last executing test programs: 6m50.060386736s ago: executing program 1 (id=107): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000001c40)=0x4) ioctl$PPPIOCSMAXCID(r0, 0x40047451, 0x0) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x8) 6m49.877686149s ago: executing program 1 (id=111): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) unshare(0x20000400) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) 6m49.665923383s ago: executing program 1 (id=116): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) socket(0x10, 0x803, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{}], 0x1}, 0x48005) readv(r1, &(0x7f0000001540)=[{&(0x7f0000004580)=""/4107, 0x100b}], 0x17f) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x54}, 0x8000) socket(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r5, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40000121, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)=@generic={0x0}, 0x18) 6m48.805782686s ago: executing program 1 (id=140): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32=r2, @ANYBLOB="08000b000000000008000200ac14"], 0x54}}, 0x0) 6m48.686063977s ago: executing program 1 (id=142): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}]}, 0x24}}, 0x0) 6m48.669079188s ago: executing program 1 (id=144): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) socket$kcm(0x10, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000002c0)=0x6, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x3) shutdown(r1, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) 6m33.571657513s ago: executing program 32 (id=144): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) socket$kcm(0x10, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000002c0)=0x6, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x3) shutdown(r1, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) 2m34.066044688s ago: executing program 2 (id=1278): syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2902, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_mballoc_alloc\x00', r2}, 0x10) write(r0, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b28", 0x41) 2m32.897698976s ago: executing program 2 (id=1279): socket$alg(0x26, 0x5, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file1\x00', 0x2912c12, 0x0, 0x0, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f00000001c0)='./file0\x00', 0x880f54, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendfile(r1, r2, 0x0, 0xdc) 2m30.015975021s ago: executing program 2 (id=1292): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000240)='./bus\x00', 0x1800840, &(0x7f0000001600)={[{@numtail}, {@shortname_winnt}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@fat=@nocase}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@shortname_win95}, {@fat=@discard}, {@fat=@discard}, {@utf8no}, {@utf8no}, {@shortname_win95}, {@rodir}]}, 0x1, 0x360, &(0x7f0000001280)="$eJzs3U9oHFUYAPBvO/lbaJODUBSE0ZugoX/woKeUkkJxLypL1YO42FQlGwtZXEwP3caLeBQ86smLeNCDh55FUMSbB69WkKp40N4KFp/s7mx2NrtJU2Fbg7/fYfnyvffNe28zyU4m2ZdXlmPtwnRcvHnzRszNVWJq+cxy3KrEYmTRdzVGzYzJAQAHw62U4s/Us8+SyoSnBABMWPf1/7Ujpcw7X+/VP3n1B4ADr/j5f36vPnO7NVyayJQAgAkbuf//6FDzzPCv+qdKfxUAABxUz7/40jOnqxHP5flcxPq7rVqrFk8P2k9fjDeiEatxPBbidkTvQqHzUOk+nj1XXTme53k7flmMWqeiVYtYb7dqvSuF01m3fjZOxEIsFvXF1UZKKTv7RXXlRN4VEVfb3fFjvdKqTcfhYvwfD8dqnIw8HhipjzhXXTmZFweorffr2xFbg/sWnfkvxUJ8/2pcikZcmD8fKfUva6orV07k+ZlUHapv1WbjwvazsOsdEAAAAAAAAAAAAAAAAAAAAAAA+FeW8m2L2/vfpMH+PUtLY9q7++P06ov9gbZ6+wOl2RQp/fH2E7X3shjaH2jn/jyt2lQcur9LBwAAAAAAAAAAAAAAAAAAgP+M5uZM1BuN1Y3m5uW1ctDeaG4eiohO5s1vP/tqPkb73CGYKsYoNeVF6vJaPWX9zikb6lMEWWfwfubTa9szLveZ3V7F2GnM7t7UaBx55OcPB5mHs/6R/x70yWL8ArMd0ygH60d7U7qbJ+ryqSI4eYfO11NKux3nysujVVGJmLr7T9zeQeoE39x4/cFTzWNPdjNfpp7HHl84f/2Dj39bqzc6I3c0PpnZaN5Oa/Xi4/En2+5BVjp/KtELKuUzYWqv8q3hTD374fcXHnr/u/2NnsqZt8b0yXrL+XyjuVkpvlK6TTO9oJPbUTXfOJdF7DjO9JiTfwLBsY+W69eu/PTrfqtK3yRs1AEAAAAAAAAAAAAAAAAAAPdE6b3iheLNvtN7VT317ORnBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3zuD//5eCrZHMfoK/2jHaNLu60Yw4er+XCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9w/AQAA///ftWu9") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x880, 0x95) getdents64(r1, &(0x7f000003f980)=""/4088, 0xff8) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r3 = syz_open_dev$video4linux(&(0x7f0000000200), 0x1, 0x1a1000) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x101c, 0x0, 0xc, 0x3}}) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="8b332dbd7000000000001500000010001d800c0012a326a04adcf084b27e120a4c446c8500125e0c91cc6c0be780f6fe0d8004000080"], 0x24}}, 0x0) 2m28.275410248s ago: executing program 2 (id=1301): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000005b80)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000005bc0), 0x12) syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000200)='./bus\x00', 0x2810880, &(0x7f0000000300)=ANY=[], 0x8b, 0x28e, &(0x7f0000000680)="$eJzs3U1r1EAcx/HfJNt1a2tNbUUQD1IteJK2XsRLQYqvwZOo3RWKSwWtoF4snsUX4N2LL8AX4UkEz3ry5AvoLTKzSXeiedi2dsel3w/sGpN5+E+STeYfKBGAE+v2xvcPN37aj5FixZJuSZHddFktSed1ofN8e2drp9/r1jUUSx25j5FcTfNXmc3tXllVW8/VyCT2fy3N+utwPNI0TX+EDgIhdbJ/47KNkXQq+3XGfuFJtxs6gMDMnvb0QnOh4wAAhGUG9/cou8/PZvP3KJKWs9u+f///diZwvEe1FzqAwLz7v8uyUmOP71m3aZjvuRTObo/yLPGg/djJY1uDM6swwTRNWaWLJZp+tNXvXd980u9GeqP1jFdsUdK6ulnOmmmIdqkkNy1qa/TWasy4MUzZMaxVxL9Q1unhe2xmPpsv5p5J9F7d/flfKzW2exdBsn+k7kwN41+pbtGNMhmUqhjlvOvkYnHH1o4yrspIlO+peRUfECTFONultdr6o9ZgdKvVo3PtLJTWWmuotWhrffRqDc/m6prHzbwzd82SfumTNrz5f2T39rJG+WXaMq5kdmbk4ynNDVuuZOKv2r1U2mZ0uPHgUN7qoW5q7tnLV48f9Pu9pyycoIX8JPhf4vl3C63x9NU+8q7r6ECFpboy+aVzhAbzi3Rjp2EuSxiv4UGvLvN6nAFh3OzFwwzyPy9fWXEpkv1KaubpadO0zWtxtSI3OOe+T3stmez5fHUGNFOdwY2ac125Jl31VjbkXImNc7p2rJPEbOir7vP8HwAAAAAAAAAAAAAAAAAAYNKM428zQo8RAAAAAAAAAAAAAAAAAAAAAIBJV/3+346O8f2/hZfp8P5fIIzfAQAA///stXSM") 2m26.342170469s ago: executing program 2 (id=1307): mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) r0 = inotify_init1(0x0) inotify_add_watch(r0, 0x0, 0x20000510) unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 2m25.59553235s ago: executing program 2 (id=1308): connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x72) syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) r3 = msgget$private(0x0, 0x0) msgctl$IPC_RMID(r3, 0x0) 2m10.135912791s ago: executing program 33 (id=1308): connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x72) syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) r3 = msgget$private(0x0, 0x0) msgctl$IPC_RMID(r3, 0x0) 14.466105599s ago: executing program 4 (id=1863): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x1000000000000005, 0x1dd5c3) r4 = dup(r3) write$6lowpan_enable(r4, 0x0, 0x0) syz_io_uring_setup(0x4322, &(0x7f0000000740)={0x0, 0x1292, 0x40, 0xfffffffe, 0x345, 0x0, r4}, 0x0, &(0x7f00000001c0)) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) bind$inet(r5, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r6 = socket(0x40000000015, 0x5, 0x0) openat$vnet(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) connect$inet(r6, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x0, 0x0, 0x0) 9.825611163s ago: executing program 4 (id=1874): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000140)=""/197, 0xc5}], 0x1, 0x36, 0x0) 9.217443163s ago: executing program 3 (id=1880): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200008, &(0x7f0000000180)={[{@grpquota}, {@inode_readahead_blks}, {@quota}, {@oldalloc}]}, 0x1, 0x504, &(0x7f0000001000)="$eJzs3c9vI1cdAPDveOPEyaZNWnoABO3SFha0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oQ9pGckTkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep07W3gSS2FH8+UijeW/erL/vbXbei7/Z+AUwtu5ExEFETEbEuxExl19P8iPe6hzpfZ8cPl49Ony8mkS7/c7fk6w9vRY9fyZ1O3/NUkR871sRP0yejNvc299cqdWqO3l9oVXfXmju7d/fqK+sV9erW5XK8tLy4hsPXq9c2lhfqk/mpS9+/LuDr/047dZsfqV3HJepM/TicZzURER85yqCjcCtfDyTo+4I/5dCRDwfES9nz/9c3Mq+mgDATdZuz0V7rrd+LDlZBQBuikKWA0sK5TwXMBuFQrncyeG9EDOFWqPZuveosbu11smVzUex8GijVl3Mc4XzUUzS+lJW/rReOVV/EBHPRcTPpqazenm1UVsb5Tc+ADDGbp9a//811Vn/AYAbrjTqDgAAQ2f9B4DxY/0HgPFj/QeA8dNZ/6dH3Q0AYIi8/weA8WP9B4Cx8t23306P9lH++ddr7+3tbjbeu79WbW6W67ur5dXGznZ5vdFYzz6zp37W69Uaje2l12L3/fmvbzdbC829/Yf1xu5W62H2ud4Pq8XsroMhjAwAGOS5lz76Y5KuyG9OZ0f07OVQHGnPgKtWGHUHgJG5NeoOACNjty8YXxd4j1+M+KkUAdwAfbboPaHU7xeE2u12++q6BFyxu5+T/4dx1ZP/97+AYczI/8P4kv+H8dVuJ+fd5D/OeyMAcL3J8QMDfv7/fH7+df7DgR+snb7jw6vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxv3f1/y/le4LNRKJTLEc9ExHwUk0cbtepiRDwbEX+YKk6l9aUR9xkAuKjCX5J8/6+7c6/Onmh68fZxcTIifvSLd37+/kqrtfP7iMnkH1Pd660P8+uV4fceADhbd53Ozj1v5D85fLzaPYbZn79+MyJKnfhHh5NxdBx/IiaycymKETHzzySvdyQ9uYuLOPggIj7bb/xJzGY5kM7Op6fjp7GfGWr8won4haytc07/Lj5zCX2BcfNROv+81e/5K8Sd7Nz/+S9lM9TF5fNf+lKrR9kc+Gn87vx3a8D8d+e8MV777bc7pekn2z6I+PxERDf2Uc/8042fDIj/6jnj/+kLL748qK39y4i70T9+b6yFVn17obm3f3+jvrJeXa9uVSrLS8uLbzx4vbKQ5agXBq8Gf3vz3rOD2tLxzwyIXzpj/F8+5/h/9Z93v/+lp8T/6iv94hfihafET9fEr5wz/srMb0qD2tL4awPGf9bX/94543/85/0ntg0HAEanube/uVKrVXcUFK5/If0new260bfwjWHFmoz+TT95pfNMn2rqfu//P8YaNGNcRtYNuA6OH/qI+PeoOwMAAAAAAAAAAAAAAPQ1jN9YGvUYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLn+GwAA//+hm8cd") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) 7.772151006s ago: executing program 3 (id=1884): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x1000000000000005, 0x1dd5c3) r4 = dup(r3) write$6lowpan_enable(r4, 0x0, 0x0) syz_io_uring_setup(0x4322, &(0x7f0000000740)={0x0, 0x1292, 0x40, 0xfffffffe, 0x345, 0x0, r4}, 0x0, &(0x7f00000001c0)) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) bind$inet(r5, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c) sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r6 = socket(0x40000000015, 0x5, 0x0) openat$vnet(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) connect$inet(r6, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x0, 0x0, 0x0) 6.537028096s ago: executing program 5 (id=1886): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xf94, @local, 0x9}, 0x1c) bind$unix(0xffffffffffffffff, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0xfffffffd) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x3, 0x38) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000002, 0x8012, r1, 0x0) 6.210079321s ago: executing program 5 (id=1888): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000980)='./file0\x00', 0x800800, &(0x7f0000000340)=ANY=[@ANYBLOB='=', @ANYRESHEX, @ANYBLOB="2c6e6f6465636f6d706f73652c6e6c733d6b6f69382d722c756d61736b3d30303030303030303030303030303030303030303030342c63726561746f723d04cd0ff82c747970653d3b9519112c00"], 0x81, 0x6b2, &(0x7f0000000a00)="$eJzs3UFsHFcZB/D/bDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FCFz6AkhhFROiHJGQuLCyfdI3DjkABjN7Ky9tjeOncRet/39pPG82TfvvW++zpvZnW20AT6zLr6eg70UuXjq0p1ye3mp011e6twclJNMJGkkzf4qRTspPk4upL/k8+WLdXfFw8Z59f5HRfP9Dzv9rWa9VPs3tmq3ycg9e8mh1Y0DSab6xf9so8PG6P6qpernylp/j6lYjbtM2MlB4mDcVjbprVWOmhrrbX/eAvvW3f59c5PJ5HD6d9fyfUDqq8Ojrwzjt+W1qbd3cQAAAMBuGflZftgzD/Igd3Jkb8IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4ei/5uBRb00BuWpFIPf/28N/aZ+a8zhPqH3rlWr7z4z7kAAAAAAAAAA4ImceJAHuZMjg+2VovrO/6Vq42j193N5O7czl4Wczp3MZjGLWchMksmhjlp3ZhcXF2Y2t/xlypYrKyt365ZnR7Y8uz6u3sZAR/2fBpt2AgAAAAAAAIDPrB/l4tr3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB8UyYH+qlqODsqTaTSTHErSKqZWd2+NNdin4M/jDgAAAAB2X7teHyn+lxxPslJUn/mPVZ/7D+Xt3Mpi5rOYbuZytXoW0P/U3/h7r9NdXurcLJfNHX/jXzuKo+ox/WcPo0eervZ4YbXFxXw738upTOVyFjKf72c2i5nLVL5VlWZTZLJ+ejG5vNTOINbN8V5Yt3V5Y2wnhsplfMcnykjauZb5KrbTudIahN6o9zs+NNofW8mGEe+V2Sleq20zR1frdXlEv6jX+8NkdeQHVzMyXee+zMazw3nfnPsdnicbR5pJY/UZ1NG1UcrNjSM9Vs4P1+sy1z/d3Zzv8FHa+kz0fl5uDc6+Y1vnPPnyP/5y+Xrj1o3r126f2j+n0WPaeE50hjLx4rYy0S0z0XuCTBx6kvifnladjf5VdGdXy5eqtkcyn+/kzVzNXM5lOjM5n+l8LWfTydmhvL6wdV6rudbY2Vw7+aW6UN6TfjZ0b9ozEw+rKPP67FBeh690k1Xd8CtrWXpuG1kqWhmdpX+ODKX5hbpQjvHjoTvO+G3MxMxQJp7fOhO//u9KktvdWzcWrs++tc3xXq7X5bR9b/21+TdP5YB2rj7c8nx5rvyPlf5tY/jsKOueH9RtyFer/salWXe2rq6Vaj736x41U8uejt0b1VO/7sWRo3SquuNDdeve5eTNdFffhdT2fJICsA2HXzncat9v/639Qfsn7evtS4e+OXF+4outHPxr808Hftf4bePrxSv5ID/MkXFHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnwa333n3xmy3O7ewDwtpPOUO742sGqSi/0prxD4nsg+y8ckoTGx1Rv0+yRbNW+OIuZ1kX6QuzT0YayIjqi6tvtJOGlXhYH9K3NgnP3AH7IYzizffOnP7nXe/Mn9z9o25N+ZunT1/7rVzna/O3D1zbb47N93/O+4ogd2w9jZg3JEAAAAAAAAAAAAA27UX/7xhxLBFbwzHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwyXXw9B3spMjN9errcXl7qdMtlUF7bs5mkkaT4QVJ8nFxIf8nkUHfFw8Z59f5Hv3r5/Q87a301B/s3NrT7w79XVnZ4FL16yVSSA/X60Sa21d+Vof56Owysr1g9wjJhJweJg3H7fwAAAP//gT8GDA==") openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x40) 6.006051014s ago: executing program 5 (id=1890): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x51}, 0x28) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x3c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7, 0x10008}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}}, 0x0) r7 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r8], 0x5c}}, 0x40) 5.877679476s ago: executing program 5 (id=1892): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r3) 4.718007635s ago: executing program 5 (id=1895): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="010000006b0300000100000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x48}}, 0x20000000) 4.596166377s ago: executing program 4 (id=1896): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x7}, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_freezer_state(r2, &(0x7f0000000140), 0x2, 0x0) mkdirat$cgroup(r2, &(0x7f0000000180)='syz1\x00', 0x1ff) mkdirat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x1ff) sendfile(r3, r3, 0x0, 0x9) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r4, 0x0) mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r4, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/49, @ANYRES32=0x0, @ANYRES32=0x0], 0x120}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x128, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x250, 0x20a, 0x278, 0x250, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0xc}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="2400000018000109000000000010000002180000ff0000060000000008000100ac1414"], 0x24}}, 0x0) 4.40153283s ago: executing program 5 (id=1897): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1a, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000180)='GPL\x00', 0x8, 0x1019, &(0x7f0000001200)=""/4121, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x100}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$video(&(0x7f0000000280), 0x7ffffffe, 0x129680) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000580)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x4, 0x2, [{}, {0x277c}, {}, {}, {}, {0xd360}, {}, {0x0, 0x80000}], 0x10}}) 4.40098915s ago: executing program 0 (id=1898): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xf94, @local, 0x9}, 0x1c) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) r1 = openat$audio(0xffffffffffffff9c, 0x0, 0x109802, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0xfffffffd) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x3, 0x38) mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000002, 0x8012, r1, 0x0) 4.37084288s ago: executing program 4 (id=1899): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc1b, &(0x7f0000001940)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi27CufMO9LIlm3t+kPy7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER8/gsXTpxMB90KAOBRujT5lROnff8DwHvKZT//AwAAAAAAAAAAAADAYZeiiCORYujVzTRdPe+oX2y1b9ycGp/Y+7DBFClqUVT15aN+8tTpM585e260m3c//kH7aDw/eflC47nFa9eX5peX5+caU+3W7OLc/L7f4X6Pv9VINQCNay/emLtyZblx6vjpXS/fHH594Mkjw+fPHTs72q2dGp+YmOyp6et/x3/6be60wuOJKKIZKd4cfiM1I6IW9z8W9/jsPGyDVSdGqk5MjU9UHVloNdsr5YuplqtqEY2eg8a6Y/QI5uK+jEWsls0vGzxSdm/yenOpObMw3/hyc2mltdJabKdap7VlfxpRi9EUsRYRGwO3v11/FPHxSPHyic00ExFFdxw+XS0Mvnd7ag+hj/tQtrPRH7FWewzm7BAbiCIuRYpfvHY0Zssxy4/4ZMSXynw14pUyPxeRyg/GmYif7/E54vHUF0X8e6RYTJtprjofdM8rF7/a+GL7ymJPbfe88th/PzxKh/zcVI8iZqoz/mZ65xc7AAAAAAAAAAAAAAAAADxog1HEdyPFnzz7e9W64qjWpX/g/Oj7Xvjt3jXjz9zjfcra4xGxWtvfmtz+vHQ41cr/HkLH2Jd6FPGtvP7vjw66MQAAAAAAAAAAAAAAAAAAAO9pRbwQKb527Ghai957irfaVxuXmzMLnbvCdu/9271n+tbW1lYjdXIs53TO1ZxrOddzbuSMWj4+51jO6ZyrOddyrufcyBlFPj7nWM7pnKs513Ku59zIGX35+JxjOadzruZcy7mecyNnHJJ79wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvJvUooi3IsV3vrGZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmI45Fi/YV69XytFnE5It7a2trqPiJis8z7ddB9BQAAAAAAAAAAAAAAAAAAgEMrFfGJSPH0/22mRkTcHH594Mkjw+fPHTs7WkQRqSzprX9+8vKFxnOL164vzS8vz881ptqt2cW5+f3+cfWLrfaNm1PjEw+lM/c0+JDbP1h/bvH6S0utq19f2fP1ofqFmeWVpebs3i/HYNQipnv3jFQNnhqfqBq90Gq2q0NT7Q4NrEWM7bczAAAAAAAAAAAAAAAAAAAAHBpDqYgvRIqf/deZ1F033tdZ8/8rnWfFdu0rf7DzuwAWbsmu3t8fsJ/ttN+GjlQL7xtT4xMTkz27+/pvLy3blFIRz0SKT738kWo9fIqhPdfGl3XvL+uuncl1w79W1q3uqqqPTI1PNC4tto9dWFhYnG2uNGcW5huT15uz+/7FAQAAAAAAAAAAAAAAAAAAAHAXQ6mIn0SK//n7/0jd+87n9f99nWc96/9/q1pCX6mn3bmtWtv//mptf2f7A+dHhz7+7J32P4z1/2WbUiri25Hi9E8+Ut1Pv7v+f/qW2rLuzyLFG89+LNfVnijrmt3udN7xSmth/kRZ+9eR4tff7NZGVXs11z69U3uyrB2MFH+5ubv267n2Qzu1p8rao5HiB/+9d+2Hd2pPl7U/ixT/9HeNbu1QWfv7ufbITu3x2cWFuXsNazn/34sUf3vpd1K3z3ec/57f/7B6S267bc7vvv2g5n+4Z99qntc/zfPfvMf8n40U36t/LNd1xn4mv/5U9f+d+f9UpPjPf9tdeyXXfnCn9uR+u3XQyvn/bqT4/l/9dLvPef7zyO7MUO/8/2rf7tz+lLyN+R98gPP/VM++4dyu2bc5Fu9Fyy9988XmwsL8kg0bNmxsbxz0mYlHofz+//NI8f9HitS9jsnf/+/rPNu5/vvfb+18/5+/Jbcd0PXfB3v2nc9XLf19EfWVa9f7n4moL7/0zWOta82r81fn26dOnvjsZ8+ePHHybP8T3Yu7na19j927QTn/P4oUP/6HH2//HLP7+m/v6/+hW3LbAc3/07192nVds++heE8q5/9vIsVTn//p9s+bd7v+7/78f/QTu3P7798Bzf+HevYN53a13uZYAAAAAAAAAAAAPE6GUhF/ESl+949/M3XXEO3n3//N3ZLbDujffx3p2Tf3iNY17HuQAQAOkfL678OR4p+3fri9lnv39V/8Rre29/rvTg7D/f8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBxl6KIP4wUQ69upvWB8nlH/WKrfePm1PjE3ocNpkhRi6KqLx/1k6dOn/nM2XOj3bz78Q/aR+P5ycsXGs8tXru+NL+8PD/XmGq3Zhfn5vf9Dvd7/K1GqgFoXHvxxtyVK8uNU8dP73r55vDrA08eGT5/7tjZ0W7t1PjExGRPTV//O/7Tb5PusP+JKOKHkeLN4TfS9wcianH/Y3GPz87DNlh1YqTqxNT4RNWRhVazvVK+mGq5qhbR6DlorDtGj2Au7stYxGrZ/LLBI2X3Jq83l5ozC/ONLzeXVlorrcV2qnVaW/anEbUYTRFrEbExcPvb9UcR344UL5/YTP8yEFF0x+HTlya/cuL0vdtTewh93IeynY3+iLXaYzBnh9hAFPGPkeIXrx2NHwxE9EXnEZ+M+FKZr0a8UubnIlL5wTgT8fM9Pkc8nvqiiDORYjFtptcGyvNB97xy8auNL7avLPbUds8rj/33w6O057mpODTnpnoU8aPqjL+Z/tXfawAAAAAAAAAAAAAAAIBDpIi1SPG1Y0dTtT54e01xq321cbk5s9BZ1tdd+9ddM721tbXVSJ0cyzmdczXnWs71nBs5o5aPzzmWczrnas61nOs5N3JGkY/POZZzOudqzrWc6zk3ckZfPj7nWM7pTvZ1u7iW96/n3MgZh2TtHgAAAAAAAAAAAAAAAAAA8O5Si6K6i/t3vrGZtgY695eejk6uux/ou94vAwAA//9E4XBP") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r1, 0x8979) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 4.051419845s ago: executing program 0 (id=1901): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r0, 0x0) 3.929852287s ago: executing program 0 (id=1902): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001440)=@newlink={0x7c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100a0}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xd8}, @IFLA_LINKINFO={0x54, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x48, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_FD0={0x8}, @IFLA_GTP_ROLE={0x8, 0x4, 0x2}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xd}, @IFLA_GTP_LOCAL6={0x14, 0x8, @remote}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x1}, @IFLA_GTP_ROLE={0x8, 0x4, 0x1}]}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close(0x4) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180), 0x4) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000002d00010000000000000000000400008004"], 0x18}], 0x1, 0x0, 0x0, 0x24000810}, 0x4000084) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f0000000040), 0x2, 0x0) sendfile(r4, r6, &(0x7f0000000240)=0x6, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x14, &(0x7f0000000d00)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x7f, &(0x7f0000000300)=""/127, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc0200000000000000000000000000010c000380060001000000000014000400fc0200000000000000000000000000002c000380"], 0x10c}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0xfffffffffffffe5d, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x4040000) r9 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r9, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000001fff000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd00008e4100030006010000418e01400004", 0x56}], 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 3.929358817s ago: executing program 6 (id=1903): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x51}, 0x28) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x3c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7, 0x10008}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}}, 0x0) r7 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r8], 0x5c}}, 0x40) 3.358617367s ago: executing program 0 (id=1904): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 3.273316628s ago: executing program 6 (id=1905): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r3) 3.225459209s ago: executing program 4 (id=1906): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000140)=""/197, 0xc5}], 0x1, 0x36, 0x0) 2.978107303s ago: executing program 0 (id=1907): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r0, &(0x7f00000001c0)='\\', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000140)) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0684113, &(0x7f0000000380)={0x1, 0x1, 0x0, 0x1003, 0x3, 0x0, 0x44, 0x8000b, 0x0, 0x0, 0x8, 0x1}) 1.968038829s ago: executing program 0 (id=1908): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000080)='\x00') 1.954154939s ago: executing program 6 (id=1909): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'}) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x7}, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_freezer_state(r2, &(0x7f0000000140), 0x2, 0x0) mkdirat$cgroup(r2, &(0x7f0000000180)='syz1\x00', 0x1ff) mkdirat$cgroup(r2, &(0x7f0000000100)='syz0\x00', 0x1ff) sendfile(r3, r3, 0x0, 0x9) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r4, 0x0) mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r4, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/53, @ANYRES32=0x0, @ANYRES32=0x0], 0x120}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x128, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x250, 0x20a, 0x278, 0x250, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0xc}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="2400000018000109000000000010000002180000ff0000060000000008000100ac1414"], 0x24}}, 0x0) 1.926983029s ago: executing program 4 (id=1910): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x29, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000180)={r3}) sendmsg$inet(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)='R', 0x1}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, 0x0) close(r4) 1.775102982s ago: executing program 6 (id=1911): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@resgid}, {@bh}, {@noload}, {@data_err_ignore}, {@noblock_validity}]}, 0xfe, 0x445, &(0x7f0000000900)="$eJzs3MtvG0UYAPBv7Tz6JKGUR0MLgYKIeCRN+qAHLiCQOICEBIciTiFJq1C3QU2QaBVB4BCOqBJ3xBGJv4ATXBBwQuIKd1SpQrm0cDJaezd1HTuNE6cu8e8nbTvjHXfm293xzs7YDaBrDad/JBH7IuKPiBioZm8vMFz96+bK4tQ/K4tTSZTLb/+dVMrdWFmcyovm79tbzZTLWb6/Qb3L70VMlkozl7L82MKFD8fmL195YfbC5LmZczMXJ9J/7UjfqYmTbYkzjevG0Cdzhw+9/u7VN6fOXH3/l+/SGvZl+2vjaJfh6tFt6Ol2V9Zh+2vSSU8HG0JLihGRnq7eSv8fiGLsXt03EK993tHGAduqXC6XG92fM0tlYAdLotMtADojv9Gnz7/5dpeGHveE6y9XH4DSuG9mW3VPTxSyMr11z7ftNBwRZ5b+/TrdYpvmIQAAav2Qjn+ebzT+K8RDNeXuy9ZQBiPi/og4EBEPRMTBiHgwolL24Yh4pMX661dI1o5/Ctc2FdgGpeO/l7K1rdvHf/noLwaLWW5/Jf7e5OxsaeZYdkxGorc/zY+vU8ePr/7+ZbN9teO/dEvrz8eCWTuu9dRN0E1PLkxuJeZa1z+LGOppFH8S+TJOEhGHImJok3XMPvvt4Wb77hz/OtqwzlT+JuKZ6vlfirr4c0nD9cnTp08cH3/x1MTJsV1Rmjk2ll8Va/362/JbzerfUvxtkJ7/PQ2v/9X4B5NdEfOXr5yvrNfOt17H8p9fNH2m2ez135e8U0n3Za99PLmwcGk8oi95Y+3rE7fem+fz8mn8I0cb9/8DcetIPBoR6UV8JCIei4jHs7Y/ERFPRsTRdeL/+ZWnPmg9/nVm5dsojX/6Tuc/as9/64ni+Z++bz3+XHr+T1RSI9krG/n822gDt3LsAAAA4P+iUPkOfFIYXU0XCqOj1e/wH4w9hdLc/MJzZ+c+ujhd/a78YPQW8pmugZr50PFsbjjPT9Tlj2fzxl8Vd1fyo1NzpelOBw9dbm+T/p/6q9jp1gHbzu+1oHvV9f/yp51qCHDXuf9D99L/oXvp/9C9GvV/cwDQHdz/oXvp/9C99H/oXvo/dKWmv40vbOkn/xI7PhGFe6IZOz/Rs+H/zGKTif6Guzr9yQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAe/wUAAP//ziLlLw==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) lseek(r4, 0x1, 0x4) 1.755415602s ago: executing program 3 (id=1912): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum={0x5}]}, {0x0, [0x0, 0x61, 0x2e, 0x5f, 0xf5cd8bd6da575829]}}, 0x0, 0x2b, 0x0, 0x1, 0xfffffeff}, 0x28) syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="bbd28ddcfbbbaaaaaaaaaa0086dd60003a04000473"], 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x20000090}, 0x4000094) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r4 = socket$inet6(0xa, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ffff06000d000600000007000000250000000d0016000c0014000000001f000006060400180000008cdb25", 0x39}], 0x1) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000005c0), r5) sendmsg$NLBL_MGMT_C_ADDDEF(r5, 0x0, 0x24004854) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0x58, r6, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @loopback}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2c}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010102}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2b}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000001}, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000d80)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c8, 0x1f0, 0x12, 0x60d, 0x0, 0x202, 0x2f8, 0x2e8, 0x2e8, 0x2f8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1f0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x800, 'bm\x00', "000000000000000617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x3, 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@local, [0x0, 0xff, 0x15544f338ecf0204, 0xffffffff], 0x4e24, 0x4e24, 0x4e23, 0x4e23, 0x6, 0xe, 0x1, 0x80, 0x1}}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x2d}, [0xff000000, 0xff, 0xffffff00, 0xff], 0x4e23, 0x4e23, 0x4e21, 0x0, 0x1ff, 0x0, 0xfffffffb, 0x400, 0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) socket$inet6(0xa, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e22e0000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) sendto$inet(r0, &(0x7f0000000280)='m', 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x3) 1.274195839s ago: executing program 3 (id=1913): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x40, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000002a00)='net/fib_trie\x00') preadv(r3, &(0x7f0000002240)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1, 0x37, 0x0) 388.738814ms ago: executing program 6 (id=1914): syz_emit_vhci(0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x8fd}}}}, 0xf) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_reconf_req={{0x19, 0x8, 0x8}, {0x6, 0x3ff, [0x9, 0x800]}}}}, 0x15) socket$inet_sctp(0x2, 0x5, 0x84) prlimit64(0x0, 0xf, 0x0, &(0x7f00000013c0)) r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000001400), &(0x7f0000001440)=0x4) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0) 325.662585ms ago: executing program 3 (id=1915): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001440)=@newlink={0x7c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100a0}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xd8}, @IFLA_LINKINFO={0x54, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x48, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_FD0={0x8}, @IFLA_GTP_ROLE={0x8, 0x4, 0x2}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xd}, @IFLA_GTP_LOCAL6={0x14, 0x8, @remote}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x1}, @IFLA_GTP_ROLE={0x8, 0x4, 0x1}]}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close(0x4) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180), 0x4) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000002d00010000000000000000000400008004"], 0x18}], 0x1, 0x0, 0x0, 0x24000810}, 0x4000084) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f0000000040), 0x2, 0x0) sendfile(r4, r6, &(0x7f0000000240)=0x6, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x14, &(0x7f0000000d00)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x7f, &(0x7f0000000300)=""/127, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc0200000000000000000000000000010c000380060001000000000014000400fc0200000000000000000000000000002c000380"], 0x10c}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r8 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0xfffffffffffffe5d, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x4040000) r9 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r9, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000001fff000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd00008e4100030006010000418e01400004", 0x56}], 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 109.968948ms ago: executing program 6 (id=1916): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x51}, 0x28) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x3c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7, 0x10008}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}}, 0x0) r7 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r8], 0x5c}}, 0x40) 0s ago: executing program 3 (id=1917): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') ioctl$TIOCSSOFTCAR(r3, 0x541a, &(0x7f0000000340)=0x2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r4, 0x84, 0x23, &(0x7f0000000100)={0x0, 0x100}, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) kernel console output (not intermixed with test programs): ,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 102.426899][ T5700] netlink: 48 bytes leftover after parsing attributes in process `syz.5.566'. [ 102.884384][ T5718] netlink: 48 bytes leftover after parsing attributes in process `syz.5.582'. [ 105.092641][ T5748] loop0: detected capacity change from 0 to 512 [ 105.157408][ T5713] loop2: detected capacity change from 0 to 32768 [ 106.320326][ T5713] (syz.2.570,5713,1):ocfs2_initialize_super:2313 ERROR: status = -12 [ 106.345102][ T5713] (syz.2.570,5713,1):ocfs2_fill_super:1177 ERROR: status = -12 [ 106.533195][ T5753] loop4: detected capacity change from 0 to 4096 [ 106.588478][ T5753] ntfs3: Unknown parameter 'nocase' [ 108.092055][ T4110] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 108.605305][ T4110] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 108.608526][ T4110] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 108.611370][ T4110] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 108.613872][ T4110] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.686044][ T5764] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 109.134400][ T5792] loop2: detected capacity change from 0 to 512 [ 109.503574][ T5792] EXT4-fs (loop2): Unrecognized mount option "smackfsfloor=º" or missing value [ 110.475251][ T4110] usb 1-1: USB disconnect, device number 2 [ 110.556232][ T5796] loop4: detected capacity change from 0 to 512 [ 110.833089][ T5803] device vlan2 entered promiscuous mode [ 110.863361][ T5780] loop3: detected capacity change from 0 to 32768 [ 112.323314][ T5465] udevd[5465]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 113.263189][ T5820] loop5: detected capacity change from 0 to 131072 [ 113.398974][ T5820] F2FS-fs (loop5): Invalid segment/section count (31, 24 x 150994945) [ 113.401329][ T5820] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 113.415948][ T5820] F2FS-fs (loop5): invalid crc value [ 113.453070][ T5838] loop2: detected capacity change from 0 to 256 [ 113.739124][ T5844] loop0: detected capacity change from 0 to 512 [ 114.532963][ T5820] F2FS-fs (loop5): Found nat_bits in checkpoint [ 114.556083][ T5820] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2 [ 114.992552][ T5820] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 114.994698][ T5820] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 115.014068][ T5820] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=8000000, run fsck to fix. [ 115.023102][ T5844] EXT4-fs (loop0): Unrecognized mount option "smackfsfloor=º" or missing value [ 115.070622][ T5820] F2FS-fs (loop5): sanity_check_inode: corrupted inode footer i_ino=8, ino,nid: [10986248, 8] run fsck to fix. [ 115.097992][ T5849] loop3: detected capacity change from 0 to 2048 [ 115.270065][ T5825] loop4: detected capacity change from 0 to 40427 [ 115.299963][ T5849] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 115.317660][ T5825] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 115.330937][ T5825] F2FS-fs (loop4): invalid crc value [ 115.366485][ T5825] F2FS-fs (loop4): Found nat_bits in checkpoint [ 115.554014][ T5862] ieee802154 phy0 wpan0: encryption failed: -22 [ 115.646460][ T5867] loop0: detected capacity change from 0 to 128 [ 115.681028][ T5838] loop2: detected capacity change from 0 to 32768 [ 115.728307][ T5838] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 ./file1 scanned by syz.2.610 (5838) [ 115.934199][ T5838] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 115.938327][ T5838] BTRFS error (device loop2): superblock checksum mismatch [ 115.965761][ T5867] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrjquota=,bsddf,,errors=continue. Quota mode: none. [ 116.466452][ T5867] fscrypt: Error allocating hmac(sha512): -2 [ 116.590570][ T5838] BTRFS error (device loop2): open_ctree failed: -22 [ 116.599478][ T5892] loop5: detected capacity change from 0 to 128 [ 116.688894][ T5892] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrjquota=,bsddf,,errors=continue. Quota mode: none. [ 117.047628][ T5909] loop2: detected capacity change from 0 to 1024 [ 117.785772][ T5909] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 117.954737][ T5922] binder: tried to use weak ref as strong ref [ 117.975496][ T5922] binder: 5921:5922 Acquire 1 refcount change on invalid ref 0 ret -22 [ 117.985924][ T5922] binder: 5921:5922 got transaction to invalid handle, 1 [ 117.987857][ T5922] binder: 5921:5922 transaction failed 29201/-22, size 120-24 line 2917 [ 118.002077][ T5928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.635'. [ 118.017210][ T4025] binder: undelivered TRANSACTION_ERROR: 29201 [ 118.039096][ T5930] tipc: Started in network mode [ 118.040490][ T5930] tipc: Node identity c2b3cef3f561, cluster identity 4711 [ 118.042435][ T5930] tipc: Enabled bearer , priority 0 [ 118.079835][ T5930] device syzkaller0 entered promiscuous mode [ 118.101132][ T5929] tipc: Resetting bearer [ 118.140027][ T5929] tipc: Disabling bearer [ 118.182833][ T5941] netlink: 48 bytes leftover after parsing attributes in process `syz.2.641'. [ 118.199704][ T26] audit: type=1326 audit(118.170:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.0.643" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff92f089a8 code=0x0 [ 118.224181][ T5948] udc-core: couldn't find an available UDC or it's busy [ 118.233404][ T5948] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 118.571016][ T5961] binder: tried to use weak ref as strong ref [ 118.581046][ T5961] binder: 5960:5961 Acquire 1 refcount change on invalid ref 0 ret -22 [ 118.593655][ T5961] binder: 5960:5961 got transaction to invalid handle, 1 [ 118.607148][ T5961] binder: 5960:5961 transaction failed 29201/-22, size 120-24 line 2917 [ 118.619891][ T4025] binder: undelivered TRANSACTION_ERROR: 29201 [ 120.323931][ T5970] tipc: Enabled bearer , priority 0 [ 120.327342][ T5970] device syzkaller0 entered promiscuous mode [ 120.360150][ T5968] tipc: Resetting bearer [ 120.367351][ T5975] netlink: 48 bytes leftover after parsing attributes in process `syz.0.656'. [ 120.400351][ T5968] tipc: Disabling bearer [ 121.485522][ T5987] netlink: 'syz.5.661': attribute type 10 has an invalid length. [ 121.496379][ T5987] device veth1_macvtap left promiscuous mode [ 121.677246][ T5996] netlink: 28 bytes leftover after parsing attributes in process `syz.3.665'. [ 121.679792][ T5996] netlink: 28 bytes leftover after parsing attributes in process `syz.3.665'. [ 121.788612][ T5996] device netdevsim0 entered promiscuous mode [ 121.825948][ T5996] device dummy0 entered promiscuous mode [ 122.705411][ T5996] hsr1: Slave A (netdevsim0) is not up; please bring it up to get a fully working HSR network [ 122.708583][ T5996] hsr1: Slave B (dummy0) is not up; please bring it up to get a fully working HSR network [ 122.722223][ T6002] netlink: 'syz.0.667': attribute type 1 has an invalid length. [ 122.747527][ T6002] 8021q: adding VLAN 0 to HW filter on device bond2 [ 123.063395][ T6018] loop0: detected capacity change from 0 to 512 [ 124.301608][ T6025] loop3: detected capacity change from 0 to 256 [ 124.304111][ T6025] exfat: Unknown parameter 'sys_tz' [ 124.514711][ T6028] loop4: detected capacity change from 0 to 256 [ 124.660402][ T6028] FAT-fs (loop4): Directory bread(block 64) failed [ 124.662310][ T6028] FAT-fs (loop4): Directory bread(block 65) failed [ 124.686750][ T6028] FAT-fs (loop4): Directory bread(block 66) failed [ 124.688609][ T6028] FAT-fs (loop4): Directory bread(block 67) failed [ 124.690398][ T6028] FAT-fs (loop4): Directory bread(block 68) failed [ 124.692219][ T6028] FAT-fs (loop4): Directory bread(block 69) failed [ 124.694074][ T6028] FAT-fs (loop4): Directory bread(block 70) failed [ 124.740366][ T6028] FAT-fs (loop4): Directory bread(block 71) failed [ 124.742504][ T6028] FAT-fs (loop4): Directory bread(block 72) failed [ 124.744340][ T6028] FAT-fs (loop4): Directory bread(block 73) failed [ 124.767917][ T6030] netlink: 20 bytes leftover after parsing attributes in process `syz.5.674'. [ 124.770531][ T6030] netlink: 40 bytes leftover after parsing attributes in process `syz.5.674'. [ 126.223589][ T6045] tipc: Enabled bearer , priority 0 [ 126.226189][ T6045] device syzkaller0 entered promiscuous mode [ 126.260053][ T6044] tipc: Resetting bearer [ 126.330650][ T6044] tipc: Disabling bearer [ 126.485716][ T6064] loop5: detected capacity change from 0 to 512 [ 128.901944][ T6053] loop3: detected capacity change from 0 to 32768 [ 129.037115][ T6053] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.684 (6053) [ 129.800481][ T6053] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 129.802923][ T6053] BTRFS info (device loop3): using free space tree [ 129.804711][ T6053] BTRFS info (device loop3): has skinny extents [ 129.952410][ T6105] binder: 6093:6105 got transaction to invalid handle, 1 [ 129.954420][ T6105] binder: 6093:6105 transaction failed 29201/-22, size 120-24 line 2917 [ 130.524970][ T4150] binder: undelivered TRANSACTION_ERROR: 29201 [ 130.561554][ T6103] netlink: 72 bytes leftover after parsing attributes in process `syz.2.699'. [ 130.607886][ T6116] netlink: 20 bytes leftover after parsing attributes in process `syz.4.700'. [ 130.671065][ T6053] BTRFS error (device loop3): open_ctree failed: -12 [ 130.773206][ T6122] loop4: detected capacity change from 0 to 512 [ 130.929057][ T4218] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by udevd (4218) [ 131.468963][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.472181][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.351874][ T6137] loop5: detected capacity change from 0 to 2 [ 132.475621][ T6137] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 133.537688][ T6147] netlink: 48 bytes leftover after parsing attributes in process `syz.4.711'. [ 134.243191][ T6160] netlink: 'syz.0.713': attribute type 1 has an invalid length. [ 134.372131][ T6160] 8021q: adding VLAN 0 to HW filter on device bond3 [ 134.655650][ T6169] binder: tried to use weak ref as strong ref [ 134.657433][ T6169] binder: 6161:6169 Acquire 1 refcount change on invalid ref 0 ret -22 [ 134.661815][ T6169] binder: 6161:6169 got transaction to invalid handle, 1 [ 134.663808][ T6169] binder: 6161:6169 transaction failed 29201/-22, size 120-24 line 2917 [ 135.163922][ T4072] binder: undelivered TRANSACTION_ERROR: 29201 [ 135.394398][ T6165] bond3: (slave gretap1): making interface the new active one [ 135.440948][ T6165] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 135.443456][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 136.418535][ T6186] tipc: Enabled bearer , priority 0 [ 136.481921][ T6186] tipc: Resetting bearer [ 136.526618][ T6184] tipc: Disabling bearer [ 136.584906][ T4080] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 136.626216][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.724'. [ 138.053778][ T4080] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.056783][ T4080] usb 1-1: config 0 has no interfaces? [ 138.058334][ T4080] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 138.061686][ T4080] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.073220][ T4080] usb 1-1: config 0 descriptor?? [ 138.267312][ T6187] loop3: detected capacity change from 0 to 32768 [ 138.455898][ T6210] binder: tried to use weak ref as strong ref [ 138.457700][ T6210] binder: 6201:6210 Acquire 1 refcount change on invalid ref 0 ret -22 [ 138.461782][ T6210] binder: 6201:6210 got transaction to invalid handle, 1 [ 138.463781][ T6210] binder: 6201:6210 transaction failed 29201/-22, size 120-24 line 2917 [ 138.934834][ T6211] loop2: detected capacity change from 0 to 1764 [ 138.939395][ T4101] binder: undelivered TRANSACTION_ERROR: 29201 [ 139.170790][ T6214] netlink: 'syz.5.731': attribute type 1 has an invalid length. [ 139.192063][ T6214] 8021q: adding VLAN 0 to HW filter on device bond1 [ 139.439670][ T6187] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.722 (6187) [ 139.514298][ T6214] bond1: (slave gretap1): making interface the new active one [ 139.534158][ T6214] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 139.556553][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 139.783975][ T4094] usb 1-1: USB disconnect, device number 3 [ 139.789490][ T6187] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 139.795944][ T6187] BTRFS info (device loop3): using free space tree [ 139.797765][ T6187] BTRFS info (device loop3): has skinny extents [ 139.912647][ T6187] BTRFS error (device loop3): open_ctree failed: -12 [ 140.021524][ T6206] loop4: detected capacity change from 0 to 32768 [ 140.031594][ T6224] netlink: 4 bytes leftover after parsing attributes in process `syz.5.734'. [ 140.051933][ T6248] loop2: detected capacity change from 0 to 512 [ 140.067811][ T6206] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.729 (6206) [ 140.118468][ T6206] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 140.120969][ T6206] BTRFS info (device loop4): force zlib compression, level 3 [ 140.123014][ T6206] BTRFS info (device loop4): force clearing of disk cache [ 140.137246][ T6206] BTRFS info (device loop4): setting nodatasum [ 140.138997][ T6206] BTRFS info (device loop4): use zlib compression, level 3 [ 140.140948][ T6206] BTRFS info (device loop4): allowing degraded mounts [ 140.142884][ T6206] BTRFS info (device loop4): enabling disk space caching [ 140.162546][ T6206] BTRFS info (device loop4): disk space caching is enabled [ 140.164592][ T6206] BTRFS info (device loop4): has skinny extents [ 142.293581][ T6206] BTRFS error (device loop4): open_ctree failed: -12 [ 144.393542][ T6304] loop5: detected capacity change from 0 to 256 [ 145.206830][ T6308] netlink: 48 bytes leftover after parsing attributes in process `syz.2.747'. [ 145.590223][ T6313] capability: warning: `syz.4.746' uses deprecated v2 capabilities in a way that may be insecure [ 147.194452][ T4014] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by udevd (4014) [ 147.212673][ T6320] loop2: detected capacity change from 0 to 512 [ 149.338040][ T6344] netlink: 20 bytes leftover after parsing attributes in process `syz.5.749'. [ 149.340616][ T6344] netlink: 40 bytes leftover after parsing attributes in process `syz.5.749'. [ 151.178005][ T6341] device ipvlan2 entered promiscuous mode [ 151.188330][ T6341] bridge0: port 3(ipvlan2) entered blocking state [ 151.415163][ T6341] bridge0: port 3(ipvlan2) entered disabled state [ 152.574023][ T6365] netlink: 48 bytes leftover after parsing attributes in process `syz.2.761'. [ 152.742724][ T6369] loop3: detected capacity change from 0 to 256 [ 153.714651][ T6377] loop2: detected capacity change from 0 to 128 [ 154.569156][ T6381] loop0: detected capacity change from 0 to 512 [ 154.610022][ T6377] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.664980][ T6377] ext4 filesystem being mounted at /189/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 156.575573][ T6400] netlink: 20 bytes leftover after parsing attributes in process `syz.0.773'. [ 156.578081][ T6400] netlink: 40 bytes leftover after parsing attributes in process `syz.0.773'. [ 156.750966][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.779'. [ 156.931383][ T6425] loop0: detected capacity change from 0 to 64 [ 157.023458][ T6427] netlink: 'syz.3.784': attribute type 1 has an invalid length. [ 157.065254][ T6427] 8021q: adding VLAN 0 to HW filter on device bond1 [ 157.182667][ T6427] bond1: (slave gretap1): making interface the new active one [ 157.194377][ T6427] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 157.213702][ T4972] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 157.246541][ T6404] loop4: detected capacity change from 0 to 32768 [ 157.428406][ T6404] XFS (loop4): Mounting V5 Filesystem [ 157.537533][ T6417] loop5: detected capacity change from 0 to 32768 [ 157.543577][ T6422] loop2: detected capacity change from 0 to 32768 [ 158.348507][ T6404] XFS (loop4): Ending clean mount [ 158.420207][ T6417] XFS (loop5): Mounting V5 Filesystem [ 158.434688][ T6422] XFS (loop2): Mounting V5 Filesystem [ 158.482075][ T4034] XFS (loop4): Unmounting Filesystem [ 158.687006][ T6422] XFS (loop2): Ending clean mount [ 158.763094][ T6472] netlink: 68 bytes leftover after parsing attributes in process `syz.3.789'. [ 159.338634][ T6417] XFS (loop5): Ending clean mount [ 159.356136][ T6422] XFS (loop2): User initiated shutdown received. [ 159.358137][ T6422] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x80/0x15c (fs/xfs/xfs_fsops.c:491). Shutting down filesystem. [ 159.405669][ T6422] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 159.480719][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.793'. [ 159.492613][ T4023] XFS (loop2): Unmounting Filesystem [ 159.697683][ T6485] loop0: detected capacity change from 0 to 1024 [ 159.702331][ T6485] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 159.873264][ T6485] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,dioread_nolock,. Quota mode: none. [ 159.885288][ T6491] netlink: 12 bytes leftover after parsing attributes in process `syz.4.791'. [ 159.896929][ T6485] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.932707][ T6485] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: none. [ 160.163896][ T4983] XFS (loop5): Unmounting Filesystem [ 161.310036][ T6511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.800'. [ 161.450086][ T6513] loop0: detected capacity change from 0 to 512 [ 164.114438][ T6525] netlink: 20 bytes leftover after parsing attributes in process `syz.3.805'. [ 164.117547][ T6525] netlink: 32 bytes leftover after parsing attributes in process `syz.3.805'. [ 165.168316][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.5.812'. [ 165.221061][ T6558] udc-core: couldn't find an available UDC or it's busy [ 165.223024][ T6558] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 165.692333][ T6547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.806'. [ 165.762527][ T6563] tipc: Enabled bearer , priority 0 [ 165.809527][ T6563] tipc: Resetting bearer [ 165.836617][ T6562] tipc: Disabling bearer [ 165.880677][ T6567] loop2: detected capacity change from 0 to 512 [ 167.085941][ T6581] binder: 6577:6581 unknown command 76 [ 167.087549][ T6581] binder: 6577:6581 ioctl c0306201 20000340 returned -22 [ 168.817426][ T6584] loop4: detected capacity change from 0 to 262144 [ 169.390678][ T6584] F2FS-fs (loop4): invalid crc value [ 169.417919][ T6584] F2FS-fs (loop4): Found nat_bits in checkpoint [ 169.476048][ T6584] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 169.539007][ T6282] Bluetooth: hci1: command 0x0406 tx timeout [ 169.540788][ T6282] Bluetooth: hci3: command 0x0406 tx timeout [ 169.696927][ T6603] loop0: detected capacity change from 0 to 4096 [ 169.747504][ T148] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.902044][ T148] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.978541][ T148] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.077605][ T148] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.082123][ T6590] loop5: detected capacity change from 0 to 40427 [ 170.185690][ T6590] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504) [ 170.187650][ T6590] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 170.190256][ T6590] F2FS-fs (loop5): build fault injection attr: rate: 17008, type: 0x1ffff [ 170.192626][ T6590] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x6 [ 170.226616][ T6590] F2FS-fs (loop5): invalid crc value [ 170.278252][ T6590] F2FS-fs (loop5): Found nat_bits in checkpoint [ 172.037044][ T6616] loop0: detected capacity change from 0 to 256 [ 172.908007][ T6635] loop2: detected capacity change from 0 to 256 [ 173.048809][ T6635] FAT-fs (loop2): Directory bread(block 64) failed [ 173.050735][ T6635] FAT-fs (loop2): Directory bread(block 65) failed [ 173.103591][ T6635] FAT-fs (loop2): Directory bread(block 66) failed [ 173.118165][ T6635] FAT-fs (loop2): Directory bread(block 67) failed [ 173.120133][ T6635] FAT-fs (loop2): Directory bread(block 68) failed [ 173.121970][ T6635] FAT-fs (loop2): Directory bread(block 69) failed [ 173.141607][ T6635] FAT-fs (loop2): Directory bread(block 70) failed [ 173.143498][ T6635] FAT-fs (loop2): Directory bread(block 71) failed [ 173.185385][ T6635] FAT-fs (loop2): Directory bread(block 72) failed [ 173.197533][ T6635] FAT-fs (loop2): Directory bread(block 73) failed [ 173.227127][ T6638] loop5: detected capacity change from 0 to 512 [ 173.345296][ T6635] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 173.585421][ T6646] loop0: detected capacity change from 0 to 128 [ 173.623646][ T6646] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 173.640991][ T6646] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.689285][ T6646] Invalid ELF header magic: != ELF [ 175.029633][ T6673] netlink: 112 bytes leftover after parsing attributes in process `syz.0.843'. [ 175.238080][ T6688] netlink: 'syz.2.844': attribute type 2 has an invalid length. [ 175.293768][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'. [ 176.446686][ T6720] binder: 6715:6720 tried to acquire reference to desc 0, got 1 instead [ 176.449743][ T6720] binder_alloc: 6715: binder_alloc_buf, no vma [ 176.451657][ T6720] binder: 6715:6720 transaction failed 29189/-3, size 120-24 line 3085 [ 177.655690][ T4080] binder: undelivered TRANSACTION_ERROR: 29189 [ 177.771763][ T148] device hsr_slave_0 left promiscuous mode [ 177.788332][ T6743] netlink: 20 bytes leftover after parsing attributes in process `syz.3.859'. [ 177.794958][ T6743] netlink: 40 bytes leftover after parsing attributes in process `syz.3.859'. [ 177.863870][ T148] device hsr_slave_1 left promiscuous mode [ 177.955903][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.958197][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.961783][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.966422][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.972069][ T148] device bridge_slave_1 left promiscuous mode [ 177.977956][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.005159][ T6760] netlink: 48 bytes leftover after parsing attributes in process `syz.5.865'. [ 178.019252][ T148] device bridge_slave_0 left promiscuous mode [ 178.021148][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.135249][ T148] device veth1_macvtap left promiscuous mode [ 178.137295][ T148] device veth0_macvtap left promiscuous mode [ 178.139080][ T148] device veth1_vlan left promiscuous mode [ 178.140787][ T148] device veth0_vlan left promiscuous mode [ 178.359535][ T148] team0 (unregistering): Port device team_slave_1 removed [ 178.370994][ T148] team0 (unregistering): Port device team_slave_0 removed [ 178.381646][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.421467][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.560986][ T148] bond0 (unregistering): Released all slaves [ 179.051464][ T6778] binder: 6766:6778 tried to acquire reference to desc 0, got 1 instead [ 179.054597][ T6778] binder_alloc: 6766: binder_alloc_buf, no vma [ 179.056545][ T6778] binder: 6766:6778 transaction failed 29189/-3, size 120-24 line 3085 [ 180.118950][ T6284] binder: undelivered TRANSACTION_ERROR: 29189 [ 180.860182][ T6806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.876'. [ 181.265821][ T6816] netlink: 20 bytes leftover after parsing attributes in process `syz.5.878'. [ 181.299514][ T6816] netlink: 40 bytes leftover after parsing attributes in process `syz.5.878'. [ 182.276133][ T6825] tipc: Enabling of bearer rejected, failed to enable media [ 184.537141][ T6867] netlink: 48 bytes leftover after parsing attributes in process `syz.2.889'. [ 184.545463][ T6865] loop5: detected capacity change from 0 to 1024 [ 184.663944][ T6865] EXT4-fs (loop5): mounted filesystem without journal. Opts: noinit_itable,usrquota,jqfmt=vfsv0,abort,nodelalloc,lazytime,noload,bsddf,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 184.731991][ T26] audit: type=1326 audit(2000000055.870:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.738172][ T26] audit: type=1326 audit(2000000055.870:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.777835][ T6884] AppArmor: change_hat: Invalid input 'K' [ 184.783483][ T26] audit: type=1326 audit(2000000055.920:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=135 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.791272][ T26] audit: type=1326 audit(2000000055.920:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.807604][ T26] audit: type=1326 audit(2000000055.920:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.814291][ T26] audit: type=1326 audit(2000000055.920:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.871879][ T26] audit: type=1326 audit(2000000055.920:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.902650][ T6889] tipc: Cannot configure node identity twice [ 184.904460][ T26] audit: type=1326 audit(2000000055.920:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.934924][ T26] audit: type=1326 audit(2000000055.920:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=137 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 184.941031][ T26] audit: type=1326 audit(2000000055.990:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 186.081818][ T6906] binder: 6904:6906 tried to acquire reference to desc 0, got 1 instead [ 186.155746][ T6906] binder: 6904:6906 got transaction with invalid parent offset or type [ 186.158012][ T6906] binder: 6904:6906 transaction failed 29201/-22, size 96-24 line 3286 [ 186.160699][ T6284] binder: undelivered TRANSACTION_ERROR: 29201 [ 186.433475][ T6920] netlink: 48 bytes leftover after parsing attributes in process `syz.5.903'. [ 189.911457][ T4110] Bluetooth: hci4: command 0x0406 tx timeout [ 190.212552][ T6928] loop5: detected capacity change from 0 to 32768 [ 191.270658][ T6975] netlink: 48 bytes leftover after parsing attributes in process `syz.4.915'. [ 192.463978][ T6998] loop2: detected capacity change from 0 to 256 [ 192.500009][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.501850][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.545671][ T6998] FAT-fs (loop2): Unrecognized mount option "nonumtaûl=0" or missing value [ 194.783261][ T7021] loop0: detected capacity change from 0 to 512 [ 198.909578][ T7053] loop0: detected capacity change from 0 to 512 [ 198.958997][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 198.959012][ T26] audit: type=1326 audit(2000000070.060:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7052 comm="syz.4.931" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x0 [ 199.346196][ T7053] EXT4-fs (loop0): Ignoring removed bh option [ 199.351083][ T7053] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 199.418989][ T7053] EXT4-fs (loop0): 1 truncate cleaned up [ 199.428860][ T7053] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 200.530030][ T1533] Bluetooth: hci5: command 0x0406 tx timeout [ 200.611486][ T7081] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 200.794982][ T7081] loop5: detected capacity change from 0 to 2048 [ 200.883937][ T7081] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d [ 200.898486][ T7081] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 203.736766][ T7132] netlink: 68 bytes leftover after parsing attributes in process `syz.0.946'. [ 204.279971][ T7135] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 205.501319][ T7153] binder: 7139:7153 tried to acquire reference to desc 0, got 1 instead [ 205.988087][ T4071] binder: undelivered TRANSACTION_COMPLETE [ 206.202477][ T2379] binder: undelivered transaction 82, process died. [ 207.088102][ T7169] udc-core: couldn't find an available UDC or it's busy [ 207.090070][ T7169] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 208.090512][ T7176] loop4: detected capacity change from 0 to 512 [ 208.195786][ T7176] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.959: casefold flag without casefold feature [ 208.215433][ T7176] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.959: couldn't read orphan inode 15 (err -117) [ 208.264845][ T7176] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 208.536604][ T7201] loop2: detected capacity change from 0 to 4096 [ 208.580064][ T7207] loop5: detected capacity change from 0 to 512 [ 208.672880][ T7207] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 208.691983][ T7207] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 209.566521][ T7207] EXT4-fs (loop5): 1 truncate cleaned up [ 209.568071][ T7207] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,sysvgroups,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback. [ 209.651245][ T7213] netlink: 48 bytes leftover after parsing attributes in process `syz.4.968'. [ 211.401008][ T7228] netlink: 'syz.3.972': attribute type 1 has an invalid length. [ 211.496670][ T7229] device syzkaller1 entered promiscuous mode [ 213.032115][ T4150] Bluetooth: hci5: command 0x0405 tx timeout [ 213.387529][ T7252] netlink: 12 bytes leftover after parsing attributes in process `syz.2.977'. [ 213.392798][ T7252] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.396514][ T7252] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.398669][ T7252] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.400816][ T7252] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.408132][ T7252] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.410372][ T7252] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.412587][ T7252] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.414761][ T7252] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.927308][ T7237] loop3: detected capacity change from 0 to 32768 [ 213.994495][ T7237] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.974 (7237) [ 214.301930][ T7256] loop5: detected capacity change from 0 to 131072 [ 214.314254][ T7237] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 214.327336][ T7237] BTRFS info (device loop3): using free space tree [ 214.332271][ T7237] BTRFS info (device loop3): has skinny extents [ 214.346934][ T7256] F2FS-fs (loop5): Invalid segment/section count (31, 24 x 150994945) [ 214.349980][ T7256] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 214.354291][ T7256] F2FS-fs (loop5): invalid crc value [ 214.400790][ T7256] F2FS-fs (loop5): Found nat_bits in checkpoint [ 214.568985][ T7256] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2 [ 214.604602][ T7256] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 214.606662][ T7256] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 214.623668][ T7256] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=8000000, run fsck to fix. [ 216.596545][ T7300] tipc: Cannot configure node identity twice [ 216.615458][ T7237] BTRFS error (device loop3): open_ctree failed: -12 [ 216.856372][ T7277] loop2: detected capacity change from 0 to 32768 [ 216.994972][ T7277] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.981 (7277) [ 217.003960][ T7277] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 217.010000][ T7277] BTRFS info (device loop2): setting nodatacow, compression disabled [ 217.015158][ T7277] BTRFS info (device loop2): max_inline at 0 [ 217.016882][ T7277] BTRFS info (device loop2): enabling disk space caching [ 217.018913][ T7277] BTRFS info (device loop2): turning off barriers [ 217.020663][ T7277] BTRFS info (device loop2): turning on flush-on-commit [ 217.022577][ T7277] BTRFS info (device loop2): doing ref verification [ 217.024506][ T7277] BTRFS info (device loop2): force clearing of disk cache [ 217.195067][ T7277] BTRFS info (device loop2): enabling ssd optimizations [ 217.195123][ T7277] BTRFS info (device loop2): max_inline at 4096 [ 217.195142][ T7277] BTRFS info (device loop2): disk space caching is enabled [ 217.195159][ T7277] BTRFS info (device loop2): has skinny extents [ 217.709286][ T7277] BTRFS error (device loop2): open_ctree failed: -12 [ 217.992327][ T7349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.988'. [ 218.248140][ T5466] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (5466) [ 218.281485][ T7358] netlink: 20 bytes leftover after parsing attributes in process `syz.4.990'. [ 218.307351][ T7358] netlink: 40 bytes leftover after parsing attributes in process `syz.4.990'. [ 218.805742][ T7371] [U] „ [ 221.234260][ T7404] tipc: Enabling of bearer rejected, failed to enable media [ 222.134659][ T7383] infiniband syz!: set active [ 222.137504][ T7383] infiniband syz!: added team_slave_0 [ 222.191650][ T7383] infiniband syz!: Couldn't open port 1 [ 222.340217][ T7419] loop3: detected capacity change from 0 to 512 [ 222.408604][ T7383] RDS/IB: syz!: added [ 222.425514][ T7383] smc: adding ib device syz! with port count 1 [ 222.427350][ T7383] smc: ib device syz! port 1 has pnetid [ 222.445022][ T7419] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 222.458061][ T7387] loop5: detected capacity change from 0 to 32768 [ 222.631641][ T7419] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 222.665197][ T7419] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 222.690403][ T7419] EXT4-fs (loop3): 1 truncate cleaned up [ 222.691989][ T7419] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resuid=0x0000000000000000,debug_want_extra_isize=0x000000000000002e,lazytime,quota,quota,,errors=continue. Quota mode: writeback. [ 222.720820][ T7387] BTRFS info (device loop5): using crc32c (crc32c-generic) checksum algorithm [ 222.723434][ T7387] BTRFS info (device loop5): setting nodatacow, compression disabled [ 222.737679][ T7387] BTRFS info (device loop5): max_inline at 0 [ 222.739171][ T7387] BTRFS info (device loop5): enabling disk space caching [ 222.759030][ T7387] BTRFS info (device loop5): turning off barriers [ 222.760768][ T7387] BTRFS info (device loop5): turning on flush-on-commit [ 222.795477][ T7387] BTRFS info (device loop5): doing ref verification [ 223.113921][ T7387] BTRFS info (device loop5): force clearing of disk cache [ 223.254390][ T7387] BTRFS info (device loop5): enabling ssd optimizations [ 223.327024][ T7387] BTRFS info (device loop5): max_inline at 4096 [ 223.333267][ T7387] BTRFS info (device loop5): disk space caching is enabled [ 223.335765][ T7387] BTRFS info (device loop5): has skinny extents [ 223.493461][ T7387] BTRFS error (device loop5): open_ctree failed: -12 [ 223.753510][ T4218] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (4218) [ 223.942500][ T7467] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1008'. [ 223.962430][ T7467] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1008'. [ 225.108562][ T7489] tipc: Enabled bearer , priority 0 [ 225.129948][ T7489] tipc: Resetting bearer [ 225.158983][ T7488] tipc: Disabling bearer [ 225.471296][ T7456] loop4: detected capacity change from 0 to 32768 [ 225.526194][ T7456] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1006 (7456) [ 226.627474][ T7456] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 226.630947][ T7456] BTRFS info (device loop4): setting nodatacow, compression disabled [ 226.633417][ T7456] BTRFS info (device loop4): enabling ssd optimizations [ 226.645320][ T7456] BTRFS info (device loop4): setting datacow [ 226.647040][ T7456] BTRFS info (device loop4): doing ref verification [ 226.648870][ T7456] BTRFS info (device loop4): force clearing of disk cache [ 226.650810][ T7456] BTRFS info (device loop4): turning off barriers [ 226.667475][ T7456] BTRFS info (device loop4): using spread ssd allocation scheme [ 226.669627][ T7456] BTRFS info (device loop4): using free space tree [ 226.697595][ T7456] BTRFS info (device loop4): has skinny extents [ 226.811094][ T7456] BTRFS error (device loop4): open_ctree failed: -12 [ 227.065369][ T7543] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1020'. [ 227.097986][ T5799] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by udevd (5799) [ 227.951309][ T7552] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1023'. [ 227.953787][ T7552] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1023'. [ 228.212133][ T7555] tipc: Enabled bearer , priority 0 [ 228.233901][ T7555] tipc: Resetting bearer [ 228.331266][ T7554] tipc: Disabling bearer [ 229.511467][ T7576] loop3: detected capacity change from 0 to 512 [ 229.760480][ T7576] EXT4-fs (loop3): Ignoring removed bh option [ 229.762330][ T7576] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 229.838421][ T7576] EXT4-fs (loop3): 1 truncate cleaned up [ 229.840129][ T7576] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 232.248895][ T7610] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1036'. [ 232.251592][ T7610] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1036'. [ 233.392408][ T7637] loop3: detected capacity change from 0 to 16 [ 233.465358][ T7633] batman_adv: batadv0: Adding interface: dummy0 [ 233.467336][ T7633] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.910103][ T7633] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 234.086597][ T7637] erofs: (device loop3): mounted with root inode @ nid 36. [ 234.198460][ T7646] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1044'. [ 234.300095][ T7646] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1044'. [ 234.438947][ T7654] loop0: detected capacity change from 0 to 512 [ 236.318686][ T7654] EXT4-fs (loop0): Ignoring removed bh option [ 236.320679][ T7654] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 236.424101][ T7654] EXT4-fs (loop0): 1 truncate cleaned up [ 236.425808][ T7654] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 238.783940][ T7687] loop2: detected capacity change from 0 to 4096 [ 238.920767][ T7687] ntfs3: loop2: MFT: r=3, expect seq=3 instead of 5! [ 238.924307][ T7687] ntfs3: loop2: Failed to load $Volume. [ 240.713559][ T7705] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1059'. [ 242.149273][ T7720] loop2: detected capacity change from 0 to 512 [ 242.346760][ T7727] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 242.349180][ T7727] IPv6: NLM_F_CREATE should be set when creating new route [ 242.351292][ T7727] IPv6: NLM_F_CREATE should be set when creating new route [ 242.356050][ T7720] EXT4-fs (loop2): Ignoring removed bh option [ 242.357844][ T7720] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 242.573229][ T7720] EXT4-fs (loop2): 1 truncate cleaned up [ 242.575081][ T7720] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 242.605158][ T5548] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 243.015989][ T7738] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1071'. [ 243.965021][ T5548] usb 1-1: Using ep0 maxpacket: 8 [ 244.090299][ T7748] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1073'. [ 244.095129][ T5548] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 244.098272][ T5548] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 244.101113][ T5548] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 244.114161][ T5548] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 244.118841][ T5548] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 244.121362][ T5548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.405167][ T5548] usb 1-1: GET_CAPABILITIES returned 0 [ 244.406998][ T5548] usbtmc 1-1:16.0: can't read capabilities [ 245.660552][ T5549] usb 1-1: USB disconnect, device number 4 [ 245.956435][ T7746] loop3: detected capacity change from 0 to 32768 [ 247.402893][ T7777] loop3: detected capacity change from 0 to 2048 [ 247.482829][ T7778] hub 6-0:1.0: USB hub found [ 247.484998][ T7778] hub 6-0:1.0: 8 ports detected [ 247.561511][ T7777] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 247.771281][ T7782] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1084'. [ 249.311077][ T7804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1090'. [ 251.458058][ T7816] udc-core: couldn't find an available UDC or it's busy [ 251.460090][ T7816] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 252.506812][ T7819] netlink: 'syz.5.1094': attribute type 10 has an invalid length. [ 252.513389][ T7819] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.516517][ T7819] bond0: (slave team0): Enslaving as an active interface with an up link [ 252.568765][ T7819] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 252.574462][ T7819] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 252.602972][ T7820] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1096'. [ 252.644965][ C0] hrtimer: interrupt took 180280 ns [ 254.556427][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.558437][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.619838][ T7838] loop2: detected capacity change from 0 to 64 [ 255.647790][ T7862] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1110'. [ 255.766365][ T7860] loop2: detected capacity change from 0 to 4096 [ 255.807884][ T7860] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 255.810553][ T7847] loop3: detected capacity change from 0 to 32768 [ 256.011786][ T7847] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 256.014538][ T7847] BTRFS info (device loop3): metadata ratio 4 [ 256.017236][ T7847] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 256.020287][ T7847] BTRFS info (device loop3): trying to use backup root at mount time [ 256.036873][ T7866] loop0: detected capacity change from 0 to 512 [ 256.052286][ T7847] BTRFS info (device loop3): doing ref verification [ 257.157007][ T7847] BTRFS info (device loop3): disabling tree log [ 257.159107][ T7847] BTRFS info (device loop3): using free space tree [ 257.161024][ T7847] BTRFS info (device loop3): has skinny extents [ 257.371733][ T7878] loop5: detected capacity change from 0 to 512 [ 257.558630][ T7878] EXT4-fs (loop5): Ignoring removed bh option [ 257.560600][ T7878] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 257.584967][ T7866] EXT4-fs (loop0): Ignoring removed orlov option [ 258.415122][ T7866] EXT4-fs (loop0): orphan cleanup on readonly fs [ 258.416189][ T7878] EXT4-fs (loop5): 1 truncate cleaned up [ 258.420917][ T7878] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 258.472797][ T7847] BTRFS error (device loop3): open_ctree failed: -12 [ 258.484898][ T7866] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1111: bg 0: block 248: padding at end of block bitmap is not set [ 258.529864][ T7866] Quota error (device loop0): write_blk: dquota write failed [ 258.532426][ T7866] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 258.550005][ T7866] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.1111: Failed to acquire dquot type 1 [ 258.592473][ T7866] EXT4-fs (loop0): 1 truncate cleaned up [ 258.604720][ T7866] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,usrjquota=,noblock_validity,grpjquota=,grpjquota=,orlov,abort,dax=never,stripe=0x0000000000000010,,errors=continue. Quota mode: writeback. [ 259.020931][ T7425] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (7425) [ 259.530711][ T7900] loop0: detected capacity change from 0 to 32768 [ 259.659236][ T7900] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1117 (7900) [ 259.899573][ T7909] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1115'. [ 260.647037][ T7900] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 260.649419][ T7900] BTRFS info (device loop0): force clearing of disk cache [ 260.651356][ T7900] BTRFS info (device loop0): metadata ratio 0 [ 260.653035][ T7900] BTRFS info (device loop0): enabling ssd optimizations [ 260.654966][ T7900] BTRFS info (device loop0): using spread ssd allocation scheme [ 260.656947][ T7900] BTRFS info (device loop0): using free space tree [ 260.658669][ T7900] BTRFS info (device loop0): has skinny extents [ 261.373024][ T7924] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1122'. [ 261.736346][ T7900] BTRFS info (device loop0): clearing free space tree [ 261.738501][ T7900] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 261.741310][ T7900] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 261.763540][ T7900] BTRFS info (device loop0): creating free space tree [ 261.766575][ T7900] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 261.769298][ T7900] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 262.217068][ T7951] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1128'. [ 265.050981][ T7972] loop4: detected capacity change from 0 to 256 [ 265.076075][ T7972] FAT-fs (loop4): Unrecognized mount option "nonumtaûl=0" or missing value [ 265.256665][ T7975] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1134'. [ 270.475838][ T7998] loop0: detected capacity change from 0 to 32768 [ 270.528748][ T7998] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 scanned by syz.0.1140 (7998) [ 270.599167][ T7998] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 270.608087][ T7998] BTRFS info (device loop0): setting nodatacow, compression disabled [ 270.619888][ T7998] BTRFS info (device loop0): turning on flush-on-commit [ 270.665155][ T7998] BTRFS info (device loop0): using free space tree [ 270.667040][ T7998] BTRFS info (device loop0): has skinny extents [ 272.041248][ T7998] BTRFS error (device loop0): open_ctree failed: -12 [ 273.077030][ T8048] loop4: detected capacity change from 0 to 512 [ 274.581134][ T8055] loop2: detected capacity change from 0 to 2048 [ 274.699115][ T8055] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 274.789086][ T8055] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,block_validity,min_batch_time=0x0000000000000007,nobarrier,noblock_validity,dioread_nolock,. Quota mode: writeback. [ 274.817738][ T8062] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1154'. [ 274.843433][ T8055] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 275.126406][ T8072] udc-core: couldn't find an available UDC or it's busy [ 275.128396][ T8072] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 275.130838][ T8069] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 275.132821][ T8069] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 275.165144][ T8069] vhci_hcd vhci_hcd.0: Device attached [ 275.170566][ T8070] vhci_hcd: connection closed [ 275.183329][ T136] vhci_hcd: stop threads [ 275.188131][ T136] vhci_hcd: release socket [ 275.189597][ T136] vhci_hcd: disconnect device [ 275.761566][ T8057] loop5: detected capacity change from 0 to 40427 [ 275.823030][ T8057] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 275.825587][ T8057] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 275.844339][ T8057] F2FS-fs (loop5): invalid crc value [ 275.845908][ T8067] loop2: detected capacity change from 0 to 32768 [ 275.893583][ T8057] F2FS-fs (loop5): Found nat_bits in checkpoint [ 275.917792][ T8065] loop4: detected capacity change from 0 to 40427 [ 275.977067][ T8065] F2FS-fs (loop4): invalid crc value [ 275.983943][ T8067] XFS (loop2): Mounting V5 Filesystem [ 276.041597][ T8057] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 276.043821][ T8057] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 276.071052][ T8065] F2FS-fs (loop4): Found nat_bits in checkpoint [ 276.243576][ T8065] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 276.281977][ T8065] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 276.331009][ T8067] XFS (loop2): Starting recovery (logdev: internal) [ 276.384556][ T8067] XFS (loop2): Ending recovery (logdev: internal) [ 276.523005][ T4034] attempt to access beyond end of device [ 276.523005][ T4034] loop4: rw=2049, want=45104, limit=40427 [ 276.663943][ T4023] XFS (loop2): Unmounting Filesystem [ 278.326755][ T8112] mmap: syz.0.1164 (8112) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 278.460867][ T8114] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1166'. [ 279.866185][ T8100] loop3: detected capacity change from 0 to 262144 [ 281.991501][ T8147] loop5: detected capacity change from 0 to 2048 [ 282.090268][ T8147] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.212687][ T4218] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by udevd (4218) [ 284.648695][ T8165] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1180'. [ 285.653420][ T8184] binder: 8172:8184 tried to acquire reference to desc 0, got 1 instead [ 285.657696][ T8184] binder_alloc: 8172: binder_alloc_buf, no vma [ 285.659723][ T8184] binder: 8172:8184 transaction failed 29189/-3, size 120-24 line 3085 [ 286.068709][ T5548] binder: undelivered TRANSACTION_ERROR: 29189 [ 286.490519][ T8186] loop3: detected capacity change from 0 to 65536 [ 286.620924][ T8198] tipc: Cannot configure node identity twice [ 286.624951][ T8186] XFS (loop3): Mounting V5 Filesystem [ 286.761806][ T8193] loop4: detected capacity change from 0 to 4096 [ 286.780165][ T8186] XFS (loop3): Ending clean mount [ 287.854356][ T4033] XFS (loop3): Unmounting Filesystem [ 288.558994][ T8202] loop0: detected capacity change from 0 to 32768 [ 288.885958][ T8211] loop5: detected capacity change from 0 to 32768 [ 288.929041][ T8218] loop3: detected capacity change from 0 to 4096 [ 288.985071][ T8211] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1194 (8211) [ 289.005110][ T8211] BTRFS info (device loop5): using crc32c (crc32c-generic) checksum algorithm [ 289.007703][ T8211] BTRFS info (device loop5): using free space tree [ 289.009491][ T8211] BTRFS info (device loop5): has skinny extents [ 290.237804][ T8211] BTRFS info (device loop5): enabling ssd optimizations [ 292.412118][ T8273] loop0: detected capacity change from 0 to 512 [ 292.430793][ T8272] loop5: detected capacity change from 0 to 2048 [ 292.445379][ T8272] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 292.487186][ T8271] smc: net device bond0 applied user defined pnetid SYZ2 [ 292.489712][ T8273] EXT4-fs (loop0): Ignoring removed bh option [ 292.491356][ T8273] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 292.505477][ T8275] smc: net device bond0 erased user defined pnetid SYZ2 [ 292.506758][ T8277] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 292.515538][ T8278] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1207'. [ 292.565422][ T8273] EXT4-fs (loop0): 1 truncate cleaned up [ 292.567163][ T8273] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 292.830093][ T8285] loop2: detected capacity change from 0 to 1024 [ 293.194485][ T8285] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 293.878845][ T8306] binder: 8294:8306 tried to acquire reference to desc 0, got 1 instead [ 293.884113][ T8306] binder_alloc: 8294: binder_alloc_buf, no vma [ 293.886377][ T8306] binder: 8294:8306 transaction failed 29189/-3, size 120-24 line 3085 [ 294.438213][ T8299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1215'. [ 294.441493][ T7454] Bluetooth: hci5: command 0x0405 tx timeout [ 294.443376][ T7454] binder: undelivered TRANSACTION_ERROR: 29189 [ 296.710711][ T8321] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1221'. [ 297.040254][ T8318] loop4: detected capacity change from 0 to 32768 [ 297.040663][ T8327] loop2: detected capacity change from 0 to 2048 [ 297.067266][ T8318] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 297.070195][ T8318] BTRFS info (device loop4): use zlib compression, level 3 [ 297.072422][ T8318] BTRFS info (device loop4): turning on sync discard [ 297.074430][ T8318] BTRFS info (device loop4): doing ref verification [ 298.165075][ T8318] BTRFS info (device loop4): disabling tree log [ 298.166924][ T8318] BTRFS info (device loop4): enabling tree log [ 298.168713][ T8318] BTRFS info (device loop4): enabling ssd optimizations [ 298.170642][ T8318] BTRFS info (device loop4): using spread ssd allocation scheme [ 298.172936][ T8318] BTRFS info (device loop4): not using ssd optimizations [ 298.191989][ T8318] BTRFS info (device loop4): not using spread ssd allocation scheme [ 298.194317][ T8318] BTRFS info (device loop4): using free space tree [ 298.210445][ T8318] BTRFS info (device loop4): has skinny extents [ 298.217474][ T8327] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 299.141873][ T8318] BTRFS error (device loop4): open_ctree failed: -12 [ 299.709888][ T8362] binder: 8361:8362 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 300.040158][ T8366] binder: 8361:8366 got transaction to invalid handle, 1 [ 300.042343][ T8366] binder: 8361:8366 transaction failed 29201/-22, size 120-24 line 2917 [ 300.241574][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1230'. [ 300.334585][ T6284] binder: undelivered TRANSACTION_ERROR: 29201 [ 306.734463][ T8428] loop0: detected capacity change from 0 to 512 [ 306.783752][ T8431] loop3: detected capacity change from 0 to 256 [ 306.850957][ T8431] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 306.895001][ T8431] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 306.921427][ T8431] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 306.943334][ T8435] loop2: detected capacity change from 0 to 256 [ 306.950849][ T8428] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 306.954295][ T8428] ext4 filesystem being mounted at /259/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 307.021486][ T8431] exFAT-fs (loop3): hint_cluster is invalid (17) [ 307.512558][ T8447] team0 speed is unknown, defaulting to 1000 [ 307.523551][ T8447] team0 speed is unknown, defaulting to 1000 [ 307.537764][ T8447] team0 speed is unknown, defaulting to 1000 [ 307.818623][ T8447] infiniband syz0: set down [ 307.820066][ T7454] team0 speed is unknown, defaulting to 1000 [ 307.822655][ T8451] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1255'. [ 307.836287][ T8447] infiniband syz0: added team0 [ 307.894557][ T8456] loop5: detected capacity change from 0 to 64 [ 308.075355][ T8447] RDS/IB: syz0: added [ 308.076635][ T8447] smc: adding ib device syz0 with port count 1 [ 308.078552][ T8447] smc: ib device syz0 port 1 has pnetid [ 308.107388][ T8443] loop2: detected capacity change from 0 to 32768 [ 308.116159][ T8447] team0 speed is unknown, defaulting to 1000 [ 308.125483][ T7454] team0 speed is unknown, defaulting to 1000 [ 308.153287][ T8443] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.1253 (8443) [ 309.155260][ T8456] MINIX-fs: file system does not have enough zmap blocks allocated. Refusing to mount. [ 309.158264][ T8456] MINIX-fs: bad superblock or unable to read bitmaps [ 309.322825][ T8443] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 309.335084][ T8443] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 309.337899][ T8443] BTRFS info (device loop2): use zstd compression, level 3 [ 309.356772][ T8443] BTRFS info (device loop2): using free space tree [ 309.358812][ T8443] BTRFS info (device loop2): has skinny extents [ 309.453846][ T8447] team0 speed is unknown, defaulting to 1000 [ 310.096237][ T8447] team0 speed is unknown, defaulting to 1000 [ 310.247984][ T8490] loop3: detected capacity change from 0 to 512 [ 310.337025][ T8447] team0 speed is unknown, defaulting to 1000 [ 310.365059][ T8443] BTRFS info (device loop2): enabling ssd optimizations [ 310.372330][ T8490] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 310.434329][ T8506] binder: 8492:8506 tried to acquire reference to desc 0, got 1 instead [ 310.438207][ T8506] binder_alloc: 8492: binder_alloc_buf, no vma [ 310.440103][ T8506] binder: 8492:8506 transaction failed 29189/-3, size 120-24 line 3085 [ 310.934551][ T7953] binder: undelivered TRANSACTION_ERROR: 29189 [ 311.046156][ T8447] team0 speed is unknown, defaulting to 1000 [ 311.175529][ T8490] EXT4-fs (loop3): 1 truncate cleaned up [ 311.177275][ T8490] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 312.671650][ T8532] loop0: detected capacity change from 0 to 256 [ 312.694422][ T4218] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 9 /dev/loop2 scanned by udevd (4218) [ 313.537734][ T8532] FAT-fs (loop0): Directory bread(block 64) failed [ 313.539608][ T8532] FAT-fs (loop0): Directory bread(block 65) failed [ 313.541524][ T8532] FAT-fs (loop0): Directory bread(block 66) failed [ 313.543272][ T8532] FAT-fs (loop0): Directory bread(block 67) failed [ 313.605064][ T8532] FAT-fs (loop0): Directory bread(block 68) failed [ 313.606888][ T8532] FAT-fs (loop0): Directory bread(block 69) failed [ 313.625089][ T8532] FAT-fs (loop0): Directory bread(block 70) failed [ 313.626884][ T8532] FAT-fs (loop0): Directory bread(block 71) failed [ 313.628810][ T8532] FAT-fs (loop0): Directory bread(block 72) failed [ 313.661364][ T8532] FAT-fs (loop0): Directory bread(block 73) failed [ 314.593797][ T8532] netlink: 'syz.0.1277': attribute type 29 has an invalid length. [ 315.145614][ T8558] binder: 8543:8558 tried to acquire reference to desc 0, got 1 instead [ 315.148841][ T8558] binder_alloc: 8543: binder_alloc_buf, no vma [ 315.150821][ T8558] binder: 8543:8558 transaction failed 29189/-3, size 120-24 line 3085 [ 315.262057][ T4072] binder: undelivered TRANSACTION_ERROR: 29189 [ 315.380326][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 315.382358][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 315.414148][ T8562] loop4: detected capacity change from 0 to 512 [ 315.536303][ T8562] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 315.539891][ T8562] ext4 filesystem being mounted at /246/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.556387][ T8569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1285'. [ 315.768618][ T8572] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1286'. [ 315.976595][ T8576] loop4: detected capacity change from 0 to 1024 [ 316.000677][ T8576] EXT4-fs (loop4): Ignoring removed orlov option [ 316.060774][ T8576] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,resgid=0x0000000000000000,nodioread_nolock,norecovery,debug_want_extra_isize=0x0000000000000080,resgid=0x0000000000000000,errors=remount-ro,grpid,orlov,. Quota mode: none. [ 317.455466][ T8594] loop2: detected capacity change from 0 to 256 [ 317.517468][ T8594] FAT-fs (loop2): Directory bread(block 64) failed [ 317.524000][ T8594] FAT-fs (loop2): Directory bread(block 65) failed [ 317.564445][ T8594] FAT-fs (loop2): Directory bread(block 66) failed [ 317.581821][ T8594] FAT-fs (loop2): Directory bread(block 67) failed [ 317.621262][ T8594] FAT-fs (loop2): Directory bread(block 68) failed [ 317.623375][ T8594] FAT-fs (loop2): Directory bread(block 69) failed [ 317.648592][ T8594] FAT-fs (loop2): Directory bread(block 70) failed [ 317.650765][ T8594] FAT-fs (loop2): Directory bread(block 71) failed [ 317.688490][ T8594] FAT-fs (loop2): Directory bread(block 72) failed [ 317.690570][ T8594] FAT-fs (loop2): Directory bread(block 73) failed [ 317.747537][ T8597] loop4: detected capacity change from 0 to 64 [ 317.838310][ T8597] hfs: request for non-existent node 16777216 in B*Tree [ 317.840600][ T8597] hfs: request for non-existent node 16777216 in B*Tree [ 318.309658][ T8610] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1299'. [ 318.326374][ T8611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1297'. [ 318.330329][ T8594] netlink: 'syz.2.1292': attribute type 29 has an invalid length. [ 318.781266][ T8624] fuse: Unknown parameter 'grou00000000000000000000' [ 319.958569][ T8624] loop0: detected capacity change from 0 to 32768 [ 319.975652][ T8624] XFS: ikeep mount option is deprecated. [ 320.015575][ T8625] loop2: detected capacity change from 0 to 64 [ 320.106640][ T8624] XFS (loop0): cannot change alignment: superblock does not support data alignment [ 321.516312][ T8645] device syzkaller1 entered promiscuous mode [ 321.831200][ T8647] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1310'. [ 322.966935][ T8661] loop0: detected capacity change from 0 to 64 [ 323.015975][ T8664] tipc: Can't bind to reserved service type 0 [ 323.182943][ T8659] loop5: detected capacity change from 0 to 4096 [ 323.192065][ T8666] loop4: detected capacity change from 0 to 64 [ 325.770263][ T8685] loop0: detected capacity change from 0 to 1024 [ 325.807554][ T8685] EXT4-fs (loop0): Ignoring removed nobh option [ 325.838023][ T8685] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 325.945919][ T8685] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,max_batch_time=0x0000000000005164,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,usrquota,dioread_nolock,,errors=continue. Quota mode: writeback. [ 327.299459][ T8706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1325'. [ 330.777339][ T8730] loop5: detected capacity change from 0 to 32768 [ 332.498512][ T8739] sch_fq: defrate 4294967295 ignored. [ 332.669087][ T8730] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 332.695614][ T8745] loop3: detected capacity change from 0 to 128 [ 332.704020][ T8748] loop4: detected capacity change from 0 to 1024 [ 333.616674][ T8748] EXT4-fs (loop4): Ignoring removed nobh option [ 333.618455][ T8748] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 333.846234][ T8748] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,max_batch_time=0x0000000000005164,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,usrquota,dioread_nolock,,errors=continue. Quota mode: writeback. [ 334.649032][ T8760] attempt to access beyond end of device [ 334.649032][ T8760] loop3: rw=2049, want=809, limit=128 [ 334.999698][ T8767] team0 speed is unknown, defaulting to 1000 [ 335.454233][ T8774] loop3: detected capacity change from 0 to 16 [ 336.557607][ T4983] ocfs2: Unmounting device (7,5) on (node local) [ 336.655029][ T8774] erofs: (device loop3): mounted with root inode @ nid 36. [ 336.699738][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.707421][ T8773] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 336.715441][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.719030][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 42 @ nid 36 [ 336.721443][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 41 @ nid 36 [ 336.723891][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.726568][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 336.729045][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 336.731506][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 336.734358][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.737063][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 336.739614][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 336.741989][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 336.744559][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 336.747454][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 336.750009][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 23 @ nid 36 [ 336.752735][ T8773] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 15 of nid 36 [ 336.755362][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 336.757772][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 65535 of nid 36 [ 336.760569][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 15 @ nid 36 [ 336.763012][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 61439 of nid 36 [ 336.765882][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 14 @ nid 36 [ 336.768331][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 57343 of nid 36 [ 336.771098][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 13 @ nid 36 [ 336.773573][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 36863 of nid 36 [ 336.776368][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 8 @ nid 36 [ 336.778791][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 4 @ nid 36 [ 336.781387][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 336.784012][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 0 @ nid 36 [ 336.786826][ T8773] attempt to access beyond end of device [ 336.786826][ T8773] loop3: rw=524288, want=312, limit=16 [ 336.789788][ T8773] attempt to access beyond end of device [ 336.789788][ T8773] loop3: rw=524288, want=1049280, limit=16 [ 336.792923][ T8773] attempt to access beyond end of device [ 336.792923][ T8773] loop3: rw=524288, want=24, limit=16 [ 336.796107][ T8773] attempt to access beyond end of device [ 336.796107][ T8773] loop3: rw=524288, want=736, limit=16 [ 336.799079][ T8773] attempt to access beyond end of device [ 336.799079][ T8773] loop3: rw=524288, want=776, limit=16 [ 336.802141][ T8773] attempt to access beyond end of device [ 336.802141][ T8773] loop3: rw=524288, want=848, limit=16 [ 336.805770][ T8773] attempt to access beyond end of device [ 336.805770][ T8773] loop3: rw=524288, want=13478624104, limit=16 [ 336.809188][ T8773] attempt to access beyond end of device [ 336.809188][ T8773] loop3: rw=524288, want=13478624080, limit=16 [ 336.813594][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 360447 of nid 36 [ 336.816397][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 336.819685][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 336.822251][ T8773] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 84 of nid 36 [ 336.824969][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 85 @ nid 36 [ 336.827440][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 348159 of nid 36 [ 336.830101][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 336.832559][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 344063 of nid 36 [ 336.835301][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 83 @ nid 36 [ 336.837789][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.840330][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 82 @ nid 36 [ 336.842746][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 81 @ nid 36 [ 336.845276][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 336.847870][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 79 @ nid 36 [ 336.850301][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 78 @ nid 36 [ 336.852871][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 336.855531][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 315391 of nid 36 [ 336.858262][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 76 @ nid 36 [ 336.860690][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.863240][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 75 @ nid 36 [ 336.865819][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 307199 of nid 36 [ 336.868624][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 336.871156][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 73 @ nid 36 [ 336.873584][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 336.876199][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 71 @ nid 36 [ 336.878603][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 290815 of nid 36 [ 336.881410][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 336.884085][ T8773] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 64 of nid 36 [ 336.886745][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 65 @ nid 36 [ 336.889174][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 266239 of nid 36 [ 336.891984][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 336.894418][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 262143 of nid 36 [ 336.897388][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 336.899926][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 61 @ nid 36 [ 336.903990][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 59 @ nid 36 [ 336.906615][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.909403][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 336.911994][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 336.914582][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 56 @ nid 36 [ 336.917187][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 55 @ nid 36 [ 336.919776][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 336.922450][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 336.925088][ T8773] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 50 of nid 36 [ 336.927837][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 336.930492][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 208895 of nid 36 [ 336.933420][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 336.936089][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 49 @ nid 36 [ 336.938755][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 200703 of nid 36 [ 336.941642][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 48 @ nid 36 [ 336.944214][ T8773] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 196607 of nid 36 [ 336.947056][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 336.949587][ T8773] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 336.952261][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 336.954893][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 45 @ nid 36 [ 336.957509][ T8773] erofs: (device loop3): z_erofs_readahead: readahead error at page 44 @ nid 36 [ 336.960220][ T8773] attempt to access beyond end of device [ 336.960220][ T8773] loop3: rw=524288, want=56, limit=16 [ 340.254906][ T4150] Bluetooth: hci0: command 0x0409 tx timeout [ 340.751663][ T8791] team0 speed is unknown, defaulting to 1000 [ 341.066212][ T8837] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'. [ 341.326648][ T8812] loop0: detected capacity change from 0 to 32768 [ 342.175213][ T8850] Cannot find add_set index 0 as target [ 342.335905][ T4150] Bluetooth: hci0: command 0x041b tx timeout [ 343.367437][ T8791] chnl_net:caif_netlink_parms(): no params data found [ 345.098694][ T25] Bluetooth: hci0: command 0x040f tx timeout [ 345.619941][ T4218] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by udevd (4218) [ 345.722413][ T8878] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1379'. [ 345.772735][ T8791] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.785860][ T8791] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.788533][ T8791] device bridge_slave_0 entered promiscuous mode [ 345.831305][ T8791] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.851559][ T8791] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.305625][ T8791] device bridge_slave_1 entered promiscuous mode [ 346.767260][ T8791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 346.801439][ T8903] loop4: detected capacity change from 0 to 512 [ 346.833604][ T8791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 346.956601][ T8791] team0: Port device team_slave_0 added [ 346.996278][ T8791] team0: Port device team_slave_1 added [ 347.135285][ T25] Bluetooth: hci0: command 0x0419 tx timeout [ 347.135516][ T8791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.139264][ T8791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.163834][ T8791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.235482][ T8791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.237570][ T8791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.258600][ T8791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.442278][ T8920] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1393'. [ 347.724052][ T8791] device hsr_slave_0 entered promiscuous mode [ 348.496308][ T8791] device hsr_slave_1 entered promiscuous mode [ 348.514982][ T8791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.517200][ T8791] Cannot create hsr debugfs directory [ 348.597639][ T8932] loop3: detected capacity change from 0 to 1024 [ 348.630810][ T8937] udc-core: couldn't find an available UDC or it's busy [ 348.632760][ T8937] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 348.821304][ T8942] loop0: detected capacity change from 0 to 512 [ 350.932095][ T8791] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 351.324197][ T8955] udc-core: couldn't find an available UDC or it's busy [ 351.336799][ T8791] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 351.354668][ T8955] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 351.368118][ T8791] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 351.427351][ T8958] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1406'. [ 351.430113][ T8791] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 351.560437][ T8956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1405'. [ 351.648091][ T8970] udc-core: couldn't find an available UDC or it's busy [ 351.650015][ T8970] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 351.743069][ T8791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.771581][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 351.774195][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 351.798473][ T8791] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.817686][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 351.820908][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 351.823949][ T5588] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.826144][ T5588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.854563][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 351.857791][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 351.860570][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 351.875839][ T5588] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.877801][ T5588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.922502][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 351.947818][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 351.986295][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 351.996517][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 352.013094][ T8791] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 352.024300][ T8791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 352.065198][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 352.068026][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 352.071242][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 352.083648][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 352.099530][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 352.117660][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 352.134161][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 352.157252][ T8981] tipc: Enabling of bearer rejected, failed to enable media [ 352.169752][ T5588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 352.439915][ T8992] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1415'. [ 352.471359][ T8992] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1415'. [ 352.557896][ T8995] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1416'. [ 352.792718][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 352.804239][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 352.850215][ T8791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.995640][ T9010] loop5: detected capacity change from 0 to 512 [ 353.231994][ T9018] hub 6-0:1.0: USB hub found [ 353.264602][ T9018] hub 6-0:1.0: 8 ports detected [ 354.035345][ T9028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1427'. [ 354.297427][ T9036] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1429'. [ 354.300503][ T9036] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1429'. [ 354.303058][ T9036] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1429'. [ 354.326888][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 354.331009][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 354.377640][ T9031] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1428'. [ 354.392557][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 354.395073][ T9031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1428'. [ 354.395746][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 354.410892][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 354.423112][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 354.432923][ T8791] device veth0_vlan entered promiscuous mode [ 354.452674][ T8791] device veth1_vlan entered promiscuous mode [ 354.548169][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 354.555835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 354.570920][ T9046] loop0: detected capacity change from 0 to 64 [ 354.573791][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 355.338929][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 355.344640][ T8791] device veth0_macvtap entered promiscuous mode [ 355.352702][ T8791] device veth1_macvtap entered promiscuous mode [ 355.405164][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.423100][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.439643][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.452746][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.468871][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.481930][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.503587][ T8791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.519296][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.528417][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.537660][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.548709][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.551473][ T8791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.562410][ T8791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.566876][ T8791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.574118][ T8791] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.576707][ T8791] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.579238][ T8791] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.581756][ T8791] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.612937][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 355.616341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 355.618920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 355.628876][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 355.662039][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 355.665528][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 355.715658][ T9058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1438'. [ 355.819744][ T9067] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1439'. [ 355.959766][ T4991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.962650][ T4991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.009018][ T4971] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 356.013167][ T4156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.015803][ T4156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.020260][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 357.072713][ T9098] loop5: detected capacity change from 0 to 1024 [ 357.150364][ T9098] hfsplus: session requires an argument [ 357.159575][ T9098] hfsplus: unable to parse mount options [ 357.338671][ T136] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.459260][ T136] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.509680][ T136] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.570745][ T136] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.648942][ T9117] loop4: detected capacity change from 0 to 4096 [ 357.772815][ T9117] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 357.794303][ T9117] ntfs3: loop4: Failed to load $Extend. [ 358.901319][ T136] tipc: Disabling bearer [ 358.903856][ T136] tipc: Left network mode [ 360.067029][ T9150] __nla_validate_parse: 4 callbacks suppressed [ 360.067042][ T9150] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1465'. [ 360.968103][ T9187] udc-core: couldn't find an available UDC or it's busy [ 360.981836][ T9187] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 361.067282][ T9189] binder: 9176:9189 tried to acquire reference to desc 0, got 1 instead [ 361.071268][ T9189] binder_alloc: 9176: binder_alloc_buf, no vma [ 361.073287][ T9189] binder: 9176:9189 transaction failed 29189/-3, size 120-24 line 3085 [ 361.578177][ T4150] binder: undelivered TRANSACTION_ERROR: 29189 [ 362.639377][ T9204] 8021q: adding VLAN 0 to HW filter on device bond2 [ 362.748035][ T9209] loop3: detected capacity change from 0 to 8192 [ 362.862479][ T9209] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 363.000669][ T9209] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 363.004719][ T9209] ntfs3: loop3: Failed to load $Extend. [ 363.050232][ T9230] loop4: detected capacity change from 0 to 256 [ 363.160576][ T9230] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 363.174095][ T9230] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 363.212305][ T9230] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 363.533614][ T9242] binder: 9236:9242 tried to acquire reference to desc 0, got 1 instead [ 363.540102][ T9242] binder_alloc: 9236: binder_alloc_buf, no vma [ 363.542516][ T9242] binder: 9236:9242 transaction failed 29189/-3, size 120-24 line 3085 [ 364.073259][ T6285] binder: undelivered TRANSACTION_ERROR: 29189 [ 364.353051][ T136] bond0: (slave wlan1): Releasing backup interface [ 364.395105][ T4150] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 364.412404][ T9262] udc-core: couldn't find an available UDC or it's busy [ 364.417697][ T4150] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 364.425559][ T136] device wlan1 left promiscuous mode [ 364.441719][ T9262] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 364.476013][ T9262] udc-core: couldn't find an available UDC or it's busy [ 364.478042][ T9262] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 364.554307][ T9261] 8021q: adding VLAN 0 to HW filter on device bond2 [ 364.894430][ T9279] loop4: detected capacity change from 0 to 128 [ 365.357527][ T9293] binder: 9287:9293 tried to acquire reference to desc 0, got 1 instead [ 365.363819][ T9293] binder_alloc: 9287: binder_alloc_buf, no vma [ 365.366219][ T9293] binder: 9287:9293 transaction failed 29189/-3, size 120-24 line 3085 [ 365.899274][ T6285] binder: undelivered TRANSACTION_ERROR: 29189 [ 366.007578][ T4150] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 366.485124][ T4150] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 366.487451][ T4150] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 366.490415][ T4150] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 366.493431][ T4150] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 366.496810][ T9295] fido_id[9295]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 366.507974][ T4150] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 366.511392][ T4150] usb 1-1: config 0 interface 0 has no altsetting 0 [ 366.544388][ T136] device hsr_slave_0 left promiscuous mode [ 366.578480][ T136] device hsr_slave_1 left promiscuous mode [ 366.675200][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.677529][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.683049][ T4150] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 366.695490][ T4150] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 366.697932][ T4150] usb 1-1: Product: syz [ 366.699009][ T4150] usb 1-1: Manufacturer: syz [ 366.700321][ T4150] usb 1-1: SerialNumber: syz [ 366.714063][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.717832][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.720579][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1512'. [ 366.753532][ T4150] usb 1-1: config 0 descriptor?? [ 366.785116][ T9280] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 366.791232][ T136] device bridge_slave_1 left promiscuous mode [ 366.793223][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.815987][ T4150] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 366.821515][ T4150] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 366.837011][ T136] device bridge_slave_0 left promiscuous mode [ 366.838960][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.856944][ T9323] loop6: detected capacity change from 0 to 512 [ 366.883491][ T136] rdma_rxe: ignoring netdev event = 10 for team_slave_0 [ 366.905772][ T9323] EXT4-fs (loop6): Test dummy encryption mode enabled [ 366.907676][ T9323] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 366.953620][ T9323] EXT4-fs error (device loop6): ext4_orphan_get:1427: comm syz.6.1513: bad orphan inode 131083 [ 366.970898][ T9323] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,noload,,errors=continue. Quota mode: none. [ 367.005384][ T136] device veth1_macvtap left promiscuous mode [ 367.007165][ T136] device veth0_macvtap left promiscuous mode [ 367.009152][ T136] device veth1_vlan left promiscuous mode [ 367.010925][ T136] device veth0_vlan left promiscuous mode [ 367.079224][ T9323] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce" [ 367.188900][ T136] rdma_rxe: ignoring netdev event = 27 for team_slave_0 [ 367.220779][ T6284] usb 1-1: USB disconnect, device number 5 [ 367.226322][ T6284] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 367.233162][ T136] infiniband syz!: set down [ 367.664360][ T136] team0 (unregistering): Port device team_slave_1 removed [ 367.680498][ T136] rdma_rxe: ignoring netdev event = 27 for team_slave_0 [ 367.682761][ T136] rdma_rxe: ignoring netdev event = 26 for team_slave_0 [ 367.685705][ T136] rdma_rxe: ignoring netdev event = 21 for team_slave_0 [ 367.688471][ T136] rdma_rxe: ignoring netdev event = 9 for team_slave_0 [ 367.690669][ T136] rdma_rxe: ignoring netdev event = 8 for team_slave_0 [ 367.693222][ T136] team0 (unregistering): Port device team_slave_0 removed [ 367.698921][ T148] smc: removing ib device syz! [ 367.710650][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 367.755189][ T136] device bond_slave_1 left promiscuous mode [ 367.766209][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 367.805861][ T136] device bond_slave_0 left promiscuous mode [ 367.941098][ T136] bond0 (unregistering): Released all slaves [ 368.107459][ T9344] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1516'. [ 368.109936][ T9344] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 368.111972][ T9344] IPv6: NLM_F_CREATE should be set when creating new route [ 368.171224][ T9349] device syzkaller0 entered promiscuous mode [ 368.355542][ T9361] udc-core: couldn't find an available UDC or it's busy [ 368.368718][ T9361] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 368.480006][ T9364] binder: BINDER_SET_CONTEXT_MGR already set [ 368.481739][ T9364] binder: 9356:9364 ioctl 4018620d 20000040 returned -16 [ 368.485707][ T9364] binder: 9356:9364 got transaction to invalid handle, 1 [ 368.487773][ T9364] binder: 9356:9364 transaction failed 29201/-22, size 120-24 line 2917 [ 368.990022][ T4150] binder: undelivered TRANSACTION_ERROR: 29201 [ 369.254561][ T9370] udc-core: couldn't find an available UDC or it's busy [ 369.268277][ T9370] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 370.376979][ T9384] tipc: Enabling of bearer rejected, failed to enable media [ 370.566828][ T9388] 8021q: adding VLAN 0 to HW filter on device bond4 [ 370.673805][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1532'. [ 371.101775][ T9422] udc-core: couldn't find an available UDC or it's busy [ 371.115597][ T9422] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 371.197213][ T9423] binder: BINDER_SET_CONTEXT_MGR already set [ 371.199165][ T9423] binder: 9412:9423 ioctl 4018620d 20000040 returned -16 [ 371.204570][ T9423] binder: 9412:9423 got transaction to invalid handle, 1 [ 371.206823][ T9423] binder: 9412:9423 transaction failed 29201/-22, size 120-24 line 2917 [ 371.699004][ T6285] binder: undelivered TRANSACTION_ERROR: 29201 [ 373.126937][ T9445] tipc: Enabling of bearer rejected, failed to enable media [ 373.364110][ T9452] 8021q: adding VLAN 0 to HW filter on device bond2 [ 373.825268][ T9460] loop3: detected capacity change from 0 to 8192 [ 373.857059][ T9476] loop4: detected capacity change from 0 to 512 [ 373.862426][ T9460] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 373.903246][ T9479] loop5: detected capacity change from 0 to 512 [ 373.908669][ T9476] EXT2-fs (loop4): warning: feature flags set on rev 0 fs, running e2fsck is recommended [ 374.057918][ T9476] EXT2-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 374.060701][ T9476] EXT2-fs (loop4): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=8001c] [ 374.067381][ T9479] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 374.069365][ T9479] UDF-fs: Scanning with blocksize 512 failed [ 374.075745][ T9479] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 374.088182][ T9479] UDF-fs: Scanning with blocksize 1024 failed [ 374.098512][ T9476] ext2 filesystem being mounted at /312/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 374.105421][ T9479] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 374.107464][ T9479] UDF-fs: Scanning with blocksize 2048 failed [ 374.134068][ T9479] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 374.186770][ T9476] handle_bad_sector: 4 callbacks suppressed [ 374.186784][ T9476] attempt to access beyond end of device [ 374.186784][ T9476] loop4: rw=0, want=1022040, limit=512 [ 374.200201][ T9479] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 374.205932][ T9460] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 374.210674][ T9460] ntfs3: loop3: Failed to load $Extend. [ 374.356074][ T9479] overlayfs: upper fs needs to support d_type. [ 374.378463][ T9479] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 374.387448][ T9479] overlayfs: failed to set xattr on upper [ 374.393593][ T9479] overlayfs: ...falling back to index=off,metacopy=off. [ 377.788803][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.790841][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.855388][ T9510] 8021q: adding VLAN 0 to HW filter on device bond3 [ 378.297888][ T9532] tipc: Enabling of bearer rejected, failed to enable media [ 378.363155][ T9535] udc-core: couldn't find an available UDC or it's busy [ 378.388690][ T9535] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 378.820318][ T9543] syz.5.1567 sent an empty control message without MSG_MORE. [ 379.555337][ T26] audit: type=1326 audit(2000000250.690:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 379.574474][ T26] audit: type=1326 audit(2000000250.710:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 379.632617][ T26] audit: type=1326 audit(2000000250.730:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 379.698938][ T26] audit: type=1326 audit(2000000250.730:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 379.767807][ T26] audit: type=1326 audit(2000000250.730:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 379.825093][ T26] audit: type=1326 audit(2000000250.730:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9559 comm="syz.3.1570" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 380.727856][ T9568] loop4: detected capacity change from 0 to 512 [ 380.886811][ T9568] EXT4-fs (loop4): Ignoring removed bh option [ 380.888682][ T9568] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 380.956007][ T9568] EXT4-fs (loop4): 1 truncate cleaned up [ 380.957587][ T9568] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 381.119375][ T9580] netlink: 'syz.0.1574': attribute type 10 has an invalid length. [ 381.124039][ T9580] device syz_tun entered promiscuous mode [ 381.142059][ T9580] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 382.265730][ T9610] binder: 9599:9610 got transaction to invalid handle, 1 [ 382.267789][ T9610] binder: 9599:9610 transaction failed 29201/-22, size 120-24 line 2917 [ 382.759570][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 383.282451][ T9625] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1583'. [ 383.358813][ T9625] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1583'. [ 384.196511][ T9644] loop4: detected capacity change from 0 to 2048 [ 385.026646][ T9644] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 385.555986][ T9656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1590'. [ 386.505762][ T9669] binder: 9666:9669 got transaction to invalid handle, 1 [ 386.507896][ T9669] binder: 9666:9669 transaction failed 29201/-22, size 120-24 line 2917 [ 387.013183][ T6284] binder: undelivered TRANSACTION_ERROR: 29201 [ 387.389133][ T9672] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1595'. [ 387.391845][ T9672] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1595'. [ 391.370073][ T9735] binder: 9726:9735 got transaction to invalid handle, 1 [ 391.372191][ T9735] binder: 9726:9735 transaction failed 29201/-22, size 120-24 line 2917 [ 391.487030][ T4101] binder: undelivered TRANSACTION_ERROR: 29201 [ 391.725742][ T9738] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1610'. [ 391.728363][ T9738] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1610'. [ 393.168329][ T26] audit: type=1326 audit(2000000264.310:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.4.1616" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 393.179955][ T26] audit: type=1326 audit(2000000264.320:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.4.1616" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=88 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 393.205023][ T26] audit: type=1326 audit(2000000264.330:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.4.1616" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbcdee9a8 code=0x7ffc0000 [ 394.344319][ T9770] loop6: detected capacity change from 0 to 4096 [ 394.736352][ T9782] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 394.810922][ T9780] loop4: detected capacity change from 0 to 2048 [ 395.093788][ T9780] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 395.725373][ T9789] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1623'. [ 395.732209][ T9789] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1623'. [ 397.449819][ T9830] loop6: detected capacity change from 0 to 512 [ 398.562922][ T9844] loop4: detected capacity change from 0 to 2048 [ 398.690515][ T9830] EXT4-fs (loop6): Ignoring removed bh option [ 398.692294][ T9830] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 398.710273][ T9844] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 398.829809][ T9830] EXT4-fs (loop6): 1 truncate cleaned up [ 398.831598][ T9830] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 398.852687][ T9853] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1637'. [ 398.892226][ T9853] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1637'. [ 400.080741][ T9877] binder: BINDER_SET_CONTEXT_MGR already set [ 400.082733][ T9877] binder: 9865:9877 ioctl 4018620d 20000040 returned -16 [ 400.089416][ T9877] binder: 9865:9877 got transaction to invalid handle, 1 [ 400.091563][ T9877] binder: 9865:9877 transaction failed 29201/-22, size 120-24 line 2917 [ 400.581959][ T6284] binder: undelivered TRANSACTION_ERROR: 29201 [ 400.999644][ T26] audit: type=1326 audit(2000000272.140:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.0.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92f089a8 code=0x7ffc0000 [ 401.013456][ T26] audit: type=1326 audit(2000000272.140:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.0.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92f089a8 code=0x7ffc0000 [ 401.085200][ T26] audit: type=1326 audit(2000000272.220:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.0.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff92f089a8 code=0x7ffc0000 [ 401.101968][ T26] audit: type=1326 audit(2000000272.220:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.0.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92f089a8 code=0x7ffc0000 [ 401.132812][ T26] audit: type=1326 audit(2000000272.220:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.0.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92f089a8 code=0x7ffc0000 [ 402.441828][ T9917] loop4: detected capacity change from 0 to 2048 [ 402.472287][ T9916] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1649'. [ 402.512321][ T9917] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 403.724668][ T9941] binder: BINDER_SET_CONTEXT_MGR already set [ 403.726663][ T9941] binder: 9932:9941 ioctl 4018620d 20000040 returned -16 [ 403.730311][ T9941] binder: 9932:9941 got transaction to invalid handle, 1 [ 403.732322][ T9941] binder: 9932:9941 transaction failed 29201/-22, size 120-24 line 2917 [ 404.241392][ T25] binder: undelivered TRANSACTION_ERROR: 29201 [ 404.588270][ T9939] loop4: detected capacity change from 0 to 512 [ 404.647592][ T9939] EXT4-fs (loop4): Ignoring removed bh option [ 404.649263][ T9939] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 404.687505][ T9949] input: syz0 as /devices/virtual/input/input3 [ 404.705590][ T9939] EXT4-fs (loop4): 1 truncate cleaned up [ 404.707127][ T9939] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 407.886188][T10000] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1663'. [ 408.127890][T10006] loop5: detected capacity change from 0 to 512 [ 408.144603][T10008] binder: 10007:10008 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 408.574420][T10017] binder: 10007:10017 got transaction to invalid handle, 1 [ 408.576669][T10017] binder: 10007:10017 transaction failed 29201/-22, size 120-24 line 2917 [ 409.665644][ T6277] binder: undelivered TRANSACTION_ERROR: 29201 [ 411.727137][T10057] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1680'. [ 411.792921][T10061] loop4: detected capacity change from 0 to 2048 [ 411.845916][T10061] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 411.917926][T10068] binder: 10066:10068 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 412.070610][T10063] loop6: detected capacity change from 0 to 4096 [ 412.747167][T10078] binder: 10066:10078 Acquire 1 refcount change on invalid ref 0 ret -22 [ 412.749802][T10078] binder: 10066:10078 got transaction to invalid handle, 1 [ 412.751760][T10078] binder: 10066:10078 transaction failed 29201/-22, size 120-24 line 2917 [ 412.910374][ T4072] binder: undelivered TRANSACTION_ERROR: 29201 [ 413.812842][T10109] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1693'. [ 414.129915][T10116] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1695'. [ 414.475895][T10122] binder: 10121:10122 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 414.772542][T10124] binder: 10121:10124 got transaction to invalid handle, 1 [ 414.774905][T10124] binder: 10121:10124 transaction failed 29201/-22, size 120-24 line 2917 [ 415.376019][ T6277] binder: undelivered TRANSACTION_ERROR: 29201 [ 416.518202][T10143] udc-core: couldn't find an available UDC or it's busy [ 416.520193][T10143] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 416.795853][T10148] fuse: Unknown parameter 'grou00000000000000000000' [ 417.383816][T10151] binder: 10150:10151 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 420.516674][T10183] netlink: 'syz.3.1717': attribute type 10 has an invalid length. [ 420.619696][T10183] bond0: (slave bridge0): Enslaving as an active interface with a down link [ 420.625486][T10192] binder: 10189:10192 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 420.826295][ T4971] bond0: (slave team0): link status definitely down, disabling slave [ 421.941615][T10208] fuse: Unknown parameter 'grou00000000000000000000' [ 424.100074][T10236] binder: 10235:10236 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 425.195987][T10247] loop3: detected capacity change from 0 to 512 [ 425.238753][T10247] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 425.240818][T10247] UDF-fs: Scanning with blocksize 512 failed [ 425.346039][T10247] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 425.348304][T10247] UDF-fs: Scanning with blocksize 1024 failed [ 425.370055][T10247] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 425.372332][T10247] UDF-fs: Scanning with blocksize 2048 failed [ 425.386117][T10247] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 425.406490][T10247] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 425.975095][T10257] fuse: Unknown parameter 'grou00000000000000000000' [ 426.129385][T10247] overlayfs: missing 'lowerdir' [ 427.237049][T10283] binder: 10282:10283 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 430.377190][T10321] loop3: detected capacity change from 0 to 512 [ 431.818909][T10335] binder: 10334:10335 tried to acquire reference to desc 0, got 1 instead [ 431.822405][T10335] binder: release 10334:10335 transaction 162 out, still active [ 431.845436][T10335] binder: undelivered TRANSACTION_COMPLETE [ 431.847830][T10335] binder: 10334:10335 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 431.851608][T10335] binder: 10335 RLIMIT_NICE not set [ 431.853661][T10335] binder: 10335 RLIMIT_NICE not set [ 431.875163][T10335] binder: send failed reply for transaction 162, target dead [ 431.877428][T10335] binder: 10334:10335 ioctl c0306201 20000240 returned -14 [ 432.416850][T10345] loop3: detected capacity change from 0 to 512 [ 432.462004][T10345] EXT4-fs (loop3): Ignoring removed bh option [ 432.471147][T10345] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 432.499123][T10345] EXT4-fs (loop3): 1 truncate cleaned up [ 432.501056][T10345] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 433.587749][T10371] fuse: Unknown parameter 'grou00000000000000000000' [ 434.790958][T10385] fuse: Bad value for 'fd' [ 434.947005][T10387] tipc: Cannot configure node identity twice [ 435.309544][T10400] loop3: detected capacity change from 0 to 512 [ 435.341781][T10400] EXT4-fs (loop3): Ignoring removed bh option [ 435.343667][T10400] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 435.563204][T10400] EXT4-fs (loop3): 1 truncate cleaned up [ 435.566658][T10400] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 435.822284][T10407] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1789'. [ 436.187504][T10419] fuse: Bad value for 'fd' [ 436.273779][T10422] fuse: Unknown parameter 'grou00000000000000000000' [ 437.537641][T10437] loop4: detected capacity change from 0 to 512 [ 437.669999][T10437] EXT4-fs (loop4): orphan cleanup on readonly fs [ 437.674474][T10437] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1800: bg 0: block 248: padding at end of block bitmap is not set [ 437.692520][T10437] Quota error (device loop4): write_blk: dquota write failed [ 437.701317][T10437] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 437.711843][T10437] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.1800: Failed to acquire dquot type 1 [ 437.731132][T10437] EXT4-fs (loop4): 1 truncate cleaned up [ 437.740132][T10437] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,acl,grpjquota=,grpjquota=,inode_readahead_blks=0x0000000004000000,abort,bsddf,acl,,errors=continue. Quota mode: writeback. [ 438.144380][T10446] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1803'. [ 438.267524][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 438.269533][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 [ 438.512389][T10454] loop4: detected capacity change from 0 to 512 [ 438.543807][T10454] EXT4-fs (loop4): Ignoring removed bh option [ 438.545812][T10454] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 438.663122][T10454] EXT4-fs (loop4): 1 truncate cleaned up [ 438.665343][T10454] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 439.450767][T10464] fuse: Bad value for 'fd' [ 440.825136][T10475] fuse: Unknown parameter 'grou00000000000000000000' [ 441.445553][T10486] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1816'. [ 441.534374][T10488] tipc: Enabled bearer , priority 0 [ 441.558224][T10487] tipc: Disabling bearer [ 441.569499][T10490] loop4: detected capacity change from 0 to 512 [ 441.604353][T10490] EXT4-fs (loop4): Ignoring removed bh option [ 441.621921][T10490] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 441.643953][T10490] EXT4-fs (loop4): 1 truncate cleaned up [ 441.664076][T10490] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 443.585549][T10519] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1827'. [ 443.677157][T10521] tipc: Enabled bearer , priority 0 [ 443.715708][T10523] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1830'. [ 443.746741][T10520] tipc: Disabling bearer [ 443.820943][T10524] fuse: Unknown parameter 'grou00000000000000000000' [ 447.208453][T10557] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1840'. [ 447.247255][T10555] loop5: detected capacity change from 0 to 2048 [ 447.263930][T10562] binder: 10561:10562 ioctl 4018620d 0 returned -22 [ 447.267593][T10562] binder: 10561:10562 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 447.270988][T10559] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1842'. [ 448.158758][T10555] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 448.417027][T10575] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1847'. [ 448.588843][T10581] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1846'. [ 448.674880][T10581] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1846'. [ 448.994510][ T26] audit: type=1326 audit(2000000320.130:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.3.1850" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 449.004734][ T26] audit: type=1326 audit(2000000320.140:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.3.1850" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=203 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 449.154117][ T26] audit: type=1326 audit(2000000320.150:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.3.1850" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff99e089a8 code=0x7ffc0000 [ 450.382833][T10606] fuse: Unknown parameter 'grou00000000000000000000' [ 451.083513][T10605] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1856'. [ 451.232571][T10612] loop6: detected capacity change from 0 to 128 [ 451.973293][T10617] loop3: detected capacity change from 0 to 2048 [ 452.095608][T10612] EXT4-fs (loop6): mounted filesystem without journal. Opts: usrquota,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 452.099748][T10612] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 452.126955][T10617] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 452.606077][T10632] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1864'. [ 452.629343][T10632] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1864'. [ 453.929110][T10644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1867'. [ 455.266953][T10658] fuse: Unknown parameter 'grou00000000000000000000' [ 456.261946][T10666] binder: BINDER_SET_CONTEXT_MGR already set [ 456.263856][T10666] binder: 10661:10666 ioctl 4018620d 20000040 returned -16 [ 456.269817][T10666] binder: 10661:10666 got transaction to invalid handle, 1 [ 456.272036][T10666] binder: 10661:10666 transaction failed 29201/-22, size 120-24 line 2917 [ 456.810151][ T4071] binder: undelivered TRANSACTION_ERROR: 29201 [ 457.100525][T10679] loop6: detected capacity change from 0 to 64 [ 457.164853][T10679] BFS-fs: bfs_fill_super(): loop6 is unclean, continuing [ 457.185437][T10680] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1876'. [ 457.187992][T10680] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1876'. [ 457.396626][T10682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1879'. [ 457.562626][T10686] loop3: detected capacity change from 0 to 512 [ 457.815170][T10686] EXT4-fs (loop3): Ignoring removed oldalloc option [ 458.693653][T10686] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000000,quota,oldalloc,,errors=continue. Quota mode: writeback. [ 458.698712][T10686] ext4 filesystem being mounted at /398/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 459.376915][T10707] binder: BINDER_SET_CONTEXT_MGR already set [ 459.378831][T10707] binder: 10701:10707 ioctl 4018620d 20000040 returned -16 [ 459.382226][T10707] binder: 10701:10707 got transaction to invalid handle, 1 [ 459.384200][T10707] binder: 10701:10707 transaction failed 29201/-22, size 120-24 line 2917 [ 459.858580][ T5552] binder: undelivered TRANSACTION_ERROR: 29201 [ 460.569667][T10716] loop5: detected capacity change from 0 to 1024 [ 460.585409][T10716] hfsplus: unable to parse mount options [ 460.635882][T10718] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1889'. [ 460.638381][T10718] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1889'. [ 460.726201][T10721] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1890'. [ 461.057181][T10729] loop6: detected capacity change from 0 to 512 [ 461.154001][T10729] EXT4-fs (loop6): Ignoring removed bh option [ 461.155817][T10729] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 461.953038][T10729] EXT4-fs (loop6): 1 truncate cleaned up [ 461.954760][T10729] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 462.224664][T10735] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1896'. [ 462.579231][T10744] loop4: detected capacity change from 0 to 2048 [ 462.701836][T10744] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 462.914576][T10756] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1902'. [ 462.949485][T10756] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1902'. [ 463.193617][T10755] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1903'. [ 464.750313][T10776] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1909'. [ 464.991103][T10780] loop6: detected capacity change from 0 to 512 [ 464.999419][T10780] EXT4-fs (loop6): Ignoring removed bh option [ 465.001367][T10780] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 465.015035][ T4101] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 465.036103][T10780] EXT4-fs (loop6): 1 truncate cleaned up [ 465.037846][T10780] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x0000000000000000,bh,noload,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none. [ 465.265072][ T4101] usb 1-1: Using ep0 maxpacket: 16 [ 465.398535][ T4101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.415158][ T4101] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 465.421183][ T4101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.427809][ T4101] usb 1-1: config 0 descriptor?? [ 466.444191][ T4035] Bluetooth: Unexpected continuation frame (len 10) [ 466.564192][ T4101] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 466.575839][T10796] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1915'. [ 466.578330][T10796] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1915'. [ 466.642825][T10798] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1916'. [ 466.687200][ T4101] Unable to handle kernel paging request at virtual address dfff800000000000 [ 466.690044][ T4101] Mem abort info: [ 466.701818][ T4101] ESR = 0x0000000096000006 [ 466.706420][ T4101] EC = 0x25: DABT (current EL), IL = 32 bits [ 466.711050][ T4101] SET = 0, FnV = 0 [ 466.714152][ T4101] EA = 0, S1PTW = 0 [ 466.718330][ T4101] FSC = 0x06: level 2 translation fault [ 466.722933][ T4101] Data abort info: [ 466.726868][ T4101] ISV = 0, ISS = 0x00000006 [ 466.730800][ T4101] CM = 0, WnR = 0 [ 466.734507][ T4101] [dfff800000000000] address between user and kernel address ranges [ 466.742534][ T4101] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 466.744593][ T4101] Modules linked in: [ 466.745654][ T4101] CPU: 0 PID: 4101 Comm: kworker/0:5 Not tainted 5.15.186-syzkaller #0 [ 466.747971][ T4101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.750736][ T4101] Workqueue: usb_hub_wq hub_event [ 466.752172][ T4101] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 466.754378][ T4101] pc : mcp_smbus_xfer+0x64/0xdc8 [ 466.755760][ T4101] lr : mcp_smbus_xfer+0x44/0xdc8 [ 466.757210][ T4101] sp : ffff80001f896140 [ 466.758328][ T4101] x29: ffff80001f896140 x28: 0000000000000000 x27: dfff800000000000 [ 466.760562][ T4101] x26: 000000010000411b x25: 1fffe0001a9d8836 x24: 0000000000000000 [ 466.762768][ T4101] x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000018 [ 466.764952][ T4101] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 [ 466.767199][ T4101] x17: ffff800016cf2000 x16: ffff8000111b2714 x15: ffff8000167d2500 [ 466.769539][ T4101] x14: ffff0000cae44080 x13: dfff800000000000 x12: 0000000000100000 [ 466.771868][ T4101] x11: 00000000000fc0a3 x10: ffff80001fbc9000 x9 : ffff80000ed6bbe4 [ 466.774051][ T4101] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 466.776273][ T4101] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 466.778547][ T4101] x2 : 0000000000000000 x1 : 0000000000000018 x0 : ffff0000d4ec4088 [ 466.780847][ T4101] Call trace: [ 466.781799][ T4101] mcp_smbus_xfer+0x64/0xdc8 [ 466.783146][ T4101] __i2c_smbus_xfer+0x558/0x1fbc [ 466.784526][ T4101] i2c_smbus_xfer+0x1f0/0x314 [ 466.785899][ T4101] i2c_default_probe+0x1bc/0x240 [ 466.787312][ T4101] i2c_do_add_adapter+0x388/0x7a0 [ 466.788695][ T4101] __process_new_adapter+0x28/0x3c [ 466.790168][ T4101] bus_for_each_drv+0x150/0x1d8 [ 466.791495][ T4101] i2c_register_adapter+0xd80/0x103c [ 466.792992][ T4101] i2c_add_adapter+0x16c/0x248 [ 466.794290][ T4101] mcp2221_probe+0x254/0x5a8 [ 466.795551][ T4101] hid_device_probe+0x230/0x338 [ 466.796904][ T4101] really_probe+0x26c/0xaec [ 466.798187][ T4101] __driver_probe_device+0x180/0x314 [ 466.799662][ T4101] driver_probe_device+0x78/0x34c [ 466.801078][ T4101] __device_attach_driver+0x274/0x4c4 [ 466.802524][ T4101] bus_for_each_drv+0x150/0x1d8 [ 466.803858][ T4101] __device_attach+0x2a8/0x3d4 [ 466.805244][ T4101] device_initial_probe+0x24/0x34 [ 466.806560][ T4101] bus_probe_device+0xbc/0x1c4 [ 466.808101][ T4101] device_add+0xb04/0xf94 [ 466.809250][ T4101] hid_add_device+0x310/0x4d4 [ 466.810557][ T4101] usbhid_probe+0x858/0xba4 [ 466.811802][ T4101] usb_probe_interface+0x4fc/0x994 [ 466.813248][ T4101] really_probe+0x26c/0xaec [ 466.814481][ T4101] __driver_probe_device+0x180/0x314 [ 466.815951][ T4101] driver_probe_device+0x78/0x34c [ 466.817402][ T4101] __device_attach_driver+0x274/0x4c4 [ 466.818911][ T4101] bus_for_each_drv+0x150/0x1d8 [ 466.820204][ T4101] __device_attach+0x2a8/0x3d4 [ 466.821561][ T4101] device_initial_probe+0x24/0x34 [ 466.822939][ T4101] bus_probe_device+0xbc/0x1c4 [ 466.824318][ T4101] device_add+0xb04/0xf94 [ 466.825515][ T4101] usb_set_configuration+0x15b8/0x1b2c [ 466.827026][ T4101] usb_generic_driver_probe+0x8c/0x144 [ 466.828553][ T4101] usb_probe_device+0x120/0x25c [ 466.829917][ T4101] really_probe+0x26c/0xaec [ 466.831166][ T4101] __driver_probe_device+0x180/0x314 [ 466.832624][ T4101] driver_probe_device+0x78/0x34c [ 466.834242][ T4101] __device_attach_driver+0x274/0x4c4 [ 466.835859][ T4101] bus_for_each_drv+0x150/0x1d8 [ 466.837214][ T4101] __device_attach+0x2a8/0x3d4 [ 466.838499][ T4101] device_initial_probe+0x24/0x34 [ 466.839885][ T4101] bus_probe_device+0xbc/0x1c4 [ 466.841166][ T4101] device_add+0xb04/0xf94 [ 466.842372][ T4101] usb_new_device+0x7ec/0x1164 [ 466.843677][ T4101] hub_event+0x20cc/0x4188 [ 466.844908][ T4101] process_one_work+0x79c/0x1140 [ 466.846194][ T4101] worker_thread+0x8f4/0x101c [ 466.847523][ T4101] kthread+0x374/0x454 [ 466.848631][ T4101] ret_from_fork+0x10/0x20 [ 466.849805][ T4101] Code: aa1303e0 966b8962 f9400273 d343fe7c (387b6b88) [ 466.851710][ T4101] ---[ end trace d2a12fecb4bcd60d ]--- [ 467.357353][ T4101] Kernel panic - not syncing: Oops: Fatal exception [ 467.359306][ T4101] SMP: stopping secondary CPUs [ 467.360613][ T4101] Kernel Offset: disabled [ 467.361814][ T4101] CPU features: 0x8,000081c1,21302e40 [ 467.363324][ T4101] Memory Limit: none [ 467.851146][ T4101] Rebooting in 86400 seconds..