512 [ 73.536153][ T4480] EXT4-fs (loop2): orphan cleanup on readonly fs [ 73.545084][ T4480] EXT4-fs error (device loop2): ext4_acquire_dquot:6809: comm syz.2.16: Failed to acquire dquot type 1 [ 73.550625][ T4473] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.570878][ T4480] EXT4-fs (loop2): 1 truncate cleaned up [ 73.578502][ T4480] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 73.659083][ T4473] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 73.688382][ T4462] EXT4-fs (loop0): Test dummy encryption mode enabled [ 73.714929][ T4462] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 73.811275][ T4462] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 73.864129][ T4462] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.18: bad orphan inode 131083 [ 73.916139][ T4462] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 74.073039][ T4489] loop3: detected capacity change from 0 to 8192 [ 74.151413][ T4451] syz.2.16 (4451) used greatest stack depth: 16896 bytes left [ 74.192883][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 74.330715][ T4495] loop2: detected capacity change from 0 to 512 [ 74.389819][ T4495] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 74.418885][ T4461] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 74.585484][ T4495] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a017c11c, mo2=0002] [ 74.607092][ T4503] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.644290][ T14] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 74.651958][ T4495] System zones: 1-12 [ 74.659558][ T14] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 74.661717][ T4495] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2196: inode #15: comm syz.2.24: corrupted in-inode xattr [ 74.901117][ T4505] netlink: 'syz.3.23': attribute type 27 has an invalid length. [ 76.003365][ T4503] loop1: detected capacity change from 0 to 128 [ 76.022086][ T4495] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.24: couldn't read orphan inode 15 (err -117) [ 76.976559][ T4505] loop3: detected capacity change from 0 to 40427 [ 77.049711][ T4505] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value [ 77.352963][ T4495] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 77.513205][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 77.588928][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 77.662599][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 77.662613][ T27] audit: type=1804 audit(1762591050.760:20): pid=4507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.25" name="/newroot/7/file0/bus" dev="loop1" ino=1048595 res=1 errno=0 [ 77.737312][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 77.986650][ T4506] fido_id[4506]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 78.009971][ T4510] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 79.173592][ T22] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 79.361228][ T22] usb 5-1: Using ep0 maxpacket: 8 [ 79.375106][ T22] usb 5-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 79.399908][ T22] usb 5-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 79.427555][ T22] usb 5-1: config 0 interface 0 has no altsetting 0 [ 79.442754][ T22] usb 5-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 79.462158][ T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.524405][ T22] usb 5-1: config 0 descriptor?? [ 79.929808][ T4537] loop1: detected capacity change from 0 to 512 [ 79.963679][ T4537] EXT4-fs (loop1): orphan cleanup on readonly fs [ 79.971257][ T4537] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 79.982096][ T4537] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 79.991558][ T4537] EXT4-fs error (device loop1): ext4_acquire_dquot:6809: comm syz.1.33: Failed to acquire dquot type 1 [ 80.020901][ T4537] EXT4-fs (loop1): 1 truncate cleaned up [ 80.030992][ T22] gt683r_led 0003:1770:FF00.0002: hidraw0: USB HID vf4.f6 Device [HID 1770:ff00] on usb-dummy_hcd.4-1/input0 [ 80.074763][ T4537] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 80.215449][ T22] usb 5-1: USB disconnect, device number 2 [ 80.272503][ T4326] gt683r_led 0003:1770:FF00.0002: failed to send set report request: -19 [ 80.366239][ T4544] fido_id[4544]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 80.568038][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 81.525262][ T4553] loop1: detected capacity change from 0 to 1024 [ 81.570232][ T4553] EXT4-fs: Ignoring removed nomblk_io_submit option [ 81.660128][ T4560] loop0: detected capacity change from 0 to 128 [ 81.700253][ T4558] loop4: detected capacity change from 0 to 512 [ 81.728488][ T4558] EXT4-fs (loop4): Test dummy encryption mode enabled [ 81.748173][ T4560] tipc: Started in network mode [ 81.754120][ T4560] tipc: Node identity 4, cluster identity 4711 [ 81.760319][ T4560] tipc: Node number set to 4 [ 81.774341][ T4558] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 81.799116][ T4553] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 81.859916][ T4558] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.39: bad orphan inode 131083 [ 81.966090][ T4558] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 82.181739][ T14] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 82.191103][ T4572] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 82.216185][ T14] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 82.590405][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 82.613593][ T4577] loop0: detected capacity change from 0 to 1024 [ 82.705235][ T4577] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 82.721537][ T4577] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.753496][ T4583] loop1: detected capacity change from 0 to 128 [ 82.780001][ T4583] EXT4-fs: Ignoring removed nomblk_io_submit option [ 82.826818][ T4583] EXT4-fs (loop1): Test dummy encryption mode enabled [ 82.947266][ T4583] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 82.976818][ T4583] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 84.325444][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 84.417755][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 84.453385][ T4612] loop2: detected capacity change from 0 to 128 [ 84.469927][ T4612] tipc: Started in network mode [ 84.474902][ T4612] tipc: Node identity 4, cluster identity 4711 [ 84.481059][ T4612] tipc: Node number set to 4 [ 85.189045][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 85.249192][ T4619] capability: warning: `syz.2.56' uses deprecated v2 capabilities in a way that may be insecure [ 85.706089][ T4629] loop0: detected capacity change from 0 to 512 [ 86.534129][ T4632] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 86.641453][ T4429] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 86.741816][ T4639] loop3: detected capacity change from 0 to 256 [ 86.926724][ T4629] EXT4-fs (loop0): 1 orphan inode deleted [ 86.941391][ T4629] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 86.955024][ T4418] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 86.975320][ T4629] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.991431][ T4643] loop4: detected capacity change from 0 to 128 [ 86.998057][ T4418] EXT4-fs error (device loop0): ext4_release_dquot:6845: comm kworker/u4:10: Failed to release dquot type 1 [ 87.014411][ T4643] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.024228][ T4643] EXT4-fs (loop4): Test dummy encryption mode enabled [ 87.034215][ T4643] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 87.052829][ T4429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.071432][ T4429] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 87.093894][ T4643] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 87.100703][ T4429] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.123069][ T4429] usb 3-1: config 0 descriptor?? [ 87.499331][ T22] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 88.032923][ T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.064177][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 88.090330][ T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.121412][ T22] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 88.152190][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.201992][ T22] usb 2-1: config 0 descriptor?? [ 88.500261][ T4429] usbhid 3-1:0.0: can't add hid device: -71 [ 88.513131][ T4429] usbhid: probe of 3-1:0.0 failed with error -71 [ 88.667270][ T22] steelseries_srws1 0003:1038:1410.0004: ignoring exceeding usage max [ 88.794066][ T4429] usb 3-1: USB disconnect, device number 2 [ 88.811061][ T22] steelseries_srws1 0003:1038:1410.0004: unbalanced collection at end of report description [ 88.880862][ T22] steelseries_srws1 0003:1038:1410.0004: parse failed [ 88.917854][ T22] steelseries_srws1: probe of 0003:1038:1410.0004 failed with error -22 [ 89.022691][ T22] usb 2-1: USB disconnect, device number 2 [ 89.125821][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 90.955731][ T4678] Zero length message leads to an empty skb [ 90.971661][ T4678] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 91.302607][ T4659] loop0: detected capacity change from 0 to 40427 [ 91.378447][ T4686] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 91.930890][ T4694] block device autoloading is deprecated and will be removed. [ 92.536764][ T4696] loop0: detected capacity change from 0 to 256 [ 92.576123][ T4698] loop2: detected capacity change from 0 to 128 [ 92.605829][ T4698] EXT4-fs: Ignoring removed nomblk_io_submit option [ 92.622926][ T4698] EXT4-fs (loop2): Test dummy encryption mode enabled [ 92.669734][ T4698] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 92.709248][ T4698] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 93.644018][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 95.319438][ T4731] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 95.610237][ T4735] loop4: detected capacity change from 0 to 128 [ 99.616350][ T4738] loop3: detected capacity change from 0 to 512 [ 99.629824][ T4735] EXT4-fs: failed to create workqueue [ 99.635268][ T4735] EXT4-fs (loop4): mount failed [ 100.032640][ T4738] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 100.042169][ T4738] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.383705][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 101.514789][ T4758] usb usb7: usbfs: process 4758 (syz.2.92) did not claim interface 0 before use [ 102.310145][ T4762] loop3: detected capacity change from 0 to 512 [ 103.149768][ T4772] netlink: 80 bytes leftover after parsing attributes in process `syz.2.95'. [ 104.760538][ T4795] loop2: detected capacity change from 0 to 256 [ 104.794534][ T4795] exfat: Deprecated parameter 'namecase' [ 104.800272][ T4795] exfat: Unknown parameter 'mask' [ 104.950546][ T4264] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 106.062671][ T4803] loop2: detected capacity change from 0 to 256 [ 106.799436][ T4818] loop2: detected capacity change from 0 to 512 [ 106.854634][ T4285] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 106.913420][ T4285] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 106.926064][ T4285] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 106.948494][ T4285] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 106.963048][ T4285] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 106.986372][ T4285] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 107.256796][ T4820] loop0: detected capacity change from 0 to 128 [ 107.666828][ T41] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.802240][ T4834] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 108.110341][ T41] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.169097][ T4816] chnl_net:caif_netlink_parms(): no params data found [ 108.310024][ T41] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.329196][ T4843] loop4: detected capacity change from 0 to 2048 [ 108.452438][ T41] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.504699][ T4852] loop0: detected capacity change from 0 to 256 [ 108.514063][ T4849] loop3: detected capacity change from 0 to 512 [ 108.527615][ T4843] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 108.609751][ T4849] EXT4-fs (loop3): 1 orphan inode deleted [ 108.661609][ T9] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 108.676196][ T4849] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 108.748548][ T9] EXT4-fs error (device loop3): ext4_release_dquot:6845: comm kworker/u4:0: Failed to release dquot type 1 [ 108.767420][ T4849] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.777228][ T4816] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.787182][ T4816] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.830453][ T4816] device bridge_slave_0 entered promiscuous mode [ 110.321530][ T4285] Bluetooth: hci5: command 0x0409 tx timeout [ 110.394887][ T4816] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.489008][ T4816] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.514344][ T4843] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 110.562540][ T4816] device bridge_slave_1 entered promiscuous mode [ 110.595403][ T4843] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 110.607997][ T4843] EXT4-fs (loop4): This should not happen!! Data will be lost [ 110.607997][ T4843] [ 110.647185][ T4843] EXT4-fs (loop4): Total free blocks count 0 [ 110.667248][ T4843] EXT4-fs (loop4): Free/Dirty block details [ 110.687367][ T4843] EXT4-fs (loop4): free_blocks=2415919104 [ 110.694767][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 110.781445][ T4843] EXT4-fs (loop4): dirty_blocks=16 [ 110.786997][ T4843] EXT4-fs (loop4): Block reservation details [ 110.814478][ T4843] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 110.918042][ T4816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.961044][ T4816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.987927][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 111.766341][ T27] audit: type=1326 audit(1762591084.860:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4876 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 111.866038][ T4881] loop4: detected capacity change from 0 to 128 [ 111.872366][ T4883] loop3: detected capacity change from 0 to 128 [ 111.901751][ T4816] team0: Port device team_slave_0 added [ 111.905157][ T4883] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.909551][ T4816] team0: Port device team_slave_1 added [ 111.925921][ T27] audit: type=1326 audit(1762591084.910:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4876 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 111.970818][ T4883] EXT4-fs (loop3): Test dummy encryption mode enabled [ 112.045040][ T27] audit: type=1326 audit(1762591084.910:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4876 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 112.087272][ T4881] tipc: Started in network mode [ 112.092229][ T4881] tipc: Node identity 4, cluster identity 4711 [ 112.094691][ T4883] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 112.098374][ T4881] tipc: Node number set to 4 [ 112.222903][ T4883] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 112.286675][ T27] audit: type=1326 audit(1762591084.910:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4876 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 112.381222][ T4283] Bluetooth: hci5: command 0x041b tx timeout [ 112.397529][ T27] audit: type=1326 audit(1762591084.910:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4876 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 112.438714][ T4816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.461365][ T4816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.845925][ T4816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.958551][ T4816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.973151][ T4816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.019702][ T4816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.034347][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 113.142820][ T4816] device hsr_slave_0 entered promiscuous mode [ 113.159694][ T4816] device hsr_slave_1 entered promiscuous mode [ 113.189329][ T4816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.201338][ T4816] Cannot create hsr debugfs directory [ 113.609567][ T4913] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 113.957881][ T4891] loop0: detected capacity change from 0 to 40427 [ 113.996723][ T4891] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 114.018414][ T4891] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 114.056527][ T4891] F2FS-fs (loop0): invalid crc value [ 114.118436][ T4891] F2FS-fs (loop0): Found nat_bits in checkpoint [ 114.206721][ T4816] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 114.287439][ T4927] loop2: detected capacity change from 0 to 512 [ 114.375030][ T4891] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 114.420897][ T4927] EXT4-fs (loop2): 1 orphan inode deleted [ 114.431468][ T4891] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.432413][ T4781] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 114.461468][ T4283] Bluetooth: hci5: command 0x040f tx timeout [ 114.471378][ T4927] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 114.516593][ T4927] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.569524][ T4781] EXT4-fs error (device loop2): ext4_release_dquot:6845: comm kworker/u4:18: Failed to release dquot type 1 [ 114.590635][ T4935] loop3: detected capacity change from 0 to 2048 [ 116.024308][ T4935] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 116.158766][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 116.167764][ T4816] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 116.189108][ T4816] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 116.245203][ T4816] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 116.360596][ T4935] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 116.403788][ T41] device hsr_slave_0 left promiscuous mode [ 116.417937][ T41] device hsr_slave_1 left promiscuous mode [ 116.426686][ T4955] loop2: detected capacity change from 0 to 1024 [ 116.451381][ T4935] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.464712][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.472433][ T4935] EXT4-fs (loop3): This should not happen!! Data will be lost [ 116.472433][ T4935] [ 116.494190][ T4955] ======================================================= [ 116.494190][ T4955] WARNING: The mand mount option has been deprecated and [ 116.494190][ T4955] and is ignored by this kernel. Remove the mand [ 116.494190][ T4955] option from the mount to silence this warning. [ 116.494190][ T4955] ======================================================= [ 116.504264][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.536760][ T4953] netlink: 8 bytes leftover after parsing attributes in process `syz.4.134'. [ 116.550424][ T4283] Bluetooth: hci5: command 0x0419 tx timeout [ 116.564270][ T4935] EXT4-fs (loop3): Total free blocks count 0 [ 116.570302][ T4935] EXT4-fs (loop3): Free/Dirty block details [ 116.578837][ T4953] netlink: 12 bytes leftover after parsing attributes in process `syz.4.134'. [ 116.588766][ T4935] EXT4-fs (loop3): free_blocks=2415919104 [ 116.594662][ T4935] EXT4-fs (loop3): dirty_blocks=16 [ 116.600021][ T4935] EXT4-fs (loop3): Block reservation details [ 116.606109][ T4935] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 116.614033][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.622839][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.641409][ T4955] EXT4-fs: Ignoring removed oldalloc option [ 116.648081][ T41] device bridge_slave_1 left promiscuous mode [ 116.654826][ T4955] EXT4-fs: Ignoring removed bh option [ 116.662189][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.689417][ T4955] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 116.706478][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 116.719671][ T41] device bridge_slave_0 left promiscuous mode [ 116.727997][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.777717][ T4955] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal [ 116.816035][ T4960] loop3: detected capacity change from 0 to 128 [ 116.854237][ T4960] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.872708][ T4960] EXT4-fs (loop3): Test dummy encryption mode enabled [ 116.896031][ T41] device veth1_macvtap left promiscuous mode [ 116.913584][ T41] device veth0_macvtap left promiscuous mode [ 116.931388][ T41] device veth1_vlan left promiscuous mode [ 116.939241][ T4960] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 116.959041][ T4960] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 116.987181][ T41] device veth0_vlan left promiscuous mode [ 117.929077][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 117.971028][ T4970] loop4: detected capacity change from 0 to 1024 [ 118.032506][ T4970] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 118.318731][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 118.700771][ T4983] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 119.110447][ T4987] loop2: detected capacity change from 0 to 1024 [ 119.117879][ T41] team0 (unregistering): Port device team_slave_1 removed [ 119.148753][ T4987] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.206853][ T4987] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 119.219341][ T41] team0 (unregistering): Port device team_slave_0 removed [ 119.247125][ T4987] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 119.272284][ T4987] System zones: 0-1, 3-36 [ 119.380881][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.481626][ T4987] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 119.504037][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.174250][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 120.288154][ T5000] loop4: detected capacity change from 0 to 512 [ 120.468376][ T5000] EXT4-fs (loop4): 1 orphan inode deleted [ 120.492965][ T4415] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 120.506933][ T5000] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 120.518103][ T4415] EXT4-fs error (device loop4): ext4_release_dquot:6845: comm kworker/u4:9: Failed to release dquot type 1 [ 120.554501][ T5000] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.118524][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 122.433017][ T41] bond0 (unregistering): Released all slaves [ 122.875510][ T4816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.027440][ T5037] loop4: detected capacity change from 0 to 256 [ 123.335482][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 123.380568][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 123.520130][ T4816] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.650044][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 123.662467][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 123.679528][ T4781] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.686736][ T4781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.809189][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 123.854072][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 123.940714][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 123.985903][ T4781] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.993108][ T4781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.017093][ T5042] loop2: detected capacity change from 0 to 512 [ 124.081734][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 124.139215][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 124.313950][ T5043] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 124.571298][ T5042] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.152: inode has both inline data and extents flags [ 124.618536][ T4816] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 124.666936][ T5042] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.152: couldn't read orphan inode 15 (err -117) [ 124.702742][ T4816] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.806627][ T5042] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 124.863819][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 124.873793][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 124.903314][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 124.960254][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.027863][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 125.076154][ T5058] loop0: detected capacity change from 0 to 256 [ 125.393157][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 125.573682][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 125.582985][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 125.624356][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 125.749803][ T5064] loop4: detected capacity change from 0 to 512 [ 125.820593][ T5064] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 126.021476][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 126.062409][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 126.102048][ T5064] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 126.122125][ T5064] EXT4-fs (loop4): 1 truncate cleaned up [ 126.127894][ T5064] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 129.268356][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 129.644411][ T4392] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 129.695224][ T4392] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 129.754323][ T4816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.923396][ T5098] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 130.103273][ T5106] loop2: detected capacity change from 0 to 256 [ 130.198225][ T5106] exFAT-fs (loop2): bogus data start sector [ 130.204474][ T5106] exFAT-fs (loop2): failed to read boot sector [ 130.210714][ T5106] exFAT-fs (loop2): failed to recognize exfat type [ 130.554637][ T5101] loop4: detected capacity change from 0 to 4096 [ 130.603180][ T5101] EXT4-fs: Ignoring removed mblk_io_submit option [ 130.699830][ T5101] EXT4-fs (loop4): Test dummy encryption mode enabled [ 130.740235][ T5109] loop0: detected capacity change from 0 to 1024 [ 130.782367][ T5109] EXT4-fs: Mount option(s) incompatible with ext2 [ 130.792165][ T5101] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 130.816961][ T5114] loop2: detected capacity change from 0 to 1024 [ 130.963421][ T5114] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 131.085124][ T5119] loop3: detected capacity change from 0 to 128 [ 131.131076][ T5119] tipc: Started in network mode [ 131.136047][ T5119] tipc: Node identity 4, cluster identity 4711 [ 131.142362][ T5119] tipc: Node number set to 4 [ 132.083059][ T5125] loop3: detected capacity change from 0 to 4096 [ 132.200484][ T5125] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 132.227988][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 132.468665][ T5101] fs-verity: sha256 using implementation "sha256-avx2" [ 132.623798][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.639739][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.442692][ T5139] loop2: detected capacity change from 0 to 512 [ 133.680732][ T5139] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 133.905930][ T5139] EXT4-fs (loop2): 1 truncate cleaned up [ 133.911848][ T5139] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 135.413717][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 135.422382][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 135.429367][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 135.656819][ T4816] device veth0_vlan entered promiscuous mode [ 135.738301][ T5157] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 135.809551][ T5162] loop3: detected capacity change from 0 to 1024 [ 135.841401][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 135.850339][ T5162] EXT4-fs: Ignoring removed nomblk_io_submit option [ 135.874424][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 135.886360][ T5162] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 135.897426][ T4375] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 135.899556][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 135.932221][ T5162] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 135.932949][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 135.957097][ T5162] System zones: 0-1, 3-36 [ 135.961963][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 135.974201][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 135.985209][ T5162] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 136.206229][ T4816] device veth1_vlan entered promiscuous mode [ 136.678538][ T4375] usb 5-1: Using ep0 maxpacket: 32 [ 136.702917][ T4375] usb 5-1: config 0 has an invalid interface number: 72 but max is 0 [ 136.711043][ T4375] usb 5-1: config 0 has no interface number 0 [ 136.719055][ T4375] usb 5-1: config 0 interface 72 has no altsetting 0 [ 136.740444][ T4375] usb 5-1: New USB device found, idVendor=6069, idProduct=0f39, bcdDevice=e8.f9 [ 136.822294][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 136.835506][ T4375] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.845545][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 136.862987][ T4375] usb 5-1: Product: syz [ 136.867192][ T4375] usb 5-1: Manufacturer: syz [ 136.893197][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 136.911674][ T4375] usb 5-1: SerialNumber: syz [ 136.936241][ T4375] usb 5-1: config 0 descriptor?? [ 136.948324][ T4816] device veth0_macvtap entered promiscuous mode [ 136.991783][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 137.029890][ T4816] device veth1_macvtap entered promiscuous mode [ 137.133882][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.167862][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.189808][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.218788][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.229250][ T4375] usb 5-1: MIDIStreaming interface descriptor not found [ 137.364833][ T4375] usb 5-1: USB disconnect, device number 3 [ 137.374558][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.385560][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.395641][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.406651][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.417861][ T4816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 138.100529][ T5188] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 138.108914][ T5188] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 138.152108][ T5188] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 138.314692][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 138.332382][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 138.501671][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 138.673590][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 138.972936][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.391918][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.590845][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.633782][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.654166][ T4816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.718332][ T4816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.738030][ T4816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 139.834258][ T4485] udevd[4485]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.72/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 140.676467][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 140.688681][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 140.739355][ T4816] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.779206][ T4816] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.858394][ T4816] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.918247][ T4816] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.071943][ T5227] netlink: 28 bytes leftover after parsing attributes in process `syz.0.191'. [ 141.701214][ T4375] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 141.778086][ T5230] syz.3.194 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 141.891318][ T4375] usb 5-1: Using ep0 maxpacket: 32 [ 141.916672][ T4641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.943844][ T4641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.953452][ T4375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.954637][ T5243] loop2: detected capacity change from 0 to 512 [ 141.995169][ T5234] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 142.003440][ T4375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.005130][ T5246] loop0: detected capacity change from 0 to 512 [ 142.020031][ T4641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.037879][ T5243] EXT4-fs: Ignoring removed mblk_io_submit option [ 142.044913][ T4641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.052537][ T5243] EXT4-fs: inline encryption not supported [ 142.068508][ T4375] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 142.079805][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 142.083649][ T5243] EXT4-fs: Ignoring removed mblk_io_submit option [ 142.097152][ T5243] EXT4-fs (loop2): Test dummy encryption mode enabled [ 142.105113][ T5243] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 142.136922][ T5246] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.197: inode has both inline data and extents flags [ 142.142198][ T4375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.160418][ T5243] EXT4-fs (loop2): 1 truncate cleaned up [ 142.170537][ T5243] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 142.180539][ T5246] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.197: couldn't read orphan inode 15 (err -117) [ 142.199394][ T5246] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 142.249480][ T4375] usb 5-1: config 0 descriptor?? [ 142.303867][ T4375] hub 5-1:0.0: USB hub found [ 143.222010][ T5243] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 143.240972][ T4375] hub 5-1:0.0: 1 port detected [ 143.263075][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 143.338089][ T5262] device wg2 entered promiscuous mode [ 143.353068][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 143.499552][ T27] audit: type=1326 audit(1762591116.590:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 143.583278][ T27] audit: type=1326 audit(1762591116.630:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 143.677021][ T27] audit: type=1326 audit(1762591116.630:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 143.878374][ T27] audit: type=1326 audit(1762591116.630:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 145.050651][ T5288] loop5: detected capacity change from 0 to 256 [ 145.156799][ T27] audit: type=1326 audit(1762591116.630:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 145.575374][ T5290] netlink: 28 bytes leftover after parsing attributes in process `syz.2.205'. [ 145.761370][ T5288] exFAT-fs (loop5): bogus data start sector [ 145.767301][ T5288] exFAT-fs (loop5): failed to read boot sector [ 145.773537][ T5288] exFAT-fs (loop5): failed to recognize exfat type [ 145.805036][ T7] hub 5-1:0.0: activate --> -90 [ 145.812520][ T27] audit: type=1326 audit(1762591116.630:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 145.841628][ T7] hub 5-1:0.0: hub_ext_port_status failed (err = -32) [ 145.879059][ T27] audit: type=1326 audit(1762591116.630:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 146.022932][ T4264] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 146.052262][ T27] audit: type=1326 audit(1762591116.630:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 146.076189][ T27] audit: type=1326 audit(1762591116.630:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 146.192516][ T7] usb 5-1: USB disconnect, device number 4 [ 146.271228][ T27] audit: type=1326 audit(1762591116.630:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5267 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 146.340481][ T5301] loop4: detected capacity change from 0 to 128 [ 146.420457][ T5304] loop0: detected capacity change from 0 to 256 [ 146.490120][ T5304] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 146.827346][ T5316] loop2: detected capacity change from 0 to 512 [ 146.903782][ T5317] xt_l2tp: unknown flags: 17 [ 147.278235][ T5316] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.213: inode has both inline data and extents flags [ 147.437379][ T5316] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.213: couldn't read orphan inode 15 (err -117) [ 147.515710][ T5316] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 148.775607][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 149.137531][ T5302] loop5: detected capacity change from 0 to 40427 [ 149.187003][ T5302] F2FS-fs (loop5): Unrecognized mount option "whint_mode=fs-based" or missing value [ 149.859655][ T5341] loop2: detected capacity change from 0 to 2048 [ 150.030123][ T5341] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 150.050655][ T5341] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.228630][ T5353] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.218: bg 0: block 345: padding at end of block bitmap is not set [ 150.331475][ T5353] EXT4-fs (loop2): Remounting filesystem read-only [ 150.717126][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 150.944199][ T5334] loop0: detected capacity change from 0 to 512 [ 151.254641][ T5334] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 151.689289][ T5334] EXT4-fs (loop0): 1 truncate cleaned up [ 151.834520][ T5334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 152.448046][ T5368] loop2: detected capacity change from 0 to 128 [ 152.726902][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 152.750869][ T5371] loop3: detected capacity change from 0 to 512 [ 152.939694][ T5371] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.225: inode has both inline data and extents flags [ 152.955774][ T5371] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.225: couldn't read orphan inode 15 (err -117) [ 152.977777][ T5371] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 155.263208][ T5397] loop2: detected capacity change from 0 to 8192 [ 155.988927][ T5396] loop5: detected capacity change from 0 to 1024 [ 156.054022][ T5396] EXT4-fs: Ignoring removed nomblk_io_submit option [ 156.093511][ T5396] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 156.152358][ T5396] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 156.205018][ T5396] System zones: 0-1, 3-36 [ 156.243769][ T5396] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 157.650178][ T5404] loop4: detected capacity change from 0 to 40427 [ 157.684614][ T5404] F2FS-fs (loop4): Unrecognized mount option "whint_mode=fs-based" or missing value [ 158.187329][ T5417] syz.4.235 uses obsolete (PF_INET,SOCK_PACKET) [ 158.420574][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 158.691720][ T5425] loop2: detected capacity change from 0 to 128 [ 158.826473][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 158.826486][ T27] audit: type=1326 audit(1762591131.920:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 158.972281][ T27] audit: type=1326 audit(1762591131.920:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.121561][ T27] audit: type=1326 audit(1762591131.940:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.195959][ T5436] netlink: 64 bytes leftover after parsing attributes in process `syz.2.241'. [ 159.226616][ T27] audit: type=1326 audit(1762591131.940:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.409879][ T27] audit: type=1326 audit(1762591131.940:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.521405][ T27] audit: type=1326 audit(1762591131.940:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.543713][ T27] audit: type=1326 audit(1762591131.980:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.589209][ T27] audit: type=1326 audit(1762591131.980:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 159.746781][ T27] audit: type=1326 audit(1762591132.030:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 160.164717][ T27] audit: type=1326 audit(1762591132.030:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.5.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 160.424655][ T5453] loop5: detected capacity change from 0 to 512 [ 160.472732][ T5460] loop0: detected capacity change from 0 to 512 [ 160.480354][ T5460] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 160.500209][ T5453] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 161.253920][ T5453] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 161.280812][ T5460] EXT4-fs (loop0): 1 truncate cleaned up [ 161.286710][ T5460] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 161.286748][ T5453] EXT4-fs (loop5): 1 truncate cleaned up [ 161.335402][ T5453] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 161.344001][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 161.696834][ T5473] loop4: detected capacity change from 0 to 128 [ 162.634209][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 162.815244][ T5482] tipc: Enabling of bearer rejected, failed to enable media [ 162.848974][ T5484] netlink: 12 bytes leftover after parsing attributes in process `syz.5.253'. [ 163.677490][ T5493] loop0: detected capacity change from 0 to 512 [ 163.688289][ T5489] device veth0_vlan left promiscuous mode [ 163.694852][ T5489] device veth0_vlan entered promiscuous mode [ 163.762063][ T5236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 163.814106][ T5236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 163.892185][ T5236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 163.927198][ T5493] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.255: inode has both inline data and extents flags [ 163.957461][ T5493] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.255: couldn't read orphan inode 15 (err -117) [ 164.003725][ T5493] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 164.372947][ T5505] EXT4-fs error (device loop0): ext4_empty_dir:3136: inode #2: comm syz.0.255: invalid size [ 164.823333][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 165.129712][ T5520] loop2: detected capacity change from 0 to 512 [ 165.141627][ T5520] EXT4-fs (loop2): Test dummy encryption mode enabled [ 165.148427][ T5520] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 165.703311][ T5520] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.260: bad orphan inode 131083 [ 165.889203][ T5520] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.944236][ T5527] loop4: detected capacity change from 0 to 128 [ 166.086807][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 166.112238][ T5530] loop4: detected capacity change from 0 to 512 [ 166.166178][ T5530] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.263: inode has both inline data and extents flags [ 166.248444][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 166.263443][ T5530] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.263: couldn't read orphan inode 15 (err -117) [ 166.308631][ T5530] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 166.318051][ T5535] netlink: 12 bytes leftover after parsing attributes in process `syz.3.265'. [ 167.652607][ T5544] device veth0_vlan left promiscuous mode [ 167.660192][ T5544] device veth0_vlan entered promiscuous mode [ 167.692639][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 169.957007][ T5580] loop0: detected capacity change from 0 to 128 [ 170.768957][ T5587] loop4: detected capacity change from 0 to 1024 [ 170.961434][ T5593] loop0: detected capacity change from 0 to 512 [ 171.062239][ T5593] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 171.329787][ T5593] EXT4-fs (loop0): 1 truncate cleaned up [ 171.335623][ T5593] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 171.376280][ T5587] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 171.574503][ T5587] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.886837][ T5601] loop3: detected capacity change from 0 to 256 [ 171.989066][ T5602] EXT4-fs error (device loop4): ext4_lookup:1858: inode #15: comm syz.4.275: inode has both inline data and extents flags [ 172.539933][ T5604] loop5: detected capacity change from 0 to 512 [ 172.803274][ T5603] EXT4-fs error (device loop4): ext4_lookup:1858: inode #15: comm syz.4.275: inode has both inline data and extents flags [ 172.919017][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 172.931380][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 173.077507][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 173.077520][ T27] audit: type=1326 audit(1762591146.170:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.091658][ T5604] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.278: inode has both inline data and extents flags [ 173.146695][ T27] audit: type=1326 audit(1762591146.230:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.286204][ T27] audit: type=1326 audit(1762591146.230:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.372027][ T5604] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.278: couldn't read orphan inode 15 (err -117) [ 173.464273][ T27] audit: type=1326 audit(1762591146.230:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.510348][ T5604] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 173.691605][ T27] audit: type=1326 audit(1762591146.230:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.719614][ T5618] loop4: detected capacity change from 0 to 256 [ 173.721980][ T27] audit: type=1326 audit(1762591146.230:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 173.728791][ T5618] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 173.758926][ T5618] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 173.959459][ T5618] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 174.421443][ T27] audit: type=1326 audit(1762591146.230:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 174.443678][ T27] audit: type=1326 audit(1762591146.240:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 174.612356][ T27] audit: type=1326 audit(1762591146.240:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 174.709330][ T27] audit: type=1326 audit(1762591146.240:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5613 comm="syz.3.283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 177.636017][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 177.946855][ T5663] loop5: detected capacity change from 0 to 256 [ 177.998929][ T5663] exFAT-fs (loop5): invalid boot record signature [ 178.032262][ T5663] exFAT-fs (loop5): failed to read boot sector [ 178.041365][ T5663] exFAT-fs (loop5): failed to recognize exfat type [ 178.110607][ T5669] loop3: detected capacity change from 0 to 1024 [ 178.329556][ T5669] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 178.794143][ T5679] loop4: detected capacity change from 0 to 512 [ 179.086301][ T5679] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 179.240048][ T5679] EXT4-fs (loop4): 1 truncate cleaned up [ 179.245837][ T5679] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 179.346679][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 179.346709][ T27] audit: type=1800 audit(1762591152.420:78): pid=5669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.292" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 179.657879][ T5686] loop5: detected capacity change from 0 to 256 [ 179.689260][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 180.583107][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 180.692313][ T5695] loop5: detected capacity change from 0 to 256 [ 180.852889][ T5701] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 180.866896][ T4281] Bluetooth: hci0: command 0x0406 tx timeout [ 180.866936][ T4283] Bluetooth: hci2: command 0x0406 tx timeout [ 180.867482][ T4269] Bluetooth: hci3: command 0x0406 tx timeout [ 180.867960][ T4285] Bluetooth: hci4: command 0x0406 tx timeout [ 181.882672][ T5708] netlink: 12 bytes leftover after parsing attributes in process `syz.4.298'. [ 183.209097][ T5722] device veth0_vlan left promiscuous mode [ 183.217815][ T5722] device veth0_vlan entered promiscuous mode [ 183.367467][ T5725] loop5: detected capacity change from 0 to 256 [ 183.386798][ T5725] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 183.397521][ T5725] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 183.498792][ T5725] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 186.200741][ T5731] loop3: detected capacity change from 0 to 256 [ 186.260533][ T5731] exFAT-fs (loop3): invalid boot record signature [ 186.280913][ T5731] exFAT-fs (loop3): failed to read boot sector [ 186.317282][ T5731] exFAT-fs (loop3): failed to recognize exfat type [ 186.636226][ T5747] loop2: detected capacity change from 0 to 512 [ 186.671829][ T5736] loop4: detected capacity change from 0 to 512 [ 186.711526][ T5747] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 186.891664][ T5747] EXT4-fs (loop2): 1 truncate cleaned up [ 186.897405][ T5747] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 188.484033][ T5744] overlayfs: failed to resolve './file1': -2 [ 188.495703][ T5744] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 188.522395][ T5736] EXT4-fs (loop4): 1 orphan inode deleted [ 188.531261][ T5736] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 188.541489][ T4781] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 188.601372][ T27] audit: type=1326 audit(1762591161.610:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5734 comm="syz.0.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 188.641544][ T4781] EXT4-fs error (device loop4): ext4_release_dquot:6845: comm kworker/u4:18: Failed to release dquot type 1 [ 188.694747][ T5736] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.950210][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 188.994352][ T27] audit: type=1326 audit(1762591161.610:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5734 comm="syz.0.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 190.712208][ T5761] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 190.975388][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 191.793338][ T5776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.316'. [ 191.799530][ T5777] loop4: detected capacity change from 0 to 512 [ 192.027057][ T5777] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 192.373044][ T5777] EXT4-fs (loop4): invalid journal inode [ 192.558599][ T5777] EXT4-fs (loop4): can't get journal size [ 192.653663][ T5777] EXT4-fs (loop4): 1 truncate cleaned up [ 192.662320][ T5777] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 192.670990][ T5782] device veth0_vlan left promiscuous mode [ 192.678986][ T5782] device veth0_vlan entered promiscuous mode [ 194.000447][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 194.008879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 194.017155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 194.025424][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 194.070129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 194.101175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 194.111179][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 194.121174][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 194.131171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 194.141172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 195.692210][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.698530][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.016659][ T4268] EXT4-fs (loop4): unmounting filesystem. [ 196.920945][ T5810] loop3: detected capacity change from 0 to 256 [ 196.963453][ T5810] exFAT-fs (loop3): invalid boot record signature [ 197.018769][ T5810] exFAT-fs (loop3): failed to read boot sector [ 197.047665][ T5810] exFAT-fs (loop3): failed to recognize exfat type [ 197.230352][ T5815] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 198.914614][ T5834] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 201.693109][ T5859] xt_CONNSECMARK: invalid mode: 66 [ 201.709237][ T5859] loop0: detected capacity change from 0 to 1024 [ 201.716513][ T5859] EXT4-fs: Ignoring removed bh option [ 201.721951][ T5859] EXT4-fs: Ignoring removed nomblk_io_submit option [ 201.952406][ T5859] EXT4-fs (loop0): Test dummy encryption mode enabled [ 202.144378][ T5859] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 202.431265][ T5852] overlayfs: failed to resolve './file1': -2 [ 204.156345][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 204.909878][ T5879] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 205.139361][ T5887] loop2: detected capacity change from 0 to 256 [ 205.173643][ T5887] exFAT-fs (loop2): invalid boot record signature [ 205.207272][ T5887] exFAT-fs (loop2): failed to read boot sector [ 205.237709][ T5887] exFAT-fs (loop2): failed to recognize exfat type [ 207.214882][ T5911] loop2: detected capacity change from 0 to 512 [ 208.734539][ T5911] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 208.744048][ T5911] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.364965][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 209.568015][ T5938] loop5: detected capacity change from 0 to 512 [ 209.657318][ T5938] EXT4-fs (loop5): 1 orphan inode deleted [ 209.676011][ T5938] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 209.699238][ T5229] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 209.753878][ T5938] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.754800][ T5229] EXT4-fs error (device loop5): ext4_release_dquot:6845: comm kworker/u4:25: Failed to release dquot type 1 [ 210.865129][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 210.930901][ T5951] loop4: detected capacity change from 0 to 256 [ 211.072692][ T5951] exFAT-fs (loop4): invalid boot record signature [ 211.080119][ T5951] exFAT-fs (loop4): failed to read boot sector [ 211.122652][ T5951] exFAT-fs (loop4): failed to recognize exfat type [ 212.726007][ T5963] loop0: detected capacity change from 0 to 256 [ 214.703438][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.712459][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.793508][ T5974] loop4: detected capacity change from 0 to 128 [ 214.800660][ T5973] loop2: detected capacity change from 0 to 256 [ 216.360040][ T5946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.401942][ T5946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.802140][ T5946] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.812267][ T5946] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.821872][ T5946] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.830855][ T5946] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.198807][ T6010] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 218.207768][ T6010] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 218.238874][ T6010] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 218.248794][ T6010] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 218.554207][ T6010] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.631675][ T6015] loop5: detected capacity change from 0 to 256 [ 219.024831][ T5996] loop4: detected capacity change from 0 to 40427 [ 219.076418][ T5996] F2FS-fs (loop4): build fault injection attr: rate: 25, type: 0x3ffff [ 219.111427][ T5996] F2FS-fs (loop4): invalid crc value [ 219.151647][ T5996] F2FS-fs (loop4) : inject kmalloc in f2fs_kmalloc of f2fs_build_segment_manager+0x2aed/0x7160 [ 219.177482][ T5996] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-12) [ 219.203708][ T6027] loop0: detected capacity change from 0 to 4096 [ 219.272060][ T6027] EXT4-fs (loop0): Test dummy encryption mode enabled [ 219.317007][ T6027] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 219.333498][ T6027] System zones: 0-5 [ 219.351621][ T6027] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 219.500067][ T27] audit: type=1326 audit(1762591192.590:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 219.571306][ T27] audit: type=1326 audit(1762591192.590:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 219.741252][ T27] audit: type=1326 audit(1762591192.590:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 220.463525][ T27] audit: type=1326 audit(1762591192.590:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 220.552720][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 220.691648][ T27] audit: type=1326 audit(1762591192.590:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 220.903594][ T27] audit: type=1326 audit(1762591192.590:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 220.962103][ T27] audit: type=1326 audit(1762591192.590:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 220.984763][ T27] audit: type=1326 audit(1762591192.810:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 221.015938][ T27] audit: type=1326 audit(1762591192.810:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 221.292758][ T27] audit: type=1326 audit(1762591192.810:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5995 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 222.324536][ T6067] netlink: 12 bytes leftover after parsing attributes in process `syz.2.381'. [ 223.232478][ T6061] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.239928][ T6061] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.660568][ T6061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.707262][ T6061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.113164][ T6061] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.122509][ T6061] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.132289][ T6061] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.141803][ T6061] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.219432][ T6078] binder: 6077:6078 ioctl 4018620d 0 returned -22 [ 224.246815][ T6071] device veth0_vlan left promiscuous mode [ 224.253273][ T6071] device veth0_vlan entered promiscuous mode [ 224.327138][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 224.344604][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 224.352779][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 224.363283][ T6076] tipc: Enabled bearer , priority 10 [ 224.388357][ T6078] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.395780][ T6078] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.914582][ T6093] ip6gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 225.705102][ T6098] loop0: detected capacity change from 0 to 4096 [ 225.755697][ T6098] EXT4-fs (loop0): Test dummy encryption mode enabled [ 225.782556][ T6098] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 225.811119][ T6098] System zones: 0-5 [ 225.848600][ T6098] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 225.983240][ T6106] loop2: detected capacity change from 0 to 512 [ 226.064625][ T6106] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 226.086205][ T6106] EXT4-fs (loop2): 1 truncate cleaned up [ 226.091971][ T6106] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 227.035728][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 227.674642][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 227.791316][ T6129] xt_CONNSECMARK: invalid mode: 66 [ 227.860891][ T6129] loop5: detected capacity change from 0 to 1024 [ 227.871446][ T6129] EXT4-fs: Ignoring removed bh option [ 227.876942][ T6129] EXT4-fs: Ignoring removed nomblk_io_submit option [ 227.954648][ T6129] EXT4-fs (loop5): Test dummy encryption mode enabled [ 228.052443][ T6129] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 228.844370][ T6132] loop2: detected capacity change from 0 to 512 [ 228.925438][ T6132] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 229.002110][ T6132] ext4 filesystem being mounted at /93/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 229.295395][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 229.458563][ T6138] device syzkaller0 entered promiscuous mode [ 229.642958][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 230.170968][ T26] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 230.554790][ T26] usb 6-1: Using ep0 maxpacket: 32 [ 230.640685][ T26] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 230.794340][ T26] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.806714][ T26] usb 6-1: config 0 has no interface number 0 [ 230.834592][ T26] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 230.882935][ T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.907081][ T26] usb 6-1: Product: syz [ 230.917182][ T26] usb 6-1: Manufacturer: syz [ 230.935175][ T26] usb 6-1: SerialNumber: syz [ 230.944371][ T6165] loop2: detected capacity change from 0 to 128 [ 231.017184][ T26] usb 6-1: config 0 descriptor?? [ 231.050822][ T26] smsc75xx v1.0.0 [ 231.061200][ T26] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 231.081895][ T26] smsc75xx: probe of 6-1:0.184 failed with error -22 [ 231.661044][ T6170] loop3: detected capacity change from 0 to 40427 [ 231.694858][ T6170] F2FS-fs (loop3): Unrecognized mount option "whint_mode=fs-based" or missing value [ 231.756886][ T6183] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 231.981271][ T4281] Bluetooth: hci5: command 0x0406 tx timeout [ 232.951622][ T4312] usb 6-1: USB disconnect, device number 2 [ 234.220615][ T6187] netlink: 80 bytes leftover after parsing attributes in process `syz.3.403'. [ 234.280546][ T6187] netlink: 80 bytes leftover after parsing attributes in process `syz.3.403'. [ 234.312314][ T6187] netlink: 80 bytes leftover after parsing attributes in process `syz.3.403'. [ 235.828730][ T6219] loop5: detected capacity change from 0 to 4096 [ 235.868567][ T6219] EXT4-fs (loop5): Test dummy encryption mode enabled [ 235.906514][ T6219] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 235.910302][ T6229] loop3: detected capacity change from 0 to 256 [ 235.924383][ T6219] System zones: 0-5 [ 235.935107][ T6219] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 236.061215][ T4347] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 236.071352][ T6229] exFAT-fs (loop3): invalid boot record signature [ 236.077792][ T6229] exFAT-fs (loop3): failed to read boot sector [ 236.114957][ T6229] exFAT-fs (loop3): failed to recognize exfat type [ 237.005986][ T4347] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.007333][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 237.064615][ T4347] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 237.081278][ T4347] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 237.155980][ T4347] usb 3-1: Product: syz [ 237.160183][ T4347] usb 3-1: SerialNumber: syz [ 237.173649][ T6237] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 238.289588][ T4347] cdc_ncm 3-1:1.0: failed to get mac address [ 238.307195][ T4347] cdc_ncm 3-1:1.0: bind() failure [ 238.947784][ T4347] cdc_ncm: probe of 3-1:1.1 failed with error -71 [ 239.005946][ T4347] cdc_mbim: probe of 3-1:1.1 failed with error -71 [ 239.033269][ T4347] usbtest: probe of 3-1:1.1 failed with error -71 [ 239.060546][ T4347] usb 3-1: USB disconnect, device number 3 [ 239.446431][ T6269] loop4: detected capacity change from 0 to 128 [ 239.528521][ T6273] loop2: detected capacity change from 0 to 256 [ 239.557627][ T6273] exfat: Deprecated parameter 'namecase' [ 239.586699][ T6273] exfat: Deprecated parameter 'utf8' [ 239.607373][ T6273] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 240.003317][ T6279] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 240.795792][ T6293] loop3: detected capacity change from 0 to 512 [ 240.836682][ T6291] loop2: detected capacity change from 0 to 512 [ 240.844681][ T5659] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 240.911963][ T5655] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 241.356603][ T6306] loop3: detected capacity change from 0 to 1024 [ 241.372143][ T6306] EXT4-fs: Ignoring removed bh option [ 241.389633][ T6306] EXT4-fs: inline encryption not supported [ 241.482627][ T6306] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 241.557452][ T6306] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm +}[@: lblock 2 mapped to illegal pblock 2 (length 1) [ 241.641533][ T6306] __quota_error: 3 callbacks suppressed [ 241.641547][ T6306] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 241.686022][ T6306] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm +}[@: lblock 0 mapped to illegal pblock 48 (length 1) [ 241.752833][ T6306] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 241.788652][ T6306] EXT4-fs error (device loop3): ext4_acquire_dquot:6809: comm +}[@: Failed to acquire dquot type 0 [ 241.810556][ T6317] loop2: detected capacity change from 0 to 256 [ 241.823478][ T6306] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5929: Corrupt filesystem [ 241.871463][ T6317] exFAT-fs (loop2): invalid boot record signature [ 241.873714][ T6306] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm +}[@: mark_inode_dirty error [ 241.877912][ T6317] exFAT-fs (loop2): failed to read boot sector [ 241.955258][ T6317] exFAT-fs (loop2): failed to recognize exfat type [ 241.963252][ T6306] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 241.993948][ T6306] EXT4-fs (loop3): 1 orphan inode deleted [ 242.001339][ T6306] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 242.021373][ T4415] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 242.177866][ T4415] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 242.247589][ T4415] EXT4-fs error (device loop3): ext4_release_dquot:6845: comm kworker/u4:9: Failed to release dquot type 0 [ 242.247998][ T6306] EXT4-fs error (device loop3): __ext4_get_inode_loc:4513: comm +}[@: Invalid inode table block 1 in block_group 0 [ 242.765206][ T6306] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5929: Corrupt filesystem [ 242.944417][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 242.959582][ T75] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 243.007243][ T75] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 243.028075][ T75] EXT4-fs error (device loop3): ext4_release_dquot:6845: comm kworker/u4:4: Failed to release dquot type 0 [ 243.059292][ T4277] EXT4-fs error (device loop3): __ext4_get_inode_loc:4513: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 243.094057][ T4277] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5929: Corrupt filesystem [ 243.125398][ T4277] EXT4-fs error (device loop3): ext4_quota_off:7115: inode #3: comm syz-executor: mark_inode_dirty error [ 243.467830][ T6339] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 243.709836][ T6341] loop3: detected capacity change from 0 to 256 [ 243.823305][ T6341] FAT-fs (loop3): Directory bread(block 64) failed [ 243.830408][ T6341] FAT-fs (loop3): Directory bread(block 65) failed [ 243.837622][ T6341] FAT-fs (loop3): Directory bread(block 66) failed [ 243.844552][ T6341] FAT-fs (loop3): Directory bread(block 67) failed [ 243.851656][ T6341] FAT-fs (loop3): Directory bread(block 68) failed [ 243.858427][ T6341] FAT-fs (loop3): Directory bread(block 69) failed [ 243.865534][ T6341] FAT-fs (loop3): Directory bread(block 70) failed [ 243.872185][ T6341] FAT-fs (loop3): Directory bread(block 71) failed [ 243.879299][ T6341] FAT-fs (loop3): Directory bread(block 72) failed [ 243.885951][ T6341] FAT-fs (loop3): Directory bread(block 73) failed [ 246.262809][ T6361] loop0: detected capacity change from 0 to 256 [ 246.278020][ T6361] exFAT-fs (loop0): invalid boot record signature [ 246.284873][ T6361] exFAT-fs (loop0): failed to read boot sector [ 246.292590][ T6361] exFAT-fs (loop0): failed to recognize exfat type [ 246.424180][ T5659] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 247.741761][ T4281] Bluetooth: hci5: command 0x0405 tx timeout [ 247.758036][ T6382] loop5: detected capacity change from 0 to 128 [ 247.788299][ T6382] tipc: Started in network mode [ 247.793253][ T6382] tipc: Node identity 4, cluster identity 4711 [ 247.799413][ T6382] tipc: Node number set to 4 [ 249.646743][ T6399] loop4: detected capacity change from 0 to 256 [ 249.953241][ T6399] FAT-fs (loop4): Directory bread(block 64) failed [ 249.959945][ T6399] FAT-fs (loop4): Directory bread(block 65) failed [ 249.967011][ T6399] FAT-fs (loop4): Directory bread(block 66) failed [ 249.973724][ T6399] FAT-fs (loop4): Directory bread(block 67) failed [ 249.980745][ T6399] FAT-fs (loop4): Directory bread(block 68) failed [ 249.987656][ T6399] FAT-fs (loop4): Directory bread(block 69) failed [ 249.995088][ T6399] FAT-fs (loop4): Directory bread(block 70) failed [ 250.001843][ T6399] FAT-fs (loop4): Directory bread(block 71) failed [ 250.008978][ T6399] FAT-fs (loop4): Directory bread(block 72) failed [ 250.015643][ T6399] FAT-fs (loop4): Directory bread(block 73) failed [ 250.803734][ T6403] loop2: detected capacity change from 0 to 256 [ 250.898555][ T6403] exFAT-fs (loop2): invalid boot record signature [ 251.021386][ T6403] exFAT-fs (loop2): failed to read boot sector [ 251.353711][ T6403] exFAT-fs (loop2): failed to recognize exfat type [ 252.297935][ T6418] loop4: detected capacity change from 0 to 128 [ 253.888962][ T6444] device wg1 entered promiscuous mode [ 255.786880][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.793281][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.070723][ T6463] process 'syz.5.477' launched '/dev/fd/4/./file1' with NULL argv: empty string added [ 256.099727][ T6465] loop3: detected capacity change from 0 to 128 [ 258.638688][ T6485] overlayfs: failed to resolve './file1': -2 [ 258.704722][ T6485] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 258.751321][ T27] audit: type=1326 audit(1762591231.850:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6476 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 258.818361][ T27] audit: type=1326 audit(1762591231.870:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6476 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 259.459500][ T6498] loop2: detected capacity change from 0 to 512 [ 259.522864][ T6498] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 260.229974][ T6498] EXT4-fs (loop2): 1 truncate cleaned up [ 260.235695][ T6498] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 260.473998][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 262.327804][ T6525] IPVS: set_ctl: invalid protocol: 92 127.0.0.1:20003 [ 263.052005][ T6455] syz.4.474 (6455): drop_caches: 1 [ 263.373603][ T6555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.500'. [ 265.239322][ T6571] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 266.543803][ T6554] overlayfs: failed to resolve './file1': -2 [ 267.152806][ T6554] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 267.230882][ T27] audit: type=1326 audit(1762591240.320:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6547 comm="syz.2.498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 267.299512][ T27] audit: type=1326 audit(1762591240.320:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6547 comm="syz.2.498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 270.031408][ T6649] fuse: Bad value for 'fd' [ 271.909685][ T6664] overlayfs: failed to resolve './file1': -2 [ 271.917084][ T6664] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 271.928426][ T27] audit: type=1326 audit(1762591245.030:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 273.233747][ T27] audit: type=1326 audit(1762591245.030:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 275.221932][ T6690] netlink: 152 bytes leftover after parsing attributes in process `syz.0.536'. [ 275.395435][ T6692] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 275.437106][ T6692] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 275.486417][ T6692] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 275.495999][ T6692] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 275.508776][ T6692] device geneve2 entered promiscuous mode [ 275.608443][ T6692] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 275.669786][ T6692] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 275.683002][ T6692] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 275.780184][ T6692] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 275.963630][ T6700] loop5: detected capacity change from 0 to 512 [ 276.005321][ T6700] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 276.058028][ T6700] EXT4-fs (loop5): 1 truncate cleaned up [ 276.063947][ T6700] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 276.200282][ T4816] EXT4-fs (loop5): unmounting filesystem. [ 277.377619][ T6720] overlayfs: failed to resolve './file1': -2 [ 277.433109][ T6722] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 277.492088][ T27] audit: type=1326 audit(1762591250.590:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 277.874988][ T27] audit: type=1326 audit(1762591250.590:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9818f6c9 code=0x7ffc0000 [ 279.313745][ T4312] libceph: connect (1)[c::]:6789 error -101 [ 279.320083][ T4312] libceph: mon0 (1)[c::]:6789 connect error [ 279.434167][ T4265] libceph: connect (1)[c::]:6789 error -101 [ 279.440181][ T4265] libceph: mon0 (1)[c::]:6789 connect error [ 280.131991][ T4265] libceph: connect (1)[c::]:6789 error -101 [ 280.167572][ T4265] libceph: mon0 (1)[c::]:6789 connect error [ 280.721544][ T4265] libceph: connect (1)[c::]:6789 error -101 [ 280.727583][ T4265] libceph: mon0 (1)[c::]:6789 connect error [ 281.373927][ T6746] ceph: No mds server is up or the cluster is laggy [ 282.776218][ T6772] input: syz1 as /devices/virtual/input/input11 [ 282.791070][ T4265] libceph: connect (1)[c::]:6789 error -101 [ 282.801754][ T4265] libceph: mon0 (1)[c::]:6789 connect error [ 282.961940][ T7] libceph: connect (1)[c::]:6789 error -101 [ 282.968477][ T7] libceph: mon0 (1)[c::]:6789 connect error [ 284.100259][ T6784] loop3: detected capacity change from 0 to 128 [ 284.725512][ T6797] overlayfs: failed to resolve './file1': -2 [ 284.732861][ T6797] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 284.892428][ T27] audit: type=1326 audit(1762591257.850:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6781 comm="syz.5.562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 284.995099][ T27] audit: type=1326 audit(1762591257.850:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6781 comm="syz.5.562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 285.451320][ T4273] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 286.599828][ T4273] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 286.609786][ T4273] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.620527][ T4273] usb 6-1: Product: syz [ 286.625993][ T4273] usb 6-1: Manufacturer: syz [ 286.630827][ T4273] usb 6-1: SerialNumber: syz [ 287.136376][ T4273] usb 6-1: config 0 descriptor?? [ 287.160398][ T4273] hub 6-1:0.0: bad descriptor, ignoring hub [ 287.256305][ T4273] hub: probe of 6-1:0.0 failed with error -5 [ 287.357147][ T4273] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 287.452918][ T4273] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 287.499573][ T4273] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 287.538200][ T4273] usb 6-1: media controller created [ 287.607055][ T4273] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 287.640115][ T4276] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260 [ 287.821242][ T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 287.995624][ T4273] DVB: Unable to find symbol dib7000p_attach() [ 288.003196][ T4273] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 288.071287][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 288.085835][ T7] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 288.114899][ T6800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.141825][ T6800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.186476][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.371290][ T4273] rc_core: IR keymap rc-dib0700-rc5 not found [ 288.380487][ T4273] Registered IR keymap rc-empty [ 288.404422][ T4273] dvb-usb: could not initialize remote control. [ 288.405981][ T7] pvrusb2: Hardware description: Terratec Grabster AV400 [ 288.457374][ T4273] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 288.458139][ T7] pvrusb2: ********** [ 288.476384][ T7] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 288.500239][ T7] pvrusb2: Important functionality might not be entirely working. [ 288.517351][ T7] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 288.609549][ T7] pvrusb2: ********** [ 288.667651][ T2305] pvrusb2: Invalid write control endpoint [ 288.703565][ T4273] usb 6-1: USB disconnect, device number 3 [ 289.018327][ T2305] pvrusb2: Invalid write control endpoint [ 289.033579][ T2305] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 289.051479][ T2305] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 289.066004][ T2305] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 289.084809][ T2305] pvrusb2: Device being rendered inoperable [ 289.095253][ T2305] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 289.111560][ T2305] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 289.142867][ T2305] pvrusb2: Attached sub-driver cx25840 [ 289.162415][ T2305] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 289.194843][ T2305] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 289.615740][ T6844] overlayfs: failed to resolve './file1': -2 [ 289.648939][ T6844] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 289.844425][ T27] audit: type=1326 audit(1762591262.940:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6840 comm="syz.5.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 289.926364][ T27] audit: type=1326 audit(1762591263.020:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6840 comm="syz.5.578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f9d8f6c9 code=0x7ffc0000 [ 290.533906][ T4276] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 290.547919][ T4276] CPU: 0 PID: 4276 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 290.555494][ T4276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 290.565560][ T4276] Workqueue: hci4 hci_rx_work [ 290.570271][ T4276] Call Trace: [ 290.573555][ T4276] [ 290.576486][ T4276] dump_stack_lvl+0x168/0x22e [ 290.581180][ T4276] ? show_regs_print_info+0x12/0x12 [ 290.586388][ T4276] ? load_image+0x3b0/0x3b0 [ 290.590915][ T4276] sysfs_create_dir_ns+0x252/0x280 [ 290.596035][ T4276] ? hci_rx_work+0x3eb/0xd40 [ 290.600639][ T4276] ? sysfs_warn_dup+0xa0/0xa0 [ 290.605329][ T4276] ? do_raw_spin_unlock+0x11d/0x230 [ 290.610541][ T4276] kobject_add_internal+0x6b8/0xc80 [ 290.615844][ T4276] kobject_add+0x152/0x210 [ 290.620278][ T4276] ? kobject_init+0x1d0/0x1d0 [ 290.624981][ T4276] ? klist_children_get+0x50/0x50 [ 290.630034][ T4276] ? get_device_parent+0x121/0x3f0 [ 290.635160][ T4276] device_add+0x483/0xfb0 [ 290.639508][ T4276] ? kmem_cache_free+0xf7/0x290 [ 290.644385][ T4276] hci_conn_add_sysfs+0xd1/0x1e0 [ 290.649345][ T4276] le_conn_complete_evt+0xfec/0x15d0 [ 290.654657][ T4276] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 290.660922][ T4276] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 290.666582][ T4276] ? skb_pull_data+0xf7/0x200 [ 290.671291][ T4276] hci_le_conn_complete_evt+0x183/0x440 [ 290.676857][ T4276] ? hci_remote_host_features_evt+0x270/0x270 [ 290.682944][ T4276] hci_event_packet+0x791/0x1210 [ 290.687909][ T4276] ? bis_list+0x280/0x280 [ 290.692252][ T4276] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 290.698181][ T4276] ? kcov_remote_start+0x4c7/0x7e0 [ 290.703315][ T4276] ? nf_l4proto_log_invalid+0x1f9/0x26e [ 290.708880][ T4276] ? hci_send_to_monitor+0x9c/0x4a0 [ 290.714095][ T4276] hci_rx_work+0x3eb/0xd40 [ 290.718540][ T4276] ? _raw_spin_unlock+0x40/0x40 [ 290.722364][ T4273] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 290.723402][ T4276] ? process_one_work+0x7a1/0x1160 [ 290.739093][ T4276] process_one_work+0x898/0x1160 [ 290.744070][ T4276] ? worker_detach_from_pool+0x240/0x240 [ 290.749723][ T4276] ? _raw_spin_lock_irq+0xab/0xe0 [ 290.754767][ T4276] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 290.760163][ T4276] ? kthread_data+0x4b/0xc0 [ 290.764692][ T4276] worker_thread+0xaa2/0x1250 [ 290.769416][ T4276] kthread+0x29d/0x330 [ 290.773504][ T4276] ? worker_clr_flags+0x1a0/0x1a0 [ 290.778544][ T4276] ? kthread_blkcg+0xd0/0xd0 [ 290.783158][ T4276] ret_from_fork+0x1f/0x30 [ 290.787610][ T4276] [ 290.790717][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.797947][ T4276] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 290.811266][ T4276] Bluetooth: hci4: failed to register connection device [ 290.816878][ T4429] usb 3-1: USB disconnect, device number 4 [ 293.341815][ T6873] random: crng reseeded on system resumption [ 293.358967][ T6875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.588'. [ 293.423178][ T4312] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 293.621248][ T4312] usb 1-1: Using ep0 maxpacket: 8 [ 293.637035][ T6879] netlink: 'syz.2.589': attribute type 11 has an invalid length. [ 293.667984][ T4312] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 293.706925][ T4312] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 293.756795][ T4312] usb 1-1: config 0 has no interface number 0 [ 294.010374][ T4312] usb 1-1: config 0 interface 21 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 294.169527][ T4312] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 294.226404][ T4312] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 294.240517][ T4312] usb 1-1: Product: syz [ 294.274331][ T4312] usb 1-1: config 0 descriptor?? [ 294.281105][ T6868] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 295.243945][ T6900] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 297.143517][ T6909] loop3: detected capacity change from 0 to 256 [ 299.525881][ T4312] usb 1-1: USB disconnect, device number 2 [ 301.352094][ T6940] overlayfs: failed to resolve './file1': -2 [ 301.421750][ T6940] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 301.514890][ T27] audit: type=1326 audit(1762591274.610:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6936 comm="syz.4.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 301.612025][ T27] audit: type=1326 audit(1762591274.610:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6936 comm="syz.4.602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 302.106243][ T6954] loop2: detected capacity change from 0 to 128 [ 302.188663][ T6938] syz.5.601 (6938): drop_caches: 1 [ 302.454388][ T6960] loop5: detected capacity change from 0 to 256 [ 303.489859][ T6964] tmpfs: Unknown parameter 'usrquota' [ 303.710847][ T6969] input: syz0 as /devices/virtual/input/input13 [ 304.013269][ T4312] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 304.244894][ T6975] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 304.881865][ T4312] usb 6-1: config 0 has an invalid interface number: 139 but max is 0 [ 304.890068][ T4312] usb 6-1: config 0 has no interface number 0 [ 304.952051][ T4312] usb 6-1: config 0 interface 139 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 304.993523][ T4312] usb 6-1: config 0 interface 139 altsetting 0 has an invalid endpoint with address 0xBD, skipping [ 305.024854][ T4312] usb 6-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 305.087940][ T4312] usb 6-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6 [ 305.117380][ T4312] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.130430][ T4312] usb 6-1: Product: syz [ 305.144490][ T4312] usb 6-1: Manufacturer: syz [ 305.159343][ T4312] usb 6-1: SerialNumber: syz [ 305.186522][ T4312] usb 6-1: config 0 descriptor?? [ 305.205092][ T6971] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 305.221384][ T6971] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 305.467285][ T4312] mct_u232 6-1:0.139: MCT U232 converter detected [ 305.486486][ T4312] mct_u232 ttyUSB0: expected endpoint missing [ 305.514339][ T4312] usb 6-1: USB disconnect, device number 4 [ 305.582647][ T4312] mct_u232 6-1:0.139: device disconnected [ 305.887807][ T6996] loop2: detected capacity change from 0 to 512 [ 305.946689][ T6996] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 306.047852][ T6996] EXT4-fs (loop2): 1 truncate cleaned up [ 306.071347][ T6996] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 306.148221][ T7000] overlayfs: failed to resolve './file1': -2 [ 306.203453][ T7000] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 306.226251][ T7002] loop5: detected capacity change from 0 to 256 [ 306.473163][ T27] audit: type=1326 audit(1762591279.570:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6994 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 306.725028][ T27] audit: type=1326 audit(1762591279.570:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6994 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c8598f6c9 code=0x7ffc0000 [ 307.524620][ T7011] fuse: Bad value for 'fd' [ 307.637133][ T7013] netlink: 'syz.0.622': attribute type 11 has an invalid length. [ 308.564930][ T7020] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 309.920514][ T7030] program syz.0.626 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 311.221020][ T7035] loop3: detected capacity change from 0 to 128 [ 313.904157][ T4419] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 314.104579][ T4419] usb 1-1: unable to get BOS descriptor or descriptor too short [ 314.133058][ T4419] usb 1-1: config 13 has an invalid interface number: 161 but max is 0 [ 314.174387][ T4419] usb 1-1: config 13 has no interface number 0 [ 314.193037][ T4419] usb 1-1: config 13 interface 161 has no altsetting 0 [ 314.193179][ T7067] netlink: 'syz.3.640': attribute type 11 has an invalid length. [ 314.214304][ T4419] usb 1-1: New USB device found, idVendor=064b, idProduct=7825, bcdDevice=d2.04 [ 314.260764][ T4419] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.288425][ T4419] usb 1-1: Product: syz [ 314.298298][ T4419] usb 1-1: Manufacturer: syz [ 314.313108][ T4419] usb 1-1: SerialNumber: syz [ 314.320694][ T7069] loop5: detected capacity change from 0 to 128 [ 314.593323][ T4419] upd78f0730 1-1:13.161: upd78f0730 converter detected [ 314.636213][ T4419] usb 1-1: upd78f0730 converter now attached to ttyUSB0 [ 314.696728][ T4419] usb 1-1: USB disconnect, device number 3 [ 314.730640][ T4419] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0 [ 314.756324][ T4419] upd78f0730 1-1:13.161: device disconnected [ 314.931311][ T4326] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 314.997696][ T7081] netlink: 14 bytes leftover after parsing attributes in process `syz.4.645'. [ 315.111299][ T4326] usb 4-1: Using ep0 maxpacket: 16 [ 315.119534][ T4326] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 315.159884][ T4326] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.198944][ T4326] usb 4-1: config 0 has no interface number 0 [ 315.225759][ T4326] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 315.237447][ T4326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.259930][ T4326] usb 4-1: Product: syz [ 315.284724][ T4326] usb 4-1: Manufacturer: syz [ 315.289417][ T4326] usb 4-1: SerialNumber: syz [ 315.316887][ T4326] usb 4-1: config 0 descriptor?? [ 315.359804][ T4326] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 315.563721][ T4326] usb 4-1: No valid video chain found. [ 315.586333][ T4326] usb 4-1: USB disconnect, device number 2 [ 315.652567][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 316.956155][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.962507][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.996995][ T7100] overlayfs: failed to resolve './file1': -2 [ 317.004064][ T7100] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 317.061626][ T27] audit: type=1326 audit(1762591290.110:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 317.245729][ T7081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.606885][ T27] audit: type=1326 audit(1762591290.110:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.0.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecef8f6c9 code=0x7ffc0000 [ 317.610584][ T7081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.642717][ T7081] bond0 (unregistering): Released all slaves [ 317.670102][ T7108] netlink: 'syz.5.654': attribute type 11 has an invalid length. [ 319.421298][ T4265] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 319.985744][ T7132] overlayfs: failed to resolve './file1': -2 [ 320.004284][ T7132] overlayfs: unrecognized mount option "fowner>00000000000000016832" or missing value [ 320.141388][ T27] audit: type=1326 audit(1762591293.170:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 320.452946][ T4265] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 320.491378][ T27] audit: type=1326 audit(1762591293.170:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894ff8f6c9 code=0x7ffc0000 [ 320.501266][ T4312] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 320.532111][ T4265] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 320.582934][ T4265] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 320.631514][ T4265] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.678035][ T4265] usb 6-1: config 0 descriptor?? [ 320.731052][ T4265] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 320.738871][ T7144] loop2: detected capacity change from 0 to 128 [ 320.757632][ T4312] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 320.775530][ T4312] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.826977][ T4312] usb 4-1: config 0 has no interface number 0 [ 320.845385][ T4312] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 320.875052][ T4312] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.927925][ T4312] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 320.952664][ T4312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.967720][ T4312] usb 4-1: Product: syz [ 320.979130][ T4312] usb 4-1: Manufacturer: syz [ 320.986306][ T4312] usb 4-1: SerialNumber: syz [ 321.014260][ T4312] usb 4-1: config 0 descriptor?? [ 323.687373][ T7155] device syzkaller1 entered promiscuous mode [ 323.795402][ T26] usb 4-1: USB disconnect, device number 3 [ 325.581394][ T4312] usb 6-1: USB disconnect, device number 5 [ 326.378033][ C0] ------------[ cut here ]------------ [ 326.383874][ C0] WARNING: CPU: 0 PID: 7171 at net/mac80211/tx.c:4944 __ieee80211_beacon_get+0x1952/0x1f50 [ 326.393903][ C0] Modules linked in: [ 326.397796][ C0] CPU: 0 PID: 7171 Comm: syz.3.675 Not tainted syzkaller #0 [ 326.405111][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 326.415174][ C0] RIP: 0010:__ieee80211_beacon_get+0x1952/0x1f50 [ 326.421532][ C0] Code: ff ff ff e8 40 d3 e3 f7 0f 0b 48 8b 7c 24 20 e8 04 90 7f fe e9 dd e9 ff ff e8 2a d3 e3 f7 0f 0b e9 f1 ee ff ff e8 1e d3 e3 f7 <0f> 0b e9 61 f2 ff ff e8 12 d3 e3 f7 48 c7 c7 f0 73 fa 8d 4c 89 f6 [ 326.441234][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.447259][ C0] RSP: 0018:ffffc900000078a0 EFLAGS: 00010246 [ 326.453334][ C0] RAX: ffffffff899d0342 RBX: 0000000000000000 RCX: ffff888078f71dc0 [ 326.461342][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.469596][ C0] RBP: ffffc90000007aa8 R08: ffff888078f71dc0 R09: 0000000000000003 [ 326.477590][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: 1ffff92000000f2c [ 326.485571][ C0] R13: dffffc0000000000 R14: ffff8880545f2258 R15: ffff8880588de000 [ 326.493575][ C0] FS: 00007f8a98fcf6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 326.502508][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 326.509097][ C0] CR2: 000000110c35ea33 CR3: 0000000028220000 CR4: 00000000003506f0 [ 326.517079][ C0] Call Trace: [ 326.520345][ C0] [ 326.523207][ C0] ? verify_lock_unused+0x140/0x140 [ 326.528401][ C0] ? __ieee80211_beacon_get+0xad/0x1f50 [ 326.533954][ C0] ? ieee80211_beacon_get_template+0x40/0x40 [ 326.539955][ C0] ieee80211_beacon_get_tim+0x5b/0x4d0 [ 326.545428][ C0] mac80211_hwsim_beacon_tx+0x21c/0xae0 [ 326.550959][ C0] ? read_lock_is_recursive+0x10/0x10 [ 326.556348][ C0] __iterate_interfaces+0x243/0x500 [ 326.561556][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 326.567780][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x26/0x170 [ 326.574991][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 326.581302][ C0] ieee80211_iterate_active_interfaces_atomic+0xd7/0x170 [ 326.588336][ C0] mac80211_hwsim_beacon+0xb7/0x1b0 [ 326.593540][ C0] __hrtimer_run_queues+0x554/0xd60 [ 326.598735][ C0] ? hw_scan_work+0xf30/0xf30 [ 326.603421][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 326.608534][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 326.614605][ C0] hrtimer_run_softirq+0x183/0x2a0 [ 326.619705][ C0] handle_softirqs+0x2a1/0x920 [ 326.624492][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 326.629336][ C0] ? do_softirq+0x200/0x200 [ 326.633846][ C0] __irq_exit_rcu+0x12f/0x220 [ 326.638548][ C0] ? irq_exit_rcu+0x20/0x20 [ 326.643072][ C0] irq_exit_rcu+0x5/0x20 [ 326.647301][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 326.652940][ C0] [ 326.655883][ C0] [ 326.658806][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 326.664832][ C0] RIP: 0010:lock_acquire+0x20f/0x490 [ 326.670111][ C0] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 66 43 c7 44 3d 09 00 00 43 c6 44 3d 0b [ 326.689706][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.695706][ C0] RSP: 0018:ffffc900037dfb20 EFLAGS: 00000206 [ 326.701776][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: bf507d367d367100 [ 326.709749][ C0] RDX: 0000000000000000 RSI: ffffffff8a8c1700 RDI: ffffffff8adef760 [ 326.717725][ C0] RBP: ffffc900037dfc30 R08: dffffc0000000000 R09: fffffbfff215c44f [ 326.725710][ C0] R10: fffffbfff215c44f R11: 1ffffffff215c44e R12: 0000000000000000 [ 326.733694][ C0] R13: 1ffff920006fbf70 R14: 0000000000000246 R15: dffffc0000000000 [ 326.741690][ C0] ? __might_sleep+0xd0/0xd0 [ 326.746282][ C0] ? read_lock_is_recursive+0x10/0x10 [ 326.751668][ C0] ? __lock_acquire+0x7c50/0x7c50 [ 326.756708][ C0] ? __might_fault+0xa6/0x120 [ 326.761407][ C0] __might_fault+0xc2/0x120 [ 326.765900][ C0] ? __might_fault+0xa6/0x120 [ 326.770561][ C0] do_recvmmsg+0x382/0x7d0 [ 326.775000][ C0] ? __sys_recvmmsg+0x280/0x280 [ 326.779854][ C0] ? do_futex+0x310/0x320 [ 326.784250][ C0] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 326.790482][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 326.795565][ C0] ? do_recvmmsg+0x7d0/0x7d0 [ 326.800139][ C0] ? syscall_enter_from_user_mode+0x2a/0x80 [ 326.806049][ C0] do_syscall_64+0x4c/0xa0 [ 326.810450][ C0] ? clear_bhb_loop+0x60/0xb0 [ 326.815131][ C0] ? clear_bhb_loop+0x60/0xb0 [ 326.819793][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 326.825695][ C0] RIP: 0033:0x7f8a9818f6c9 [ 326.830104][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.849721][ C0] RSP: 002b:00007f8a98fcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 326.858142][ C0] RAX: ffffffffffffffda RBX: 00007f8a983e6090 RCX: 00007f8a9818f6c9 [ 326.866111][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 326.874091][ C0] RBP: 00007f8a98211f91 R08: 0000000000000000 R09: 0000000000000000 [ 326.882067][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 326.890041][ C0] R13: 00007f8a983e6128 R14: 00007f8a983e6090 R15: 00007ffd873bc728 [ 326.898018][ C0] [ 326.901030][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 326.908288][ C0] CPU: 0 PID: 7171 Comm: syz.3.675 Not tainted syzkaller #0 [ 326.915547][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 326.925581][ C0] Call Trace: [ 326.928841][ C0] [ 326.931665][ C0] dump_stack_lvl+0x168/0x22e [ 326.936322][ C0] ? memcpy+0x3c/0x60 [ 326.940288][ C0] ? show_regs_print_info+0x12/0x12 [ 326.945467][ C0] ? load_image+0x3b0/0x3b0 [ 326.949955][ C0] panic+0x2c9/0x710 [ 326.953831][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 326.958322][ C0] __warn+0x2f8/0x4f0 [ 326.962288][ C0] ? __ieee80211_beacon_get+0x1952/0x1f50 [ 326.967989][ C0] ? __ieee80211_beacon_get+0x1952/0x1f50 [ 326.973694][ C0] report_bug+0x2ba/0x4f0 [ 326.978004][ C0] ? __ieee80211_beacon_get+0x1952/0x1f50 [ 326.983707][ C0] handle_bug+0x3a/0x70 [ 326.987841][ C0] exc_invalid_op+0x16/0x40 [ 326.992329][ C0] asm_exc_invalid_op+0x16/0x20 [ 326.997185][ C0] RIP: 0010:__ieee80211_beacon_get+0x1952/0x1f50 [ 327.003502][ C0] Code: ff ff ff e8 40 d3 e3 f7 0f 0b 48 8b 7c 24 20 e8 04 90 7f fe e9 dd e9 ff ff e8 2a d3 e3 f7 0f 0b e9 f1 ee ff ff e8 1e d3 e3 f7 <0f> 0b e9 61 f2 ff ff e8 12 d3 e3 f7 48 c7 c7 f0 73 fa 8d 4c 89 f6 [ 327.023088][ C0] RSP: 0018:ffffc900000078a0 EFLAGS: 00010246 [ 327.029147][ C0] RAX: ffffffff899d0342 RBX: 0000000000000000 RCX: ffff888078f71dc0 [ 327.037105][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 327.045060][ C0] RBP: ffffc90000007aa8 R08: ffff888078f71dc0 R09: 0000000000000003 [ 327.053013][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: 1ffff92000000f2c [ 327.060966][ C0] R13: dffffc0000000000 R14: ffff8880545f2258 R15: ffff8880588de000 [ 327.068927][ C0] ? __ieee80211_beacon_get+0x1952/0x1f50 [ 327.074650][ C0] ? verify_lock_unused+0x140/0x140 [ 327.079842][ C0] ? __ieee80211_beacon_get+0xad/0x1f50 [ 327.085733][ C0] ? ieee80211_beacon_get_template+0x40/0x40 [ 327.091713][ C0] ieee80211_beacon_get_tim+0x5b/0x4d0 [ 327.097164][ C0] mac80211_hwsim_beacon_tx+0x21c/0xae0 [ 327.102696][ C0] ? read_lock_is_recursive+0x10/0x10 [ 327.108055][ C0] __iterate_interfaces+0x243/0x500 [ 327.113242][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 327.119474][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x26/0x170 [ 327.126657][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 327.132881][ C0] ieee80211_iterate_active_interfaces_atomic+0xd7/0x170 [ 327.139886][ C0] mac80211_hwsim_beacon+0xb7/0x1b0 [ 327.145067][ C0] __hrtimer_run_queues+0x554/0xd60 [ 327.150278][ C0] ? hw_scan_work+0xf30/0xf30 [ 327.154955][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 327.160053][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 327.166104][ C0] hrtimer_run_softirq+0x183/0x2a0 [ 327.171210][ C0] handle_softirqs+0x2a1/0x920 [ 327.175960][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 327.180794][ C0] ? do_softirq+0x200/0x200 [ 327.185288][ C0] __irq_exit_rcu+0x12f/0x220 [ 327.189961][ C0] ? irq_exit_rcu+0x20/0x20 [ 327.194459][ C0] irq_exit_rcu+0x5/0x20 [ 327.198685][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 327.204308][ C0] [ 327.207217][ C0] [ 327.210135][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 327.216097][ C0] RIP: 0010:lock_acquire+0x20f/0x490 [ 327.221365][ C0] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 66 43 c7 44 3d 09 00 00 43 c6 44 3d 0b [ 327.240961][ C0] RSP: 0018:ffffc900037dfb20 EFLAGS: 00000206 [ 327.247027][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: bf507d367d367100 [ 327.254983][ C0] RDX: 0000000000000000 RSI: ffffffff8a8c1700 RDI: ffffffff8adef760 [ 327.262937][ C0] RBP: ffffc900037dfc30 R08: dffffc0000000000 R09: fffffbfff215c44f [ 327.270893][ C0] R10: fffffbfff215c44f R11: 1ffffffff215c44e R12: 0000000000000000 [ 327.278848][ C0] R13: 1ffff920006fbf70 R14: 0000000000000246 R15: dffffc0000000000 [ 327.286820][ C0] ? __might_sleep+0xd0/0xd0 [ 327.291404][ C0] ? read_lock_is_recursive+0x10/0x10 [ 327.296761][ C0] ? __lock_acquire+0x7c50/0x7c50 [ 327.301770][ C0] ? __might_fault+0xa6/0x120 [ 327.306429][ C0] __might_fault+0xc2/0x120 [ 327.310916][ C0] ? __might_fault+0xa6/0x120 [ 327.315582][ C0] do_recvmmsg+0x382/0x7d0 [ 327.319984][ C0] ? __sys_recvmmsg+0x280/0x280 [ 327.324816][ C0] ? do_futex+0x310/0x320 [ 327.329144][ C0] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 327.335279][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 327.340289][ C0] ? do_recvmmsg+0x7d0/0x7d0 [ 327.344860][ C0] ? syscall_enter_from_user_mode+0x2a/0x80 [ 327.350734][ C0] do_syscall_64+0x4c/0xa0 [ 327.355127][ C0] ? clear_bhb_loop+0x60/0xb0 [ 327.359788][ C0] ? clear_bhb_loop+0x60/0xb0 [ 327.364455][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 327.370333][ C0] RIP: 0033:0x7f8a9818f6c9 [ 327.374733][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.394317][ C0] RSP: 002b:00007f8a98fcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 327.402720][ C0] RAX: ffffffffffffffda RBX: 00007f8a983e6090 RCX: 00007f8a9818f6c9 [ 327.410674][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 327.418626][ C0] RBP: 00007f8a98211f91 R08: 0000000000000000 R09: 0000000000000000 [ 327.426588][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 327.434539][ C0] R13: 00007f8a983e6128 R14: 00007f8a983e6090 R15: 00007ffd873bc728 [ 327.442500][ C0] [ 327.445743][ C0] Kernel Offset: disabled [ 327.450095][ C0] Rebooting in 86400 seconds..