last executing test programs: 7m49.396991816s ago: executing program 3 (id=21): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0}, 0x94) getsockname$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010101, 0x15, 0x3, 'sh\x00', 0x2e, 0x5, 0x72}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e20, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@loopback, 0x4e20, 0x10000, 0x2, 0x2}}, 0x44) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4f23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 7m49.201777232s ago: executing program 3 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0a000000020000003f00000040"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000a80), 0x1007, r3}, 0x38) 7m48.146812889s ago: executing program 3 (id=24): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) socket$alg(0x26, 0x5, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000000c0)={r3, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000080)={r3, 0x1, 0x6, @multicast}, 0x10) 7m46.524052951s ago: executing program 3 (id=32): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x40, &(0x7f00000001c0)={[{@nouid32}, {@errors_remount}, {@user_xattr}, {@nodiscard}, {@dioread_nolock}]}, 0x1, 0x4f7, &(0x7f0000000cc0)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=") r1 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x10) ftruncate(r1, 0x2007ffc) sendfile(r1, r1, 0x0, 0x2000000000006) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(r2, 0x13, &(0x7f0000000000)={0x24, 0xfe81, 0xffffffff}) tkill(r2, 0x12) ioctl$OCFS2_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x1, 0x0, 0x27a, 0xebc, 0x5, 0x79a}) 7m45.992649565s ago: executing program 3 (id=34): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000100000085000000c0000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = getpgid(0x0) r3 = syz_pidfd_open(r2, 0x0) pidfd_send_signal(r3, 0x39, &(0x7f0000004dc0)={0x3f, 0xab9, 0x80}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x38, r5, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x300}, @TIPC_NLA_MON_REF={0xffffffffffffff93}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0x38}}, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x1, 0xffffffff, @loopback={0xffffffffffff0000}, 0x92}, 0x1c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0xe, 0x0, &(0x7f0000000ac0)='\x00\x00@\x00'/14, 0x0, 0xadf6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7m40.945101105s ago: executing program 3 (id=47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) sendmsg$TIPC_NL_NODE_GET(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000700)={0x14, 0x0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4000000) sendto$inet(r1, &(0x7f0000000080)="ab", 0x1, 0x8855, 0x0, 0x0) 7m40.7549224s ago: executing program 32 (id=47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) sendmsg$TIPC_NL_NODE_GET(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000700)={0x14, 0x0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4000000) sendto$inet(r1, &(0x7f0000000080)="ab", 0x1, 0x8855, 0x0, 0x0) 4m2.744638336s ago: executing program 4 (id=798): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x28, 0x801, 0x0) connect$vsock_stream(r3, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r3, 0x1) connect$inet(r3, 0x0, 0x0) 4m1.611490534s ago: executing program 4 (id=800): socket$inet(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x82, 0xfffffffffffffffe, &(0x7f00000000c0)=0x95) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mprotect(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0) 4m0.335694227s ago: executing program 4 (id=805): sched_setscheduler(0x0, 0x2, 0x0) getpid() r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x20000, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x41}, 0x0) 4m0.028590835s ago: executing program 4 (id=809): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000180)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, 0x0) r2 = getpgid(r1) setpgid(0x0, r2) open(&(0x7f0000000140)='./file3/file0\x00', 0x2200, 0x9a) openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', 0x0, 0x8, 0x0) 3m58.476306484s ago: executing program 4 (id=813): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20004808) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x4, r2}, 0x10) 3m57.985201627s ago: executing program 4 (id=820): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) 3m57.291885325s ago: executing program 33 (id=820): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) 11.608133264s ago: executing program 5 (id=1610): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r3, 0x30d, 0x0, 0xfffffffe}, 0x14}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000200000000020900010073797a31000000002c000000030a010100000000000000000a0000030922010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r4 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r4, &(0x7f00000002c0)={0x2, 0x4e24, @local}, 0x64) listen(r4, 0x7f) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000600000000000000030000009310000001"], 0x0, 0x5}, 0x94) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a110000050042"], 0x18}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a14000000020a0102000000000000000000000008240000000c0a25000000000000000000020000020900010073797a300000000004000380140000001100010000000000000000000700000a"], 0x60}}, 0x40044) 11.532316676s ago: executing program 5 (id=1612): r0 = socket$alg(0x26, 0x5, 0x0) socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r4 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 9.770264471s ago: executing program 5 (id=1614): r0 = socket(0x10, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sched_setattr(0x0, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r6], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 9.731799252s ago: executing program 1 (id=1615): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) fallocate(r1, 0x0, 0x22001, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) sendto$inet6(r0, 0x0, 0x0, 0x8000, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x28011, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) getdents64(r3, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628) sendfile(r2, r2, 0x0, 0xe3aa6ea) openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) 9.527486357s ago: executing program 0 (id=1617): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x80002, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x48) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r2, 0x331, 0x2000, 0x40000000, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400400c}, 0x0) 9.519784647s ago: executing program 2 (id=1618): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) semctl$SETALL(0x0, 0x0, 0x9, 0x0) r4 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) ioctl$PPPIOCGL2TPSTATS(r3, 0x80487436, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) 9.299226423s ago: executing program 1 (id=1619): r0 = socket$pptp(0x18, 0x1, 0x2) bind$netlink(0xffffffffffffffff, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x8000000}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0xfffe, @loopback}}, 0x1e) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) 9.298732663s ago: executing program 6 (id=1620): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x76) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r4, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x400003}]}, 0x3c}}, 0x20000018) 7.83404224s ago: executing program 2 (id=1621): sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) syz_open_dev$vim2m(0x0, 0x50d65ad7, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3}) 7.83271037s ago: executing program 6 (id=1622): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x170, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x1ff, 0x72, 0x8, 0x2, 0x1, 0xfffffffa, 0x6f2, 0x9, 0xb00, 0x17, 0xb, 0x1c, 0x8, 0x7, 0x1}}, @TCA_GRED_STAB={0x104, 0x2, "6a5c8d6e56a3857dfcdef7b2cc5943f5ab90a2a3c7b5b43b3c90ba420a16d00355354d134f9c2ee484adb8416e3f180a4b2d6e5552aa66ae89476a7ec13c04c39a107796cd115bcf28d72b188105acd71d1fee6f6a325169ef91d1e19089385aca27a7ccbdb2c2869cd2985c286e09ae436b1fed83c1b7d7fab107eb218151a560723252a1b16822925e4a160f93b0d43d9ba46411be3bcbad2c3f1e11a392b690c802177bd3ed3d1c2f69044f98128018c150e2c4b6322face88f5ed2cd741343af9eac5a454120c13ddc503835cbad8646351ba5d4af335af601dac0231ef35eb8933c4b7c235387bf398a3a26e3efbadc1616242f1131028e424db8c55351"}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) 7.635092555s ago: executing program 0 (id=1623): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r3, 0x30d, 0x0, 0xfffffffe}, 0x14}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000200000000020900010073797a31000000002c000000030a010100000000000000000a0000030922010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r4 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r4, &(0x7f00000002c0)={0x2, 0x4e24, @local}, 0x64) listen(r4, 0x7f) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000600000000000000030000009310000001"], 0x0, 0x5}, 0x94) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a110000050042"], 0x18}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a14000000020a0102000000000000000000000008240000000c0a25000000000000000000020000020900010073797a300000000004000380140000001100010000000000000000000700000a"], 0x60}}, 0x40044) 7.632054845s ago: executing program 5 (id=1624): socket(0x10, 0x80003, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 6.222949091s ago: executing program 2 (id=1625): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)=[{{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x800}}], 0x1, 0x24044000) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e23, 0x9, @loopback={0x0, 0x7ffffffe}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) recvmmsg(r2, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0xc3072, r3, 0x0) read(r2, &(0x7f0000000000)=""/31, 0x1f) 6.222701591s ago: executing program 6 (id=1626): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x4e1f, 0x3, 'lblc\x00', 0x11, 0x10000004, 0x8}, 0x2c) syz_open_dev$sndpcmc(&(0x7f0000001180), 0x0, 0x2100) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) r2 = socket$kcm(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'rr\x00', 0x23, 0x81, 0x5}, {@multicast1, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100007292bd404020305582a80000000109021b0001000000000904000001df7fa9000905"], 0x0) r4 = accept4$x25(r2, 0x0, &(0x7f0000000080), 0x800) ioctl$SIOCX25SCALLUSERDATA(r4, 0x89e5, &(0x7f00000000c0)={0x36, "dffe64f0fc3301cf49fd59c032eef7c468acc444d09ff681dc338180146a18156d842f4def9050cc9a75bafeb07fda227edd9ac56c2fcbe4117dc2f1a45970ff22b9f87dfa4bede767c60a577aad36efcda599eac8bc13ce81bc0dc20d83d718083e1aca0eaeb0f4900f854f2705e43ac6c06f8e73385b537c2d06aa631d5bd7"}) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 6.220738851s ago: executing program 0 (id=1627): recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44840}, 0x20004040) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@wrmsr={0x65, 0x20, {0x40000000, 0x3}}], 0x20}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, &(0x7f00000001c0)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) sendmsg$NL80211_CMD_GET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.017216027s ago: executing program 1 (id=1628): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0x0, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4084) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) 5.986681607s ago: executing program 2 (id=1629): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xab402) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0x3}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x183c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x2, 0x0, 0x23e8, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000000c0)={0x6, 0xffff81a4, 0x44, 0x0, 0xf}) 5.732783563s ago: executing program 0 (id=1630): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd0000000010902"], 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2c", 0x71}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e90200", 0x87}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b", 0xcd}, {0x0}, {&(0x7f0000000800)}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c", 0x89}, {&(0x7f00000000c0)}], 0x7}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000bc0)}], 0x2}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 4.472188606s ago: executing program 1 (id=1631): socket$kcm(0x10, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) mount(&(0x7f0000000440)=@rnullb, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='f2fs\x00', 0xa88b9, &(0x7f0000000640)='\xff\xff') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000011646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.471390086s ago: executing program 5 (id=1632): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x16) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x200840, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x5, 0x4445, &(0x7f000000cd00)="$eJzs3c9PXFsdAPDvveB7gO9V+t5bPBMTJ/ElGjUEulJpYktpKbRYU21j3EwHmLbowDQwGBdd4K6JKxMXjYtGE3esGhZu65/gxmVdN9GFGxOTRszMXOjcy4xMGwZs3+ez4DDnN3zvPZy7uJw007i/ulla3SxV1kv15bub50q/qNe21qqRDt5wROTHj+2THJ/XMIjr5BSvvc+9G5eu/Oj2uYg/r/z1xd7e3l40DUdXUx3f/+ufD5c7031poU2z3+69HZefRsQnh+bVNBQRP/lTRBIRF7O8mSwdjYgz0S67/fDXd0rHNJunz6vnyy8XH+1Of7aw82S398+eRPyu9uVv31v7+9eGpv/2zWMaHgAAAAAAAAAAAAAAAACAt9zczRu3fjg5Fc+SGN5JDr+vO5elvd6P3Ts2Xx38DwsAAAAAAAAAAAAAAAAAAAD/p169/19KPury/v9sll7o0X7v+4OfI4Mz/4Mbs5cnp7Lz35ND5d/Jsv5xcSjOdjn3vXj++8VC++7nvx8e503tz29/3PFI0pGO8vFI04mJiD9kB79/moyltfpm41t361vrK8c2jbdWPv7t0/tz0ckO9O83/jOF/gd//v/Hh66m5uc7x3eJvdPy8R/qWe+Pv0r6iv+lfLPHA5p2h48HP8Q7LB//4VbeaGeF99tJM/6/GT46/rOF/gd1/5+JiFLSnGsptwI09zDN/F77FfLy8f9CKy+3dGa/yF73/78L8b9c6P+01v/t4h8iusrH/71W3kiuRnsD0Ip/evT9f6XQ/2nEvzn/bX//+5KPf7bYD+eqtH6T/a7/c4X+u8S/9ybjNdxKs3meSXJXwE7Szu/1/+rIy8d/5FD5q+e/tK/939VC+5N6/tsft/n8N9HxHPKNpP38R3f5+I/2rNfv/T9faDfo9f9Ca//Hm8rHf6yVl987j7e+9hv/hUL/g4p/a1cysh//V+vJf95v5//e/q8v+fh/sZ2ZdtbYbn1t7f+So/f/1wr9n8b+rzn/7XSwo74r8vH/oGe9Zvz/ksV97H/c/9cL7QYf/4hJe/03lo//hz3rte7/kaPX/8VCu0HH/+uD7BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLTCTpeORpBO5z2k6MRFxKfv8aYwlS5WV8lKtvvzzzYjZLL8UHyX3avWlSq28ul5fqZYrtVp9OeJyVv5JjCSbtXqjvFZ5cOWgr9HkfrWy0ViqVhoRMZflfyU+3O9rabWxVnkQEVcPyr6U1jce3K+sl1dWN743OTk5GfMHczibVH/ZqK432qO3SyMWDtqOJx2TaxVfO5jLB8nP6lsb65VaK/96R5tafblS62izmJX9Ns4mjY2t9eVKo1qu1e/tj3eaLmTp7PzNH9+8PnWo/E7STmdOdloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvKZn0999HBHD7U9pRJSS5jfv9aj/9Hn1fPnl4qPd6c8Wdp7svoiI5CTnCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCLt2jRBAEYQCtbgUNPYbRMJOZjiiigSOCJ9BjeBg9ipfwDgYGpgbLwm4PLPMDy8Amy3tJQX9UV0MXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBs7p67l6e6iUhxvjqL+Hr7/tnNH0r9uJ7uP1kw83RBD4dx/9jd3NZN+fc0yq/K0W+bN+n/3/trTNTe52BPhvu0NZ4zNLdvc+/r515EylVEtCW/TDlX1X53AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8raPo2wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0yJHBw=") sched_setscheduler(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 4.469425876s ago: executing program 6 (id=1633): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0xffffffffffffffff) ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f0000000240)) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x0, 0x8}, [@NDA_IFINDEX={0x8}]}, 0x24}}, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) 4.093220145s ago: executing program 2 (id=1634): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0xfe, @remote}}}, 0x108) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x70}}, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x2) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x8000) bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0xf}, &(0x7f0000000580)=0x8) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 3.190699029s ago: executing program 6 (id=1635): r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r4, @ANYBLOB="05005b"], 0x24}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x24, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, 'R'}]}, 0x24}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.006705473s ago: executing program 1 (id=1636): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r1, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcdf, 0x1, 0x0}, &(0x7f00000000c0)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcdf, 0x1, 0x0}, &(0x7f00000000c0)=0x40) 2.997012203s ago: executing program 2 (id=1637): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$unix(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000001c0)="9410c74b9405d00018a02f540c757403d06bd52381ff77fe77afdda7a6b8713c6443c17a216e421fcee051cec7ccef224e58fcbcce1ba0dd216ed0c456a90a8e", 0x40}], 0x1) close(r6) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f00000001c0)=ANY=[@ANYBLOB="4080010008021100000108026d5ebea820ac0f7e48110000"], 0x46) 2.790417399s ago: executing program 6 (id=1638): socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r3, r1, 0x0, 0x100000000) 2.387250349s ago: executing program 0 (id=1639): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) recvfrom(r4, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0) 2.386353689s ago: executing program 1 (id=1640): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$netlink(0x10, 0x3, 0xa) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r3) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x1d, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2.188098404s ago: executing program 5 (id=1641): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = fcntl$getown(0xffffffffffffffff, 0x9) prlimit64(r0, 0xb, &(0x7f0000000000)={0x6, 0x7}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x15\x00'}]}, 0x1c}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x44, 0x0, 0x0, 0x80000000}, {0x20}, {0x3, 0xfd}, {0x20, 0x0, 0x0, 0x10000000}, {}, {0x0, 0x0, 0xf8}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) 0s ago: executing program 0 (id=1642): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) io_uring_setup(0x3450, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc240}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r4}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) 0s ago: executing program 1 (id=1643): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x2, 0xb}, 0x5, 0x34, 0x91f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_RATE64={0xc, 0x4, 0xdd31e353c9fd1eb}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xb}, {0xe, 0xffea}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x9, 0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2400c061}, 0x4890) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r3) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000300)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000088a8ffff86ddee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) kernel console output (not intermixed with test programs): batadv0: Interface activated: batadv_slave_1 [ 72.539018][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.548648][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.557919][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.567817][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.583839][ T4200] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.592573][ T4200] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.601488][ T4200] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.611194][ T4200] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.636093][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.652920][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.660761][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.674820][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.684556][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 72.692480][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.703455][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.724504][ T4189] device veth0_vlan entered promiscuous mode [ 72.732604][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.741853][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.783426][ T4232] Bluetooth: hci2: command 0x040f tx timeout [ 72.794593][ T4232] Bluetooth: hci0: command 0x040f tx timeout [ 72.801264][ T4232] Bluetooth: hci1: command 0x040f tx timeout [ 72.808533][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.821109][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.836425][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.846994][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.857242][ T4199] device veth0_vlan entered promiscuous mode [ 72.864010][ T4234] Bluetooth: hci3: command 0x040f tx timeout [ 72.870154][ T4189] device veth1_vlan entered promiscuous mode [ 72.873352][ T4234] Bluetooth: hci4: command 0x040f tx timeout [ 72.885995][ T1665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.895546][ T1665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.929359][ T4199] device veth1_vlan entered promiscuous mode [ 72.948570][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.957110][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.966070][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.974398][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.982513][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.009922][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.018485][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.028887][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.031108][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.052361][ T4199] device veth0_macvtap entered promiscuous mode [ 73.067609][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.078743][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.087090][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.096979][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.116750][ T4199] device veth1_macvtap entered promiscuous mode [ 73.132640][ T4189] device veth0_macvtap entered promiscuous mode [ 73.139510][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.150040][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.172406][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.185919][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.196683][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.207842][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.218109][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.228955][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.241599][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.265923][ T4189] device veth1_macvtap entered promiscuous mode [ 73.276800][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.286488][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.296836][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.306005][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.314528][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.324142][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.352629][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.366313][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.385276][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.399425][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.412414][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.425295][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.441364][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.469182][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.479847][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.494271][ T4199] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.505236][ T4199] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.516743][ T4199] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.528336][ T4199] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.563238][ T393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.592670][ T393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.616507][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.699757][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.710601][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.721150][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.731715][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.741644][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.754799][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.765042][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.775883][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.788511][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.882136][ T4272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1'. [ 74.165614][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.199041][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.494913][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.507861][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.517453][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.544892][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.568802][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.580752][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.592714][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.617286][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.651865][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.692642][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.712486][ T4280] loop0: detected capacity change from 0 to 2048 [ 74.766625][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.779076][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.817918][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.836479][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.848705][ T4189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.859935][ T4189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.863920][ T1108] Bluetooth: hci1: command 0x0419 tx timeout [ 74.870989][ T4189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.888878][ T4189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.636542][ T4280] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 75.676196][ T1108] Bluetooth: hci0: command 0x0419 tx timeout [ 75.692487][ T1108] Bluetooth: hci2: command 0x0419 tx timeout [ 75.705669][ T1108] Bluetooth: hci4: command 0x0419 tx timeout [ 75.738505][ T1108] Bluetooth: hci3: command 0x0419 tx timeout [ 75.851339][ T4279] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 75.919942][ T4291] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 75.985108][ T4279] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28 [ 76.015295][ T4279] EXT4-fs (loop0): This should not happen!! Data will be lost [ 76.015295][ T4279] [ 76.026152][ T4279] EXT4-fs (loop0): Total free blocks count 0 [ 76.044138][ T4238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.052020][ T4238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.071005][ T4279] EXT4-fs (loop0): Free/Dirty block details [ 76.086086][ T4279] EXT4-fs (loop0): free_blocks=4096 [ 76.091950][ T4279] EXT4-fs (loop0): dirty_blocks=16 [ 76.109295][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.129920][ T4279] EXT4-fs (loop0): Block reservation details [ 76.143874][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.151740][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.182177][ T4279] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 76.200273][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.209474][ T1665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.222775][ T1665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.255521][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.283115][ T4238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.291073][ T4238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.367785][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.779847][ T4324] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 77.940296][ T4324] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 78.031470][ T4338] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaa [ 78.238453][ T1108] libceph: connect (1)[c::]:6789 error -101 [ 78.245781][ T1108] libceph: mon0 (1)[c::]:6789 connect error [ 78.256948][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 79.182203][ T4341] ceph: No mds server is up or the cluster is laggy [ 79.182890][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 79.201202][ T1108] libceph: connect (1)[c::]:6789 error -101 [ 79.210233][ T4331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 79.226104][ T1108] libceph: mon0 (1)[c::]:6789 connect error [ 79.470036][ T4351] device batadv_slave_1 entered promiscuous mode [ 79.510736][ T4348] device batadv_slave_1 left promiscuous mode [ 79.552788][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 79.572766][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 79.582783][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 79.592785][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 79.602768][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 79.612765][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 79.632799][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 79.642797][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 79.652766][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 80.577230][ T4324] syz.0.16 (4324) used greatest stack depth: 20432 bytes left [ 80.620224][ T4358] device bridge1 entered promiscuous mode [ 80.848464][ T4363] loop2: detected capacity change from 0 to 736 [ 80.901297][ T4373] loop3: detected capacity change from 0 to 512 [ 80.963316][ T4373] ======================================================= [ 80.963316][ T4373] WARNING: The mand mount option has been deprecated and [ 80.963316][ T4373] and is ignored by this kernel. Remove the mand [ 80.963316][ T4373] option from the mount to silence this warning. [ 80.963316][ T4373] ======================================================= [ 81.138955][ T4373] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.214327][ T4373] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,errors=remount-ro,user_xattr,nodiscard,dioread_nolock,. Quota mode: writeback. [ 81.230139][ T4373] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.364081][ T4200] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 81.386643][ T4200] EXT4-fs (loop3): Remounting filesystem read-only [ 81.394338][ T4200] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 81.412932][ T4200] EXT4-fs (loop3): Remounting filesystem read-only [ 81.665714][ T4369] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.674212][ T4369] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.308935][ T4369] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.355791][ T4369] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.829888][ T4369] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.838934][ T4369] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.848244][ T4369] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.857475][ T4369] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.992866][ T4378] netlink: 4 bytes leftover after parsing attributes in process `syz.4.33'. [ 83.026068][ T4369] syz.0.29 (4369) used greatest stack depth: 20112 bytes left [ 83.135170][ T4388] loop0: detected capacity change from 0 to 256 [ 83.330504][ T4394] loop4: detected capacity change from 0 to 512 [ 83.530513][ T4394] EXT4-fs (loop4): 1 truncate cleaned up [ 83.546843][ T4394] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,stripe=0x000000000000030c,jqfmt=vfsv1,nojournal_checksum,jqfmt=vfsv1,usrjquota=,,errors=continue. Quota mode: none. [ 84.090184][ T4389] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.097712][ T4389] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.052516][ T4389] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.260970][ T4389] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.041241][ T4389] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.054171][ T4389] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.067295][ T4389] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.079043][ T4389] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.400418][ T4438] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 86.431089][ T4438] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 86.509288][ T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.655852][ T1111] cfg80211: failed to load regulatory.db [ 86.871228][ T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.892106][ T4458] device syzkaller0 entered promiscuous mode [ 88.044501][ T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.629559][ T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.922017][ T26] audit: type=1804 audit(1777720665.788:2): pid=4488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.62" name="file0" dev="hugetlbfs" ino=33636 res=1 errno=0 [ 89.984240][ T26] audit: type=1804 audit(1777720665.848:3): pid=4488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.62" name="file0" dev="hugetlbfs" ino=33636 res=1 errno=0 [ 90.062933][ T4430] Bluetooth: hci4: command 0x0409 tx timeout [ 90.104771][ T4493] ufs: You didn't specify the type of your ufs filesystem [ 90.104771][ T4493] [ 90.104771][ T4493] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 90.104771][ T4493] [ 90.104771][ T4493] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 90.135932][ T4493] ufs: ufstype=old is supported read-only [ 90.145554][ T4493] blk_update_request: I/O error, dev loop9, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 91.102164][ T4464] chnl_net:caif_netlink_parms(): no params data found [ 92.279977][ T4430] Bluetooth: hci4: command 0x041b tx timeout [ 92.638036][ T4464] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.793370][ T4464] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.870889][ T4464] device bridge_slave_0 entered promiscuous mode [ 93.224727][ T4464] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.251024][ T4464] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.267205][ T4525] Zero length message leads to an empty skb [ 93.309352][ T4525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.69'. [ 93.444885][ T4464] device bridge_slave_1 entered promiscuous mode [ 93.958137][ T4464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.033360][ T393] Bluetooth: hci5: Frame reassembly failed (-84) [ 94.043151][ T1665] Bluetooth: hci5: Frame reassembly failed (-84) [ 94.073167][ T4464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.162088][ T4464] team0: Port device team_slave_0 added [ 94.228790][ T4464] team0: Port device team_slave_1 added [ 94.391185][ T4430] Bluetooth: hci4: command 0x040f tx timeout [ 94.772904][ T4542] ªªªªª: renamed from virt_wifi0 [ 95.280322][ T4464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.298211][ T4464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.346278][ T4464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.402837][ T4464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.409952][ T4464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.480303][ T4464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.520854][ T4549] batman_adv: batadv0: Adding interface: dummy0 [ 95.532816][ T4549] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.562874][ T4549] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 95.639055][ T4558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.77'. [ 95.649250][ T4558] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 95.659095][ T4558] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (68719607821) [ 95.754569][ T4464] device hsr_slave_0 entered promiscuous mode [ 95.982519][ T4464] device hsr_slave_1 entered promiscuous mode [ 96.010145][ T4464] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.487127][ T4464] Cannot create hsr debugfs directory [ 96.540983][ T4430] Bluetooth: hci5: command 0x1003 tx timeout [ 96.576572][ T4195] Bluetooth: hci5: sending frame failed (-49) [ 96.584783][ T4429] Bluetooth: hci4: command 0x0419 tx timeout [ 96.851117][ T4575] loop4: detected capacity change from 0 to 2048 [ 96.983388][ T4578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.82'. [ 97.785776][ T4588] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 98.115216][ T144] device hsr_slave_0 left promiscuous mode [ 98.138923][ T144] device hsr_slave_1 left promiscuous mode [ 98.158381][ T4575] syz.4.80 (4575) used greatest stack depth: 20016 bytes left [ 98.170626][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.181065][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.198577][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.216671][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.236244][ T144] device bridge_slave_1 left promiscuous mode [ 98.248224][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.278830][ T144] device bridge_slave_0 left promiscuous mode [ 98.285152][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.320873][ T144] device veth1_macvtap left promiscuous mode [ 98.330313][ T144] device veth0_macvtap left promiscuous mode [ 98.341332][ T144] device veth1_vlan left promiscuous mode [ 98.350889][ T144] device veth0_vlan left promiscuous mode [ 98.570355][ T144] team0 (unregistering): Port device team_slave_1 removed [ 98.584925][ T144] team0 (unregistering): Port device team_slave_0 removed [ 98.600357][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.620430][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.630448][ T4430] Bluetooth: hci5: command 0x1001 tx timeout [ 98.637062][ T4195] Bluetooth: hci5: sending frame failed (-49) [ 98.707026][ T144] bond0 (unregistering): Released all slaves [ 98.931191][ T4464] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 98.958267][ T4464] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 99.016657][ T4464] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 99.122291][ T4464] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 99.405874][ T4464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.440779][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.454993][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.478903][ T4464] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.503027][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 99.528687][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.560226][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.567408][ T4275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.608246][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.631379][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 99.650634][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.676274][ T4275] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.683486][ T4275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.710036][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 99.731609][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 99.764778][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 99.813029][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.829046][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.862378][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 99.902103][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.944053][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 99.955701][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.987369][ T4464] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.010019][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 100.026926][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 100.045240][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.263757][ T4651] process 'syz.0.92' launched './file0' with NULL argv: empty string added [ 101.348260][ T4431] Bluetooth: hci5: command 0x1009 tx timeout [ 102.242746][ C1] sched: RT throttling activated [ 102.757294][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.796395][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 103.032187][ T4464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.244855][ T4696] netlink: 104 bytes leftover after parsing attributes in process `syz.4.100'. [ 105.007800][ T4705] netlink: 'syz.4.102': attribute type 4 has an invalid length. [ 105.255845][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.279983][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.344414][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.364187][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.403529][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 105.424228][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 105.456330][ T4464] device veth0_vlan entered promiscuous mode [ 105.557861][ T4464] device veth1_vlan entered promiscuous mode [ 105.578315][ T1111] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 105.656100][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 105.682409][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 105.714305][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 105.744333][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 105.785820][ T4464] device veth0_macvtap entered promiscuous mode [ 105.804938][ T4464] device veth1_macvtap entered promiscuous mode [ 105.934535][ T4464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.975660][ T4464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.023103][ T1111] usb 3-1: unable to get BOS descriptor or descriptor too short [ 106.078240][ T4464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.089734][ T1111] usb 3-1: not running at top speed; connect to a high speed hub [ 106.150150][ T4464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.203220][ T1111] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 4 [ 106.224358][ T4464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.235692][ T4464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.246229][ T4464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.256151][ T4464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 106.266756][ T4464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.277938][ T4464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.288989][ T4464] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.298299][ T1111] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 106.308613][ T1111] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 4 [ 106.322515][ T4464] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.332089][ T4464] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.341833][ T4464] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.397655][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 106.640127][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 106.714577][ T1111] usb 3-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40 [ 106.798062][ T1111] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.814824][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 106.942932][ T1111] usb 3-1: Product: syz [ 106.947263][ T1111] usb 3-1: Manufacturer: syz [ 106.954119][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.992889][ T1111] usb 3-1: SerialNumber: syz [ 107.029564][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 107.076680][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 107.392194][ T4238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.412861][ T4238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.420449][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 108.369917][ T4720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.104'. [ 108.389920][ T4238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.403838][ T4238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.473566][ T1665] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 108.688464][ T1111] usb 3-1: 2:1 : no UAC_FORMAT_TYPE desc [ 108.794596][ T1111] usb 3-1: USB disconnect, device number 2 [ 109.208098][ T4182] udevd[4182]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 109.227194][ T4770] netlink: 'syz.5.112': attribute type 10 has an invalid length. [ 109.405347][ T4770] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.413444][ T4770] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.045256][ T4770] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.052460][ T4770] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.061549][ T4770] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.068722][ T4770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.167681][ T4770] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 110.196630][ T4775] netlink: 20 bytes leftover after parsing attributes in process `syz.5.112'. [ 110.205766][ T4779] loop0: detected capacity change from 0 to 8192 [ 110.237414][ T4775] device bridge_slave_1 left promiscuous mode [ 110.269905][ T4775] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.302236][ T4779] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 110.348985][ T4779] REISERFS (device loop0): using ordered data mode [ 110.355769][ T4779] reiserfs: using flush barriers [ 110.365223][ T4779] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 110.384355][ T4779] REISERFS (device loop0): checking transaction log (loop0) [ 110.396796][ T4775] device bridge_slave_0 left promiscuous mode [ 110.405747][ T4775] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.494194][ T4775] bond0: (slave bridge0): Releasing backup interface [ 110.747015][ T4779] REISERFS (device loop0): Using tea hash to sort names [ 110.778824][ T4779] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 110.830226][ T4777] syz.4.113 (4777) used greatest stack depth: 19728 bytes left [ 114.657321][ T4843] netlink: 40 bytes leftover after parsing attributes in process `syz.0.128'. [ 114.683060][ T4843] netlink: 40 bytes leftover after parsing attributes in process `syz.0.128'. [ 115.017822][ T4843] netlink: 40 bytes leftover after parsing attributes in process `syz.0.128'. [ 115.037064][ T4843] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check. [ 117.607412][ T4876] netlink: 20 bytes leftover after parsing attributes in process `syz.2.136'. [ 119.794745][ T4908] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 120.062003][ T4932] loop1: detected capacity change from 0 to 64 [ 120.156835][ T4906] overlayfs: failed to look up (tracing) for ino (-66) [ 120.974244][ T4950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.282288][ T4950] bond1: (slave batadv_slave_1): Enslaving as a backup interface with a down link [ 121.620813][ T4969] loop4: detected capacity change from 0 to 256 [ 121.650595][ T4970] loop0: detected capacity change from 0 to 512 [ 121.751689][ T4970] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 121.798991][ T4970] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 121.840787][ T4969] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 121.873855][ T4970] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 121.896152][ T4970] System zones: 1-12 [ 121.911616][ T4970] EXT4-fs (loop0): orphan cleanup on readonly fs [ 121.936369][ T4970] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.158: invalid indirect mapped block 2 (level 2) [ 121.965549][ T4970] EXT4-fs (loop0): Remounting filesystem read-only [ 121.973366][ T4970] EXT4-fs (loop0): 1 truncate cleaned up [ 121.979227][ T4970] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,max_batch_time=0x0000000000000006,usrquota,errors=remount-ro,i_version. Quota mode: writeback. [ 123.937000][ T26] audit: type=1804 audit(1777720699.808:4): pid=4993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.162" name="bus" dev="ramfs" ino=35727 res=1 errno=0 [ 124.068517][ T26] audit: type=1804 audit(1777720699.858:5): pid=4997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.162" name="bus" dev="ramfs" ino=35727 res=1 errno=0 [ 124.149948][ T4998] device syzkaller0 entered promiscuous mode [ 125.273174][ T4983] syz.4.160 (4983) used greatest stack depth: 18704 bytes left [ 125.290794][ T5020] netlink: 4 bytes leftover after parsing attributes in process `syz.5.167'. [ 128.664216][ T5053] device syzkaller0 entered promiscuous mode [ 129.479201][ T5088] netlink: 798 bytes leftover after parsing attributes in process `syz.4.180'. [ 129.530832][ T5096] fuse: Bad value for 'fd' [ 129.789024][ T5108] device syzkaller0 entered promiscuous mode [ 129.859706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 130.066830][ T5117] loop5: detected capacity change from 0 to 128 [ 130.194012][ T5117] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,nodelalloc,,errors=continue. Quota mode: none. [ 130.275299][ T5117] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.433062][ T4431] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 131.064542][ T4431] usb 1-1: unable to get BOS descriptor or descriptor too short [ 131.174010][ T4431] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 131.208722][ T4431] usb 1-1: config 0 has no interface number 0 [ 131.275087][ T4431] usb 1-1: config 0 interface 214 has no altsetting 0 [ 131.473554][ T4431] usb 1-1: New USB device found, idVendor=2c7c, idProduct=0512, bcdDevice=f8.15 [ 131.497190][ T4431] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.572125][ T4431] usb 1-1: Product: syz [ 131.584736][ T5139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'. [ 131.600192][ T4431] usb 1-1: Manufacturer: syz [ 131.619287][ T4431] usb 1-1: SerialNumber: syz [ 131.713238][ T4431] usb 1-1: config 0 descriptor?? [ 131.806861][ C0] vcan0: j1939_tp_rxtimer: 0xffff888023c40800: rx timeout, send abort [ 132.283668][ T4431] qmi_wwan 1-1:0.214: bogus CDC Union: master=5, slave=4 [ 132.318243][ T4431] qmi_wwan: probe of 1-1:0.214 failed with error -22 [ 132.416213][ T4431] usb 1-1: USB disconnect, device number 2 [ 132.560599][ T5147] netlink: 8 bytes leftover after parsing attributes in process `syz.5.198'. [ 132.708703][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.715129][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.197002][ T5177] netlink: 'syz.0.206': attribute type 10 has an invalid length. [ 133.252424][ T5177] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 133.263644][ T5184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.207'. [ 133.298043][ T5177] team0: Failed to send options change via netlink (err -105) [ 133.327738][ T5177] team0: Port device netdevsim0 added [ 133.603125][ T4430] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 133.862904][ T4430] usb 5-1: Using ep0 maxpacket: 8 [ 134.003199][ T4430] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 134.048021][ T4430] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 134.207093][ T4430] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 134.376342][ T4430] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 134.386705][ T4430] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 134.400449][ T4430] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 134.409985][ T4430] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.613734][ T5205] can: request_module (can-proto-4) failed. [ 135.465288][ T4430] usb 5-1: GET_CAPABILITIES returned 0 [ 135.470964][ T4430] usbtmc 5-1:16.0: can't read capabilities [ 135.915847][ T4430] usb 5-1: USB disconnect, device number 2 [ 136.107371][ T5217] netlink: 8 bytes leftover after parsing attributes in process `syz.0.214'. [ 137.150441][ T5237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.220'. [ 138.488089][ T5237] team0: Port device team_slave_0 removed [ 141.611373][ T5267] can: request_module (can-proto-4) failed. [ 144.701514][ T5351] can: request_module (can-proto-4) failed. [ 146.252176][ T5396] loop0: detected capacity change from 0 to 32768 [ 147.006911][ T5396] XFS (loop0): Mounting V5 Filesystem [ 147.516069][ T5396] XFS (loop0): Ending clean mount [ 148.703964][ T4235] libceph: connect (1)[c::]:6789 error -101 [ 148.734319][ T4235] libceph: mon0 (1)[c::]:6789 connect error [ 148.742041][ T5432] ceph: No mds server is up or the cluster is laggy [ 148.751841][ T4231] libceph: connect (1)[c::]:6789 error -101 [ 148.774126][ T4231] libceph: mon0 (1)[c::]:6789 connect error [ 148.787889][ T4197] XFS (loop0): Unmounting Filesystem [ 150.616086][ T26] audit: type=1326 audit(1777720726.488:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 150.649810][ T5483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.278'. [ 151.026714][ T26] audit: type=1326 audit(1777720726.518:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.292306][ T5484] loop5: detected capacity change from 0 to 512 [ 151.413102][ T26] audit: type=1326 audit(1777720726.568:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.437480][ T26] audit: type=1326 audit(1777720726.588:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.461486][ T26] audit: type=1326 audit(1777720726.588:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.485839][ T26] audit: type=1326 audit(1777720726.598:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.510189][ T26] audit: type=1326 audit(1777720726.608:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.535571][ T26] audit: type=1326 audit(1777720726.618:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.559961][ T26] audit: type=1326 audit(1777720726.628:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 151.598643][ T26] audit: type=1326 audit(1777720726.638:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5480 comm="syz.5.279" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 153.230908][ T4430] libceph: connect (1)[c::]:6789 error -101 [ 153.237463][ T4430] libceph: mon0 (1)[c::]:6789 connect error [ 153.991412][ T5511] ceph: No mds server is up or the cluster is laggy [ 154.105878][ T5531] tipc: Started in network mode [ 154.111141][ T5531] tipc: Node identity 080211000001, cluster identity 4711 [ 154.120606][ T5531] tipc: Enabled bearer , priority 0 [ 154.128597][ T5531] device syzkaller0 entered promiscuous mode [ 154.718053][ T5531] tipc: Resetting bearer [ 155.286679][ T23] tipc: Node number set to 134418688 [ 156.936329][ T5550] ODEBUG: Out of memory. ODEBUG disabled [ 158.921746][ T5575] ufs: You didn't specify the type of your ufs filesystem [ 158.921746][ T5575] [ 158.921746][ T5575] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 158.921746][ T5575] [ 158.921746][ T5575] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 158.953823][ T5575] ufs: ufstype=old is supported read-only [ 158.960114][ T5575] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 159.255584][ T5574] netlink: 'syz.4.302': attribute type 4 has an invalid length. [ 159.349702][ T5577] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 159.589012][ T5578] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 160.920262][ T5580] device bond1 entered promiscuous mode [ 162.799876][ T5626] ufs: You didn't specify the type of your ufs filesystem [ 162.799876][ T5626] [ 162.799876][ T5626] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 162.799876][ T5626] [ 162.799876][ T5626] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 162.830901][ T5626] ufs: ufstype=old is supported read-only [ 162.839320][ T5626] blk_update_request: I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.686416][ T5618] team0 (unregistering): Port device team_slave_1 removed [ 164.056032][ T5629] ªªªªª: renamed from virt_wifi0 [ 167.640265][ T5660] x_tables: unsorted underflow at hook 4 [ 167.688369][ T5650] netlink: 10 bytes leftover after parsing attributes in process `syz.1.337'. [ 167.830295][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.332'. [ 167.940363][ T5665] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 167.949825][ T5665] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 167.958830][ T5665] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 167.967732][ T5665] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.665942][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.332'. [ 169.735099][ T5689] ªªªªª: renamed from virt_wifi0 [ 171.001898][ T5713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.527999][ T5724] loop1: detected capacity change from 0 to 4096 [ 172.649100][ T5724] ntfs3: Unknown parameter 'windows_names' [ 172.692961][ T1108] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 172.717350][ T5728] loop5: detected capacity change from 0 to 2048 [ 173.651509][ T5724] loop1: detected capacity change from 0 to 4096 [ 173.708850][ T5728] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.834303][ T5724] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 173.895050][ T1108] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 173.917409][ T5724] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 173.924724][ T1108] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 173.924837][ T1108] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 173.924863][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.964617][ T1108] usb 5-1: config 0 descriptor?? [ 174.007735][ T5724] ntfs3: loop1: Failed to load $BadClus. [ 174.075383][ T1108] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 175.085586][ T5742] loop5: detected capacity change from 0 to 8 [ 176.273816][ T5755] ªªªªª: renamed from virt_wifi0 [ 177.185143][ T5751] loop1: detected capacity change from 0 to 1024 [ 177.387707][ T5760] No such timeout policy "syz1" [ 177.577593][ T4431] usb 5-1: USB disconnect, device number 3 [ 177.715067][ T5751] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 177.754906][ T5751] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 177.790041][ T5751] EXT4-fs error (device loop1): ext4_get_journal_inode:5187: inode #5: comm syz.1.358: unexpected bad inode w/o EXT4_IGET_BAD [ 177.829774][ T5751] EXT4-fs (loop1): no journal found [ 177.835293][ T5751] EXT4-fs (loop1): can't get journal size [ 177.875764][ T5768] fuse: Unknown parameter '4' [ 177.903204][ T5767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.362'. [ 177.912033][ T5767] bond0: option arp_validate: invalid value (18446744072210219584) [ 177.984631][ T5768] sctp: [Deprecated]: syz.5.363 (pid 5768) Use of int in max_burst socket option deprecated. [ 177.984631][ T5768] Use struct sctp_assoc_value instead [ 178.002863][ T5751] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,stripe=0x0000000000000002,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback. [ 179.036034][ T5775] netlink: 140 bytes leftover after parsing attributes in process `syz.2.365'. [ 179.063005][ T5775] netlink: 28 bytes leftover after parsing attributes in process `syz.2.365'. [ 179.134802][ T5780] device syzkaller0 entered promiscuous mode [ 179.431567][ T5795] device ipip0 entered promiscuous mode [ 179.660603][ T5808] netlink: 'syz.5.376': attribute type 1 has an invalid length. [ 179.730493][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.377'. [ 179.750505][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.377'. [ 179.760630][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.377'. [ 179.771260][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.377'. [ 179.780785][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.377'. [ 179.911203][ T5808] netlink: 146340 bytes leftover after parsing attributes in process `syz.5.376'. [ 182.405208][ T5798] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 184.175982][ T5844] netlink: 4 bytes leftover after parsing attributes in process `syz.5.387'. [ 184.195775][ T5846] futex_wake_op: syz.1.388 tries to shift op by -1; fix this program [ 184.890557][ T5860] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 186.216475][ T5874] loop4: detected capacity change from 0 to 256 [ 186.445818][ T5874] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe65d9f0a, utbl_chksum : 0x7319d30d) [ 187.623728][ T5890] netlink: 12 bytes leftover after parsing attributes in process `syz.5.402'. [ 189.265282][ T5890] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.612597][ T5890] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.755318][ T5890] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.782838][ T4231] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 189.856439][ T5923] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 189.930786][ T5890] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.082987][ T5890] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.116024][ T5890] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.165267][ T5890] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.203142][ T4231] usb 6-1: config 0 has no interfaces? [ 190.224058][ T5890] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.403110][ T4231] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 190.415699][ T4231] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 190.445632][ T4231] usb 6-1: Product: syz [ 190.458766][ T4231] usb 6-1: Manufacturer: syz [ 190.472568][ T4231] usb 6-1: SerialNumber: syz [ 190.492180][ T4231] usb 6-1: config 0 descriptor?? [ 190.599728][ T4430] usb 6-1: USB disconnect, device number 2 [ 191.063847][ T1108] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 192.034651][ T4430] Bluetooth: hci0: command 0x0406 tx timeout [ 192.548900][ T4430] Bluetooth: hci3: command 0x0406 tx timeout [ 192.592964][ T4430] Bluetooth: hci1: command 0x0406 tx timeout [ 192.630126][ T4430] Bluetooth: hci2: command 0x0406 tx timeout [ 192.773003][ T1108] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.226399][ T5959] No such timeout policy "syz1" [ 194.255689][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.264359][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.452804][ T1108] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 194.461919][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.732522][ T1108] usb 1-1: config 0 descriptor?? [ 194.752944][ T1108] usb 1-1: can't set config #0, error -71 [ 194.792919][ T1108] usb 1-1: USB disconnect, device number 3 [ 195.753987][ T5982] syz.2.429 uses obsolete (PF_INET,SOCK_PACKET) [ 195.778806][ T5985] binder_alloc: 5984: pid 5984 spamming oneway? 1 buffers allocated for a total size of 6144 [ 195.791464][ T5985] binder: 5984:5985 ioctl c0306201 200000000680 returned -14 [ 195.854550][ T5989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.431'. [ 197.052898][ T4408] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 197.311828][ T6012] netlink: 'syz.2.439': attribute type 4 has an invalid length. [ 197.502988][ T4408] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.551229][ T4408] usb 2-1: config 0 has no interfaces? [ 197.557027][ T4408] usb 2-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice= e.76 [ 197.571715][ T4408] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.966753][ T4408] usb 2-1: config 0 descriptor?? [ 198.145160][ T6021] device syzkaller0 entered promiscuous mode [ 198.225555][ T4434] usb 2-1: USB disconnect, device number 2 [ 200.040763][ T6048] loop0: detected capacity change from 0 to 64 [ 200.130996][ T6050] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 200.285130][ T6048] hfs: request for non-existent node 131072 in B*Tree [ 200.328879][ T6048] hfs: request for non-existent node 131072 in B*Tree [ 200.370206][ T6048] hfs: request for non-existent node 131072 in B*Tree [ 200.381019][ T6048] hfs: request for non-existent node 131072 in B*Tree [ 205.042885][ T1108] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 205.292808][ T1108] usb 1-1: Using ep0 maxpacket: 32 [ 205.413069][ T1108] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 205.436434][ T1108] usb 1-1: config 0 has no interface number 0 [ 205.461642][ T1108] usb 1-1: config 0 interface 12 has no altsetting 0 [ 205.485933][ T6136] capability: warning: `syz.2.477' uses deprecated v2 capabilities in a way that may be insecure [ 205.638342][ T1108] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 205.658012][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.702776][ T1108] usb 1-1: Product: syz [ 205.707014][ T1108] usb 1-1: Manufacturer: syz [ 205.726719][ T1108] usb 1-1: SerialNumber: syz [ 205.744864][ T6144] loop1: detected capacity change from 0 to 128 [ 205.753341][ T1108] usb 1-1: config 0 descriptor?? [ 205.843425][ T6144] netlink: 'syz.1.480': attribute type 1 has an invalid length. [ 205.920716][ T6144] 8021q: adding VLAN 0 to HW filter on device bond1 [ 205.949832][ T6146] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 205.971531][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 208.420935][ T6164] device syzkaller0 entered promiscuous mode [ 209.859537][ T6174] netlink: 232 bytes leftover after parsing attributes in process `syz.1.488'. [ 209.908398][ T6180] netlink: 'syz.1.491': attribute type 4 has an invalid length. [ 211.308137][ T1108] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 211.384856][ T1108] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 211.567717][ T1108] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 211.576237][ T1108] f81534: probe of 1-1:0.12 failed with error -71 [ 211.586332][ T1108] usb 1-1: USB disconnect, device number 4 [ 212.507743][ T4231] Bluetooth: hci4: command 0x0406 tx timeout [ 212.618659][ T6206] IPVS: Error connecting to the multicast addr [ 213.663787][ T6206] netlink: 40 bytes leftover after parsing attributes in process `syz.2.501'. [ 217.543863][ T6259] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 217.553018][ T6259] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 217.562237][ T6259] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 217.571214][ T6259] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.225615][ T6268] netlink: 24 bytes leftover after parsing attributes in process `syz.4.517'. [ 219.230976][ T6281] netlink: 63 bytes leftover after parsing attributes in process `syz.5.523'. [ 219.375454][ T6286] netlink: 12 bytes leftover after parsing attributes in process `syz.5.524'. [ 220.437664][ T6294] netlink: 'syz.0.526': attribute type 1 has an invalid length. [ 220.470809][ T6294] netlink: 'syz.0.526': attribute type 4 has an invalid length. [ 220.525757][ T6294] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.526'. [ 220.543954][ T26] kauditd_printk_skb: 74 callbacks suppressed [ 220.544101][ T26] audit: type=1107 audit(1777720796.408:90): pid=6290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 222.162006][ T1108] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 222.318182][ T6318] netlink: 63 bytes leftover after parsing attributes in process `syz.1.535'. [ 222.331827][ T6320] netlink: 'syz.2.534': attribute type 4 has an invalid length. [ 222.363847][ T6320] netlink: 'syz.2.534': attribute type 4 has an invalid length. [ 222.446351][ T1108] usb 1-1: Using ep0 maxpacket: 32 [ 222.562299][ T6331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.539'. [ 222.571698][ T1108] usb 1-1: config 129 has an invalid interface number: 120 but max is 0 [ 222.585804][ T1108] usb 1-1: config 129 has an invalid descriptor of length 123, skipping remainder of the config [ 222.627293][ T1108] usb 1-1: config 129 has no interface number 0 [ 222.671369][ T6328] bridge1: port 1(veth3) entered blocking state [ 222.680105][ T1108] usb 1-1: config 129 interface 120 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 222.697839][ T6328] bridge1: port 1(veth3) entered disabled state [ 222.700787][ T1108] usb 1-1: config 129 interface 120 has no altsetting 0 [ 222.725094][ T6328] device veth3 entered promiscuous mode [ 222.788923][ T6335] loop1: detected capacity change from 0 to 16 [ 222.887678][ T6335] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 223.653137][ T1108] usb 1-1: New USB device found, idVendor=0499, idProduct=c455, bcdDevice=81.ab [ 223.682856][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.713304][ T1108] usb 1-1: Product: syz [ 223.717634][ T1108] usb 1-1: Manufacturer: syz [ 223.722438][ T1108] usb 1-1: SerialNumber: syz [ 223.767730][ T6341] netlink: 20 bytes leftover after parsing attributes in process `syz.2.544'. [ 223.869374][ T6344] netlink: 'syz.5.545': attribute type 8 has an invalid length. [ 224.189085][ T1108] usb 1-1: USB disconnect, device number 5 [ 224.205219][ T4182] udevd[4182]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:129.120/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 224.422820][ T6363] loop1: detected capacity change from 0 to 32768 [ 224.483578][ T6363] XFS (loop1): Mounting V5 Filesystem [ 224.593920][ T6363] XFS (loop1): Ending clean mount [ 224.611411][ T6363] XFS (loop1): Quotacheck needed: Please wait. [ 224.735462][ T6363] XFS (loop1): Quotacheck: Done. [ 224.849754][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 225.730881][ T4189] XFS (loop1): Unmounting Filesystem [ 225.806506][ T6390] loop0: detected capacity change from 0 to 16 [ 225.903632][ T6390] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 227.205531][ T6391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.556'. [ 227.266471][ T6393] bridge0: port 3(syz_tun) entered blocking state [ 227.285571][ T6393] bridge0: port 3(syz_tun) entered disabled state [ 227.353143][ T6393] device syz_tun entered promiscuous mode [ 227.422715][ T6391] bridge2: port 1(veth5) entered blocking state [ 227.445034][ T6391] bridge2: port 1(veth5) entered disabled state [ 227.480162][ T6391] device veth5 entered promiscuous mode [ 227.520000][ T6395] netlink: 'syz.0.558': attribute type 8 has an invalid length. [ 229.308793][ T26] audit: type=1326 audit(1777720805.178:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 229.409323][ T6486] bridge0: port 3(syz_tun) entered blocking state [ 229.435318][ T26] audit: type=1326 audit(1777720805.258:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 229.501714][ T6486] bridge0: port 3(syz_tun) entered disabled state [ 229.563187][ T26] audit: type=1326 audit(1777720805.258:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 229.595034][ T6486] device syz_tun entered promiscuous mode [ 229.648309][ T26] audit: type=1326 audit(1777720805.338:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 229.810348][ T6491] netlink: 'syz.1.571': attribute type 8 has an invalid length. [ 230.529430][ T26] audit: type=1326 audit(1777720805.338:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1dd89cb42 code=0x7ffc0000 [ 230.579476][ T26] audit: type=1326 audit(1777720805.338:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fb1dd89cbd7 code=0x7ffc0000 [ 230.617502][ T26] audit: type=1326 audit(1777720805.338:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb1dd859ad1 code=0x7ffc0000 [ 230.647366][ T26] audit: type=1326 audit(1777720805.338:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fb1dd89dbc9 code=0x7ffc0000 [ 230.671332][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.755206][ T6497] dlm: no locking on control device [ 230.761140][ T26] audit: type=1326 audit(1777720805.338:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb1dd859b3b code=0x7ffc0000 [ 230.785020][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.809156][ T26] audit: type=1326 audit(1777720805.338:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6482 comm="syz.0.570" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 230.833240][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.928586][ T6501] netlink: 'syz.5.574': attribute type 1 has an invalid length. [ 231.340413][ T6501] device bond1 entered promiscuous mode [ 232.160143][ T6501] 8021q: adding VLAN 0 to HW filter on device bond1 [ 232.273106][ T6507] bond1: (slave bridge2): making interface the new active one [ 232.280648][ T6507] device bridge2 entered promiscuous mode [ 233.243395][ T6507] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 233.273064][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 234.349036][ T6524] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.356794][ T6524] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.530989][ T6524] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 235.548700][ T6524] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.034635][ T6524] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.043655][ T6524] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.052932][ T6524] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.061967][ T6524] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.832118][ T6580] device syzkaller0 entered promiscuous mode [ 238.536476][ T6591] loop0: detected capacity change from 0 to 128 [ 238.757528][ T6596] netlink: 60 bytes leftover after parsing attributes in process `syz.0.596'. [ 238.817065][ T6596] unsupported nlmsg_type 40 [ 245.163598][ T6652] loop0: detected capacity change from 0 to 512 [ 245.239353][ T6652] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 245.277008][ T6645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.381035][ T6645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.500268][ T6645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.758951][ T6652] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,,errors=continue. Quota mode: writeback. [ 251.276034][ T6729] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000000 [ 252.127707][ T6734] set match dimension is over the limit! [ 254.431660][ T6738] device ip6gre1 entered promiscuous mode [ 254.450293][ T6740] mmap: syz.1.639 (6740) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 254.920686][ T6761] IPVS: Error joining to the multicast group [ 255.919398][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.926007][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.441874][ T6807] netlink: 'syz.0.659': attribute type 33 has an invalid length. [ 257.455889][ T6807] netlink: 152 bytes leftover after parsing attributes in process `syz.0.659'. [ 261.530909][ T6834] tipc: Failed to remove unknown binding: 66,0,0/0:1053816498/1053816499 [ 261.544466][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.666'. [ 261.595138][ T6832] bridge4: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 261.619651][ T6832] bridge4: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 261.632206][ T6832] device bridge4 entered promiscuous mode [ 261.722457][ T6834] tipc: Failed to remove unknown binding: 66,0,0/0:1053816498/1053816499 [ 266.483298][ T6890] device syzkaller0 entered promiscuous mode [ 266.762696][ T6894] tipc: Resetting bearer [ 266.769670][ T6894] tipc: Resetting bearer [ 271.800079][ T6951] loop4: detected capacity change from 0 to 32768 [ 271.955991][ T6951] XFS (loop4): Mounting V5 Filesystem [ 271.968612][ T6955] syz.0.710 sent an empty control message without MSG_MORE. [ 272.639272][ T6951] XFS (loop4): Ending clean mount [ 272.647117][ T6951] XFS (loop4): Quotacheck needed: Please wait. [ 272.721864][ T6951] XFS (loop4): Quotacheck: Done. [ 273.357169][ T4199] XFS (loop4): Unmounting Filesystem [ 273.619863][ T6964] set match dimension is over the limit! [ 275.168835][ T6994] tipc: Enabling of bearer rejected, already enabled [ 275.653888][ T7000] tipc: Failed to remove unknown binding: 66,0,0/0:2009333026/2009333027 [ 275.655710][ T7000] tipc: Failed to remove unknown binding: 66,0,0/0:2009333026/2009333027 [ 276.469347][ T7012] tipc: Started in network mode [ 276.469417][ T7012] tipc: Node identity 0000000000000000002e00000000407f, cluster identity 4711 [ 277.319635][ T7014] team0: Port device bridge5 added [ 277.531587][ T7030] netlink: 'syz.0.722': attribute type 1 has an invalid length. [ 277.579092][ T7026] loop4: detected capacity change from 0 to 1764 [ 277.590212][ T7030] 8021q: adding VLAN 0 to HW filter on device bond2 [ 277.627812][ T7034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 277.768219][ T7034] 8021q: adding VLAN 0 to HW filter on device bond1 [ 277.787489][ T7041] netlink: 'syz.2.723': attribute type 10 has an invalid length. [ 277.808390][ T7041] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.815885][ T7041] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.882034][ T7041] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.889262][ T7041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.896795][ T7041] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.903940][ T7041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.938892][ T7041] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 277.948024][ T7038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 277.964787][ T7038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 278.017573][ T7038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 278.045883][ T7038] bond1: (slave bond0): making interface the new active one [ 278.070000][ T7038] bond1: (slave bond0): Enslaving as an active interface with an up link [ 278.109135][ T7042] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.151972][ T7042] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.194733][ T7042] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.214769][ T7042] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.243669][ T7042] bond2: (slave geneve2): making interface the new active one [ 278.288667][ T7042] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 278.332998][ T6471] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 278.346056][ T6471] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 278.610176][ T7048] overlayfs: failed to clone upperpath [ 279.761390][ T7064] sctp: [Deprecated]: syz.0.729 (pid 7064) Use of int in max_burst socket option. [ 279.761390][ T7064] Use struct sctp_assoc_value instead [ 282.740706][ T7087] 9pnet: p9_fd_create_unix (7087): address too long: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 285.778555][ T7090] syz.0.736 (7090) used greatest stack depth: 17336 bytes left [ 291.076145][ T7140] device syzkaller0 entered promiscuous mode [ 291.244606][ T7144] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 292.102579][ T7157] netlink: 'syz.1.755': attribute type 1 has an invalid length. [ 293.979865][ T7157] 8021q: adding VLAN 0 to HW filter on device bond2 [ 296.485229][ T7198] loop4: detected capacity change from 0 to 1024 [ 297.303627][ T7202] capability: warning: `syz.5.770' uses 32-bit capabilities (legacy support in use) [ 297.366888][ T7198] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 2: comm syz.4.766: lblock 2 mapped to illegal pblock 2 (length 1) [ 297.385261][ T7198] __quota_error: 67 callbacks suppressed [ 297.385304][ T7198] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 297.399641][ T7198] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 48: comm syz.4.766: lblock 0 mapped to illegal pblock 48 (length 1) [ 297.416600][ T7198] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 297.426166][ T7198] EXT4-fs error (device loop4): ext4_acquire_dquot:6236: comm syz.4.766: Failed to acquire dquot type 0 [ 297.440676][ T7198] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 297.456697][ T7198] EXT4-fs error (device loop4): ext4_evict_inode:284: inode #11: comm syz.4.766: mark_inode_dirty error [ 297.470962][ T7198] EXT4-fs warning (device loop4): ext4_evict_inode:287: couldn't mark inode dirty (err -117) [ 297.481957][ T7198] EXT4-fs (loop4): 1 orphan inode deleted [ 297.487787][ T7198] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,noblock_validity,quota,max_batch_time=0x0000000000000009,nodiscard,stripe=0x0000000000000004,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 297.589893][ T144] EXT4-fs error (device loop4): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 298.361045][ T144] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 298.435833][ T144] EXT4-fs error (device loop4): ext4_release_dquot:6272: comm kworker/u4:1: Failed to release dquot type 0 [ 298.527873][ T7212] tipc: Enabling of bearer rejected, failed to enable media [ 298.699062][ T4199] EXT4-fs error (device loop4): __ext4_get_inode_loc:4334: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 298.730632][ T4199] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 298.743327][ T4199] EXT4-fs error (device loop4): ext4_quota_off:6542: inode #3: comm syz-executor: mark_inode_dirty error [ 298.770882][ T7220] netlink: 'syz.5.776': attribute type 1 has an invalid length. [ 299.011254][ T7220] 8021q: adding VLAN 0 to HW filter on device bond2 [ 299.854205][ T7236] 9pnet: p9_fd_create_unix (7236): address too long: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 301.297239][ T7229] bond2: (slave geneve2): making interface the new active one [ 301.640392][ T7229] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 301.732983][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 303.520026][ T7282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.555406][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 303.644542][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.668032][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.684304][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.694885][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.838465][ T7311] syz.1.802 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 307.028293][ T7318] overlayfs: failed to clone upperpath [ 308.122306][ T7332] xt_CT: No such helper "snmp_trap" [ 310.111093][ T7366] netlink: 24 bytes leftover after parsing attributes in process `syz.2.824'. [ 314.206711][ T7390] chnl_net:caif_netlink_parms(): no params data found [ 314.294236][ T21] Bluetooth: hci3: command 0x0409 tx timeout [ 314.543288][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.840'. [ 314.791966][ T7444] xt_connbytes: Forcing CT accounting to be enabled [ 315.422881][ T7390] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.462142][ T7390] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.475459][ T7444] xt_CT: No such helper "netbios-ns" [ 315.494977][ T7390] device bridge_slave_0 entered promiscuous mode [ 315.505037][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.842'. [ 315.970744][ T4275] device veth5 left promiscuous mode [ 315.978987][ T4275] bridge2: port 1(veth5) entered disabled state [ 315.991404][ T4275] device hsr_slave_0 left promiscuous mode [ 316.021751][ T4275] device hsr_slave_1 left promiscuous mode [ 316.040005][ T4275] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.051493][ T4275] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.081478][ T4275] device bridge_slave_1 left promiscuous mode [ 316.110926][ T4275] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.152990][ T4275] device bridge_slave_0 left promiscuous mode [ 316.192001][ T4275] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.312892][ T21] Bluetooth: hci3: command 0x041b tx timeout [ 316.395870][ T7473] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 316.395870][ T7473] The task syz.5.849 (7473) triggered the difference, watch for misbehavior. [ 317.121575][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.128200][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.279878][ T4275] bond1 (unregistering): Released all slaves [ 318.217767][ T4275] team0 (unregistering): Port device team_slave_1 removed [ 318.250644][ T4275] team0 (unregistering): Port device team_slave_0 removed [ 318.278891][ T4275] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 318.369288][ T4275] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 318.415137][ T4408] Bluetooth: hci3: command 0x040f tx timeout [ 319.830075][ T4275] bond0 (unregistering): Released all slaves [ 320.576127][ T4408] Bluetooth: hci3: command 0x0419 tx timeout [ 320.875739][ T7390] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.890287][ T7390] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.899136][ T7390] device bridge_slave_1 entered promiscuous mode [ 320.939922][ T7485] batman_adv: batadv0: Adding interface: dummy0 [ 320.954570][ T7485] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 321.005538][ T7485] batman_adv: batadv0: Interface activated: dummy0 [ 321.033159][ T7490] batadv0: mtu less than device minimum [ 321.040916][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.054244][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.066918][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.079373][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.091914][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.104485][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.116999][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.129578][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.142132][ T7490] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 321.417008][ T7390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 321.830681][ T7390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 322.054161][ T7390] team0: Port device team_slave_0 added [ 322.066240][ T7390] team0: Port device team_slave_1 added [ 322.174754][ T7390] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 322.207619][ T7390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.267312][ T7390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 322.300034][ T7390] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.328526][ T7390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.421048][ T7390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.593530][ T7390] device hsr_slave_0 entered promiscuous mode [ 322.630747][ T7390] device hsr_slave_1 entered promiscuous mode [ 322.657006][ T7390] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 322.682263][ T7390] Cannot create hsr debugfs directory [ 322.745687][ T7567] cgroup2: Unexpected value for 'memory_localevents' [ 323.144226][ T7390] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 323.249446][ T7579] xt_CONNSECMARK: invalid mode: 66 [ 324.142968][ T7390] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 324.213833][ T7390] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 324.245705][ T7390] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 324.322788][ T26] audit: type=1326 audit(1777720900.188:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7582 comm="syz.1.874" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a0454cdd9 code=0x7fc00000 [ 324.390428][ T26] audit: type=1326 audit(1777720900.188:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7582 comm="syz.1.874" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f5a0454cdd9 code=0x7fc00000 [ 324.542810][ T7390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.589833][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 324.612113][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 324.660855][ T7390] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.693391][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 324.729616][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 324.793321][ T6455] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.800442][ T6455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.853267][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 324.896406][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 324.938909][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 324.976671][ T6455] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.983834][ T6455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.050824][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 325.113580][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 325.123446][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 325.208262][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 325.283682][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 325.394121][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 325.408246][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 325.804414][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 326.057311][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 326.199947][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 326.210909][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 326.680991][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 326.707758][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 326.744769][ T7390] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.155883][ T7645] xt_connbytes: Forcing CT accounting to be enabled [ 327.382008][ T7645] xt_CT: No such helper "netbios-ns" [ 328.278288][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 328.299215][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 328.373661][ T6480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 328.394996][ T6480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 328.661865][ T7674] trusted_key: encrypted_key: master key parameter 'šÙ|™{E' is invalid [ 329.067522][ T7390] device veth0_vlan entered promiscuous mode [ 329.253923][ T6480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 329.283326][ T6480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 329.327288][ T7673] netlink: 'syz.5.887': attribute type 10 has an invalid length. [ 329.350493][ T26] audit: type=1326 audit(1777720905.218:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.394117][ T7673] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 329.437709][ T26] audit: type=1326 audit(1777720905.218:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.483958][ T7390] device veth1_vlan entered promiscuous mode [ 329.520991][ T26] audit: type=1326 audit(1777720905.218:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.576330][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 329.602930][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 329.612860][ T26] audit: type=1326 audit(1777720905.218:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.642388][ T7390] device veth0_macvtap entered promiscuous mode [ 329.670840][ T7390] device veth1_macvtap entered promiscuous mode [ 329.715815][ T26] audit: type=1326 audit(1777720905.218:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.754120][ T7390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.790106][ T7390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.833444][ T7390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 329.844416][ T26] audit: type=1326 audit(1777720905.218:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.889485][ T7390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.922184][ T7390] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.940287][ T26] audit: type=1326 audit(1777720905.218:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 329.975652][ T7390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.032729][ T7390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.066718][ T26] audit: type=1326 audit(1777720905.218:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 330.102747][ T7390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.145237][ T7698] xt_connbytes: Forcing CT accounting to be enabled [ 330.205096][ T7390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.244940][ T26] audit: type=1326 audit(1777720905.218:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 330.522410][ T7390] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.671575][ T26] audit: type=1326 audit(1777720905.218:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7680 comm="syz.0.891" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 331.189799][ T7698] xt_CT: No such helper "netbios-ns" [ 331.220693][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 331.230241][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 331.238575][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 331.247831][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 331.258137][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 331.267365][ T6460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 331.278971][ T7390] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.322734][ T7390] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.331772][ T7390] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.362757][ T7390] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.629658][ T7715] xt_policy: output policy not valid in PREROUTING and INPUT [ 332.775332][ T6460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.863214][ T6460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.623361][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 334.270629][ T6455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.292876][ T6455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.392049][ T6475] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 334.456634][ T7731] batman_adv: batadv0: Adding interface: dummy0 [ 334.496636][ T7731] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.622938][ T7731] batman_adv: batadv0: Interface activated: dummy0 [ 334.773559][ T7737] net_ratelimit: 10 callbacks suppressed [ 334.773576][ T7737] batadv0: mtu less than device minimum [ 335.350557][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.363237][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.375781][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.388296][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.400860][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.413527][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.426204][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.438761][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.451434][ T7737] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 338.212387][ T26] kauditd_printk_skb: 60 callbacks suppressed [ 338.212403][ T26] audit: type=1804 audit(1777720914.078:240): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.918" name="bus" dev="ramfs" ino=44326 res=1 errno=0 [ 338.269760][ T26] audit: type=1804 audit(1777720914.118:241): pid=7800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.918" name="bus" dev="ramfs" ino=44326 res=1 errno=0 [ 338.503350][ T7810] netlink: 'syz.1.921': attribute type 12 has an invalid length. [ 338.838504][ T7787] orangefs_mount: mount request failed with -4 [ 340.440650][ T7834] batman_adv: batadv0: Interface activated: dummy0 [ 340.463377][ T7834] net_ratelimit: 10 callbacks suppressed [ 340.463394][ T7834] batadv0: mtu less than device minimum [ 341.426260][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.438951][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.451719][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.464380][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.476992][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.489619][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.502218][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.514835][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 341.527534][ T7834] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 342.001157][ T7861] netlink: 'syz.2.932': attribute type 21 has an invalid length. [ 342.036775][ T7861] netlink: 'syz.2.932': attribute type 6 has an invalid length. [ 342.059606][ T7861] netlink: 132 bytes leftover after parsing attributes in process `syz.2.932'. [ 342.215009][ T26] audit: type=1800 audit(1777720918.088:242): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.934" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 344.378695][ T7900] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 345.787143][ T7916] netlink: 'syz.5.948': attribute type 1 has an invalid length. [ 346.375209][ T7928] batman_adv: batadv0: Adding interface: dummy0 [ 347.013463][ T7928] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.070339][ T7928] batman_adv: batadv0: Interface activated: dummy0 [ 347.456667][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.6.957'. [ 347.714930][ T7955] netlink: 12 bytes leftover after parsing attributes in process `syz.6.957'. [ 348.655554][ T7978] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 348.671161][ T7978] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 348.680230][ T7978] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 349.968087][ T7978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.032028][ T7978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.063254][ T7978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.073840][ T7978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.090601][ T7978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.111137][ T7978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.127070][ T7978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.139193][ T7978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.663881][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.682318][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.695205][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.710294][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.723168][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.736474][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.749184][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 351.762181][ T8008] netlink: 2 bytes leftover after parsing attributes in process `syz.5.969'. [ 352.471326][ T8010] __nla_validate_parse: 2 callbacks suppressed [ 352.471371][ T8010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.970'. [ 352.570973][ T8010] netlink: 32 bytes leftover after parsing attributes in process `syz.0.970'. [ 352.636047][ T8017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.973'. [ 352.680292][ T8017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.973'. [ 352.944206][ T8022] batman_adv: batadv0: Adding interface: dummy0 [ 352.950766][ T8022] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.033412][ T8022] batman_adv: batadv0: Interface activated: dummy0 [ 353.055796][ T8022] net_ratelimit: 10 callbacks suppressed [ 353.055817][ T8022] batadv0: mtu less than device minimum [ 353.076880][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.089597][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.102212][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.114864][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.127769][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.140372][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.153002][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.165511][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 353.178270][ T8022] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 355.972775][ T8077] device syzkaller0 entered promiscuous mode [ 357.973470][ T8105] netlink: 60 bytes leftover after parsing attributes in process `syz.6.999'. [ 360.901166][ T8130] netlink: 'syz.1.1008': attribute type 10 has an invalid length. [ 362.320122][ T8161] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 363.036918][ T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 363.556780][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1019'. [ 363.692705][ T23] usb 7-1: Using ep0 maxpacket: 8 [ 363.873495][ T23] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 363.917290][ T23] usb 7-1: config 0 has no interface number 0 [ 363.979288][ T23] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 364.173727][ T23] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 364.295144][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.493647][ T23] usb 7-1: config 0 descriptor?? [ 364.572080][ T23] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 365.067285][ T8196] SET target dimension over the limit! [ 368.395529][ T23] usb 7-1: USB disconnect, device number 2 [ 371.681444][ T8271] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1041'. [ 373.781327][ T8305] binder_alloc: 8304: binder_alloc_buf, no vma [ 378.608985][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.620528][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.695221][ T8403] tipc: Enabling of bearer rejected, failed to enable media [ 382.536442][ T8427] xt_l2tp: missing protocol rule (udp|l2tpip) [ 386.999913][ T8486] tipc: Failed to remove unknown binding: 66,0,0/134418688:3775902803/3775902805 [ 387.009293][ T8486] tipc: Failed to remove unknown binding: 66,0,0/134418688:3775902803/3775902804 [ 387.024989][ T8483] xt_l2tp: missing protocol rule (udp|l2tpip) [ 387.033875][ T8486] tipc: Failed to remove unknown binding: 66,0,0/134418688:3775902803/3775902805 [ 387.043142][ T8486] tipc: Failed to remove unknown binding: 66,0,0/134418688:3775902803/3775902804 [ 387.055740][ T8469] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 387.194210][ T8497] netlink: 'syz.1.1102': attribute type 10 has an invalid length. [ 387.269067][ T8497] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 387.298580][ T8502] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1104'. [ 387.620931][ T8524] loop6: detected capacity change from 0 to 128 [ 387.722726][ T8524] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 388.216714][ T8524] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 388.522901][ T8524] ext2 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 391.214739][ T8564] bridge0: port 4(vlan4) entered blocking state [ 391.292788][ T8564] bridge0: port 4(vlan4) entered disabled state [ 391.364932][ T8564] device vlan4 entered promiscuous mode [ 397.063886][ T8657] tipc: Started in network mode [ 397.068831][ T8657] tipc: Node identity 080211000001, cluster identity 4711 [ 397.103844][ T8657] tipc: Enabled bearer , priority 0 [ 397.333811][ T8669] netlink: 'syz.0.1145': attribute type 10 has an invalid length. [ 398.247076][ T4230] tipc: Node number set to 134418688 [ 398.316209][ T8679] netlink: 'syz.2.1158': attribute type 10 has an invalid length. [ 398.417718][ T8679] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 398.610199][ T8690] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1150'. [ 400.712886][ T6469] wlan1: Trigger new scan to find an IBSS to join [ 402.818228][ T8745] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1170'. [ 404.080369][ T26] audit: type=1326 audit(1777720979.188:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8737 comm="syz.2.1163" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69afc44dd9 code=0x7ffc0000 [ 404.447487][ T26] audit: type=1326 audit(1777720979.198:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8737 comm="syz.2.1163" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f69afc44dd9 code=0x7ffc0000 [ 404.919987][ T26] audit: type=1326 audit(1777720979.198:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8737 comm="syz.2.1163" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69afc44dd9 code=0x7ffc0000 [ 405.433220][ T26] audit: type=1326 audit(1777720979.208:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8737 comm="syz.2.1163" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69afc44dd9 code=0x7ffc0000 [ 405.472051][ T8766] overlayfs: failed to clone upperpath [ 407.576630][ T4275] wlan1: Trigger new scan to find an IBSS to join [ 407.647127][ T8783] tipc: Enabling of bearer rejected, failed to enable media [ 408.173016][ T26] audit: type=1326 audit(1777720983.888:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8789 comm="syz.0.1177" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 409.269313][ T26] audit: type=1326 audit(1777720983.888:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8789 comm="syz.0.1177" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 409.768961][ T26] audit: type=1326 audit(1777720983.888:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8789 comm="syz.0.1177" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 409.836901][ T8804] netlink: 'syz.0.1180': attribute type 4 has an invalid length. [ 409.987231][ T26] audit: type=1326 audit(1777720983.888:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8789 comm="syz.0.1177" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1dd89cdd9 code=0x7ffc0000 [ 410.392995][ T4275] wlan1: Creating new IBSS network, BSSID 8e:9c:a6:a5:8b:24 [ 410.971229][ T8820] tipc: Started in network mode [ 410.981225][ T8820] tipc: Node identity 080211000001, cluster identity 4711 [ 410.989561][ T8820] tipc: Enabled bearer , priority 0 [ 411.041188][ T8824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1186'. [ 411.050413][ T8824] chnl_net:caif_netlink_parms(): no params data found [ 411.290854][ T8833] overlayfs: failed to clone upperpath [ 412.297605][ T4433] tipc: Node number set to 134418688 [ 414.948958][ T26] audit: type=1326 audit(1777720990.808:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8854 comm="syz.5.1192" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 414.977864][ T26] audit: type=1326 audit(1777720990.818:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8854 comm="syz.5.1192" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 415.298167][ T26] audit: type=1326 audit(1777720990.818:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8854 comm="syz.5.1192" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 415.476848][ T26] audit: type=1326 audit(1777720990.818:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8854 comm="syz.5.1192" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31b1f1dd9 code=0x7ffc0000 [ 415.517945][ T8866] tipc: Enabling of bearer rejected, already enabled [ 419.285740][ T8907] overlayfs: failed to clone upperpath [ 421.064427][ T8933] loop6: detected capacity change from 0 to 512 [ 423.075131][ T8933] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1219: invalid indirect mapped block 4294967295 (level 1) [ 423.093010][ T8933] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1219: invalid indirect mapped block 4294967295 (level 1) [ 423.107808][ T8933] EXT4-fs (loop6): 2 truncates cleaned up [ 423.113862][ T8933] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,grpjquota=,discard,auto_da_alloc=0x000000007fffffff,barrier=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 423.133790][ T8945] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 423.373492][ T8942] fuse: Bad value for 'fd' [ 424.779617][ T8961] device syzkaller0 entered promiscuous mode [ 426.966960][ T9005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 426.987196][ T9005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.159280][ T9008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.388114][ T9005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.824863][ T9018] netlink: 80 bytes leftover after parsing attributes in process `syz.6.1240'. [ 427.853646][ T9017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1242'. [ 427.898982][ T9018] Unknown status report in ack skb [ 427.914184][ T9022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1242'. [ 427.936759][ T9018] netlink: 'syz.6.1240': attribute type 12 has an invalid length. [ 428.977992][ T9029] syz.6.1246 (9029): drop_caches: 2 [ 433.227962][ T9075] fuse: Bad value for 'fd' [ 435.872415][ T9121] device syzkaller0 entered promiscuous mode [ 435.920294][ T4235] syzkaller0: tun_net_xmit 48 [ 435.943872][ T9121] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 435.955158][ T9121] syzkaller0: tun_net_xmit 1280 [ 437.457848][ T4431] Bluetooth: hci3: command 0x0406 tx timeout [ 438.609851][ T9144] device syzkaller0 entered promiscuous mode [ 439.592013][ T9156] fuse: Bad value for 'fd' [ 439.703982][ T9163] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1285'. [ 440.456363][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.822924][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.844474][ T6480] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 440.928351][ T9180] __sock_release: fasync list not empty! [ 441.316910][ T9181] sctp: [Deprecated]: syz.1.1291 (pid 9181) Use of struct sctp_assoc_value in delayed_ack socket option. [ 441.316910][ T9181] Use struct sctp_sack_info instead [ 442.010883][ T9184] sctp: [Deprecated]: syz.1.1291 (pid 9184) Use of struct sctp_assoc_value in delayed_ack socket option. [ 442.010883][ T9184] Use struct sctp_sack_info instead [ 444.432020][ T9236] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1303'. [ 444.498531][ T9236] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1303'. [ 444.512130][ T9236] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.520784][ T9236] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.529039][ T9236] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.537303][ T9236] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.557315][ T9236] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1303'. [ 444.585103][ T9236] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1303'. [ 444.708099][ T9244] sctp: [Deprecated]: syz.2.1305 (pid 9244) Use of struct sctp_assoc_value in delayed_ack socket option. [ 444.708099][ T9244] Use struct sctp_sack_info instead [ 444.773460][ T9247] sctp: [Deprecated]: syz.2.1305 (pid 9247) Use of struct sctp_assoc_value in delayed_ack socket option. [ 444.773460][ T9247] Use struct sctp_sack_info instead [ 446.897627][ T9291] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1317'. [ 447.254501][ T9291] 8021q: adding VLAN 0 to HW filter on device bond2 [ 447.321186][ T9293] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 447.327021][ T9284] Process accounting resumed [ 447.342440][ T6469] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 448.951422][ T9317] netlink: 'syz.2.1323': attribute type 1 has an invalid length. [ 448.998591][ T9317] netlink: 'syz.2.1323': attribute type 2 has an invalid length. [ 449.184567][ T9324] tipc: Enabling of bearer rejected, already enabled [ 451.836645][ T9349] tipc: Enabling of bearer rejected, failed to enable media [ 463.414410][ T9475] netlink: 14 bytes leftover after parsing attributes in process `syz.6.1370'. [ 463.478803][ T9478] tipc: Enabling of bearer rejected, already enabled [ 463.701168][ T9481] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 463.759273][ T26] audit: type=1326 audit(1777721039.628:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9480 comm="syz.0.1373" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb1dd89cdd9 code=0x0 [ 465.638294][ T9502] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 465.716379][ T9502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1377'. [ 469.117499][ T9558] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1392'. [ 469.129878][ T9558] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1392'. [ 470.801266][ T9547] orangefs_mount: mount request failed with -4 [ 472.478899][ T9577] tipc: Enabling of bearer rejected, failed to enable media [ 472.493622][ T9575] hugetlbfs: syz.0.1398 (9575): Using mlock ulimits for SHM_HUGETLB is deprecated [ 472.532790][ T9584] netlink: 'syz.5.1400': attribute type 4 has an invalid length. [ 472.576765][ T9589] netlink: 'syz.1.1399': attribute type 1 has an invalid length. [ 472.612824][ T9589] netlink: 'syz.1.1399': attribute type 2 has an invalid length. [ 472.759692][ T9600] ip6t_srh: unknown srh invflags 4000 [ 473.014002][ T9613] tipc: Enabling of bearer rejected, already enabled [ 473.516307][ T6471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 473.824216][ T9625] tipc: Enabling of bearer rejected, already enabled [ 473.989604][ T9634] tipc: Enabling of bearer rejected, already enabled [ 475.541828][ T9646] netlink: 'syz.6.1416': attribute type 4 has an invalid length. [ 475.674374][ T9649] tipc: Enabling of bearer rejected, already enabled [ 481.228955][ T9732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1442'. [ 481.474716][ T9728] netlink: 'syz.2.1442': attribute type 10 has an invalid length. [ 482.971770][ T9752] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1448'. [ 487.056945][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1462'. [ 493.069724][ T9844] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 497.285085][ T9860] netlink: 'syz.5.1479': attribute type 10 has an invalid length. [ 497.323183][ T9872] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 497.433671][ T9862] netlink: 'syz.6.1478': attribute type 10 has an invalid length. [ 497.746948][ T9862] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 497.998713][ T6460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.831305][ T6460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.941657][ T9895] overlayfs: failed to clone upperpath [ 499.171235][ T9901] tipc: Started in network mode [ 499.182800][ T9901] tipc: Node identity 080211000001, cluster identity 4711 [ 499.890307][ T9901] tipc: Enabled bearer , priority 0 [ 501.085014][ T4429] tipc: Node number set to 134418688 [ 501.519261][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.525757][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.543189][ T9933] tipc: Enabling of bearer rejected, already enabled [ 502.641604][ T9949] tipc: Failed to remove unknown binding: 66,0,0/0:2326614637/2326614638 [ 505.187857][ T9958] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 505.301718][ T9958] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.304704][ T9958] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 507.322344][ T9958] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.418520][ T9958] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 507.487388][ T9958] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.648543][ T9958] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 507.658638][ T9958] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.053260][ T9958] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.061825][ T9958] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.075654][ T9958] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.084149][ T9958] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.098638][ T9958] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.107236][ T9958] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.121772][ T9958] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.130718][ T9958] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.333796][T10036] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 513.554282][T10040] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1529'. [ 515.118205][T10046] team0: Port device bridge1 added [ 515.288292][T10061] futex_wake_op: syz.0.1532 tries to shift op by 144; fix this program [ 519.162345][T10092] netlink: 'syz.5.1544': attribute type 1 has an invalid length. [ 520.063372][T10104] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1545'. [ 521.378512][T10092] 8021q: adding VLAN 0 to HW filter on device bond3 [ 521.571380][T10113] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1549'. [ 522.955616][T10098] bond3: (slave gretap1): making interface the new active one [ 523.169183][T10098] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 523.245196][ T6467] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 525.313637][ T26] audit: type=1326 audit(1777721101.178:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 525.999358][T10146] IPVS: Error connecting to the multicast addr [ 526.025999][ T26] audit: type=1326 audit(1777721101.838:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 526.146736][ T26] audit: type=1326 audit(1777721101.838:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 526.306571][ T26] audit: type=1326 audit(1777721101.838:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 526.966532][ T26] audit: type=1326 audit(1777721101.848:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.342706][ T26] audit: type=1326 audit(1777721101.848:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.521977][ T26] audit: type=1326 audit(1777721101.848:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.571344][ T26] audit: type=1326 audit(1777721101.848:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.762475][T10168] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1569'. [ 527.774044][ T26] audit: type=1326 audit(1777721101.848:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.798977][ T26] audit: type=1326 audit(1777721101.848:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.6.1556" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f288add9 code=0x7ffc0000 [ 527.853599][T10168] netem: change failed [ 528.385928][T10176] rdma_rxe: rxe creation allowed on top of a real device only [ 528.701908][T10195] netlink: 'syz.5.1577': attribute type 1 has an invalid length. [ 528.741914][T10195] 8021q: adding VLAN 0 to HW filter on device bond4 [ 528.786170][T10195] bond4: (slave veth5): Enslaving as an active interface with a down link [ 528.809484][T10195] batman_adv: batadv0: Interface deactivated: dummy0 [ 528.840513][T10195] batman_adv: batadv0: Removing interface: dummy0 [ 528.869389][T10195] bond4: (slave dummy0): making interface the new active one [ 528.879190][T10195] device dummy0 entered promiscuous mode [ 528.885630][T10195] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 528.905109][ T6467] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 529.032149][T10201] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1577'. [ 529.100614][T10201] bond4: (slave dummy0): Releasing active interface [ 529.112032][T10201] device dummy0 left promiscuous mode [ 530.973383][T10242] bond1: option mode: unable to set because the bond device has slaves [ 531.173986][T10242] bond1: (slave veth7): Enslaving as an active interface with a down link [ 531.237010][T10250] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 531.975569][T10263] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1592'. [ 535.392147][T10303] netlink: 'syz.2.1606': attribute type 1 has an invalid length. [ 535.458578][T10303] 8021q: adding VLAN 0 to HW filter on device bond3 [ 535.494749][T10306] bond3: (slave geneve3): making interface the new active one [ 535.515458][T10306] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 535.542737][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 535.738593][T10317] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1610'. [ 537.632189][T10332] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1614'. [ 537.765133][T10337] bridge3: port 1(veth7) entered blocking state [ 537.823348][T10337] bridge3: port 1(veth7) entered disabled state [ 537.929325][T10337] device veth7 entered promiscuous mode [ 539.590873][T10332] bridge3: port 2(veth9) entered blocking state [ 539.597672][T10332] bridge3: port 2(veth9) entered disabled state [ 539.605660][T10332] device veth9 entered promiscuous mode [ 539.661646][T10355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1623'. [ 544.879149][T10396] debugfs: Directory 'netdev:syzkaller0' with parent 'phy6' already present! [ 545.010881][T10396] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 547.355438][T10416] ================================================================== [ 547.364246][T10416] BUG: KASAN: use-after-free in ieee80211_monitor_select_queue+0x23a/0x240 [ 547.372907][T10416] Read of size 2 at addr ffff888022ce2dfb by task syz.1.1643/10416 [ 547.380833][T10416] [ 547.383197][T10416] CPU: 1 PID: 10416 Comm: syz.1.1643 Not tainted syzkaller #0 [ 547.390686][T10416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 547.400865][T10416] Call Trace: [ 547.404188][T10416] [ 547.407141][T10416] dump_stack_lvl+0x188/0x250 [ 547.411944][T10416] ? show_regs_print_info+0x20/0x20 [ 547.417178][T10416] ? load_image+0x400/0x400 [ 547.421729][T10416] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 547.427245][T10416] ? ieee80211_tx+0x460/0x460 [ 547.431962][T10416] print_address_description+0x60/0x2d0 [ 547.437566][T10416] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 547.443956][T10416] kasan_report+0xdf/0x130 [ 547.448419][T10416] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 547.454702][T10416] ieee80211_monitor_select_queue+0x23a/0x240 [ 547.461042][T10416] ? ieee80211_recalc_smps_work+0x20/0x20 [ 547.466884][T10416] netdev_core_pick_tx+0x118/0x2e0 [ 547.472032][T10416] __dev_queue_xmit+0x756/0x2f80 [ 547.477003][T10416] ? __might_fault+0xb7/0x110 [ 547.481732][T10416] ? dev_queue_xmit+0x20/0x20 [ 547.486434][T10416] ? virtio_net_hdr_to_skb+0xa6b/0x11f0 [ 547.492049][T10416] ? packet_cached_dev_get+0x270/0x270 [ 547.497533][T10416] ? skb_copy_datagram_from_iter+0x5e3/0x6a0 [ 547.503556][T10416] packet_sendmsg+0x3dba/0x5060 [ 547.508465][T10416] ? __might_sleep+0xf0/0xf0 [ 547.513097][T10416] ? aa_sk_perm+0x7dc/0x910 [ 547.517631][T10416] ? packet_getsockopt+0x9a0/0x9a0 [ 547.522781][T10416] ? aa_sock_msg_perm+0x94/0x150 [ 547.527751][T10416] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 547.533061][T10416] ? security_socket_sendmsg+0x7c/0xa0 [ 547.538550][T10416] ? packet_getsockopt+0x9a0/0x9a0 [ 547.543707][T10416] ____sys_sendmsg+0x5b7/0x8f0 [ 547.548522][T10416] ? __sys_sendmsg_sock+0x30/0x30 [ 547.553616][T10416] ? import_iovec+0x6f/0xa0 [ 547.558165][T10416] ___sys_sendmsg+0x236/0x2e0 [ 547.562890][T10416] ? __sys_sendmsg+0x2a0/0x2a0 [ 547.567748][T10416] __se_sys_sendmsg+0x1af/0x290 [ 547.572640][T10416] ? __x64_sys_sendmsg+0x80/0x80 [ 547.577615][T10416] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 547.583648][T10416] ? lockdep_hardirqs_on+0x94/0x140 [ 547.588881][T10416] do_syscall_64+0x4c/0xa0 [ 547.593325][T10416] ? clear_bhb_loop+0x30/0x80 [ 547.598034][T10416] ? clear_bhb_loop+0x30/0x80 [ 547.602743][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 547.608675][T10416] RIP: 0033:0x7f5a0454cdd9 [ 547.613119][T10416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.632765][T10416] RSP: 002b:00007f5a027a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 547.641340][T10416] RAX: ffffffffffffffda RBX: 00007f5a047c5fa0 RCX: 00007f5a0454cdd9 [ 547.649347][T10416] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 547.657354][T10416] RBP: 00007f5a045e2d69 R08: 0000000000000000 R09: 0000000000000000 [ 547.665371][T10416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.673377][T10416] R13: 00007f5a047c6038 R14: 00007f5a047c5fa0 R15: 00007fffc442a308 [ 547.681400][T10416] [ 547.684443][T10416] [ 547.686782][T10416] Allocated by task 10303: [ 547.691394][T10416] __kasan_kmalloc+0xb5/0xf0 [ 547.696034][T10416] __alloc_skb+0x22c/0x750 [ 547.700490][T10416] inet6_netconf_notify_devconf+0x10b/0x1d0 [ 547.706572][T10416] __addrconf_sysctl_register+0x375/0x3e0 [ 547.712326][T10416] addrconf_sysctl_register+0x15c/0x1b0 [ 547.717993][T10416] ipv6_add_dev+0xbf3/0x1190 [ 547.722607][T10416] addrconf_notify+0x66f/0xf00 [ 547.727399][T10416] raw_notifier_call_chain+0xcb/0x160 [ 547.732828][T10416] register_netdevice+0x12a6/0x1710 [ 547.738060][T10416] bond_newlink+0x33/0x80 [ 547.742424][T10416] rtnl_newlink+0x1359/0x1a50 [ 547.747133][T10416] rtnetlink_rcv_msg+0x844/0xf30 [ 547.752101][T10416] netlink_rcv_skb+0x1f5/0x440 [ 547.756890][T10416] netlink_unicast+0x774/0x920 [ 547.761779][T10416] netlink_sendmsg+0x8ba/0xbe0 [ 547.766565][T10416] ____sys_sendmsg+0x5b7/0x8f0 [ 547.771622][T10416] ___sys_sendmsg+0x236/0x2e0 [ 547.776327][T10416] __se_sys_sendmsg+0x1af/0x290 [ 547.781231][T10416] do_syscall_64+0x4c/0xa0 [ 547.785689][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 547.791621][T10416] [ 547.793975][T10416] Freed by task 10303: [ 547.798068][T10416] kasan_set_track+0x4b/0x70 [ 547.802741][T10416] kasan_set_free_info+0x1f/0x40 [ 547.807736][T10416] ____kasan_slab_free+0xd5/0x110 [ 547.812800][T10416] slab_free_freelist_hook+0xea/0x170 [ 547.818245][T10416] kfree+0xef/0x2a0 [ 547.822087][T10416] skb_release_data+0x6b8/0x800 [ 547.826988][T10416] consume_skb+0xa2/0x100 [ 547.831350][T10416] netlink_broadcast_filtered+0x107a/0x1170 [ 547.837277][T10416] nlmsg_notify+0xec/0x1a0 [ 547.841729][T10416] __addrconf_sysctl_register+0x375/0x3e0 [ 547.847484][T10416] addrconf_sysctl_register+0x15c/0x1b0 [ 547.853072][T10416] ipv6_add_dev+0xbf3/0x1190 SYZFAIL: failed to send rpc fd=3 want=90512 sent=0 n=-1 (errno 32: Broken pipe) [ 547.857709][T10416] addrconf_notify+0x66f/0xf00 [ 547.862544][T10416] raw_notifier_call_chain+0xcb/0x160 [ 547.867961][T10416] register_netdevice+0x12a6/0x1710 [ 547.873399][T10416] bond_newlink+0x33/0x80 [ 547.877761][T10416] rtnl_newlink+0x1359/0x1a50 [ 547.882466][T10416] rtnetlink_rcv_msg+0x844/0xf30 [ 547.887435][T10416] netlink_rcv_skb+0x1f5/0x440 [ 547.892228][T10416] netlink_unicast+0x774/0x920 [ 547.897053][T10416] netlink_sendmsg+0x8ba/0xbe0 [ 547.901980][T10416] ____sys_sendmsg+0x5b7/0x8f0 [ 547.906784][T10416] ___sys_sendmsg+0x236/0x2e0 [ 547.911579][T10416] __se_sys_sendmsg+0x1af/0x290 [ 547.916461][T10416] do_syscall_64+0x4c/0xa0 [ 547.920908][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 547.926840][T10416] [ 547.929190][T10416] Last potentially related work creation: [ 547.934920][T10416] kasan_save_stack+0x35/0x60 [ 547.939830][T10416] kasan_record_aux_stack+0xb8/0x100 [ 547.945149][T10416] insert_work+0x54/0x3d0 [ 547.949531][T10416] __queue_work+0x9c5/0xd50 [ 547.954170][T10416] call_timer_fn+0x17b/0x540 [ 547.958797][T10416] __run_timers+0x569/0x800 [ 547.963337][T10416] run_timer_softirq+0x63/0xf0 [ 547.968134][T10416] handle_softirqs+0x339/0x830 [ 547.972925][T10416] __irq_exit_rcu+0x13b/0x230 [ 547.977637][T10416] irq_exit_rcu+0x5/0x20 [ 547.981905][T10416] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 547.987567][T10416] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 547.993577][T10416] [ 547.995920][T10416] The buggy address belongs to the object at ffff888022ce2c00 [ 547.995920][T10416] which belongs to the cache kmalloc-512 of size 512 [ 548.010013][T10416] The buggy address is located 507 bytes inside of [ 548.010013][T10416] 512-byte region [ffff888022ce2c00, ffff888022ce2e00) [ 548.023413][T10416] The buggy address belongs to the page: [ 548.029131][T10416] page:ffffea00008b3800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22ce0 [ 548.039414][T10416] head:ffffea00008b3800 order:2 compound_mapcount:0 compound_pincount:0 [ 548.047778][T10416] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 548.055818][T10416] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016c41c80 [ 548.064455][T10416] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 548.073070][T10416] page dumped because: kasan: bad access detected [ 548.079528][T10416] page_owner tracks the page as allocated [ 548.085278][T10416] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3563, ts 26226027838, free_ts 26210659507 [ 548.104707][T10416] get_page_from_freelist+0x1bbd/0x1ca0 [ 548.110312][T10416] __alloc_pages+0x1ee/0x480 [ 548.114944][T10416] new_slab+0xc0/0x4b0 [ 548.119155][T10416] ___slab_alloc+0x80a/0xdd0 [ 548.123772][T10416] kmem_cache_alloc_trace+0x1a5/0x2a0 [ 548.129175][T10416] kernfs_fop_open+0x3da/0xbf0 [ 548.133973][T10416] do_dentry_open+0x7ff/0xf80 [ 548.138720][T10416] path_openat+0x26f5/0x2fa0 [ 548.143458][T10416] do_filp_open+0x1e2/0x410 [ 548.148001][T10416] do_sys_openat2+0x150/0x4b0 [ 548.152749][T10416] __x64_sys_openat+0x135/0x160 [ 548.157629][T10416] do_syscall_64+0x4c/0xa0 [ 548.162075][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 548.168020][T10416] page last free stack trace: [ 548.172752][T10416] free_unref_page_prepare+0x637/0x6c0 [ 548.178250][T10416] free_unref_page+0x8f/0x2a0 [ 548.182978][T10416] qlist_free_all+0x35/0x90 [ 548.187508][T10416] kasan_quarantine_reduce+0x150/0x160 [ 548.192995][T10416] __kasan_slab_alloc+0x2f/0xd0 [ 548.197880][T10416] slab_post_alloc_hook+0x4c/0x380 [ 548.203033][T10416] kmem_cache_alloc+0x100/0x290 [ 548.208012][T10416] getname_flags+0xb5/0x500 [ 548.212555][T10416] do_sys_openat2+0xdd/0x4b0 [ 548.217172][T10416] __x64_sys_openat+0x135/0x160 [ 548.222056][T10416] do_syscall_64+0x4c/0xa0 [ 548.226501][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 548.232427][T10416] [ 548.234966][T10416] Memory state around the buggy address: [ 548.240627][T10416] ffff888022ce2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 548.248805][T10416] ffff888022ce2d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 548.256957][T10416] >ffff888022ce2d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 548.265045][T10416] ^ [ 548.273059][T10416] ffff888022ce2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 548.281164][T10416] ffff888022ce2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 548.289245][T10416] ================================================================== [ 548.297323][T10416] Disabling lock debugging due to kernel taint [ 548.303585][T10416] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 548.310809][T10416] CPU: 1 PID: 10416 Comm: syz.1.1643 Tainted: G B syzkaller #0 [ 548.319692][T10416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 548.329775][T10416] Call Trace: [ 548.333075][T10416] [ 548.336029][T10416] dump_stack_lvl+0x188/0x250 [ 548.340736][T10416] ? show_regs_print_info+0x20/0x20 [ 548.345965][T10416] ? load_image+0x400/0x400 [ 548.350495][T10416] panic+0x2e5/0x810 [ 548.354426][T10416] ? bpf_jit_dump+0xd0/0xd0 [ 548.358967][T10416] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 548.364881][T10416] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 548.370809][T10416] ? _raw_spin_unlock+0x40/0x40 [ 548.375696][T10416] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 548.381967][T10416] check_panic_on_warn+0x80/0xa0 [ 548.386934][T10416] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 548.393206][T10416] end_report+0x6d/0xf0 [ 548.397391][T10416] kasan_report+0x102/0x130 [ 548.401934][T10416] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 548.408206][T10416] ieee80211_monitor_select_queue+0x23a/0x240 [ 548.414304][T10416] ? ieee80211_recalc_smps_work+0x20/0x20 [ 548.420052][T10416] netdev_core_pick_tx+0x118/0x2e0 [ 548.425194][T10416] __dev_queue_xmit+0x756/0x2f80 [ 548.430160][T10416] ? __might_fault+0xb7/0x110 [ 548.434869][T10416] ? dev_queue_xmit+0x20/0x20 [ 548.439579][T10416] ? virtio_net_hdr_to_skb+0xa6b/0x11f0 [ 548.445158][T10416] ? packet_cached_dev_get+0x270/0x270 [ 548.450642][T10416] ? skb_copy_datagram_from_iter+0x5e3/0x6a0 [ 548.456664][T10416] packet_sendmsg+0x3dba/0x5060 [ 548.461557][T10416] ? __might_sleep+0xf0/0xf0 [ 548.466181][T10416] ? aa_sk_perm+0x7dc/0x910 [ 548.470727][T10416] ? packet_getsockopt+0x9a0/0x9a0 [ 548.475872][T10416] ? aa_sock_msg_perm+0x94/0x150 [ 548.480845][T10416] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 548.486164][T10416] ? security_socket_sendmsg+0x7c/0xa0 [ 548.491754][T10416] ? packet_getsockopt+0x9a0/0x9a0 [ 548.496903][T10416] ____sys_sendmsg+0x5b7/0x8f0 [ 548.501702][T10416] ? __sys_sendmsg_sock+0x30/0x30 [ 548.506845][T10416] ? import_iovec+0x6f/0xa0 [ 548.511395][T10416] ___sys_sendmsg+0x236/0x2e0 [ 548.516294][T10416] ? __sys_sendmsg+0x2a0/0x2a0 [ 548.521291][T10416] __se_sys_sendmsg+0x1af/0x290 [ 548.526186][T10416] ? __x64_sys_sendmsg+0x80/0x80 [ 548.531152][T10416] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 548.537166][T10416] ? lockdep_hardirqs_on+0x94/0x140 [ 548.542506][T10416] do_syscall_64+0x4c/0xa0 [ 548.546950][T10416] ? clear_bhb_loop+0x30/0x80 [ 548.551680][T10416] ? clear_bhb_loop+0x30/0x80 [ 548.556381][T10416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 548.562400][T10416] RIP: 0033:0x7f5a0454cdd9 [ 548.566972][T10416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.586692][T10416] RSP: 002b:00007f5a027a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 548.595138][T10416] RAX: ffffffffffffffda RBX: 00007f5a047c5fa0 RCX: 00007f5a0454cdd9 [ 548.603134][T10416] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 548.611127][T10416] RBP: 00007f5a045e2d69 R08: 0000000000000000 R09: 0000000000000000 [ 548.619137][T10416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.627148][T10416] R13: 00007f5a047c6038 R14: 00007f5a047c5fa0 R15: 00007fffc442a308 [ 548.635277][T10416] [ 548.638641][T10416] Kernel Offset: disabled [ 548.643104][T10416] Rebooting in 86400 seconds..